Commit Graph

6348 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 5a9266b068 Merge pull request #3851 from kolyshkin/bump-urfave
deps: bump urfave/cli
2023-05-01 02:06:29 +02:00
Akihiro Suda 253707d8fc Merge pull request #3850 from cyphar/env-nul-byte
init: do not print environment variable value
2023-04-29 14:45:27 +09:00
Kir Kolyshkin 5a17746302 deps: bump urfave/cli
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-28 12:43:08 -07:00
Aleksa Sarai 20e38fb2b1 init: do not print environment variable value
When given an environment variable that is invalid, it's not a good idea
to output the contents in case they are supposed to be private (though
such a container wouldn't start anyway so it seems unlikely there's a
real way to use this to exfiltrate environment variables you didn't
already know).

Reported-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-28 16:32:15 +10:00
Sebastiaan van Stijn 8af2f48d9f Merge pull request #3357 from kolyshkin/more-bytes-less-strings
libct/cg/sd: optimize and test findDeviceGroup
2023-04-27 18:36:47 +02:00
Kir Kolyshkin defb1cc718 libct/cg/dev: optimize and test findDeviceGroup
1. Use strings.TrimPrefix instead of fmt.Sscanf and simplify the code.

2. Add a test case and a benchmark.

The benchmark shows some improvement, compared to the old
implementation:

name               old time/op    new time/op    delta
FindDeviceGroup-4    39.7µs ± 2%    26.8µs ± 2%  -32.63%  (p=0.008 n=5+5)

name               old alloc/op   new alloc/op   delta
FindDeviceGroup-4    6.08kB ± 0%    4.23kB ± 0%  -30.39%  (p=0.008 n=5+5)

name               old allocs/op  new allocs/op  delta
FindDeviceGroup-4       117 ± 0%         6 ± 0%  -94.87%  (p=0.008 n=5+5)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-27 09:12:08 -07:00
Sebastiaan van Stijn 39fe1c39fc Merge pull request #3848 from kolyshkin/bump-vagrant
ci/cirrus: use vagrant from hashicorp repo, bump Fedora to 38, bump bats
2023-04-27 12:22:16 +02:00
Kir Kolyshkin 13091eeefa ci: bump bats 1.8.2 -> 1.9.0
As Fedora 38 uses bats 1.9.0, let's switch to this version in other
places.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-26 18:56:37 -07:00
Kir Kolyshkin a19200096e Vagrantfile.fedora: bump to 38
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-26 18:56:37 -07:00
Kir Kolyshkin 33b6ec2925 ci/cirrus: use vagrant from hashicorp repo
A version of vagrant available from the stock repos (2.2.19) is too old
and contains a bug that prevents downloading Fedora 38 image (see [1]).

Use packages from hashicorp repo, which currently has vagrant 2.3.4.
This resolves the problem of downloading the latest Fedora image.

Also, vagrant-libvirt plugin from Ubuntu repos is not working with
vagrant from hashicorp, so switch to using "vagrant plugin install".
The downside it, this takes extra 4 minutes or so in our CI, and I
am not sure how to cache it or speed it up.

[1] https://github.com/opencontainers/runc/pull/3835#issuecomment-1519321619

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-26 18:56:30 -07:00
Aleksa Sarai 30f9f8086d merge #3844 into main
Akihiro Suda (1):
  runc.keyring: add Akihiro Suda

LGTMs: kolyshkin cyphar
Closes #3844
2023-04-26 08:00:02 +10:00
Mrunal Patel bf6a78c140 Merge pull request #3842 from kolyshkin/rm-warning
libct/cg/sd: use systemd version when generating device properties
2023-04-25 09:22:02 -07:00
Akihiro Suda 14d6c7dfcb runc.keyring: add Akihiro Suda
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-04-25 10:33:12 +09:00
Kir Kolyshkin d7208f5910 libct/cg/sd: use systemd version when generating dev props
Commit 343951a22b added a call to os.Stat for the device path
when generating systemd device properties, to avoid systemd warning for
non-existing devices. The idea was, since systemd uses stat(2) to look
up device properties for a given path, it will fail anyway. In addition,
this allowed to suppress a warning like this from systemd:

> Couldn't stat device /dev/char/10:200

NOTE that this was done because:
 - systemd could not add the rule anyway;
 - runs puts its own set of rules on top of what systemd does.

