mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
tests/int: allow cpu quota cgroup v1 files fds
Since switching to Go 1.25 in go.mod, the "detect fd leaks" test fails like this: > not ok 57 runc create[detect fd leak as comprehensively as possible] > # (in test file tests/integration/create.bats, line 76) > # `[ "$violation_found" -eq 0 ]' failed > ... > # Violation: FD 9 -> '/system.slice/runc-test_busybox.scope/cpu.cfs_quota_us' > # Violation: FD 10 -> '/system.slice/runc-test_busybox.scope/cpu.cfs_period_us' > ... This happens because Go 1.25 adds a feature to dynamically set GOMAXPROC based on current CPU quota values. This feature can be disabled by setting GODEBUG=containermaxprocs=0,updatemaxprocs=0 but it is harmless to keep it (except for the above test failure). Add an exception to the test case. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
@@ -38,7 +38,9 @@ is_allowed_fdtarget() {
|
||||
# overlayfs binary reference (CVE-2019-5736)
|
||||
grep -Ex "/runc" <<<"$target" ||
|
||||
# memfd cloned binary (CVE-2019-5736)
|
||||
grep -Fx "/memfd:runc_cloned:/proc/self/exe (deleted)" <<<"$target"
|
||||
grep -Fx "/memfd:runc_cloned:/proc/self/exe (deleted)" <<<"$target" ||
|
||||
# Go 1.25+ runtime opens these cgroup v1 files (see https://go.dev/cl/670497).
|
||||
grep -Ex ".*/cpu.cfs_(quota|period)_us" <<<"$target"
|
||||
} >/dev/null
|
||||
return "$?"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user