5877 Commits

Author SHA1 Message Date
Kir Kolyshkin 6724737f99 VERSION: release 1.1.3
* Changelog for v1.1.3.
* Fixed 1.1.2 release date.
* Fixed the order of footnotes.

Note that backport (rather than original) PRs are listed as references,
since this makes it easier to cross-check against the git log.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
v1.1.3
2022-06-08 11:46:47 -07:00
Kir Kolyshkin 91fa032da4 ci: add basic checks for CHANGELOG.md
Perform some basic checks for CHANGELOG.md.

In particular, check for
 - missing periods;
 - extra spaces at EOL;
 - non-ASCII characters.

Fix the issues found.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-06-08 11:46:47 -07:00
Sebastiaan van Stijn 5d74e0f027 Merge pull request #3504 from cyphar/1.1-systemd-devices-nonexistent-files
[1.1] cgroups: systemd: skip adding device paths that don't exist
2022-06-08 19:04:24 +02:00
Aleksa Sarai 7219387eb7 cgroups: systemd: skip adding device paths that don't exist
systemd emits very loud warnings when the path specified doesn't exist
(which can be the case for some of our default rules). We don't need the
ruleset we give systemd to be completely accurate (we discard some kinds
of wildcard rules anyway) so we can safely skip adding these.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2022-06-08 09:48:24 +10:00
Kir Kolyshkin da9b9d9357 Merge pull request #3494 from eriksjolund/1.1-backport-3489
[1.1] libcontainer: relax getenv_int sanity check
2022-06-02 10:07:56 -07:00
Erik Sjölund 93d1807b53 libcontainer: relax getenv_int sanity check
Remove upper bound in integer sanity check
to not restrict the number of socket-activated
sockets passed in.

Closes #3488

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
(cherry picked from commit 03a210d0f2)
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-06-02 06:28:13 +02:00
Aleksa Sarai ff14258e8e merge branch 'pr-3481' into release-1.1
Kir Kolyshkin (2):
  script/seccomp.sh: check tarball sha256
  Dockerfile,scripts/release: bump libseccomp to v2.5.4

LGTMs: AkihiroSuda cyphar
Closes #3481
2022-05-27 12:18:12 +10:00
Kir Kolyshkin 8242c05dab script/seccomp.sh: check tarball sha256
Add checking of downloaded tarball checksum.

In case it doesn't match the hardcoded value, the error is like this:

	libseccomp-2.5.4.tar.gz: FAILED
	sha256sum: WARNING: 1 computed checksum did NOT match

In case the checksum for a particular version is not specified in the
script, the error will look like this:

	./script/seccomp.sh: line 29: SECCOMP_SHA256[${ver}]: unbound variable

In case the the hardcoded value in the file is of wrong format/length,
we'll get:

	sha256sum: 'standard input': no properly formatted SHA256 checksum lines found

In any of these cases, the script aborts (due to set -e).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 95f1e2e18872de54a17d64b2d808255463ee3d93)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-27 12:17:45 +10:00
Kir Kolyshkin 017cb29b32 Dockerfile,scripts/release: bump libseccomp to v2.5.4
Release notes: https://github.com/seccomp/libseccomp/releases/tag/v2.5.4

This affects the released static binaries (as they are statically linked
against libseccomp).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f7b07fd54c)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-27 12:17:45 +10:00
Akihiro Suda 131222d6a0 Merge pull request #3493 from cyphar/1.1-ns_last_pid
[1.1] Allow mounting of /proc/sys/kernel/ns_last_pid
2022-05-27 11:00:28 +09:00
Irwin D'Souza 51649a7d38 Allow mounting of /proc/sys/kernel/ns_last_pid
The CAP_CHECKPOINT_RESTORE linux capability provides the ability to
update /proc/sys/kernel/ns_last_pid. However, because this file is under
/proc, and by default both K8s and CRI-O specify that /proc/sys should
be mounted as Read-Only, by default even with the capability specified,
a process will not be able to write to ns_last_pid.

To get around this, a pod author can specify a volume mount and a
hostpath to bind-mount /proc/sys/kernel/ns_last_pid. However, runc does
not allow specifying mounts under /proc.