Apparently, the above change broke some setups, resulting in inability
to use e.g. /dev/null inside a container. My guess is this is because
in cgroup v2 we add a second eBPF program, which is not used if the
first one (added by systemd) returns "access denied".

Next, commit 3b9582895b fixed that by adding a call to os.Stat for
"/sys/"+path (meaning, if "/dev/char/10:200" does not exist, we retry
with "/sys/dev/char/10:200", and if it exists, proceed with adding a
device rule with the original (non-"/sys") path).

How that second fix ever worked was a mystery, because the path we gave
to systemd still doesn't exist.

Well, I think now I know.

Since systemd v240 (commit 74c48bf5a8005f20) device access rules
specified as /dev/{block|char}/MM:mm are no longer looked up on the
filesystem, instead, if possible, those are parsed from the string.

So, we need to do different things, depending on systemd version:

 - for systemd >= v240, use the /dev/{char,block}/MM:mm as is, without
   doing stat() -- since systemd doesn't do stat() either;
 - for older version, check if the path exists, and skip passing it on
   to systemd otherwise.
 - the check for /sys/dev/{block,char}/MM:mm is not needed in either
   case.

Pass the systemd version to the function that generates the rules, and
fix it accordingly.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-24 17:05:26 -07:00
Kir Kolyshkin 3e76cc4774 Merge pull request #3840 from cyphar/keyring-script-extra-info
scripts: keyring validate: print some more information
2023-04-24 12:43:02 -07:00
Aleksa Sarai cfc3c6da39 scripts: keyring validate: print some more information
Add a little bit more diagnostic information to "make validate-keyring".

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-23 13:45:03 +10:00
Aleksa Sarai 5f5b35dad4 merge #3836 into main
Kir Kolyshkin (1):
  runc.keyring: add Kolyshkin

LGTMs: AkihiroSuda cyphar
Closes #3836
2023-04-22 17:10:31 +10:00
Kir Kolyshkin a75831037f runc.keyring: add Kolyshkin
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-21 17:09:22 -07:00
Akihiro Suda dac38522e2 Merge pull request #3812 from kolyshkin/sd-rm-race
libct: fix a race with systemd removal
2023-04-21 16:50:54 +02:00
Akihiro Suda e61ce723db Merge pull request #3834 from kolyshkin/doc-kill-a
runc-kill(8): amend the --all description
2023-04-21 16:50:09 +02:00
Kir Kolyshkin 42a109198c runc-kill(8): amend the --all description
Document the aspects of --all.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-20 18:00:02 -07:00
Kir Kolyshkin fe278b9caa libct: fix a race with systemd removal
For a previous attempt to fix that (and added test cases), see commit
9087f2e827.

Alas, it's not always working because of cgroup directory TOCTOU.

To solve this and avoid the race, add an error _after_ the operation.
Implement it as a method that ignores the error that should be ignored.
Instead of currentStatus(), use faster runType(), since we are not
interested in Paused status here.

For Processes(), remove the pre-op check, and only use it after getting
an error, making the non-error path more straightforward.

For Signal(), add a second check after getting an error. The first check
is left as is because signalAllProcesses might print a warning if the
cgroup does not exist, and we'd like to avoid that.

This should fix an occasional failure like this one:

	not ok 84 kill detached busybox
	# (in test file tests/integration/kill.bats, line 27)
	#   `[ "$status" -eq 0 ]' failed
	....
	# runc kill test_busybox KILL (status=0):
	# runc kill -a test_busybox 0 (status=1):
	# time="2023-04-04T18:24:27Z" level=error msg="lstat /sys/fs/cgroup/devices/system.slice/runc-test_busybox.scope: no such file or directory"

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-20 17:50:23 -07:00
Akihiro Suda 3a2c0c2565 Merge pull request #3824 from cyphar/release-gpgkeys
release: add runc.keyring file
2023-04-19 20:11:31 +02:00
Kir Kolyshkin fdc2515187 Merge pull request #3600 from utam0k/domainname
Implement to set a domainname
2023-04-19 10:16:34 -07:00
Aleksa Sarai 056ec0caa6 keyring: add Aleksa's <cyphar@cyphar.com> signing key
keyid C9C370B246B09F6DBCFC744C34401015D1D2D386

This is my personal signing key, which I've used to sign the vast
majority of my commits on GitHub. While I usually sign releases using my
<asarai@suse.de> signing key, it doesn't hurt to include this key too.

