mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
Merge pull request #4942 from lifubang/backport-1.3-4934-4917-4937
[1.3] ci: backport #4934 #4917 #4937
This commit is contained in:
@@ -217,8 +217,6 @@ jobs:
|
||||
|
||||
# NOTE the execution environment lacks a terminal, needed for
|
||||
# some integration tests. So we use `ssh -tt` command to fake a terminal.
|
||||
- uses: lima-vm/lima-actions/ssh@v1
|
||||
|
||||
- name: "Run unit tests"
|
||||
run: ssh -tt lima-default sudo -i make -C /tmp/runc localunittest
|
||||
|
||||
|
||||
@@ -41,10 +41,10 @@ jobs:
|
||||
sudo apt -qy install libseccomp-dev
|
||||
- uses: golangci/golangci-lint-action@v7
|
||||
with:
|
||||
version: v2.1
|
||||
# Extra linters, only checking new code from a pull request.
|
||||
version: v2.5
|
||||
# Extra linters, only checking new code from a pull request to main.
|
||||
- name: lint-extra
|
||||
if: github.event_name == 'pull_request'
|
||||
if: github.event_name == 'pull_request' && github.base_ref == 'main'
|
||||
run: |
|
||||
golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1
|
||||
|
||||
|
||||
@@ -125,7 +125,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er
|
||||
// First, try an executable memfd (supported since Linux 3.17).
|
||||
file, sealFn, err = Memfd(comment)
|
||||
if err == nil {
|
||||
return
|
||||
return file, sealFn, err
|
||||
}
|
||||
logrus.Debugf("memfd cloned binary failed, falling back to O_TMPFILE: %v", err)
|
||||
|
||||
@@ -154,7 +154,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er
|
||||
file.Close()
|
||||
continue
|
||||
}
|
||||
return
|
||||
return file, sealFn, err
|
||||
}
|
||||
logrus.Debugf("O_TMPFILE cloned binary failed, falling back to mktemp(): %v", err)
|
||||
// Finally, try a classic unlinked temporary file.
|
||||
@@ -168,7 +168,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er
|
||||
file.Close()
|
||||
continue
|
||||
}
|
||||
return
|
||||
return file, sealFn, err
|
||||
}
|
||||
return nil, nil, fmt.Errorf("could not create sealable file for cloned binary: %w", err)
|
||||
}
|
||||
|
||||
@@ -209,7 +209,7 @@ func runContainer(t testing.TB, config *configs.Config, args ...string) (buffers
|
||||
} else {
|
||||
return buffers, -1, err
|
||||
}
|
||||
return
|
||||
return buffers, exitCode, err
|
||||
}
|
||||
|
||||
// runContainerOk is a wrapper for runContainer, simplifying its use for cases
|
||||
|
||||
@@ -34,7 +34,7 @@ func (m Mapping) toSys() (uids, gids []syscall.SysProcIDMap) {
|
||||
Size: int(gid.Size),
|
||||
})
|
||||
}
|
||||
return
|
||||
return uids, gids
|
||||
}
|
||||
|
||||
// id returns a unique identifier for this mapping, agnostic of the order of
|
||||
|
||||
@@ -236,7 +236,7 @@ func syscallMode(i fs.FileMode) (o uint32) {
|
||||
o |= unix.S_ISVTX
|
||||
}
|
||||
// No mapping for Go's ModeTemporary (plan9 only).
|
||||
return
|
||||
return o
|
||||
}
|
||||
|
||||
// mountFd creates a "mount source fd" (either through open_tree(2) or just
|
||||
|
||||
@@ -199,7 +199,7 @@ func newPipe(t *testing.T) (parent *os.File, child *os.File) {
|
||||
parent.Close()
|
||||
child.Close()
|
||||
})
|
||||
return
|
||||
return parent, child
|
||||
}
|
||||
|
||||
func reapChildren(t *testing.T, parent *os.File) {
|
||||
|
||||
@@ -1158,7 +1158,7 @@ func msMoveRoot(rootfs string) error {
|
||||
strings.HasPrefix(info.Mountpoint, rootfs) {
|
||||
skip = true
|
||||
}
|
||||
return
|
||||
return skip, stop
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -665,7 +665,7 @@ func filterFlags(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (flags
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
return flags, noNewPrivs, err
|
||||
}
|
||||
|
||||
func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err error) {
|
||||
@@ -695,7 +695,7 @@ func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err erro
|
||||
}
|
||||
runtime.KeepAlive(filter)
|
||||
runtime.KeepAlive(fprog)
|
||||
return
|
||||
return fd, err
|
||||
}
|
||||
|
||||
// PatchAndLoad takes a seccomp configuration and a libseccomp filter which has
|
||||
|
||||
@@ -111,5 +111,5 @@ func Annotations(labels []string) (bundle string, userAnnotations map[string]str
|
||||
userAnnotations[name] = value
|
||||
}
|
||||
}
|
||||
return
|
||||
return bundle, userAnnotations
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user