2882 Commits

Author SHA1 Message Date
Kir Kolyshkin 02c4128288 criu: simplify isOnTmpfs check in prepareCriuRestoreMounts
Instead of generating a list of tmpfs mount and have a special function
to check whether the path is in the list, let's go over the list of
mounts directly. This simplifies the code and improves readability.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit ce3cd4234c)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-08-28 12:28:32 +08:00
Kir Kolyshkin 69a3439c31 criu: inline makeCriuRestoreMountpoints
Since its code is now trivial, and it is only called from a single
place, it does not make sense to have it as a separate function.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f91fbd34d9)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-08-28 12:28:32 +08:00
Kir Kolyshkin a97c49f96e criu: ignore cgroup early in prepareCriuRestoreMounts
It makes sense to ignore cgroup mounts much early in the code,
saving some time on unnecessary operations.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit b8aa5481db)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-08-28 12:28:32 +08:00
Kir Kolyshkin 017d6b693f criu: improve prepareCriuRestoreMounts
1. Replace the big "if !" block with the if block and continue,
   simplifying the code flow.

2. Move comments closer to the code, improving readability.

This commit is best reviewed with --ignore-all-space or similar.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 0c93d41c65)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-08-28 12:28:32 +08:00
Aleksa Sarai 9a79ff4793 [1.3] libct: reset CPU affinity by default
In certain deployments, it's possible for runc to be spawned by a
process with a restrictive cpumask (such as from a systemd unit with
CPUAffinity=... configured) which will be inherited by runc and thus the
container process by default.

The cpuset cgroup used to reconfigure the cpumask automatically for
joining processes, but kcommit da019032819a ("sched: Enforce user
requested affinity") changed this behaviour in Linux 6.2.

The solution is to try to emulate the expected behaviour by resetting
our cpumask to correspond with the configured cpuset (in the case of
"runc exec", if the user did not configure an alternative one). Normally
we would have to parse /proc/stat and /sys/fs/cgroup, but luckily
sched_setaffinity(2) will transparently convert an all-set cpumask (even
if it has more entries than the number of CPUs on the system) to the
correct value for our usecase.

For some reason, in our CI it seems that rootless --systemd-cgroup
results in the cpuset (presumably temporarily?) being configured such
that sched_setaffinity(2) will allow the full set of CPUs. For this
particular case, all we care about is that it is different to the
original set, so include some special-casing (but we should probably
investigate this further...).

Reported-by: ningmingxiao <ning.mingxiao@zte.com.cn>
Reported-by: Martin Sivak <msivak@redhat.com>
Reported-by: Peter Hunt <pehunt@redhat.com>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
(Cherry-pick of commit 121192ade6c55f949d32ba486219e2b1d86898b2.)
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2025-08-28 10:57:05 +10:00
Aleksa Sarai 3ac9e16562 [1.3] rootfs: remove /proc/net/dev from allowed overmount list
This was added in 2ee9cbbd12 ("It's /proc/stat, not /proc/stats") with
no actual justification, and doesn't really make much sense on further
inspection:

 * /proc/net is a symlink to "self/net", which means that /proc/net/dev
   is a per-process file, and so overmounting it would only affect pid1.
   Any other program that cares about /proc/net/dev would see their own
   process's configuration, and unprivileged processes wouldn't be able
   to see /proc/1/... data anyway.

   In addition, the fact that this is a symlink means that runc will
   deny the overmount because /proc/1/net/dev is not in the proc
   overmount allowlist. This means that this has not worked for many
   years, and probably never worked in the first place.

 * /proc/self/net is already namespaced with network namespaces, so the
   primary argument for allowing /proc overmounts (lxcfs-like masking of
   procfs files to emulate namespacing for files that are not properly
   namespaced for containers -- such as /proc/cpuinfo) is moot.

   It goes without saying that lxcfs has never overmounted
   /proc/self/net/... files, so the general "because lxcfs"
   justification doesn't hold water either.

 * The kernel has slowly been moving towards blocking overmounts in
   /proc/self/. Linux 6.12 blocked overmounts for fd, fdinfo, and
   map_files; future Linux versions will probably end up blocking
   everything under /proc/self/.