This commit adds /proc/sys/kernel/ns_last_pid to the validProcMounts
string array to enable a pod author to mount ns_last_pid as read-write.
The default remains unchanged; unless explicitly requested as a volume
mount, ns_last_pid will remain read-only regardless of whether or not
CAP_CHECKPOINT_RESTORE is specified.

Signed-off-by: Irwin D'Souza <dsouzai.gh@gmail.com>
2022-05-27 09:00:21 +10:00
Aleksa Sarai 9d00472f06 merge branch 'pr-3479' into release-1.1
Kir Kolyshkin (1):
  ci: drop docker layer caching from release job

LGTMs: thaJeztah cyphar
Closes #3479
2022-05-27 08:59:04 +10:00
Kir Kolyshkin 3a09da6b5a ci: drop docker layer caching from release job
This job is failing with "No space left on device" lately, and this
helps to fix it.

Besides, it seems that caching does not help to shorten execution times
(validate/release job succeeds in under 8 minutes now; ymmv).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-26 13:50:47 -07:00
Akihiro Suda fa7cca98a0 Merge pull request #3478 from cyphar/1.1-seccomp-enosys-setup
[1.1] seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
2022-05-25 17:24:11 +09:00
Aleksa Sarai 8b93f9fb3c seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
On s390x, syscalls above 255 are multiplexed using the (now otherwise
unused) setup(2) syscall (syscall number 0). If the kernel supports the
syscall then it will correctly translate the syscall number such that
seccomp will correctly detect it -- however, for unknown syscalls the
syscall number remains unchanged. This can be verified by running the
following program under strace:

	int main(void)
	{
		scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRAP);
		seccomp_load(ctx);

		return syscall(439, AT_FDCWD, "asdf", X_OK, 0);
	}

Which will then die with the following signal (on pre-5.8 kernels):

	--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP,
	            si_call_addr=0x3ffb3006c22, si_syscall=__NR_setup,
	            si_arch=AUDIT_ARCH_S390X} ---

(Note that the si_syscall is __NR_setup, not __NR_faccessat2.)

As a result, the -ENOSYS handling we had previously did not work
completely correctly on s390x because any syscall not supported by the
kernel would be treated as syscall number 0 rather than the actual
syscall number.

Always returning -ENOSYS will not cause any issues because in all of the
cases where this multiplexing occurs, seccomp will see the remapped
syscall number -- and no userspace program will call setup(2)
intentionally (the syscall has not existed in Linux for decades and was
originally a hack used early in Linux init prior to spawning pid1 -- so
you will get -ENOSYS from the kernel anyway).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2022-05-24 12:51:51 +10:00
Kir Kolyshkin 1839c392cc Merge pull request #3476 from kolyshkin/1.1-dbus-err
[1.1] libct/cg/sd: check dbus.ErrClosed instead of isDbusError
2022-05-23 10:45:06 -07:00
Kang Chen fc2a8fe13b libct/cg/sd: check dbus.ErrClosed instead of isDbusError
Signed-off-by: Kang Chen <kongchen28@gmail.com>
(cherry picked from commit 0ca0bb9fee)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-23 16:48:12 +10:00
Aleksa Sarai 13e164dbb0 merge branch 'pr-3477' into release-1.1
CrazyMax (1):
  fix deprecated ActKill

Kir Kolyshkin (2):
  libct/seccomp/config: add missing KillThread, KillProcess
  [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d

LGTMs: AkihiroSuda cyphar
Closes #3477
2022-05-23 16:46:52 +10:00
Kir Kolyshkin d105e052d3 libct/seccomp/config: add missing KillThread, KillProcess
OCI spec added SCMP_ACT_KILL_THREAD and SCMP_ACT_KILL_PROCESS almost two
years ago ([1], [2]), but runc support was half-finished [3].

Add these actions, and modify the test case to check them.

In addition, "runc features" now lists the new actions.

