Commit Graph

6163 Commits

Author SHA1 Message Date
Kir Kolyshkin fb23608437 ci/gha: bump golangci/golangci-lint-action to v5
Since v5 removes caching [1], re-enable setup-go cache.

[1] https://github.com/golangci/golangci-lint-action/pull/1024

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 6bcc736122)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Akihiro Suda 8bfc75a25d CI: run apt with -y
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 30dc98f577)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Kir Kolyshkin e546ddeec8 ci/gha: switch some jobs to ubuntu-22.04
This is a partial backport of commits 953e1cc48 and b32655d2
from the main branch.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
dependabot[bot] 0d19e78b84 build(deps): bump actions/setup-go from 4 to 5
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit e66ba70f50)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Kir Kolyshkin b36844518a build(deps): bump actions/checkout from 3 to 4
Same as commit 2d0cd0b3 in main branch.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
dependabot[bot] cb2d85dcde build(deps): bump tim-actions/commit-message-checker-with-regex
Bumps [tim-actions/commit-message-checker-with-regex](https://github.com/tim-actions/commit-message-checker-with-regex) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/tim-actions/commit-message-checker-with-regex/releases)
- [Commits](https://github.com/tim-actions/commit-message-checker-with-regex/compare/v0.3.1...v0.3.2)

---
updated-dependencies:
- dependency-name: tim-actions/commit-message-checker-with-regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit fe6f33b2c0)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
dependabot[bot] 25e27d7eef build(deps): bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 7b655782bf)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
dependabot[bot] 2ac8b11f48 build(deps): bump golangci/golangci-lint-action from 3 to 4
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 27cbabd00d)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Kir Kolyshkin 7d86e7d9ec Merge pull request #4299 from kolyshkin/1.1-4290
[1.1] libct/system: ClearRlimitNofileCache for go 1.23
2024-06-06 14:34:04 -07:00
Kir Kolyshkin 096e6f88f0 [1.1] libct/system: ClearRlimitNofileCache for go 1.23
Go 1.23 tightens access to internal symbols, and even puts runc into
"hall of shame" for using an internal symbol (recently added by commit
da68c8e3). So, while not impossible, it becomes harder to access those
internal symbols, and it is a bad idea in general.

Since Go 1.23 includes https://go.dev/cl/588076, we can clean the
internal rlimit cache by setting the RLIMIT_NOFILE for ourselves,
essentially disabling the rlimit cache.

Once Go 1.22 is no longer supported, we will remove the go:linkname hack.

(cherry picked from commit 584afc6756)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-05 12:51:15 -07:00
lfbzhm 14181f438e Merge pull request #4308 from kolyshkin/1.1-rm-cs8
[1.1] ci/cirrus: rm centos stream 8
2024-06-05 18:29:42 +08:00
Kir Kolyshkin fc7af59a6b ci/cirrus: rm centos stream 8
It is past EOL and has been removed from GCE public images.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 40bb9c468e)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-04 23:09:46 -07:00
Kir Kolyshkin a1610b56a4 Merge pull request #4305 from lifubang/backport-cs8eol
[1.1] ci: workaround for centos stream 8 being EOLed
2024-06-04 10:44:40 -07:00
Kir Kolyshkin 9629fd9554 ci: workaround for centos stream 8 being EOLed
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 48c4e733f4)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-06-04 18:21:52 +08:00
Kir Kolyshkin 20ef9762da Merge pull request #4300 from lifubang/backport-codespell-2.3.0
[1.1] Fix codespell warnings
2024-06-03 17:02:16 -07:00
Kir Kolyshkin 3b7fcf76ef ci: pin codespell
CI should not fail and require attention every time a new codespell
version is released.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit b24fc9d2c4)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-06-03 09:04:41 +08:00
Kir Kolyshkin f8f7defa85 Fix codespell warnings
./features.go:30: tru ==> through, true
...
./utils_linux.go:147: infront ==> in front

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 177c7d4f59)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-06-02 06:51:39 +08:00
lfbzhm a12f444afb Merge pull request #4284 from kolyshkin/1.1-fix-4094
[1.1] libct/cg/fs: fix setting rt_period vs rt_runtime
2024-05-24 13:30:19 +08:00
Kir Kolyshkin 860f05f307 libct/cg/fs: fix setting rt_period vs rt_runtime
The issue is the same as in commit 1b2adcf but for RT scheduler;
the fix is also the same.

Test case by ls-ggg.