Fixes: 2ee9cbbd12 ("It's /proc/stat, not /proc/stats")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
(cherry-picked from commit 3620185d06b79da836559b75161027c6273fff7b.)
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2025-07-25 19:18:06 +10:00
Pavel Liubimov ce4ad9922b libcontainer: close seccomp agent connection to prevent resource leaks
Add missing defer conn.Close().

Signed-off-by: Pavel Liubimov <prlyubimov@gmail.com>
(cherry picked from commit aa0e7989c4)
Signed-off-by: Pavel Liubimov <prlyubimov@gmail.com>
2025-07-04 00:04:53 +03:00
HirazawaUi 2ff7959434 Preventing containers from being unable to be deleted
Signed-off-by: HirazawaUi <695097494plus@gmail.com>
(cherry picked from commit e5a74679b32b32a7670f2a19c99974d96f1585a8)
Signed-off-by: HirazawaUi <695097494plus@gmail.com>
2025-06-22 22:32:06 +08:00
Yusuke Sakurai c682547894 fix rootfs propagation mode
Signed-off-by: Yusuke Sakurai <yusuke.sakurai@3-shake.com>
(cherry picked from commit 04be81b6a3)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-06-20 16:52:01 +08:00
Kir Kolyshkin 15dc7b516e libct/configs: stop using deprecated id
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit d22a42113d)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-06-19 10:37:52 -07:00
Kir Kolyshkin af614c94bd libct/configs: fix/improve deprecation notices
The per-file deprecation in cgroup_deprecated.go is not working,
let's replace it.

Link to Hooks.Run in Hook.Run deprecation notice.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit b25bcaa8b3)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-06-19 10:35:21 -07:00
Kir Kolyshkin daada5e850 libct/configs: add package docstring
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit a10d338eb2)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-06-19 10:35:21 -07:00
Kir Kolyshkin 6a39b49150 libct/intelrdt: fix staticcheck ST1020 warnings
> libcontainer/intelrdt/cmt.go:5:1: ST1020: comment on exported function IsCMTEnabled should be of the form "IsCMTEnabled ..." (staticcheck)
> // Check if Intel RDT/CMT is enabled.
> ^
> libcontainer/intelrdt/intelrdt.go:419:1: ST1020: comment on exported function IsCATEnabled should be of the form "IsCATEnabled ..." (staticcheck)
> // Check if Intel RDT/CAT is enabled
> ^
> libcontainer/intelrdt/intelrdt.go:425:1: ST1020: comment on exported function IsMBAEnabled should be of the form "IsMBAEnabled ..." (staticcheck)
> // Check if Intel RDT/MBA is enabled
> ^
> libcontainer/intelrdt/intelrdt.go:446:1: ST1020: comment on exported method Apply should be of the form "Apply ..." (staticcheck)
> // Applies Intel RDT configuration to the process with the specified pid
> ^
> libcontainer/intelrdt/intelrdt.go:481:1: ST1020: comment on exported method Destroy should be of the form "Destroy ..." (staticcheck)
> // Destroys the Intel RDT container-specific 'container_id' group
> ^
> libcontainer/intelrdt/intelrdt.go:497:1: ST1020: comment on exported method GetPath should be of the form "GetPath ..." (staticcheck)
> // Returns Intel RDT path to save in a state file and to be able to
> ^
> libcontainer/intelrdt/intelrdt.go:506:1: ST1020: comment on exported method GetStats should be of the form "GetStats ..." (staticcheck)
> // Returns statistics for Intel RDT
> ^
> libcontainer/intelrdt/mbm.go:6:1: ST1020: comment on exported function IsMBMEnabled should be of the form "IsMBMEnabled ..." (staticcheck)
> // Check if Intel RDT/MBM is enabled.
> ^
> 8 issues:
> * staticcheck: 8

While at it, add missing periods.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 9b3ccc19a6)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2025-04-24 02:35:52 +00:00
Kir Kolyshkin 1ceca3718b Fix staticcheck ST1020/ST1021 warnings
I was pretty sure we have a linter for these but apparently we did not.

