Commit Graph

6358 Commits

Author SHA1 Message Date
Akihiro Suda f6c393da9e features: graduate from experimental
The type definition was merged into the OCI Runtime Spec v1.1.0-rc.2:
https://github.com/opencontainers/runtime-spec/blob/v1.1.0-rc.2/features.md

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-05-11 11:41:22 +09:00
Kir Kolyshkin 268511680f Merge pull request #3858 from opencontainers/dependabot/go_modules/golang.org/x/net-0.10.0
build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
2023-05-10 15:51:10 -07:00
Sebastiaan van Stijn d782db4536 Merge pull request #3830 from AkihiroSuda/spec-v1.1.0-rc.2
go.mod: runtime-spec v1.1.0-rc.2
2023-05-10 18:06:13 +02:00
Akihiro Suda 6beb3c6a3e go.mod: runtime-spec v1.1.0-rc.2
See https://github.com/opencontainers/runtime-spec/releases/tag/v1.1.0-rc.2
for the spec changes.

The `runc features` json is now defined in
https://github.com/opencontainers/runtime-spec/blob/v1.1.0-rc.2/specs-go/features/features.go

Replaces PR 3829

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-05-10 22:23:29 +09:00
Kir Kolyshkin 8eb801dff5 Merge pull request #3512 from kolyshkin/fix-mntns-userns-II
Refactor mountFd code
2023-05-09 01:37:25 -07:00
dependabot[bot] 882a2cc887 build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-09 08:36:13 +00:00
Akihiro Suda 712a781fe5 Merge pull request #3856 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.8.0
build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
2023-05-09 17:35:38 +09:00
dependabot[bot] 02afa9f142 build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/sys/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-05 04:58:43 +00:00
Kir Kolyshkin a60933bb24 libct/rootfs: introduce and use mountEntry
Adding fd field to mountConfig was not a good thing since mountConfig
contains data that is not specific to a particular mount, while fd is
a mount entry attribute.

Introduce mountEntry structure, which embeds configs.Mount and adds
srcFd to replace the removed mountConfig.fd.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-05-02 18:54:38 -07:00
Kir Kolyshkin 976748e8d6 libct: add mountViaFDs, simplify mount
1. Simplify mount call by removing the procfd argument, and use the new
   mount() where procfd is not used. Now, the mount() arguments are the
   same as for unix.Mount.

2. Introduce a new mountViaFDs function, which is similar to the old
   mount(), except it can take procfd for both source and target.
   The new arguments are called srcFD and dstFD.

3. Modify the mount error to show both srcFD and dstFD so it's clear
   which one is used for which purpose. This fixes the issue of having
   a somewhat cryptic errors like this:

> mount /proc/self/fd/11:/sys/fs/cgroup/systemd (via /proc/self/fd/12), flags: 0x20502f: operation not permitted

  (in which fd 11 is actually the source, and fd 12 is the target).

   After this change, it looks like

> mount src=/proc/self/fd/11, dst=/sys/fs/cgroup/systemd, dstFD=/proc/self/fd/12, flags=0x20502f: operation not permitted

   so it's clear that 12 is a destination fd.

4. Fix the mountViaFDs callers to use dstFD (rather than procfd) for the
   variable name.

5. Use srcFD where mountFd is set.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-05-02 18:41:09 -07:00
Sebastiaan van Stijn 5a9266b068 Merge pull request #3851 from kolyshkin/bump-urfave
deps: bump urfave/cli
2023-05-01 02:06:29 +02:00
Akihiro Suda 253707d8fc Merge pull request #3850 from cyphar/env-nul-byte
init: do not print environment variable value
2023-04-29 14:45:27 +09:00
Kir Kolyshkin 5a17746302 deps: bump urfave/cli
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-28 12:43:08 -07:00
Aleksa Sarai 20e38fb2b1 init: do not print environment variable value
When given an environment variable that is invalid, it's not a good idea
to output the contents in case they are supposed to be private (though
such a container wouldn't start anyway so it seems unlikely there's a
real way to use this to exfiltrate environment variables you didn't
already know).