[1] https://github.com/opencontainers/runtime-spec/pull/1044
[2] https://github.com/opencontainers/runtime-spec/pull/1064
[3] https://github.com/opencontainers/runc/pulls/3204

Fixes: 4a4d4f109b
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit e74fdeb88a)
(cherry picked from commit 68427f33d0)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-20 13:25:51 -07:00
Kir Kolyshkin e4474ef881 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
This is the same as commit df2bc1380e
but for release-1.1 branch.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-20 13:25:36 -07:00
CrazyMax dc083b2bb7 fix deprecated ActKill
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 29a56b5206)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-20 11:30:16 -07:00
Sebastiaan van Stijn b507e2da6c Merge pull request #3472 from kolyshkin/1.1-fix-fedora-ci-git
[1.1] Make CI green again
2022-05-12 11:54:14 +02:00
Kir Kolyshkin bf1cd884d9 ci: use golangci-lint-action v3, GO_VERSION
golangci-lint-action v3 no longer installs golang itself, and the
version that comes with Ubuntu is not new/good enough.

Install go 1.17.x explicitly.

Introduce GO_VERSION environment variable to avoid duplication,
and use it instead of 1.x in other places, so that implicit go update
won't bring some unexpected failures.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f7637defb8)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:46:59 -07:00
Kir Kolyshkin 1feafc31f8 ci: bump golangci-lint to v1.44
Also, remove "must be specified without patch version" as this is no
longer true.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f7d4613492)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:46:59 -07:00
Kir Kolyshkin 89f79ff06d libct: StartInitialization: fix %w related warning
(on Go 1.18 this is actually an error)

> libcontainer/factory_linux.go:341:10: fmt.Errorf format %w has arg e of wrong type interface{}

Unfortunately, fixing it results in an errorlint warning:

> libcontainer/factory_linux.go#L344 non-wrapping format verb for fmt.Errorf. Use `%w` to format errors (errorlint)

so we have to silence that one.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 907aefd43c)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:46:59 -07:00
Kir Kolyshkin 3b7f260510 Format sources using gofumpt 0.2.1
... which adds a wee more whitespace fixes.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 89733cd055)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:42:50 -07:00
dependabot[bot] eeac4e7721 build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit a43485c92c)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:35:41 -07:00
Kir Kolyshkin cd7fa00d6b Vagrantfile.fedora: fix build wrt new git
With the updated git in Fedora 35, we can't build it via sudo:

	ssh default 'sudo -i make -C /vagrant localunittest'
	make: Entering directory '/vagrant'
	fatal: unsafe repository ('/vagrant' is owned by someone else)
	To add an exception for this directory, call:

		git config --global --add safe.directory /vagrant
	go build -trimpath "-buildmode=pie"  -tags "seccomp" -ldflags "-X main.gitCommit= -X main.version=1.1.0+dev " -o runc .
	error obtaining VCS status: exit status 128
		Use -buildvcs=false to disable VCS stamping.
	make: Leaving directory '/vagrant'

This commit should fix this.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 009e627cb0)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:25:09 -07:00
Aleksa Sarai 8acb6a0771 Merge pull request from GHSA-f3fp-gc8g-vw66
runc: do not set inheritable capabilities
2022-05-12 08:15:42 +10:00
Kir Kolyshkin cdfdbe55fb VERSION: back to development
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-05 12:50:18 -07:00
Kir Kolyshkin a916309fff VERSION: release 1.1.2
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
v1.1.2
2022-05-05 12:49:49 -07:00
Kir Kolyshkin 364ec0f1b4 runc: do not set inheritable capabilities
Do not set inheritable capabilities in runc spec, runc exec --cap,
and in libcontainer integration tests.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-05 12:20:40 -07:00
Aleksa Sarai 58546650ce merge branch 'pr-3439' into release-1.1
Kir Kolyshkin (3):
  VERSION: back to development
  VERSION: release 1.1.1
  CHANGELOG.md: add 1.1.1 release notes