Co-authored-by: ls-ggg <335814617@qq.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit b60079e2e59670b8babd653002d8f469064fb244)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-05-21 09:54:44 -07:00
Kir Kolyshkin 9244703011 Merge pull request #4277 from lifubang/backport-4265-nofilerlimit
[1.1] Fix set nofile rlimit error
2024-05-20 14:20:11 -07:00
Akihiro Suda 51dc972864 Merge pull request #4231 from kolyshkin/1.1-3349
[1.1] runc list: fix race with runc delete
2024-05-18 02:47:23 +09:00
lifubang c918058bb7 fix comments for ClearRlimitNofileCache
Signed-off-by: lifubang <lifubang@acmcoder.com>
(cherry picked from commit a35f7d8093)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-05-17 18:18:29 +08:00
lifubang 2992049dc3 update/add some tests for rlimit
issues:
https://github.com/opencontainers/runc/issues/4195
https://github.com/opencontainers/runc/pull/4265#discussion_r1588599809

Signed-off-by: lifubang <lifubang@acmcoder.com>
(cherry picked from commit 4ea0bf88fd)
Signed-off-by: lfbzhm <lifubang@acmcoder.com>
2024-05-17 18:18:29 +08:00
ls-ggg d7a29a3b33 libct: clean cached rlimit nofile in go runtime
As reported in issue #4195, the new version(since 1.19) of go runtime
will cache rlimit-nofile. Before executing execve, the rlimit-nofile
of the process will be restored with the cache. In runc, this will
cause the rlimit-nofile set by the parent process for the container
to become invalid. It can be solved by clearing the cache.

Signed-off-by: ls-ggg <335814617@qq.com>
(cherry picked from commit f9f8abf310)
Signed-off-by: lifubang <lifubang@acmcoder.com>
(cherry picked from commit da68c8e37b)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-05-17 18:18:29 +08:00
lfbzhm 42c2ab2b7c use go 1.18 in go.mod
The complete generic features are supported since go 1.18

Signed-off-by: lfbzhm <lifubang@acmcoder.com>
2024-05-17 18:18:23 +08:00
lifubang 83ecd11c29 runc exec: setupRlimits after syscall.rlimit.init() completed
Issue: https://github.com/opencontainers/runc/issues/4195
Since https://go-review.googlesource.com/c/go/+/476097, there is
a get/set race between runc exec and syscall.rlimit.init, so we
need to call setupRlimits after syscall.rlimit.init() completed.

Signed-off-by: lifubang <lifubang@acmcoder.com>
(cherry picked from commit a853a82677)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-05-16 21:48:34 +08:00
Kir Kolyshkin fbddb715ed libct: fix a comment
Do not refer to the function which was removed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit bac506463d)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-05-16 21:48:34 +08:00
Kir Kolyshkin debf52aa5b deprecate libct.system.Execv
This is not used since commit dac41717.
It will be removed in v1.2.0

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit dbd0c3349f)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-05-16 21:47:26 +08:00
Kir Kolyshkin 986edbe60f list: use Info(), fix race with delete
Since commit 551629417 we can (and should) use Info() to get access to
file stat. Do this.

While going over directory entries, a parallel runc delete can remove
an entry, and with the current code it results in a fatal error (which
was not observed in practice, but looks quite possible). To fix,
add a special case to continue on ErrNotExist.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 1a3ee4966c)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-05-10 11:22:11 -07:00
Kir Kolyshkin 09214f21da list: getContainers: less indentation
Instead of a huge if {} block, use continue.

Best reviewed with --ignore-all-space.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 095929b15e)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-05-10 11:22:11 -07:00
Akihiro Suda 007abf31f8 Merge pull request #4270 from akhilerm/backport-1.1-4269
[1.1] allow overriding VERSION value in Makefile
2024-05-08 07:22:52 +09:00
Akhil Mohan 6f4d975c40 allow overriding VERSION value in Makefile
this allows using a custom version string while building runc
without modifying the VERSION file

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
(cherry picked from commit 9d9273c926)
Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
2024-05-06 22:18:04 +05:30
Mrunal Patel e8bb71e147 Merge pull request #4257 from sohankunkerkar/release-1.1
[1.1] libcontainer: force apps to think fips is enabled/disabled for testing
2024-04-26 10:31:35 -07:00
lfbzhm 6379b58d97 libcontainer: force apps to think fips is enabled/disabled for testing
The motivation behind this change is to provide a flexible mechanism for
containers within a Kubernetes cluster to opt out of FIPS mode when necessary.
This change enables apps to simulate FIPS mode being enabled or disabled for testing
purposes. Users can control whether apps believe FIPS mode is on or off by manipulating
`/proc/sys/crypto/fips_enabled`.

Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
2024-04-26 11:23:49 -04:00
lfbzhm 5bfff6ae24 Merge pull request #4261 from kolyshkin/1.1-4256
[1.1] Vagrantfile.fedora: bump Fedora to 39
2024-04-26 20:50:23 +08:00
Kir Kolyshkin 265e737180 Vagrantfile.fedora: bump Fedora to 39
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 8732eada62)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-25 18:23:24 -07:00
Kir Kolyshkin b0691cafe3 Merge pull request #4244 from kycheng/chore/net-cve
[1.1] chore: silencing security false positives caused by golang.org/x/net
2024-04-16 17:26:56 -07:00
kychen 59056a0213 silence security false positives from golang/net
golang.org/x/net:v0.8.0 will introduce some security false positives:

- https://avd.aquasec.com/nvd/cve-2023-4448
- https://avd.aquasec.com/nvd/cve-2023-3978
- https://avd.aquasec.com/nvd/cve-2023-39325

Signed-off-by: kychen <kychen@alauda.io>
2024-04-10 15:28:12 +08:00
Kir Kolyshkin 148fdabd70 Merge pull request #4241 from kolyshkin/1.1.13-ci-fixes
[1.1] CI fixes and misc backports
2024-04-02 21:53:18 -07:00
Aleksa Sarai 452bf88ebf build: update libseccomp to v2.5.5
This adds support for syscalls up to Linux 6.7-rc3.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
(cherry picked from commit cdccf6d615)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-02 14:15:48 -07:00
Kir Kolyshkin 3fada6eca4 tests/int: fix flaky "runc run with tmpfs perm"
Apparently, sometimes a short-lived "runc run" produces result with \r
and sometimes without. As a result, we have an occasional failure of
"runc run with tmpfs perms" test.

The solution (to the flaky test) is to use the first line of the output
(like many other tests do).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 6d27922005)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-02 14:14:24 -07:00
TTFISH aae41a4b79 Fix integration tests failure when calling "ip"
Signed-off-by: TTFISH <jiongchiyu@gmail.com>
(cherry picked from commit eb55472ee1)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-02 14:13:03 -07:00
lfbzhm 82a8b979ef update go version to 1.21 in cirrus ci
Signed-off-by: lfbzhm <lifubang@acmcoder.com>
(cherry picked from commit a596a05510)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-02 14:12:20 -07:00
Kir Kolyshkin 03271050eb ci/gha/cross-i386: pin Go to 1.21
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-02 14:12:14 -07:00
Aleksa Sarai a9833ff391 Merge pull request from GHSA-xr7r-f8xq-vfvv
runc: release 1.1.12
2024-02-01 07:04:29 +11:00
Aleksa Sarai 29d6d87345 VERSION: back to development
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-01-24 00:12:54 +11:00
Aleksa Sarai 51d5e94601 VERSION: release 1.1.12
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
v1.1.12
2024-01-24 00:12:48 +11:00
Aleksa Sarai 2a4ed3e75b merge 1.1-ghsa-xr7r-f8xq-vfvv into release-1.1
This is a security fix for CVE-2024-21626. See the advisory[1] for more
details.

Aleksa Sarai (6):
  init: don't special-case logrus fds
  libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
  cgroup: plug leaks of /sys/fs/cgroup handle
  init: close internal fds before execve
  setns init: do explicit lookup of execve argument early
  init: verify after chdir that cwd is inside the container

Hang Jiang (1):
  Fix File to Close

[1]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv

Fixes: GHSA-xr7r-f8xq-vfvv CVE-2024-21626
LGTMs: cyphar AkihiroSuda kolyshkin lifubang
2024-01-24 00:11:59 +11:00
Aleksa Sarai e9665f4d60 init: don't special-case logrus fds
We close the logfd before execve so there's no need to special case it.
In addition, it turns out that (*os.File).Fd() doesn't handle the case
where the file was closed and so it seems suspect to use that kind of
check.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-01-24 00:10:59 +11:00
Aleksa Sarai 683ad2ff3b libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
Given the core issue in GHSA-xr7r-f8xq-vfvv was that we were unknowingly
leaking file descriptors to "runc init", it seems prudent to make sure
we proactively prevent this in the future. The solution is to simply
mark all non-stdio file descriptors as O_CLOEXEC before we spawn "runc
init".

For libcontainer library users, this could result in unrelated files
being marked as O_CLOEXEC -- however (for the same reason we are doing
this for runc), for security reasons those files should've been marked
as O_CLOEXEC anyway.

Fixes: GHSA-xr7r-f8xq-vfvv CVE-2024-21626
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-01-24 00:10:59 +11:00