Ref: https://keyserver.ubuntu.com/pks/lookup?search=C9C370B246B09F6DBCFC744C34401015D1D2D386&fingerprint=on&op=index
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-19 13:48:22 +10:00
Aleksa Sarai 0c9c60aa18 keyring: add Aleksa's <asarai@suse.com> signing key
keyid 5F36C6C61B5460124A75F5A69E18AA267DDB8DB4

This is the signing key I have used for all previous runc releases. You
can also verify that this is the key trusted by openSUSE for all of our
releases.

Ref: https://keyserver.ubuntu.com/pks/lookup?search=5F36C6C61B5460124A75F5A69E18AA267DDB8DB4&fingerprint=on&op=index
Ref: https://build.opensuse.org/package/view_file/openSUSE:Factory/runc/runc.keyring?expand=1&rev=54
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2023-04-19 13:48:17 +10:00
Aleksa Sarai 22538f896a keyring: verify runc.keyring has legitimate maintainer keys
These checks ensure that all of the keys in the runc.keyring list are
actually the keys of the specified user and that the users themselves
are actually maintainers.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-19 13:48:14 +10:00
Aleksa Sarai 957bccfe2f scripts: release: add verification checks for signing keys
We need to make sure the release is being signed by a key that is
actually listed as a trusted signing key, and we also need to ask the
person cutting the release whether the list of trusted keys is
acceptable.

Also add some verification checks after a release is signed to make sure
everything was signed with the correct keys.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-19 13:48:14 +10:00
Aleksa Sarai 872149470b release: add runc.keyring file and script
In order to allow any of the maintainers to cut releases for runc,
create a keyring file that distributions can use to verify that releases
are signed by one of the maintainers.

The format matches the gpg-offline format used by openSUSE packaging,
but it can be easily imported with "gpg --import" so any distribution
should be able to handle this keyring format wtihout issues.

Each key includes the GitHub handle of the associated user. There isn't
any way for this information to be automatically verified (outside of
using something like keybase.io) but since all changes of this file need
to be approved by maintainers this is okay for now.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-14 01:00:27 +10:00
utam0k d9230602e9 Implement to set a domainname
opencontainers/runtime-spec#1156

Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-04-12 13:31:20 +00:00
Aleksa Sarai 11983894a8 merge #3790 into main
Kazuki Hasegawa (1):
  Fix undefined behavior. Do not accept setjmp return value as variable.

LGTMs: AkihiroSuda cyphar
Closes #3790
2023-04-12 19:48:18 +10:00
Kazuki Hasegawa 6053aea46f Fix undefined behavior.
Do not accept setjmp return value as variable.

Signed-off-by: Kazuki Hasegawa <nanasi880@gmail.com>
2023-04-12 14:27:43 +10:00
Kir Kolyshkin e42c219fea Merge pull request #3820 from kolyshkin/ubu-22.04
ci/gha: add ubuntu 22.04
2023-04-11 13:40:27 -07:00
Kir Kolyshkin 953e1cc485 ci/gha: switch to or add ubuntu 22.04
For test jobs, add ubuntu 22.04 into the matrix, so we can test of both
cgroup v1 and v2.

For validate jobs, just switch to ubuntu 22.04

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-10 10:32:02 -07:00
Mrunal Patel d8a3daacbd Merge pull request #3815 from kolyshkin/bump-bats
bump bats-core, fix some tests, use new features
2023-04-08 08:55:21 -07:00
Kir Kolyshkin 1789002048 Merge pull request #3819 from opencontainers/dependabot/go_modules/golang.org/x/net-0.9.0
build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0
2023-04-07 15:44:40 -07:00
dependabot[bot] 439673d510 build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-07 04:59:18 +00:00
Mrunal Patel 941e5924ef Merge pull request #3814 from kolyshkin/go-1.19-minor
ci/cirrus: use Go 1.19.x not 1.19
2023-04-06 14:27:14 -07:00
Kir Kolyshkin fd1a79ffc8 ci/cirrus: improve host_info
1. Do not use echo, as this results in lines like this:

	...
	echo "-----"
	-----
	...

