Commit Graph

6025 Commits

Author SHA1 Message Date
Akihiro Suda 1cdfa95f39 Merge pull request #3905 from CARV-ICS-FORTH/release-1.1-riscv64
Backport riscv64 support into 1.1.x
2023-06-29 07:49:28 +09:00
Kir Kolyshkin 0d93d7d13f release: add riscv64 binary
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit a14cc4059d)
2023-06-28 22:34:45 +03:00
Akihiro Suda 9164fe17a7 libct/seccomp: add riscv64
Co-authored-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 1d7b297128)
2023-06-28 22:34:45 +03:00
Kir Kolyshkin ed47e31a05 Makefile: set CGO_ENABLED=1 when needed
It doesn't matter whether static or dynamic linking is used, runc
always needs libcontainer/nsenter, which is written in C and thus
requires cgo. Same is true for libcontainer/integration.

In addition, contrib/pkg/seccompagent also needs cgo (if seccomp build
tag is set), as it need to be linked against libseccomp C library.

By default, cgo is disabled when cross-compiling, meaning that
CGO_ENABLED=1 has to be set explicitly in such cases.

In all other cases (e.g. other contrib binaries) we do not need cgo.

Remove CGO_ENABLED=1 from GO_BUILD_STATIC (as it does not have anything
to do with static linking), and add it to all targets that require it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit dafcacb522)
2023-06-28 22:34:45 +03:00
Kir Kolyshkin 923ae4da8c Makefile: add support for static PIE
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 21e32d47d3)
2023-06-28 22:34:45 +03:00
Kir Kolyshkin 2abca872b1 Makefile: fix GO_BUILDMODE setting
1. Set to empty value by default.

2. Assume Linux (remove GOOS check, since we do not support other OSes).

3. Instead of using a "not-supported" list, use a "supported" list
   (as Go release notes usually say which platforms are supported).
   As of today, -buildmode=pie is supported for:

 * linux/386, linux/amd64, linux/arm, linux/arm64, and linux/ppc64le
   (since Go 1.6, see https://tip.golang.org/doc/go1.6#compiler)

 * linux/s390x (since Go 1.7, which adds the initial port)

 * linux/riscv64 (since Go 1.16, see
   https://tip.golang.org/doc/go1.16#riscv)

   NOTE this does not mean we support these architectures; it is merely
   a way to see if -buildmode=pie can be used.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit ab5c60d02f)
2023-06-28 22:34:45 +03:00
Kir Kolyshkin 120ec5bda3 Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
LDFLAGS_COMMON are used from two places, so it makes sense to dedup.

LDFLAGS_STATIC is a preparation for the next commit.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f2f6e59937)
2023-06-28 22:34:45 +03:00
Kir Kolyshkin b994011369 Dockerfile: don't use crossbuild-essential-*
All we need is gcc, libc-dev, and binutils. In addition to that,
crossbuild-essential installs g++, libstdc++-dev, and a bunch of perl
packages and libraries which we do not need.

This should speed up image building, as well as make it smaller.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f0f1b5f969)
2023-06-28 22:34:45 +03:00
Kir Kolyshkin 028fc57aaa Dockerfile: rm dpkg --add-architecture lines
Dockerfile used to install libseccomp-dev packages for different
architectures. This is no longer true since commit f30244ee1b, which
changed to cross-compiling libseccomp (so we can get a static library
to link against).

Thus, adding extra architectures is no longer needed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 476aa18abe)
2023-06-28 22:34:45 +03:00
Kir Kolyshkin 4449ce8486 Dockerfile: nit
We do not use all the files from scripts, only seccomp.sh and lib.sh.

This prevents unneeded rebuild of the image if e.g.
scripts/release_build.sh has changed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit d542ad65ba)
2023-06-28 22:34:45 +03:00
Sebastiaan van Stijn 207bd9d62a Merge pull request #3916 from neersighted/backport_3912
[1.1] Fix tmpfs mode opts when dir already exists
2023-06-28 18:41:50 +02:00
Brian Goff 9af462e4a7 Fix tmpfs mode opts when dir already exists
When a directory already exists (or after a container is restarted) the
perms of the directory being mounted to were being used even when a
different permission is set on the tmpfs mount options.

