Commit Graph

2412 Commits

Author SHA1 Message Date
Kir Kolyshkin 58b1374f0a Fix failed exec after systemctl daemon-reload
A regression reported for runc v1.1.3 says that "runc exec -t" fails
after doing "systemctl daemon-reload":

> exec failed: unable to start container process: open /dev/pts/0: operation not permitted: unknown

Apparently, with commit 7219387eb7 we are no longer adding
"DeviceAllow=char-pts rwm" rule (because os.Stat("char-pts") returns
ENOENT).

The bug can only be seen after "systemctl daemon-reload" because runc
also applies the same rules manually (by writing to devices.allow for
cgroup v1), and apparently reloading systemd leads to re-applying the
rules that systemd has (thus removing the char-pts access).

The fix is to do os.Stat only for "/dev" paths.

Also, emit a warning that the path was skipped. Since the original idea
was to emit less warnings, demote the level to debug.

Note this also fixes the issue of not adding "m" permission for block-*
and char-* devices.

A test case is added, which reliably fails before the fix
on both cgroup v1 and v2.

Fixes: https://github.com/opencontainers/runc/issues/3551
Fixes: 7219387eb7
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-08-18 14:41:16 -07:00
Kir Kolyshkin 45cc290f02 libct: fixes for godoc 1.19
Since Go 1.19, godoc recognizes lists, code blocks, headings etc. It
also reformats the sources making it more apparent that these features
are used.

Fix a few places where it misinterpreted the formatting (such as
indented vs unindented), and format the result using the gofumpt
from HEAD, which already incorporates gofmt 1.19 changes.

Some more fixes (and enhancements) might be required.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-08-16 09:53:54 -07:00
Aleksa Sarai bd69483df5 merge branch 'pr-3522'
Kir Kolyshkin (1):
  Fix error from runc run on noexec fs

LGTMs: AkihiroSuda thaJeztah cyphar
Closes #3522
2022-08-02 12:40:43 +10:00
Akihiro Suda d11f4d756e Merge pull request #3390 from kinvolk/alban_log
seccomp: add support for flags
2022-07-29 23:48:29 +09:00
Cory Snider ea0bd78268 libct/intelrdt: check if available iff configured
Unless the container's runtime config has intelRdt configuration set,
any checks for whether Intel RDT is supported or the resctrl filesystem
is mounted are a waste of time as, per the OCI Runtime Spec, "the
runtime MUST NOT manipulate any resctrl pseudo-filesystems." And in the
likely case where Intel RDT is supported by both the hardware and
kernel but the resctrl filesystem is not mounted, these checks can get
expensive as the intelrdt package needs to parse mountinfo to check
whether the filesystem has been mounted to a non-standard path.
Optimize for the common case of containers with no intelRdt
configuration by only performing the checks when the container has opted
in.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-07-28 12:06:03 -07:00
Cory Snider 56daf36be2 libct/intelrdt: skip remove unless configured
The OCI runtime spec mandates "[i]f intelRdt is not set, the runtime
MUST NOT manipulate any resctrl pseudo-filesystems." Attempting to
delete files counts as manipulating, so stop doing that when the
container's RDT configuration is nil.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-07-28 12:06:03 -07:00
Cory Snider c156bde7cc libct/intelrdt: elide parsing mountinfo
The intelrdt package only needs to parse mountinfo to find the mount
point of the resctrl filesystem. Users are generally going to mount the
resctrl filesystem to the pre-created /sys/fs/resctrl directory, so
there is a common case where mountinfo parsing is not required. Optimize
for the common case with a fast path which checks both for the existence
of the /sys/fs/resctrl directory and whether the resctrl filesystem was
mounted to that path using a single statfs syscall.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-07-28 12:06:03 -07:00
Cory Snider 9f107489b0 libct/intelrdt: skip reading /proc/cpuinfo
Reading /proc/cpuinfo is a surprisingly expensive operation. Since
kernel version 4.12 [1], opening /proc/cpuinfo on an x86 system can
block for around 20 milliseconds while the kernel samples the current
CPU frequency. There is a very recent patch [2] which gets rid of the
delay, but has yet to make it into the mainline kenel. Regardless,
kernels for which opening /proc/cpuinfo takes 20ms will continue to be
run in production for years to come. libcontainer only opens
/proc/cpuinfo to read the processor feature flags so all the delays to
get an accurate snapshot of the CPU frequency are just wasted time.

