mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-10 21:53:57 +08:00
*: fix codespell lint errors
For some reason, codespell started flagging older spelling issues in CI despite being locked to a particular version. In any case, this fixes them (as well as ones picked up by codespell v2.4, just in case). Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This commit is contained in:
+3
-3
@@ -35,7 +35,7 @@ This release includes a fix for the following low-severity security issue:
|
|||||||
#5253, #5269, #5288)
|
#5253, #5269, #5288)
|
||||||
|
|
||||||
### Added ###
|
### Added ###
|
||||||
- When masking directories with `maskPaths`, runc will now re-use a single
|
- When masking directories with `maskPaths`, runc will now reuse a single
|
||||||
`tmpfs` instance (which is not writeable) to reduce the number `tmpfs`
|
`tmpfs` instance (which is not writeable) to reduce the number `tmpfs`
|
||||||
superblocks that need to be reaped when containers die (in particular,
|
superblocks that need to be reaped when containers die (in particular,
|
||||||
Kubernetes applies masks to per-CPU sysfs directories which get expensive
|
Kubernetes applies masks to per-CPU sysfs directories which get expensive
|
||||||
@@ -172,7 +172,7 @@ This release includes fixes for the following high-severity security issues:
|
|||||||
> Mr. President, we must not allow a mine shaft gap!
|
> Mr. President, we must not allow a mine shaft gap!
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
* Removed pre-emptive "full access to cgroups" warning when calling `runc
|
* Removed preemptive "full access to cgroups" warning when calling `runc
|
||||||
pause` or `runc unpause` as an unprivileged user without
|
pause` or `runc unpause` as an unprivileged user without
|
||||||
`--systemd-cgroups`. Now the warning is only emitted if an actual permission
|
`--systemd-cgroups`. Now the warning is only emitted if an actual permission
|
||||||
error was encountered. (#4709)
|
error was encountered. (#4709)
|
||||||
@@ -588,7 +588,7 @@ This release includes fixes for the following high-severity security issues:
|
|||||||
`github.com/checkpoint-restore/go-criu`. (#3652)
|
`github.com/checkpoint-restore/go-criu`. (#3652)
|
||||||
* Add `--pidfd-socket` to `runc run` and `runc exec` to allow for management
|
* Add `--pidfd-socket` to `runc run` and `runc exec` to allow for management
|
||||||
processes to receive a pidfd for the new process, allowing them to avoid pid
|
processes to receive a pidfd for the new process, allowing them to avoid pid
|
||||||
re-use attacks. (#4045)
|
reuse attacks. (#4045)
|
||||||
|
|
||||||
[mount_setattr.2]: https://man7.org/linux/man-pages/man2/mount_setattr.2.html
|
[mount_setattr.2]: https://man7.org/linux/man-pages/man2/mount_setattr.2.html
|
||||||
[cve-2019-5736]: https://github.com/advisories/GHSA-gxmr-w5mj-v8hh
|
[cve-2019-5736]: https://github.com/advisories/GHSA-gxmr-w5mj-v8hh
|
||||||
|
|||||||
@@ -61,7 +61,7 @@ type Handles struct {
|
|||||||
|
|
||||||
// Release all resources associated with this Handle. All existing files
|
// Release all resources associated with this Handle. All existing files
|
||||||
// returned from Get() will continue to work even after calling Release(). The
|
// returned from Get() will continue to work even after calling Release(). The
|
||||||
// same Handles can be re-used after calling Release().
|
// same Handles can be reused after calling Release().
|
||||||
func (hs *Handles) Release() {
|
func (hs *Handles) Release() {
|
||||||
hs.m.Lock()
|
hs.m.Lock()
|
||||||
defer hs.m.Unlock()
|
defer hs.m.Unlock()
|
||||||
|
|||||||
@@ -113,7 +113,7 @@ func runtime_IsPollDescriptor(fd uintptr) bool //nolint:revive
|
|||||||
//
|
//
|
||||||
// NOTE: That this function is incredibly dangerous to use in most Go code, as
|
// NOTE: That this function is incredibly dangerous to use in most Go code, as
|
||||||
// closing file descriptors from underneath *os.File handles can lead to very
|
// closing file descriptors from underneath *os.File handles can lead to very
|
||||||
// bad behaviour (the closed file descriptor can be re-used and then any
|
// bad behaviour (the closed file descriptor can be reused and then any
|
||||||
// *os.File operations would apply to the wrong file). This function is only
|
// *os.File operations would apply to the wrong file). This function is only
|
||||||
// intended to be called from the last stage of runc init.
|
// intended to be called from the last stage of runc init.
|
||||||
func UnsafeCloseFrom(minFd int) error {
|
func UnsafeCloseFrom(minFd int) error {
|
||||||
|
|||||||
@@ -217,7 +217,7 @@ function teardown() {
|
|||||||
# Also create a network namespace that *is not owned* by the above userns.
|
# Also create a network namespace that *is not owned* by the above userns.
|
||||||
# NOTE: Having no permissions in a namespaces makes it necessary to modify
|
# NOTE: Having no permissions in a namespaces makes it necessary to modify
|
||||||
# the config so that we don't get mount errors (for reference: no netns
|
# the config so that we don't get mount errors (for reference: no netns
|
||||||
# permissions == no sysfs mounts, no pidns permissoins == no procfs mounts,
|
# permissions == no sysfs mounts, no pidns permissions == no procfs mounts,
|
||||||
# no utsns permissions == no sethostname(2), no ipc permissions == no
|
# no utsns permissions == no sethostname(2), no ipc permissions == no
|
||||||
# mqueue mounts, etc).
|
# mqueue mounts, etc).
|
||||||
netns_path="$(mktemp "$BATS_RUN_TMPDIR/netns.XXXXXX")"
|
netns_path="$(mktemp "$BATS_RUN_TMPDIR/netns.XXXXXX")"
|
||||||
|
|||||||
Reference in New Issue
Block a user