This prepends the original directory perms to the mount options.
If the perms were already set in the mount opts then those perms will
win.
This eliminates the need to perform a chmod after mount entirely.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 9fa8b9de3e)
Resolved conflicts:
	tests/integration/run.bats
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-06-28 08:21:04 -06:00
Sebastiaan van Stijn c3ce1a1bf2 Merge pull request #3892 from kolyshkin/1.1-3887
[1.1] man/runc: fixes
2023-06-28 15:24:30 +02:00
Sebastiaan van Stijn 3c840a980f Merge pull request #3909 from kolyshkin/1.1-3907
[1.1] .codespellrc: update for 2.2.5
2023-06-28 15:23:22 +02:00
Kir Kolyshkin 7d1bdc7d42 .codespellrc: update for 2.2.5
Remove some old exceptions (no longer needed), add a new one
(codespell 2.2.5 flags "(mis)features" in docs/terminal.md).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit e3627658fa)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-21 11:14:07 -07:00
Akihiro Suda 217744230d Merge pull request #3891 from kolyshkin/1.1-fix-cs9-oom
[1.1] tests/int: increase num retries for oom tests
2023-06-12 17:52:04 +09:00
Kir Kolyshkin 8397943ec9 man/runc: fixes
1. Fix some missing punctuation, use proper case.

2. Remove "runc init" (previously removed from "runc --help" by commit
   7a0302f0d7).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 511c76143b)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-07 17:29:18 -07:00
Kir Kolyshkin f9da684d02 tests/int: increase num retries for oom tests
This test is occasionally failing on CS9.

The test case always takes about 7 seconds on my laptop (decreasing
memory, using a different memory eater in shell etc. doesn't help).

Increase the number of iterations from 10 to 30 to make sure we don't
see any flakes.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit fed0b12436)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-07 17:21:12 -07:00
Kir Kolyshkin 7db472f1c1 Merge pull request #3878 from kolyshkin/1.1-bump-vagrant
[1.1] bump Fedora, Vagrant, bats
2023-06-07 11:26:07 -07:00
Kir Kolyshkin 7fa912ed23 ci/cirrus: limit numcpu
... so we can run all four jobs in parallel.

While at it, fix the comment in the file.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit bb4dbbc4f5)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:15:19 -07:00
Kir Kolyshkin e9c1ca081e Fix Vagrant caching
As of today, vagrant stopped working, my best guess is due to bad
caching. Here's an excerpt from logs:

...
vagrant plugin install vagrant-libvirt
Installing the 'vagrant-libvirt' plugin. This can take a few minutes...
Building native extensions. This could take a while...
Installed the plugin 'vagrant-libvirt (0.12.1)'!
...
uname -s ; cat Vagrantfile.$DISTRO
Linux
...

Downloaded 481Mb in 4.096201s.
Cache hit for vagrant-8be35383dc00f23d080ff00b2a724c938d650254861f26b67624c28e3fe5e6ae!
...
Vagrant failed to initialize at a very early stage:
The plugins failed to initialize correctly. This may be due to manual
modifications made within the Vagrant home directory.
...
Error message given during initialization: Unable to resolve dependency:
user requested 'vagrant-libvirt (= 0.12.0)'
...

The problem is, vagrant cache overwrites newer plugin with an older one.

Let's only cache the downloaded image.

Also, change the cache fingerprint script (remove "Linux").

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 650efb2c22)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:15:11 -07:00
Kir Kolyshkin e2265a92cd ci: bump bats 1.8.2 -> 1.9.0
As Fedora 38 uses bats 1.9.0, let's switch to this version in other
places.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 13091eeefa)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:14:59 -07:00
Kir Kolyshkin bbddb6bdd7 Vagrantfile.fedora: bump to 38
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit a19200096e)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:14:59 -07:00
Kir Kolyshkin 27b86b4cc7 ci/cirrus: use vagrant from hashicorp repo
A version of vagrant available from the stock repos (2.2.19) is too old
and contains a bug that prevents downloading Fedora 38 image (see [1]).

Use packages from hashicorp repo, which currently has vagrant 2.3.4.
This resolves the problem of downloading the latest Fedora image.

Also, vagrant-libvirt plugin from Ubuntu repos is not working with
vagrant from hashicorp, so switch to using "vagrant plugin install".
The downside it, this takes extra 4 minutes or so in our CI, and I
am not sure how to cache it or speed it up.

[1] https://github.com/opencontainers/runc/pull/3835#issuecomment-1519321619

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 33b6ec2925)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:14:59 -07:00
Kir Kolyshkin 98a1b76c53 tests/int: fix some checks
Apparently, bash with set -e deliberately ignores non-zero return codes
from ! cmd, unless this is the last command. The workaround is to either
use "! cmd || false', "or run ! cmd". Choose the latter, and require
bash-core 1.5.0 (since this is when "run !" was added), replacing the
older check.

Alas I only learned this recently from the bash-core documentation.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 9b71787be0)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:14:59 -07:00
Kir Kolyshkin 1eadcede2f ci: bump bats 1.3.0 -> 1.8.2
This version is already used by Cirrus CI Fedora 37 job, but other CI
jobs are still using 1.3.0.