Reported-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-28 16:32:15 +10:00
Sebastiaan van Stijn 8af2f48d9f Merge pull request #3357 from kolyshkin/more-bytes-less-strings
libct/cg/sd: optimize and test findDeviceGroup
2023-04-27 18:36:47 +02:00
Kir Kolyshkin defb1cc718 libct/cg/dev: optimize and test findDeviceGroup
1. Use strings.TrimPrefix instead of fmt.Sscanf and simplify the code.

2. Add a test case and a benchmark.

The benchmark shows some improvement, compared to the old
implementation:

name               old time/op    new time/op    delta
FindDeviceGroup-4    39.7µs ± 2%    26.8µs ± 2%  -32.63%  (p=0.008 n=5+5)

name               old alloc/op   new alloc/op   delta
FindDeviceGroup-4    6.08kB ± 0%    4.23kB ± 0%  -30.39%  (p=0.008 n=5+5)

name               old allocs/op  new allocs/op  delta
FindDeviceGroup-4       117 ± 0%         6 ± 0%  -94.87%  (p=0.008 n=5+5)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-27 09:12:08 -07:00
Sebastiaan van Stijn 39fe1c39fc Merge pull request #3848 from kolyshkin/bump-vagrant
ci/cirrus: use vagrant from hashicorp repo, bump Fedora to 38, bump bats
2023-04-27 12:22:16 +02:00
Kir Kolyshkin 13091eeefa ci: bump bats 1.8.2 -> 1.9.0
As Fedora 38 uses bats 1.9.0, let's switch to this version in other
places.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-26 18:56:37 -07:00
Kir Kolyshkin a19200096e Vagrantfile.fedora: bump to 38
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-26 18:56:37 -07:00
Kir Kolyshkin 33b6ec2925 ci/cirrus: use vagrant from hashicorp repo
A version of vagrant available from the stock repos (2.2.19) is too old
and contains a bug that prevents downloading Fedora 38 image (see [1]).

Use packages from hashicorp repo, which currently has vagrant 2.3.4.
This resolves the problem of downloading the latest Fedora image.

Also, vagrant-libvirt plugin from Ubuntu repos is not working with
vagrant from hashicorp, so switch to using "vagrant plugin install".
The downside it, this takes extra 4 minutes or so in our CI, and I
am not sure how to cache it or speed it up.

[1] https://github.com/opencontainers/runc/pull/3835#issuecomment-1519321619

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-26 18:56:30 -07:00
Aleksa Sarai 30f9f8086d merge #3844 into main
Akihiro Suda (1):
  runc.keyring: add Akihiro Suda

LGTMs: kolyshkin cyphar
Closes #3844
2023-04-26 08:00:02 +10:00
Mrunal Patel bf6a78c140 Merge pull request #3842 from kolyshkin/rm-warning
libct/cg/sd: use systemd version when generating device properties
2023-04-25 09:22:02 -07:00
Akihiro Suda 14d6c7dfcb runc.keyring: add Akihiro Suda
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-04-25 10:33:12 +09:00
Kir Kolyshkin d7208f5910 libct/cg/sd: use systemd version when generating dev props
Commit 343951a22b added a call to os.Stat for the device path
when generating systemd device properties, to avoid systemd warning for
non-existing devices. The idea was, since systemd uses stat(2) to look
up device properties for a given path, it will fail anyway. In addition,
this allowed to suppress a warning like this from systemd:

> Couldn't stat device /dev/char/10:200

NOTE that this was done because:
 - systemd could not add the rule anyway;
 - runs puts its own set of rules on top of what systemd does.

Apparently, the above change broke some setups, resulting in inability
to use e.g. /dev/null inside a container. My guess is this is because
in cgroup v2 we add a second eBPF program, which is not used if the
first one (added by systemd) returns "access denied".

Next, commit 3b9582895b fixed that by adding a call to os.Stat for
"/sys/"+path (meaning, if "/dev/char/10:200" does not exist, we retry
with "/sys/dev/char/10:200", and if it exists, proceed with adding a
device rule with the original (non-"/sys") path).

How that second fix ever worked was a mystery, because the path we gave
to systemd still doesn't exist.

Well, I think now I know.

Since systemd v240 (commit 74c48bf5a8005f20) device access rules
specified as /dev/{block|char}/MM:mm are no longer looked up on the
filesystem, instead, if possible, those are parsed from the string.

