Commit Graph

5892 Commits

Author SHA1 Message Date
Kir Kolyshkin 2b07e751b5 reviseRootDir: skip default values, add validation
1. In case --root option is not provided, do nothing.

2. Instead of checking if root value is empty string, check it after
   filepath.Abs, and reject "/". Improve docstring while at it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-18 16:05:29 -08:00
Kir Kolyshkin 899342b5d4 main: improve XDG_RUNTIME_DIR handling
1. Variable xdgRuntimeDir is only checked to be non-empty. Change it to
   a boolean.

2. Refactor so that os.Getenv is not called twice.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-18 16:05:29 -08:00
Kir Kolyshkin eb2f08dc4e checkpoint,restore,list: don't call fatal
There is a mix of styles when handling CLI commands. In most cases we
return an error, which is handled from app.Run in main.go (it calls
fatal if there is an error).

In a few cases, though, we call fatal(err) from random places.

Let's be consistent and always return an error. The only exception is
runc exec, which needs to exit with a particular exit code.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-18 16:05:29 -08:00
Kir Kolyshkin 36786c361a list, utils: remove redundant code
The value of root is already an absolute path since commit
ede8a86ec1, so it does not make sense to call filepath.Abs()
again.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-18 16:05:29 -08:00
Akihiro Suda 2436322fef Merge pull request #3365 from kolyshkin/checkPropertyName-speedup
libct/specconv: checkPropertyName speedup
2022-02-17 12:59:23 +09:00
Daniel, Dao Quang Minh c6487533f1 Merge pull request #3342 from kolyshkin/cloned-binary
libct/nsenter: fix extra runc re-exec on tmpfs
2022-02-16 16:17:56 +00:00
Sebastiaan van Stijn 949111237a Merge pull request #3303 from kolyshkin/labels
libcontainer: optimize utils.SearchLabels
2022-02-16 16:37:00 +01:00
Sebastiaan van Stijn e420659b2a Merge pull request #3371 from kolyshkin/bump-shellcheck
ci: shellcheck: update to 0.8.0, fix/suppress new warnings
2022-02-16 16:33:57 +01:00
Kir Kolyshkin 2bce144192 Merge pull request #3376 from opencontainers/dependabot/go_modules/github.com/cilium/ebpf-0.8.1
build(deps): bump github.com/cilium/ebpf from 0.8.0 to 0.8.1
2022-02-15 16:44:49 -08:00
dependabot[bot] 0f0f1f61e2 build(deps): bump github.com/cilium/ebpf from 0.8.0 to 0.8.1
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.8.0 to 0.8.1.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](https://github.com/cilium/ebpf/compare/v0.8.0...v0.8.1)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-15 04:14:16 +00:00
Qiang Huang 657ed0d4a0 Merge pull request #3354 from kolyshkin/factory-cleanup
Factory cleanup, some of the changes might make code less scalable, but we can add them back when we really want to scale someday.
2022-02-11 11:56:39 +08:00
Kir Kolyshkin be00ae07c3 ci: shellcheck: update to 0.8.0, fix/suppress new warnings
1. This valid warning is reported by shellcheck v0.8.0:

	In tests/integration/helpers.bash line 38:
	KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}"
				       ^-----------^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.

	Did you mean:
	KERNEL_MINOR="${KERNEL_VERSION#"$KERNEL_MAJOR".}"

Fix this.

2. These (invalid) warnings are also reported by the new version:

	In tests/integration/events.bats line 13:
	@test "events --stats" {
	^-- SC2030 (info): Modification of status is local (to subshell caused by @bats test).

	In tests/integration/events.bats line 41:
		[ "$status" -eq 0 ]
		   ^-----^ SC2031 (info): status was modified in a subshell. That change might be lost.

Basically, this is happening because shellcheck do not really track
the call tree and/or local variables. This is a known (and reported)
deficiency, and the alternative to disabling these warnings is moving
the code around, which is worse due to more changes in git history.

So we have to silence/disable these.