If we wanted to, we could interrogate the CPU features directly from
userspace using the `CPUID` instruction. However, Intel and AMD CPUs
have flags in different positions for their analogous sub-features and
there are CPU quirks [3] which would need to be accounted for. Some
Haswell server CPUs support RDT/CAT but are missing the `CPUID` flags
advertising their support; the kernel checks for support on that
processor family by probing the the hardware using privileged
RDMSR/WRMSR instructions [4]. This sort of probing could not be
implemented in userspace so it would not be possible to check for RDT
feature support in userspace without false negatives on some hardware
configurations.

It looks like libcontainer reads the CPU feature flags as a kind of
optimization so that it can skip checking whether the kernel supports an
RDT sub-feature if the hardware support is missing. As the kernel only
exposes subtrees in the `resctrl` filesystem for RDT sub-features with
hardware and kernel support, checking the CPU feature flags is redundant
from a correctness point of view. Remove the /proc/cpuinfo check as it
is an optimization which actually hurts performance.

[1]: https://unix.stackexchange.com/a/526679
[2]: https://lore.kernel.org/all/20220415161206.875029458@linutronix.de/
[3]: https://github.com/torvalds/linux/blob/7cf6a8a17f5b134b7e783c2d45c53298faef82a7/arch/x86/kernel/cpu/resctrl/core.c#L834-L851
[4]: https://github.com/torvalds/linux/blob/a6b450573b912316ad36262bfc70e7c3870c56d1/arch/x86/kernel/cpu/resctrl/core.c#L111-L153

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-07-28 12:06:03 -07:00
Cory Snider 13674f43d3 libct/intelrdt: delete IsMBAScEnabled()
This function is unused, and removing it simplifies the changes which
follow this commit.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-07-28 12:06:03 -07:00
Alban Crequy 58ea21daef seccomp: add support for flags
List of seccomp flags defined in runtime-spec:
* SECCOMP_FILTER_FLAG_TSYNC
* SECCOMP_FILTER_FLAG_LOG
* SECCOMP_FILTER_FLAG_SPEC_ALLOW

Note that runc does not apply SECCOMP_FILTER_FLAG_TSYNC. It does not
make sense to apply the seccomp filter on only one thread; other threads
will be terminated after exec anyway.

See similar commit in crun:
https://github.com/containers/crun/commit/fefabffa2816ea343068ed036a86944393db189a

Note that SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (introduced by
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?id=c2aa2dfef243
in Linux 5.19-rc1) is not added yet because Linux 5.19 is not released
yet.

Signed-off-by: Alban Crequy <albancrequy@microsoft.com>
2022-07-28 16:25:26 +02:00
Kir Kolyshkin 4fd4af5b1c CI: workaround CentOS Stream 9 criu issue
Older criu builds fail to work properly on CentOS Stream 9 due to
changes in glibc's rseq.

Skip criu tests if an older criu version is found.

Fixes: https://github.com/opencontainers/runc/issues/3532

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-07-27 17:51:41 -07:00
Kir Kolyshkin 957d97bcf4 Fix error from runc run on noexec fs
When starting a new container, and the very last step of executing of a
user process fails (last lines of (*linuxStandardInit).Init), it is too
late to print a proper error since both the log pipe and the init pipe
are closed.

This is partially mitigated by using exec.LookPath() which is supposed
to say whether we will be able to execute or not. Alas, it fails to do
so when the binary to be executed resides on a filesystem mounted with
noexec flag.

A workaround would be to use access(2) with X_OK flag. Alas, it is not
working when runc itself is a setuid (or setgid) binary. In this case,
faccessat2(2) with AT_EACCESS can be used, but it is only available
since Linux v5.8.