So, we need to do different things, depending on systemd version:

 - for systemd >= v240, use the /dev/{char,block}/MM:mm as is, without
   doing stat() -- since systemd doesn't do stat() either;
 - for older version, check if the path exists, and skip passing it on
   to systemd otherwise.
 - the check for /sys/dev/{block,char}/MM:mm is not needed in either
   case.

Pass the systemd version to the function that generates the rules, and
fix it accordingly.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-24 17:05:26 -07:00
Kir Kolyshkin 3e76cc4774 Merge pull request #3840 from cyphar/keyring-script-extra-info
scripts: keyring validate: print some more information
2023-04-24 12:43:02 -07:00
Aleksa Sarai cfc3c6da39 scripts: keyring validate: print some more information
Add a little bit more diagnostic information to "make validate-keyring".

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-23 13:45:03 +10:00
Aleksa Sarai 5f5b35dad4 merge #3836 into main
Kir Kolyshkin (1):
  runc.keyring: add Kolyshkin

LGTMs: AkihiroSuda cyphar
Closes #3836
2023-04-22 17:10:31 +10:00
Kir Kolyshkin a75831037f runc.keyring: add Kolyshkin
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-21 17:09:22 -07:00
Akihiro Suda dac38522e2 Merge pull request #3812 from kolyshkin/sd-rm-race
libct: fix a race with systemd removal
2023-04-21 16:50:54 +02:00
Akihiro Suda e61ce723db Merge pull request #3834 from kolyshkin/doc-kill-a
runc-kill(8): amend the --all description
2023-04-21 16:50:09 +02:00
Kir Kolyshkin 42a109198c runc-kill(8): amend the --all description
Document the aspects of --all.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-20 18:00:02 -07:00
Kir Kolyshkin fe278b9caa libct: fix a race with systemd removal
For a previous attempt to fix that (and added test cases), see commit
9087f2e827.

Alas, it's not always working because of cgroup directory TOCTOU.

To solve this and avoid the race, add an error _after_ the operation.
Implement it as a method that ignores the error that should be ignored.
Instead of currentStatus(), use faster runType(), since we are not
interested in Paused status here.

For Processes(), remove the pre-op check, and only use it after getting
an error, making the non-error path more straightforward.

For Signal(), add a second check after getting an error. The first check
is left as is because signalAllProcesses might print a warning if the
cgroup does not exist, and we'd like to avoid that.

This should fix an occasional failure like this one:

	not ok 84 kill detached busybox
	# (in test file tests/integration/kill.bats, line 27)
	#   `[ "$status" -eq 0 ]' failed
	....
	# runc kill test_busybox KILL (status=0):
	# runc kill -a test_busybox 0 (status=1):
	# time="2023-04-04T18:24:27Z" level=error msg="lstat /sys/fs/cgroup/devices/system.slice/runc-test_busybox.scope: no such file or directory"

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-20 17:50:23 -07:00
Akihiro Suda 3a2c0c2565 Merge pull request #3824 from cyphar/release-gpgkeys
release: add runc.keyring file
2023-04-19 20:11:31 +02:00
Kir Kolyshkin fdc2515187 Merge pull request #3600 from utam0k/domainname
Implement to set a domainname
2023-04-19 10:16:34 -07:00
Aleksa Sarai 056ec0caa6 keyring: add Aleksa's <cyphar@cyphar.com> signing key
keyid C9C370B246B09F6DBCFC744C34401015D1D2D386

This is my personal signing key, which I've used to sign the vast
majority of my commits on GitHub. While I usually sign releases using my
<asarai@suse.de> signing key, it doesn't hurt to include this key too.

Ref: https://keyserver.ubuntu.com/pks/lookup?search=C9C370B246B09F6DBCFC744C34401015D1D2D386&fingerprint=on&op=index
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-19 13:48:22 +10:00
Aleksa Sarai 0c9c60aa18 keyring: add Aleksa's <asarai@suse.com> signing key
keyid 5F36C6C61B5460124A75F5A69E18AA267DDB8DB4

This is the signing key I have used for all previous runc releases. You
can also verify that this is the key trusted by openSUSE for all of our
releases.