2. Move "cat /proc/cpuinfo" to be the last one, as the output is usually
   very long.

3. Add "go version" to CentOS jobs.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-06 10:52:05 -07:00
Kir Kolyshkin 873d7bb3a3 ci/cirrus: use Go 1.19.x not 1.19
This variable is used in curl to download a go release, so we are using
the initial Go 1.19 release in Cirrus CI, not the latest Go 1.19.x
release.

From the CI perspective, it makes more sense to use the latest release.

Add some jq magic to extract the latest minor release information
from the download page, and use it.

This brings Cirrus CI jobs logic in line with all the others (GHA,
Dockerfile), where by 1.20 we actually mean "latest 1.20.x".

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-06 10:51:43 -07:00
Kir Kolyshkin 611bbacb3b libct/cg: add misc controller to v1 drivers
This is just so that the container can join the misc controller.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 15:49:58 -07:00
Kir Kolyshkin 9b71787be0 tests/int: fix some checks
Apparently, bash with set -e deliberately ignores non-zero return codes
from ! cmd, unless this is the last command. The workaround is to either
use "! cmd || false', "or run ! cmd". Choose the latter, and require
bash-core 1.5.0 (since this is when "run !" was added), replacing the
older check.

Alas I only learned this recently from the bash-core documentation.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 15:22:23 -07:00
Kir Kolyshkin 9dbb9f90b9 ci: bump bats 1.3.0 -> 1.8.2
This version is already used by Cirrus CI Fedora 37 job, but other CI
jobs are still using 1.3.0.

Bump it everywhere so we can enjoy new version features and fixes.

For one thing, I noticed that new bats is reporting error location
correctly.

We will also be able to use "run !" and "run -N" commands.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 15:22:23 -07:00
Sebastiaan van Stijn 5726682966 Merge pull request #3813 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.7.0
build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
2023-04-05 21:01:27 +02:00
dependabot[bot] a6e95c53f4 build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-05 04:59:43 +00:00
Akihiro Suda 67b542bb4e Merge pull request #3810 from kolyshkin/rm-get-init-cgroup-path
libct/cg: rm GetInitCgroup[Path]
2023-04-05 10:59:37 +09:00
Akihiro Suda 1b4cf1d2ae Merge pull request #3809 from opencontainers/dependabot/github_actions/lumaxis/shellcheck-problem-matchers-2
build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
2023-04-05 03:26:36 +09:00
Akihiro Suda 0cab3b3dda Merge pull request #3779 from fish98/main
tests: Fix fuzzer location in oss-fuzz config
2023-04-05 03:26:04 +09:00
Kir Kolyshkin fd5debf3aa libct/cg: rm GetInitCgroup[Path]
These functions were added in ancient times, facilitating the
docker-in-docker case when cgroup namespace was not available.

As pointed out in commit 2b28b3c276, using init 1 cgroup is not
correct because it won't work in case of host PID namespace.

The last user of GetInitCgroup was removed by commit
54e20217a8. GetInitCgroupPath was never used
as far as I can see, nor was I able to find any external users.

Remove both functions. Modify the comment in libct/cg/fs.subsysPath
to not refer to GetInitCgroupPath.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-04 11:19:25 -07:00
dependabot[bot] 1034cfa826 build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
Bumps [lumaxis/shellcheck-problem-matchers](https://github.com/lumaxis/shellcheck-problem-matchers) from 1 to 2.
- [Release notes](https://github.com/lumaxis/shellcheck-problem-matchers/releases)
- [Commits](https://github.com/lumaxis/shellcheck-problem-matchers/compare/v1...v2)

---
updated-dependencies:
- dependency-name: lumaxis/shellcheck-problem-matchers
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-04 17:44:14 +00:00