So, use faccessat2(2) with AT_EACCESS if available. If not, fall back to
access(2) for non-setuid runc, and do nothing for setuid runc (as there
is nothing we can do). Note that this check if in addition to whatever
exec.LookPath does.

Fixes https://github.com/opencontainers/runc/issues/3520

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-07-01 10:02:42 -07:00
Mrunal Patel eca233d286 Merge pull request #3515 from kolyshkin/linter
Bump golangci-lint, fix an error path
2022-06-29 14:38:02 -07:00
guodong 35e6c3bf79 libct/nsenter: switch to sane_kill()
Signed-off-by: guodong <guodong9211@gmail.com>
2022-06-27 15:43:07 +10:00
Akihiro Suda 214c16fd9a Merge pull request #3510 from kolyshkin/fix-mntns-userns
libct: fix mounting via wrong proc fd
2022-06-23 18:43:25 -05:00
Kir Kolyshkin 6662570110 libct: fix staticcheck warning
A new version of staticcheck (included into golangci-lint 1.46.2) gives
this new warning:

> libcontainer/factory_linux.go:230:59: SA9008: e refers to the result of a failed type assertion and is a zero value, not the value that was being type-asserted (staticcheck)
> 				err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack())
> 				                                                      ^
> libcontainer/factory_linux.go:226:7: SA9008(related information): this is the variable being read (staticcheck)
> 			if e, ok := e.(error); ok {
> 			   ^

Apparently, this is indeed a bug. Fix by using a different name for a
new variable, so we can access the old one under "else".

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-06-16 16:31:42 -07:00
Kir Kolyshkin d370e3c046 libct: fix mounting via wrong proc fd
Due to a bug in commit 9c444070ec, when the user and mount namespaces
are used, and the bind mount is followed by the cgroup mount in the
spec, the cgroup is mounted using the bind mount's mount fd.

This can be reproduced with podman 4.1 (when configured to use runc):

$ podman run --uidmap 0:100:10000 quay.io/libpod/testimage:20210610 mount
Error: /home/kir/git/runc/runc: runc create failed: unable to start container process: error during container init: error mounting "cgroup" to rootfs at "/sys/fs/cgroup": mount /proc/self/fd/11:/sys/fs/cgroup/systemd (via /proc/self/fd/12), flags: 0x20502f: operation not permitted: OCI permission denied

or manually with the spec mounts containing something like this:

    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/userdata/resolv.conf",
      "options": [
        "bind"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }

The issue was not found earlier since it requires using userns, and even then
mount fd is ignored by mountToRootfs, except for bind mounts, and all the bind
mounts have mountfd set, except for the case of cgroup v1's /sys/fs/cgroup
which is internally transformed into a bunch of bind mounts.

This is a minimal fix for the issue, suitable for backporting.

A test case is added which reproduces the issue without the fix applied.

Fixes: 9c444070ec ("Open bind mount sources from the host userns")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-06-16 11:54:42 -07:00
cdoern c0be1aa2d1 export blockIODevice
the struct blockIODevice is used in an exported struct but it is not itself exported rendering that type inaccessible to
outside projects

Signed-off-by: cdoern <cdoern@redhat.com>
2022-06-13 13:40:39 -04:00
Aleksa Sarai 343951a22b cgroups: systemd: skip adding device paths that don't exist
systemd emits very loud warnings when the path specified doesn't exist
(which can be the case for some of our default rules). We don't need the
ruleset we give systemd to be completely accurate (we discard some kinds
of wildcard rules anyway) so we can safely skip adding these.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2022-06-02 12:10:57 +10:00
Erik Sjölund 03a210d0f2 libcontainer: relax getenv_int sanity check
Remove upper bound in integer sanity check
to not restrict the number of socket-activated
sockets passed in.