LGTMs: mrunalp AkihiroSuda cyphar
Closes #3439
2022-03-29 13:58:36 +11:00
Kir Kolyshkin 8959e37254 VERSION: back to development
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-28 12:02:47 -07:00
Kir Kolyshkin 52de29d7e0 VERSION: release 1.1.1
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
v1.1.1
2022-03-28 12:02:47 -07:00
Kir Kolyshkin 2636e1cb36 CHANGELOG.md: add 1.1.1 release notes
This also includes the backport of commit e4d23d50fa,
fixing a minor formatting issue.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-28 12:02:47 -07:00
Kir Kolyshkin ae28db1424 Merge pull request #3436 from kolyshkin/1.1-add-centos-stream-9
[1.1] add centos-stream-9
2022-03-28 12:02:23 -07:00
Kir Kolyshkin 036cc34899 CI/cirrus: add centos-stream-9
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit a9cc993a2b6f8405edcc2a07e52a2c48e664b323)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-28 11:46:11 -07:00
Mrunal Patel c65363285b Merge pull request #3438 from kolyshkin/1.1-fix-badges
[1.1] Fix badges
2022-03-28 11:21:45 -07:00
Kir Kolyshkin db953158e1 README.md: add cirrus-ci badge
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 3618079cab)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-28 09:53:34 -07:00
Kir Kolyshkin ea19181ebd README,libct/README: fix pkg.go.dev badges
What used to be godoc.org is now pkg.go.dev, and while the old URLs
still work, they might be broken in the future.

Updated badges are generated via https://pkg.go.dev/badge/

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f309a69a48)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-28 09:53:34 -07:00
Mrunal Patel 6bf0a56814 Merge pull request #3435 from mrunalp/dont_panic_1.1
[release-1.1] libct/cg: IsCgroup2HybridMode: don't panic
2022-03-28 09:43:01 -07:00
Kir Kolyshkin 8290c4cf58 libct/cg: IsCgroup2HybridMode: don't panic
In case statfs("/sys/fs/cgroup/unified") fails with any error other
than ENOENT, current code panics. As IsCgroup2HybridMode is called from
libcontainer/cgroups/fs's init function, this means that any user of
libcontainer may panic during initialization, which is ugly.

Avoid panicking; instead, do not enable hybrid hierarchy support and
report the error (under debug level, not to confuse anyone).

Basically, replace the panic with "turn off hybrid mode support"
(which makes total sense since we were unable to statfs its root).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-28 09:13:57 -07:00
Kir Kolyshkin 6f48ab3eaf Merge pull request #3406 from marquiz/backports/rdt
[1.1] configs/validate: looser validation for RDT
2022-03-14 14:11:24 -07:00
Markus Lehtonen ee7ba6cb1e configs/validate: looser validation for RDT
Don't require CAT or MBA because we don't detect those correctly (we
don't support L2 or L3DATA/L3CODE for example, and in the future
possibly even more). With plain "ClosId mode" we don't really care: we
assign the container to a pre-configured CLOS without trying to do
anything smarter.

Moreover, this was a duplicate/redundant check anyway, as for CAT and
MBA there is another specific sanity check that is done if L3 or MB
is specified in the config.

Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
(cherry picked from commit 1d5c331042)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-14 09:35:43 -07:00
Sebastiaan van Stijn a3765fb46d Merge pull request #3404 from kolyshkin/1.1-delegate-enoent
[1.1] libct/cg/sd/v2: fix ENOENT on cgroup delegation
2022-03-10 20:37:34 +01:00
Kir Kolyshkin 96193422ea libct/cg/sd/v2: fix ENOENT on cgroup delegation
Apparently, not all files listed in /sys/kernel/cgroup/delegate must
exist in every cgroup, so we should ignore ENOENT.

Dot not ignore ENOENT on the directory itself though.

Change cgroupFilesToChown to not return ".", and refactor it to not do
any dynamic slice appending in case we're using the default built-in
list of files.

Fixes: 35d20c4e0
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 8c04b98100)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-08 12:03:50 -08:00
Akihiro Suda 51feb4289d Merge pull request #3403 from kolyshkin/1.1-exec-subcgroup
[1.1] runc exec --cgroup: ensure the path is a sub-cgroup path
2022-03-09 00:12:19 +09:00
lifubang 35784a3e6a ensure the path is a sub-cgroup path
Signed-off-by: lifubang <lifubang@acmcoder.com>
(cherry picked from commit 01f00e1fd5)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-07 18:25:59 -08:00
Mrunal Patel b9460f26b4 Merge pull request #3355 from kolyshkin/1.1-rodev
[1.1] Fix working with read-only /dev
2022-01-28 15:56:26 -08:00