> libcontainer/capabilities/capabilities.go:108:1: ST1020: comment on exported method ApplyCaps should be of the form "ApplyCaps ..." (staticcheck)
> // Apply sets all the capabilities for the current process in the config.
> ^
>
>
> types/events.go:15:1: ST1021: comment on exported type Stats should be of the form "Stats ..." (with optional leading article) (staticcheck)
> // stats is the runc specific stats structure for stability when encoding and decoding stats.
> ^

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 30f8acabf6)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2025-04-24 02:35:52 +00:00
Kir Kolyshkin 5d9653d8f7 Fix a few staticcheck QF1001 warnings
Like these:

> libcontainer/criu_linux.go:959:3: QF1001: could apply De Morgan's law (staticcheck)
> 		!(req.GetType() == criurpc.CriuReqType_FEATURE_CHECK ||
> 		^
> libcontainer/rootfs_linux.go:360:19: QF1001: could apply De Morgan's law (staticcheck)
> 	if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) {
> 	                 ^

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 9510ffb658)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2025-04-24 02:35:52 +00:00
Kir Kolyshkin bd84d8a37a libct: fix staticcheck QF1006 warning
> libcontainer/rootfs_linux.go:1255:13: QF1004: could use strings.ReplaceAll instead (staticcheck)
> 	keyPath := strings.Replace(key, ".", "/", -1)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 6405725ca2)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2025-04-24 02:35:52 +00:00
Aleksa Sarai 708fe7615f rootfs: improve error messages for bind-mount vfs flag setting
While debugging an issue involving failing mounts, I discovered that
just returning the plain mount error message when we are in the fallback
code for handling locked mounts leads to unnecessary confusion.

It also doesn't help that podman currently forcefully sets "rw" on
mounts, which means that rootless containers are likely to hit the
locked mounts issue fairly often.

So we should improve our error messages to explain why the mount is
failing in the locked flags case.

Fixes: 7c71a22705 ("rootfs: remove --no-mount-fallback and finally fix MS_REMOUNT")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
(cherry picked from commit 58c3ab77b0)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-04-23 12:40:35 +08:00
Aleksa Sarai 4f7de1e0d3 mount: add string representation of mount flags
When reading mount errors, it is quite hard to make sense of mount flags
in their hex form. As this is the error path, the minor performance
impact of constructing a string is probably not worth hyper-optimising.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
(cherry picked from commit 30302a2850)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-04-23 12:40:35 +08:00
Rodrigo Campos 8dd36d11ce libct: Override HOME if its set to the empty string
Before commit 06f1e0765 ("libct: speedup process.Env handling") we were
overriding HOME if it was set to "" too[1]. But now we only override it
if it wasn't set at all.

This patch restores the old behavior of overriding it if it was set to
an empty value.

Docker relies on this behaviour since ages[2].

[1]: https://github.com/opencontainers/runc/blob/1c508045727231e7342e258ab30add1478c1f981/libcontainer/init_linux.go#L544-L549
[2]: https://github.com/moby/moby/blob/843e51459f14ebc964d349eba1013dc8a3e9d52e/integration-cli/docker_cli_run_test.go#L822-L843

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
(cherry picked from commit 09501d96d2)
2025-04-07 14:17:11 +02:00
Rodrigo Campos fa44e9d503 Merge pull request #4705 from kolyshkin/1.3-4696
[1.3] criu: Add time namespace to container config after checkpoint/restore
2025-04-02 05:44:06 -03:00
lifubang a56f2bc836 libct: we should set envs after we are in the jail of the container
Because we have to set a default HOME env for the current container
user, so we should set it after we are in the jail of the container,
or else we'll use host's `/etc/passwd` to get a wrong HOME value.
Please see: #4688.

Signed-off-by: lifubang <lifubang@acmcoder.com>
(cherry picked from commit bf38646497)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-04-01 17:25:45 -07:00
Andrei Vagin 109116ae48 criu: Add time namespace to container config after checkpoint/restore
Since v3.14, CRIU always restores processes into a time namespace to
prevent backward jumps of monotonic and boottime clocks. This change
updates the container configuration to ensure that `runc exec` launches
new processes within the container's time namespace.