Closes #3488

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-06-01 13:54:02 +10:00
Kir Kolyshkin e0406b4ba6 vendor: bump cilium/ebpf to v0.9.0
Also, change the deprecated Sym to WithSymbol.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-26 13:35:32 -07:00
Akihiro Suda 016a0d29d1 Merge pull request #3452 from kolyshkin/separate-devices
Decouple setting cgroup device rules from cgroup manager
2022-05-25 18:11:36 +09:00
Aleksa Sarai 6a79271c31 seccomp: patchbpf: minor cleanups
Define sizeof(int) as a constant, and also return ENOSYS earlier in the
filter if it doesn't increase the number of instructions we generate
(this is a negligible performance improvement but it does make it easier
to understand the generated filter stub).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2022-05-23 16:36:07 +10:00
Aleksa Sarai be6488a5a9 seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
On s390x, syscalls above 255 are multiplexed using the (now otherwise
unused) setup(2) syscall (syscall number 0). If the kernel supports the
syscall then it will correctly translate the syscall number such that
seccomp will correctly detect it -- however, for unknown syscalls the
syscall number remains unchanged. This can be verified by running the
following program under strace:

	int main(void)
	{
		scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRAP);
		seccomp_load(ctx);

		return syscall(439, AT_FDCWD, "asdf", X_OK, 0);
	}

Which will then die with the following signal (on pre-5.8 kernels):

	--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP,
	            si_call_addr=0x3ffb3006c22, si_syscall=__NR_setup,
	            si_arch=AUDIT_ARCH_S390X} ---

(Note that the si_syscall is __NR_setup, not __NR_faccessat2.)

As a result, the -ENOSYS handling we had previously did not work
completely correctly on s390x because any syscall not supported by the
kernel would be treated as syscall number 0 rather than the actual
syscall number.

Always returning -ENOSYS will not cause any issues because in all of the
cases where this multiplexing occurs, seccomp will see the remapped
syscall number -- and no userspace program will call setup(2)
intentionally (the syscall has not existed in Linux for decades and was
originally a hack used early in Linux init prior to spawning pid1 -- so
you will get -ENOSYS from the kernel anyway).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2022-05-23 16:36:07 +10:00
Kang Chen 0ca0bb9fee libct/cg/sd: check dbus.ErrClosed instead of isDbusError
Signed-off-by: Kang Chen <kongchen28@gmail.com>
2022-05-20 14:47:19 +08:00
Akihiro Suda 8093c54d91 Merge pull request #3446 from kolyshkin/risc
release: build riscv64 binary, build static PIE if supported
2022-05-19 18:49:27 +09:00
Kir Kolyshkin 47e09976a3 libct/cg/dev: privatize some functions
These are only used from inside the package, and we don't want them to
be public.

The only two methods left are Enable and Disable.

While at it, fix or suppress found lint-extra warnings.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-18 11:17:13 -07:00
Kir Kolyshkin b6967fa84c Decouple cgroup devices handling
This commit separates the functionality of setting cgroup device
rules out of libct/cgroups to libct/cgroups/devices package. This
package, if imported, sets the function variables in libct/cgroups and
libct/cgroups/systemd, so that a cgroup manager can use those to manage
devices. If those function variables are nil (when libct/cgroups/devices
are not imported), a cgroup manager returns the ErrDevicesUnsupported
in case any device rules are set in Resources.

It also consolidates the code from libct/cgroups/ebpf and
libct/cgroups/ebpf/devicefilter into libct/cgroups/devices.

Moved some tests in libct/cg/sd that require device management to
libct/sd/devices.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-18 11:17:08 -07:00
Kir Kolyshkin 25f1856236 libct/cg/sd: factor out devices.go
This moves the functionality related to devices, SkipDevices, and
SkipFreezeOnSet to a separate file, in preparation for the next commit.

No code changes.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-18 11:14:03 -07:00
wineway d160116055 libct: use unix.Getwd instead of os.Getwd to avoid symlink
Signed-off-by: wineway <wangyuweihx@gmail.com>
2022-05-11 17:25:34 -07:00
Akihiro Suda 1d7b297128 libct/seccomp: add riscv64
Co-authored-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 17:23:45 -07:00
Kir Kolyshkin 98fe566c52 runc: do not set inheritable capabilities
Do not set inheritable capabilities in runc spec, runc exec --cap,
and in libcontainer integration tests.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-12 08:14:50 +10:00
Kir Kolyshkin 2ce40b6ad7 Remove tun/tap from the default device rules
Looking through git blame, this was added by commit 9fac18329
aka "Initial commit of runc binary", most probably by mistake.