3. Update shellcheck to 0.8.0.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-10 17:24:04 -08:00
Sebastiaan van Stijn 43186447b9 Merge pull request #3368 from kolyshkin/ignore-sigurg
runc run/exec: ignore SIGURG
2022-02-08 09:56:49 +01:00
Akihiro Suda e43546caff Merge pull request #3366 from opencontainers/dependabot/go_modules/github.com/moby/sys/mountinfo-0.6.0
build(deps): bump github.com/moby/sys/mountinfo from 0.5.0 to 0.6.0
2022-02-08 11:08:35 +09:00
Kir Kolyshkin 0b74e49d48 runc run/exec: ignore SIGURG
Foreground runc exec and runc run forwards all the signals (that it can)
to the process being run.

Since Go 1.14, go runtime uses SIGURG for async preemptive scheduling.
This means that runc regularly receives SIGURG and, in case of
foreground runc run/exec, it gets forwarded to the container process.

For example:

[kir@kir-rhat runc]$ sudo ./runc --debug exec xx67 sleep 1m
...
DEBU[0000] child process in init()
DEBU[0000] setns_init: about to exec
DEBU[0000]signals.go:102 main.(*signalHandler).forward() sending signal to process urgent I/O condition
DEBU[0000]signals.go:102 main.(*signalHandler).forward() sending signal to process urgent I/O condition
DEBU[0000]signals.go:102 main.(*signalHandler).forward() sending signal to process urgent I/O condition
...

Or, with slightly better debug messages from commit 58c1ff39a5:

DEBU[0000]signals.go:102 main.(*signalHandler).forward() forwarding SIGURG to 819784
DEBU[0000]signals.go:102 main.(*signalHandler).forward() forwarding SIGURG to 819784

Obviously, this signal is an internal implementation detail of Go
runtime, and should not be forwarded to the container process.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-07 15:22:17 -08:00
dependabot[bot] 24ab543f58 build(deps): bump github.com/moby/sys/mountinfo from 0.5.0 to 0.6.0
Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](https://github.com/moby/sys/compare/signal/v0.5.0...signal/v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-04 04:16:30 +00:00
Kir Kolyshkin dbd990d555 libct: rm intelrtd.Manager interface, NewIntelRdtManager
Remove intelrtd.Manager interface, since we only have a single
implementation, and do not expect another one.

Rename intelRdtManager to Manager, and modify its users accordingly.

Remove NewIntelRdtManager from factory.

Remove IntelRdtfs. Instead, make intelrdt.NewManager return nil if the
feature is not available.

Remove TestFactoryNewIntelRdt as it is now identical to TestFactoryNew.

Add internal function newManager to be used for tests (to make sure
some testing is done even when the feature is not available in
kernel/hardware).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-03 17:33:03 -08:00
Kir Kolyshkin 85932850ec libct: rm TestGetContainerStats, mockIntelRdtManager
TestGetContainerStats test a function that is smaller than the test
itself, and only calls a couple of other functions (which are
represented by mocks). It does not make sense to have it.

mockIntelRdtManager is only needed for TestGetContainerStats
and TestGetContainerState, which basically tests that Path
is called. Also, it does not make much sense to have it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-03 17:33:03 -08:00
Kir Kolyshkin 9258eac072 libct/start: use execabs for newuidmap lookup
Since we are looking up the path to newuidmap/newgidmap in one context,
and executing those in another (libct/nsenter), it might make sense to
use a stricter rules for looking up path to those binaries.

Practically it means that if someone wants to use custom newuidmap and
newgidmap binaries from $PATH, it would be impossible to use these from
the current directory by means of PATH=.:$PATH; instead one would have
to do something like PATH=$(pwd):$PATH.

See https://go.dev/blog/path-security for background.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-03 17:33:00 -08:00
Kir Kolyshkin 39bd7b7217 libct: Container, Factory: rm newuidmap/newgidmap
These were introduced in commit d8b669400 back in 2017, with a TODO
of "make binary names configurable". Apparently, everyone is happy with
the hardcoded names. In fact, they *are* configurable (by prepending the
PATH with a directory containing own version of newuidmap/newgidmap).

Now, these binaries are only needed in a few specific cases (when
rootless is set etc.), so let's look them up only when needed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-03 11:40:29 -08:00
Kir Kolyshkin 0d21515038 libct: remove Validator interface
We only have one implementation of config validator, which is always
used. It makes no sense to have Validator interface.