Bump it everywhere so we can enjoy new version features and fixes.

For one thing, I noticed that new bats is reporting error location
correctly.

We will also be able to use "run !" and "run -N" commands.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 9dbb9f90b9)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:14:59 -07:00
Sebastiaan van Stijn bcf234b897 Merge pull request #3877 from kolyshkin/1.1-sd-rm-race
[1.1] libct: fix a race with systemd removal
2023-05-30 14:34:20 +02:00
Akihiro Suda 6966e5da10 Merge pull request #3879 from kolyshkin/1.1-env-nul-byte
[1.1] init: do not print environment variable value
2023-05-24 13:02:32 +09:00
Aleksa Sarai 63af8b0069 init: do not print environment variable value
When given an environment variable that is invalid, it's not a good idea
to output the contents in case they are supposed to be private (though
such a container wouldn't start anyway so it seems unlikely there's a
real way to use this to exfiltrate environment variables you didn't
already know).

Reported-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
(cherry picked from commit 20e38fb2b1)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-05-22 14:52:57 -07:00
Kir Kolyshkin 404ea7ab0f libct: fix a race with systemd removal
For a previous attempt to fix that (and added test cases), see commit
9087f2e827.

Alas, it's not always working because of cgroup directory TOCTOU.

To solve this and avoid the race, add an error _after_ the operation.
Implement it as a method that ignores the error that should be ignored.
Instead of currentStatus(), use faster runType(), since we are not
interested in Paused status here.

For Processes(), remove the pre-op check, and only use it after getting
an error, making the non-error path more straightforward.

For Signal(), add a second check after getting an error. The first check
is left as is because signalAllProcesses might print a warning if the
cgroup does not exist, and we'd like to avoid that.

This should fix an occasional failure like this one:

	not ok 84 kill detached busybox
	# (in test file tests/integration/kill.bats, line 27)
	#   `[ "$status" -eq 0 ]' failed
	....
	# runc kill test_busybox KILL (status=0):
	# runc kill -a test_busybox 0 (status=1):
	# time="2023-04-04T18:24:27Z" level=error msg="lstat /sys/fs/cgroup/devices/system.slice/runc-test_busybox.scope: no such file or directory"

(cherry picked from commit fe278b9caa)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-05-22 14:06:04 -07:00
Aleksa Sarai b6109acd4d merge #3846 into release-1.1
Kir Kolyshkin (2):
  VERSION: back to development
  VERSION: release 1.1.7

LGTMs: AkihiroSuda cyphar
Closes #3846
2023-04-27 19:23:30 +10:00
Kir Kolyshkin f0ecf30ba5 VERSION: back to development
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-26 14:49:11 -07:00
Kir Kolyshkin 860f061b76 VERSION: release 1.1.7
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
v1.1.7
2023-04-26 14:49:01 -07:00
Akihiro Suda 2648033807 Merge pull request #3838 from cyphar/1.1-release-gpgkeys
[1.1] release: add runc.keyring file
2023-04-27 06:38:11 +09:00
Akihiro Suda f72cd0a686 Merge pull request #3845 from kolyshkin/1.1-rm-warning
[1.1] libct/cg/sd: use systemd version when generating dev props
2023-04-26 11:52:53 +09:00
Akihiro Suda c1063b1ce2 runc.keyring: add Akihiro Suda
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-04-26 08:03:14 +10:00
Aleksa Sarai b0fae8c44d scripts: keyring validate: print some more information
Add a little bit more diagnostic information to "make validate-keyring".

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-26 08:02:58 +10:00
Kir Kolyshkin 79a52b4349 libct/cg/sd: use systemd version when generating dev props
Commit 343951a22b added a call to os.Stat for the device path
when generating systemd device properties, to avoid systemd warning for
non-existing devices. The idea was, since systemd uses stat(2) to look
up device properties for a given path, it will fail anyway. In addition,
this allowed to suppress a warning like this from systemd:

> Couldn't stat device /dev/char/10:200

NOTE that this was done because:
 - systemd could not add the rule anyway;
 - runs puts its own set of rules on top of what systemd does.

Apparently, the above change broke some setups, resulting in inability
to use e.g. /dev/null inside a container. My guess is this is because
in cgroup v2 we add a second eBPF program, which is not used if the
first one (added by systemd) returns "access denied".

Next, commit 3b9582895b fixed that by adding a call to os.Stat for
"/sys/"+path (meaning, if "/dev/char/10:200" does not exist, we retry
with "/sys/dev/char/10:200", and if it exists, proceed with adding a
device rule with the original (non-"/sys") path).

