mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-10 21:53:57 +08:00
tests/int: allow cpu quota cgroup v1 files fds
Since switching to Go 1.25 in go.mod, the "detect fd leaks" test fails
like this:
> not ok 57 runc create[detect fd leak as comprehensively as possible]
> # (in test file tests/integration/create.bats, line 76)
> # `[ "$violation_found" -eq 0 ]' failed
> ...
> # Violation: FD 9 -> '/system.slice/runc-test_busybox.scope/cpu.cfs_quota_us'
> # Violation: FD 10 -> '/system.slice/runc-test_busybox.scope/cpu.cfs_period_us'
> ...
This happens because Go 1.25 adds a feature to dynamically set GOMAXPROC
based on current CPU quota values. This feature can be disabled by setting
GODEBUG=containermaxprocs=0,updatemaxprocs=0
but it is harmless to keep it (except for the above test failure).
Add an exception to the test case.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f9a9a36fa8)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
@@ -38,7 +38,9 @@ is_allowed_fdtarget() {
|
||||
# overlayfs binary reference (CVE-2019-5736)
|
||||
grep -Ex "/runc" <<<"$target" ||
|
||||
# memfd cloned binary (CVE-2019-5736)
|
||||
grep -Fx "/memfd:runc_cloned:/proc/self/exe (deleted)" <<<"$target"
|
||||
grep -Fx "/memfd:runc_cloned:/proc/self/exe (deleted)" <<<"$target" ||
|
||||
# Go 1.25+ runtime opens these cgroup v1 files (see https://go.dev/cl/670497).
|
||||
grep -Ex ".*/cpu.cfs_(quota|period)_us" <<<"$target"
|
||||
} >/dev/null
|
||||
return "$?"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user