Obviously, a container should not have access to tun/tap device, unless
it is explicitly specified in configuration.

Now, removing this might create a compatibility issue, but I see no
other choice.

Aside from the obvious misconfiguration, this should also fix the
annoying

> Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory

messages from systemd on every container start, when runc uses systemd
cgroup driver, and the system runs an old (< v240) version of systemd
(the message was presumably eliminated by [1]).

[1] https://github.com/systemd/systemd/pull/10996/commits/d5aecba6e0b7c73657c4cf544ce57289115098e7

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-04 15:38:58 -07:00
Kir Kolyshkin 68427f33d0 libct/seccomp/config: add missing KillThread, KillProcess
OCI spec added SCMP_ACT_KILL_THREAD and SCMP_ACT_KILL_PROCESS almost two
years ago ([1], [2]), but runc support was half-finished [3].

Add these actions, and modify the test case to check them.

In addition, "runc features" now lists the new actions.

[1] https://github.com/opencontainers/runtime-spec/pull/1044
[2] https://github.com/opencontainers/runtime-spec/pull/1064
[3] https://github.com/opencontainers/runc/pulls/3204

Fixes: 4a4d4f109b
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit e74fdeb88a)
2022-05-04 16:22:09 +02:00
CrazyMax 29a56b5206 fix deprecated ActKill
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-03 13:15:01 +02:00
Irwin D'Souza b76b6b9338 Allow mounting of /proc/sys/kernel/ns_last_pid
The CAP_CHECKPOINT_RESTORE linux capability provides the ability to
update /proc/sys/kernel/ns_last_pid. However, because this file is under
/proc, and by default both K8s and CRI-O specify that /proc/sys should
be mounted as Read-Only, by default even with the capability specified,
a process will not be able to write to ns_last_pid.

To get around this, a pod author can specify a volume mount and a
hostpath to bind-mount /proc/sys/kernel/ns_last_pid. However, runc does
not allow specifying mounts under /proc.

This commit adds /proc/sys/kernel/ns_last_pid to the validProcMounts
string array to enable a pod author to mount ns_last_pid as read-write.
The default remains unchanged; unless explicitly requested as a volume
mount, ns_last_pid will remain read-only regardless of whether or not
CAP_CHECKPOINT_RESTORE is specified.

Signed-off-by: Irwin D'Souza <dsouzai.gh@gmail.com>
2022-04-07 14:08:59 -04:00
Masahiro Yamada 5222928650 libct/specconv: use a local variable in CreateCgroupConfig()
Use r instead of spec.Linux.Resources to be consistent throughout
this code hunk.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-03-29 22:48:06 +09:00
Kir Kolyshkin d0c89dfac3 libct/cg: IsCgroup2HybridMode: don't panic
In case statfs("/sys/fs/cgroup/unified") fails with any error other
than ENOENT, current code panics. As IsCgroup2HybridMode is called from
libcontainer/cgroups/fs's init function, this means that any user of
libcontainer may panic during initialization, which is ugly.

Avoid panicking; instead, do not enable hybrid hierarchy support and
report the error (under debug level, not to confuse anyone).

Basically, replace the panic with "turn off hybrid mode support"
(which makes total sense since we were unable to statfs its root).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-26 18:14:08 -07:00
Kir Kolyshkin 102b8abd26 libct: rm BaseContainer and Container interfaces
The only implementation of these is linuxContainer. It does not make
sense to have an interface with a single implementation, and we do not
foresee other types of containers being added to runc.

Remove BaseContainer and Container interfaces, moving their methods
documentation to linuxContainer.

Rename linuxContainer to Container.