Ref: https://keyserver.ubuntu.com/pks/lookup?search=5F36C6C61B5460124A75F5A69E18AA267DDB8DB4&fingerprint=on&op=index
Ref: https://build.opensuse.org/package/view_file/openSUSE:Factory/runc/runc.keyring?expand=1&rev=54
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2023-04-19 13:48:17 +10:00
Aleksa Sarai 22538f896a keyring: verify runc.keyring has legitimate maintainer keys
These checks ensure that all of the keys in the runc.keyring list are
actually the keys of the specified user and that the users themselves
are actually maintainers.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-19 13:48:14 +10:00
Aleksa Sarai 957bccfe2f scripts: release: add verification checks for signing keys
We need to make sure the release is being signed by a key that is
actually listed as a trusted signing key, and we also need to ask the
person cutting the release whether the list of trusted keys is
acceptable.

Also add some verification checks after a release is signed to make sure
everything was signed with the correct keys.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-19 13:48:14 +10:00
Aleksa Sarai 872149470b release: add runc.keyring file and script
In order to allow any of the maintainers to cut releases for runc,
create a keyring file that distributions can use to verify that releases
are signed by one of the maintainers.

The format matches the gpg-offline format used by openSUSE packaging,
but it can be easily imported with "gpg --import" so any distribution
should be able to handle this keyring format wtihout issues.

Each key includes the GitHub handle of the associated user. There isn't
any way for this information to be automatically verified (outside of
using something like keybase.io) but since all changes of this file need
to be approved by maintainers this is okay for now.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-14 01:00:27 +10:00
utam0k d9230602e9 Implement to set a domainname
opencontainers/runtime-spec#1156

Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-04-12 13:31:20 +00:00
Aleksa Sarai 11983894a8 merge #3790 into main
Kazuki Hasegawa (1):
  Fix undefined behavior. Do not accept setjmp return value as variable.

LGTMs: AkihiroSuda cyphar
Closes #3790
2023-04-12 19:48:18 +10:00
Kazuki Hasegawa 6053aea46f Fix undefined behavior.
Do not accept setjmp return value as variable.

Signed-off-by: Kazuki Hasegawa <nanasi880@gmail.com>
2023-04-12 14:27:43 +10:00
Kir Kolyshkin e42c219fea Merge pull request #3820 from kolyshkin/ubu-22.04
ci/gha: add ubuntu 22.04
2023-04-11 13:40:27 -07:00
Kir Kolyshkin 953e1cc485 ci/gha: switch to or add ubuntu 22.04
For test jobs, add ubuntu 22.04 into the matrix, so we can test of both
cgroup v1 and v2.

For validate jobs, just switch to ubuntu 22.04

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-10 10:32:02 -07:00
Mrunal Patel d8a3daacbd Merge pull request #3815 from kolyshkin/bump-bats
bump bats-core, fix some tests, use new features
2023-04-08 08:55:21 -07:00
Kir Kolyshkin 1789002048 Merge pull request #3819 from opencontainers/dependabot/go_modules/golang.org/x/net-0.9.0
build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0
2023-04-07 15:44:40 -07:00
dependabot[bot] 439673d510 build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-07 04:59:18 +00:00
Mrunal Patel 941e5924ef Merge pull request #3814 from kolyshkin/go-1.19-minor
ci/cirrus: use Go 1.19.x not 1.19
2023-04-06 14:27:14 -07:00
Kir Kolyshkin fd1a79ffc8 ci/cirrus: improve host_info
1. Do not use echo, as this results in lines like this:

	...
	echo "-----"
	-----
	...

2. Move "cat /proc/cpuinfo" to be the last one, as the output is usually
   very long.

3. Add "go version" to CentOS jobs.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-06 10:52:05 -07:00
Kir Kolyshkin 873d7bb3a3 ci/cirrus: use Go 1.19.x not 1.19
This variable is used in curl to download a go release, so we are using
the initial Go 1.19 release in Cirrus CI, not the latest Go 1.19.x
release.

From the CI perspective, it makes more sense to use the latest release.

Add some jq magic to extract the latest minor release information
from the download page, and use it.

This brings Cirrus CI jobs logic in line with all the others (GHA,
Dockerfile), where by 1.20 we actually mean "latest 1.20.x".

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-06 10:51:43 -07:00