Having validate.Validator field in Factory does not make sense for all
the same reasons.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-03 11:40:29 -08:00
Kir Kolyshkin 630c0d7e8c libct: Container, Factory: rm InitPath, InitArgs
Those are *always* /proc/self/exe init, and it does not make sense
to ever change these. More to say, if InitArgs option func (removed
by this commit) is used to change these parameters, it will break
things, since "init" is hardcoded elsewhere.

Remove this.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-03 11:40:29 -08:00
Sebastiaan van Stijn ede712786c Merge pull request #3363 from kolyshkin/debug-nit
signals: fix signal name debug print
2022-02-03 10:41:56 +01:00
Sebastiaan van Stijn 7173c53906 Merge pull request #3350 from kolyshkin/mount-cmds
libct: Mount: rm {Pre,Post}mountCmds
2022-02-03 10:12:56 +01:00
Sebastiaan van Stijn e4e2a9dda4 Merge pull request #3360 from danishprakash/remove-pausing
libcontainer: remove "pausing" state
2022-02-01 23:40:31 +01:00
Kir Kolyshkin 376c988618 libct/specconv: improve checkPropertyName
Commit 029b73c1b replaced a regular expression with code checking the
characters. Despite what the comment said about ASCII, the check was
performed rune by rune, not byte by byte.

Note the check was still correct, basically comparing int32's, but the
byte by byte way is a tad faster and more straightforward. The change
also fixes the issue of a misleading comment.

Benchmark before/after shows a modest improvement:

name                 old time/op    new time/op    delta
CheckPropertyName-4     164ns ± 2%     123ns ± 2%  -24.73%  (p=0.029 n=4+4)

name                 old alloc/op   new alloc/op   delta
CheckPropertyName-4     96.0B ± 0%     64.0B ± 0%  -33.33%  (p=0.029 n=4+4)

name                 old allocs/op  new allocs/op  delta
CheckPropertyName-4      6.00 ± 0%      4.00 ± 0%  -33.33%  (p=0.029 n=4+4)

Fixes: 029b73c1b
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-01 11:47:31 -08:00
Kir Kolyshkin d37a9726f3 libct/specconv: test nits
Commit 643f8a2b40 renamed isValidName to checkPropertyName, but fell
short of renaming its test and benchmark. Fix that.

Fixes: 643f8a2b40
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-01 10:46:14 -08:00
Kir Kolyshkin 58c1ff39a5 signals: fix signal name debug print
Here's how it looks now:

$ runc --debug exec ctid sleep 1h
...
DEBU[0000]signals.go:102 main.(*signalHandler).forward() sending signal to process urgent I/O condition
DEBU[0000]signals.go:102 main.(*signalHandler).forward() sending signal to process urgent I/O condition
DEBU[0022]signals.go:102 main.(*signalHandler).forward() sending signal to process terminated
DEBU[0022]signals.go:102 main.(*signalHandler).forward() sending signal to process urgent I/O condition

This is obviously not very readable.

Use unix.SignalName, plus a numeric representation of the signal, since
SignalName does not know all signals.

Add PID while we're at it.

With this commit:

DEBU[0000]signals.go:103 main.(*signalHandler).forward() forwarding signal 23 (SIGURG) to 891345
DEBU[0020]signals.go:103 main.(*signalHandler).forward() forwarding signal 45 () to 891345
DEBU[0020]signals.go:103 main.(*signalHandler).forward() forwarding signal 23 (SIGURG) to 891345
DEBU[0020]signals.go:103 main.(*signalHandler).forward() forwarding signal 23 (SIGURG) to 891345