How that second fix ever worked was a mystery, because the path we gave
to systemd still doesn't exist.

Well, I think now I know.

Since systemd v240 (commit 74c48bf5a8005f20) device access rules
specified as /dev/{block|char}/MM:mm are no longer looked up on the
filesystem, instead, if possible, those are parsed from the string.

So, we need to do different things, depending on systemd version:

 - for systemd >= v240, use the /dev/{char,block}/MM:mm as is, without
   doing stat() -- since systemd doesn't do stat() either;
 - for older version, check if the path exists, and skip passing it on
   to systemd otherwise.
 - the check for /sys/dev/{block,char}/MM:mm is not needed in either
   case.

Pass the systemd version to the function that generates the rules, and
fix it accordingly.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit d7208f5910)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-25 09:38:05 -07:00
Kir Kolyshkin 6a806d4dc4 runc.keyring: add Kolyshkin
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-22 17:18:50 +10:00
Aleksa Sarai b6f686f2c6 keyring: add Aleksa's <cyphar@cyphar.com> signing key
keyid C9C370B246B09F6DBCFC744C34401015D1D2D386

This is my personal signing key, which I've used to sign the vast
majority of my commits on GitHub. While I usually sign releases using my
<asarai@suse.de> signing key, it doesn't hurt to include this key too.

Ref: https://keyserver.ubuntu.com/pks/lookup?search=C9C370B246B09F6DBCFC744C34401015D1D2D386&fingerprint=on&op=index
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-22 17:18:24 +10:00
Aleksa Sarai 63355bf8e5 keyring: add Aleksa's <asarai@suse.com> signing key
keyid 5F36C6C61B5460124A75F5A69E18AA267DDB8DB4

This is the signing key I have used for all previous runc releases. You
can also verify that this is the key trusted by openSUSE for all of our
releases.

Ref: https://keyserver.ubuntu.com/pks/lookup?search=5F36C6C61B5460124A75F5A69E18AA267DDB8DB4&fingerprint=on&op=index
Ref: https://build.opensuse.org/package/view_file/openSUSE:Factory/runc/runc.keyring?expand=1&rev=54
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2023-04-22 17:18:24 +10:00
Aleksa Sarai 3bdb63bf44 keyring: verify runc.keyring has legitimate maintainer keys
These checks ensure that all of the keys in the runc.keyring list are
actually the keys of the specified user and that the users themselves
are actually maintainers.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-22 17:18:23 +10:00
Aleksa Sarai 853d5e38f7 scripts: release: add verification checks for signing keys
We need to make sure the release is being signed by a key that is
actually listed as a trusted signing key, and we also need to ask the
person cutting the release whether the list of trusted keys is
acceptable.

Also add some verification checks after a release is signed to make sure
everything was signed with the correct keys.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-22 17:18:23 +10:00
Aleksa Sarai bd1d5370ef release: add runc.keyring file and script
In order to allow any of the maintainers to cut releases for runc,
create a keyring file that distributions can use to verify that releases
are signed by one of the maintainers.

The format matches the gpg-offline format used by openSUSE packaging,
but it can be easily imported with "gpg --import" so any distribution
should be able to handle this keyring format wtihout issues.

Each key includes the GitHub handle of the associated user. There isn't
any way for this information to be automatically verified (outside of
using something like keybase.io) but since all changes of this file need
to be approved by maintainers this is okay for now.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-22 17:18:22 +10:00
Aleksa Sarai 6ccf104ab1 merge #3818 into release-1.1
Kir Kolyshkin (2):
  VERSION: go back to development
  VERSION: release 1.1.6

LGTMs: AkihiroSuda thaJeztah mrunalp hqhq cyphar
Closes #3818
2023-04-12 13:55:19 +10:00
Kir Kolyshkin 7cd72cc3d5 VERSION: go back to development
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-11 11:35:45 -07:00
Kir Kolyshkin 0f48801a0e VERSION: release 1.1.6
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
v1.1.6
2023-04-11 11:35:21 -07:00
Aleksa Sarai 0690c4ec55 merge #3823 into release-1.1
Kir Kolyshkin (1):
  libct/cg: add misc controller to v1 drivers

LGTMs: AkihiroSuda cyphar
Closes #3823
2023-04-11 14:39:03 +10:00
Kir Kolyshkin e4ce94e291 libct/cg: add misc controller to v1 drivers
This is just so that the container can join the misc controller.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 611bbacb3b)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-10 15:34:51 -07:00
Mrunal Patel 53333a55d9 Merge pull request #3811 from haircommander/root-cgroup-no-init-1.1
[1.1] libctr/cgroups: don't take init's cgroup into account
2023-04-07 08:05:30 -07:00