Adopt users from using interface to using struct.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-23 11:04:12 -07:00
Kir Kolyshkin 6a3fe1618f libcontainer: remove LinuxFactory
Since LinuxFactory has become the means to specify containers state
top directory (aka --root), and is only used by two methods (Create
and Load), it is easier to pass root to them directly.

Modify all the users and the docs accordingly.

While at it, fix Create and Load docs (those that were originally moved
from the Factory interface docs).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 23:44:31 -07:00
Kir Kolyshkin 6a29787bc9 libct/factory: make some methods functions
These do not have to be methods.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 23:29:24 -07:00
Kir Kolyshkin 8358a0ecbb libct: StartInitialization: decouple from factory
StartInitialization does not have to be a method of Factory (while
it is clear why it was done that way initially, now we only have
Linux containers so it does not make sense).

Fix callers and docs accordingly.

No change in functionality.

Also, since this was the only user of libcontainer.New with the empty
string as an argument, the corresponding check can now be removed
from it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 23:29:24 -07:00
Kir Kolyshkin a78c9a0184 libct: remove Factory interface
The only implementation is LinuxFactory, let's use this directly.

Move the piece of documentation about Create from removed factory.go to
the factory_linux.go.

The LinuxFactory is to be removed later.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 23:29:24 -07:00
Kir Kolyshkin 71bc308b7f libct/New: remove options argument
It is not used by anyone.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 23:29:24 -07:00
Kir Kolyshkin b6514469a8 libct: remove TmpfsRoot
Is is not used by anyone

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 23:29:24 -07:00
Kir Kolyshkin 6e624d6f20 Merge pull request #3419 from kolyshkin/go1.18
Add / switch to Go 1.18
2022-03-22 18:02:37 -07:00
Kir Kolyshkin a0f8847e2a Drop go 1.16
Require go 1.17 from now on, since go 1.16 is no longer supported.
Drop go1.16 compatibility.

NOTE we also have to install go 1.18 from Vagrantfile, because
Fedora 35 comes with Go 1.16.x which can't be used.

Note the changes to go.mod and vendor are due to
https://go.dev/doc/go1.17#tools

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 12:22:22 -07:00
Kir Kolyshkin 7cec81e060 libct: suppress strings.Title deprecation warning
Function strings.Title is deprecated as of Go 1.18, because it does not
handle some corner cases good enough. In this case, though, it is
perfectly fine to use it since we have a single ASCII word as an
argument, and strings.Title won't be removed until at least Go 2.0.

Suppress the deprecation warning.

The alternative is to not capitalize the namespace string; this will break
restoring of a container checkpointed by earlier version of runc.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 12:22:10 -07:00
Kir Kolyshkin f309a69a48 README,libct/README: fix pkg.go.dev badges
What used to be godoc.org is now pkg.go.dev, and while the old URLs
still work, they might be broken in the future.

Updated badges are generated via https://pkg.go.dev/badge/

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-21 17:05:41 -07:00
Kir Kolyshkin 48006d0007 libct/configs/validate: rootlessEUIDMount: speedup
1. Fix function docs. In particular, remove the part
   which is not true ("verifies that the user isn't trying to set up any
   mounts they don't have the rights to do"), and fix the part that
   says "that doesn't resolve to root" (which is no longer true since
   commit d8b669400a).

2. Replace fmt.Sscanf (which is slow and does lots of allocations)
   with strings.TrimPrefix and strconv.Atoi.

3. Add a benchmark for rootlessEUIDMount. Comparing the old and the new
   implementations:

	name                 old time/op    new time/op    delta
	RootlessEUIDMount-4    1.01µs ± 2%    0.16µs ± 1%  -84.15%  (p=0.008 n=5+5)

	name                 old alloc/op   new alloc/op   delta
	RootlessEUIDMount-4      224B ± 0%       80B ± 0%  -64.29%  (p=0.008 n=5+5)

	name                 old allocs/op  new allocs/op  delta
	RootlessEUIDMount-4      7.00 ± 0%      1.00 ± 0%  -85.71%  (p=0.008 n=5+5)

Note this code is already tested (in rootless_test.go).

Fixes: d8b669400a
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-17 13:39:55 -07:00