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-31 18:45:41 -08:00
Akihiro Suda e9190d3ae1 Merge pull request #3353 from kolyshkin/rm-criu-opt
runc: remove --criu option
2022-02-01 08:28:14 +09:00
Kir Kolyshkin 667518e583 Merge pull request #3362 from opencontainers/dependabot/github_actions/tim-actions/get-pr-commits-1.2.0
build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0
2022-01-31 11:23:09 -08:00
dependabot[bot] 0767b782c4 build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0
Bumps [tim-actions/get-pr-commits](https://github.com/tim-actions/get-pr-commits) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/tim-actions/get-pr-commits/releases)
- [Commits](https://github.com/tim-actions/get-pr-commits/compare/v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: tim-actions/get-pr-commits
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-31 04:15:58 +00:00
danishprakash 7346dda332 libcontainer: remove "pausing" state
Signed-off-by: danishprakash <grafitykoncept@gmail.com>
2022-01-29 14:27:11 +05:30
Kir Kolyshkin 18e286261e libct/nsenter: fix extra runc re-exec on tmpfs
After adding some debug info to cloned_binary.c I found out that
is_self_cloned() is not working right when runc binary is on tmpfs,
resulting in one extra re-exec of runc.

With some added debug:

	$ mkdir bin
	$ sudo mount -t tmpfs tmp bin
	$ sudo cp runc bin
	$ sudo ./bin/runc --debug exec xxx true
	DEBU[0000] nsexec[763590]: => is_self_cloned
	DEBU[0000] nsexec[763590]: got seals 1 (want 15)
	DEBU[0000] nsexec[763590]: <= is_self_cloned, is_cloned = 0
	DEBU[0000] nsexec[763590]: try_bindfd: 5
	DEBU[0000] nsexec[763590]: re-exec itself...
	DEBU[0000] nsexec[763590]: => is_self_cloned
	DEBU[0000] nsexec[763590]: got seals 1 (want 15)
	DEBU[0000] nsexec[763590]: <= is_self_cloned, is_cloned = 0
	DEBU[0000] nsexec[763590]: try_bindfd: -1
	DEBU[0000] nsexec[763590]: fallback to make_execfd: 5
	DEBU[0000] nsexec[763590]: re-exec itself...
	DEBU[0000] nsexec[763590]: => is_self_cloned
	DEBU[0000] nsexec[763590]: got seals 15 (want 15)
	DEBU[0000] nsexec[763590]: <= is_self_cloned, is_cloned = 1

From the above, it is seen that
 - `is_self_cloned` returns 0,
 - `try_bindfd` is called and succeeds,
 - runc re-execs itself,
 - the second call to `is_self_cloned` returns 0 again (because GET_SEALS returns 1),
 - runc falls back to `make_execfd`, and re-execs again,
 - finally, the third `is_self_cloned` returns 1.

I guess that the code relied on the following (quoting fcntl(2)):

> Currently, file seals can be applied only to a file descriptor
> returned by memfd_create(2) (if the MFD_ALLOW_SEALING was employed).
> On other filesystems, all fcntl() operations that operate on seals
> will return EINVAL.

It looks like in case of a file on tmpfs it returns 1 (F_SEAL_SEAL).

With the fix:

	DEBU[0000] nsexec[768367]: => is_self_cloned
	DEBU[0000] nsexec[768367]: got seals 1 (want 15)
	DEBU[0000] nsexec[768367]: no CLONED_BINARY_ENV
	DEBU[0000] nsexec[768367]: <= is_self_cloned, is_cloned = 0
	DEBU[0000] nsexec[768367]: try_bindfd: 5
	DEBU[0000] nsexec[768367]: re-exec itself...
	DEBU[0000] nsexec[768367]: => is_self_cloned
	DEBU[0000] nsexec[768367]: got seals 1 (want 15)
	DEBU[0000] nsexec[768367]: fstatfs says ro = 1
	DEBU[0000] nsexec[768367]: fstat says nlink = 1
	DEBU[0000] nsexec[768367]: <= is_self_cloned, is_cloned = 1

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-27 08:42:11 -08:00
Sebastiaan van Stijn eddf35e546 Merge pull request #3349 from kolyshkin/list-nits
runc list: fix race with runc delete + nits
2022-01-27 10:30:16 +01:00
Sebastiaan van Stijn ca03eb7c1c Merge pull request #3352 from kolyshkin/misc
Misc nits
2022-01-27 10:24:58 +01:00
Kir Kolyshkin 6e1d476aad runc: remove --criu option
This was introduced in an initial commit, back in the day when criu was
a highly experimental thing. Today it's not; most users who need it have
it packaged by their distro vendor.

