From 62a05b94cd6cfded1243962925eed890ccef1b8e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 30 Mar 2026 11:40:49 -0700 Subject: [PATCH] tests/int: allow cpu quota cgroup v1 files fds Since switching to Go 1.25 in go.mod, the "detect fd leaks" test fails like this: > not ok 57 runc create[detect fd leak as comprehensively as possible] > # (in test file tests/integration/create.bats, line 76) > # `[ "$violation_found" -eq 0 ]' failed > ... > # Violation: FD 9 -> '/system.slice/runc-test_busybox.scope/cpu.cfs_quota_us' > # Violation: FD 10 -> '/system.slice/runc-test_busybox.scope/cpu.cfs_period_us' > ... This happens because Go 1.25 adds a feature to dynamically set GOMAXPROC based on current CPU quota values. This feature can be disabled by setting GODEBUG=containermaxprocs=0,updatemaxprocs=0 but it is harmless to keep it (except for the above test failure). Add an exception to the test case. Signed-off-by: Kir Kolyshkin (cherry picked from commit f9a9a36fa8973d826aac89fd2fb56aab32c009b7) Signed-off-by: Kir Kolyshkin --- tests/integration/create.bats | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/integration/create.bats b/tests/integration/create.bats index f96c2e2aa..8c9e7b009 100644 --- a/tests/integration/create.bats +++ b/tests/integration/create.bats @@ -38,7 +38,9 @@ is_allowed_fdtarget() { # overlayfs binary reference (CVE-2019-5736) grep -Ex "/runc" <<<"$target" || # memfd cloned binary (CVE-2019-5736) - grep -Fx "/memfd:runc_cloned:/proc/self/exe (deleted)" <<<"$target" + grep -Fx "/memfd:runc_cloned:/proc/self/exe (deleted)" <<<"$target" || + # Go 1.25+ runtime opens these cgroup v1 files (see https://go.dev/cl/670497). + grep -Ex ".*/cpu.cfs_(quota|period)_us" <<<"$target" } >/dev/null return "$?" }