The usual way to run a binary is to look it up in directories listed in
$PATH. This is flexible enough and allows for multiple scenarios (custom
binaries, extra binaries, etc.). This is the way criu should be run.

Make --criu a hidden option (thus removing it from help). Remove the
option from man pages, integration tests, etc. Remove all traces of
CriuPath from data structures.

Add a warning that --criu is ignored and will be removed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-26 20:25:56 -08:00
Kir Kolyshkin 485e6c84e7 Fix some revive warnings
This is needed since the future commits will touch this code, and then
the lint-extra CI job complains.

> libcontainer/factory.go#L245
> var-naming: var fdsJson should be fdsJSON (revive)

and

> libcontainer/init_linux.go#L181
> error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)

and

> notify_socket.go#L94
> receiver-naming: receiver name n should be consistent with previous receiver name s for notifySocket (revive)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-26 19:14:14 -08:00
Kir Kolyshkin bb6a838876 libct: initContainer: rename Id -> ID
Since the next commit is going to touch this structure, our CI
(lint-extra) is about to complain about improperly named field:

>  Warning: var-naming: struct field ContainerId should be ContainerID (revive)

Make it happy.

Brought to use by gopls rename.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-26 18:59:47 -08:00
Kir Kolyshkin 1b14d97484 libct/configs: rm Windows TODO
It's clear at this point that runc won't support Windows.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-26 18:59:47 -08:00
Kir Kolyshkin 76c398f89d libct/README: rm Cgroupfs
This method was removed earlier by commit 097c6d7425,
but the documentation was not updated. Fix it.

Fixes: 097c6d7425
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-26 18:59:47 -08:00
Kir Kolyshkin 0fec1c2d8c libct: Mount: rm {Pre,Post}mountCmds
Those were added by commit 59c5c3ac0 back in Apr 2015, but AFAICS were
never used and are obsoleted by more generic container hooks (initially
added by commit 05567f2c94 in Sep 2015).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-26 15:51:55 -08:00
Kir Kolyshkin dffb8db7e1 libct: handleCriuConfigurationFile: use utils.SearchLabels
The utils.Annotations was used here before only because it made it
possible to distinguish between "key not found" and "empty value" cases.

With the previous commit, utils.SearchLabels can do that, and so it
makes sense to use it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-26 14:01:11 -08:00
Kir Kolyshkin 3d86d31b9f libct/utils: SearchLabels: optimize
Using strings.Split generates temporary strings for GC to collect.
Rewrite the function to not do that.

Also, add a second return value, so that the caller can distinguish
between an empty value found and no key found cases.

Fix the test accordingly.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-26 14:01:11 -08:00
Mrunal Patel 403cda19e4 Merge pull request #3326 from kolyshkin/go118beta
ci: add go 1.18beta1
2022-01-25 16:01:25 -08:00
Kir Kolyshkin 1a3ee4966c list: use Info(), fix race with delete
Since commit 551629417 we can (and should) use Info() to get access to
file stat. Do this.

While going over directory entries, a parallel runc delete can remove
an entry, and with the current code it results in a fatal error (which
was not observed in practice, but looks quite possible). To fix,
add a special case to continue on ErrNotExist.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-25 15:34:04 -08:00
Kir Kolyshkin 095929b15e list: getContainers: less indentation
Instead of a huge if {} block, use continue.

Best reviewed with --ignore-all-space.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-01-25 15:31:54 -08:00
Mrunal Patel a1727ef58c Merge pull request #3345 from kolyshkin/rodev
Fix working with read-only /dev
2022-01-25 13:27:36 -08:00
Sebastiaan van Stijn a934123d21 Merge pull request #3319 from kolyshkin/chown-not-needed
libct: Create: rm unneeded chown
2022-01-24 14:55:09 +01:00
Akihiro Suda c9ad96f63e Merge pull request #3335 from kolyshkin/mount-prop-empty-key
libct/specconv: rm empty key from mountPropagationMapping
2022-01-24 16:29:58 +09:00
Akihiro Suda a2805a31e1 Merge pull request #3339 from kolyshkin/rtd-faster-followup
libct/intelrdt: explain why mountinfo is required
2022-01-24 16:29:37 +09:00