Fixes #2610

Signed-off-by: Andrei Vagin <avagin@gmail.com>
(cherry picked from commit b68cbdff34)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-04-01 16:46:51 -07:00
Kir Kolyshkin 10ca66bff5 runc exec: implement CPU affinity
As per
- https://github.com/opencontainers/runtime-spec/pull/1253
- https://github.com/opencontainers/runtime-spec/pull/1261

CPU affinity can be set in two ways:
1. When creating/starting a container, in config.json's
   Process.ExecCPUAffinity, which is when applied to all execs.
2. When running an exec, in process.json's CPUAffinity, which
   applied to a given exec and overrides the value from (1).

Add some basic tests.

Note that older kernels (RHEL8, Ubuntu 20.04) change CPU affinity of a
process to that of a container's cgroup, as soon as it is moved to that
cgroup, while newer kernels (Ubuntu 24.04, Fedora 41) don't do that.

Because of the above,
 - it's impossible to really test initial CPU affinity without adding
   debug logging to libcontainer/nsenter;
 - for older kernels, there can be a brief moment when exec's affinity
   is different than either initial or final affinity being set;
 - exec's final CPU affinity, if not specified, can be different
   depending on the kernel, therefore we don't test it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-03-02 19:17:41 -08:00
Kir Kolyshkin a75076b4a4 Switch to opencontainers/cgroups
This removes libcontainer/cgroups packages and starts
using those from github.com/opencontainers/cgroups repo.

Mostly generated by:

  git rm -f libcontainer/cgroups

  find . -type f -name "*.go" -exec sed -i \
    's|github.com/opencontainers/runc/libcontainer/cgroups|github.com/opencontainers/cgroups|g' \
    {} +

  go get github.com/opencontainers/cgroups@v0.0.1
  make vendor
  gofumpt -w .

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-28 15:20:33 -08:00
Rodrigo Campos 8c72dfae65 Merge pull request #4627 from beam-cloud/main
Add skip-in-flight and link-remap criu options for checkpoint and restore
2025-02-26 06:06:26 -03:00
Rodrigo Campos 352c8d40ac Merge pull request #4636 from lifubang/fix-exec-timens
libct: don't send config to nsexec when joining an existing timens
2025-02-26 05:53:29 -03:00
Tomasz Duda c43ea7d629 exeseal: do not use F_SEAL_FUTURE_WRITE
Prior to kernel Linux 5.5, F_SEAL_FUTURE_WRITE has a bug which maps
memory as shared between processes even if it is set as private. See
kernel commit 05d351102dbe ("mm, memfd: fix COW issue on MAP_PRIVATE and
F_SEAL_FUTURE_WRITE mappings") for more details.

According to the fcntl(2) man pages, F_SEAL_WRITE is enough:

> Furthermore, trying to create new shared, writable memory-mappings via
> mmap(2) will also fail with EPERM.
>
> Using the F_ADD_SEALS operation to set the F_SEAL_WRITE seal fails
> with EBUSY if any writable, shared mapping exists. Such mappings must
> be unmapped before you can add this seal.

F_SEAL_FUTURE_WRITE only makes sense if a read-write shared mapping in
one process should be read-only in another process. This is not case for
runc, especially not for the /proc/self/exe we are protecting.

Signed-off-by: Tomasz Duda <tomaszduda23@gmail.com>
(cyphar: improve the comment regarding F_SEAL_FUTURE_WRITE)
(cyphar: improve commit message)
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2025-02-26 16:40:34 +11:00
Daniel Levi-Minzi 1d047e44ed expose criu options for link remap and skip in flight
Signed-off-by: Daniel Levi-Minzi <dleviminzi@gmail.com>
2025-02-25 10:35:31 -05:00
Aleksa Sarai 559bd4ebdf libcontainer: rename dmz -> exeseal
The "dmz" name was originally used because the libcontainer/dmz package
housed the runc-dmz binary, but since we removed it in commit
871057d863 ("drop runc-dmz solution according to overlay solution")
the name is an anachronism and we should just give it a more
self-explanatory name.

So, call it libcontainer/exeseal because the purpose of the package is
to provide tools to seal /proc/self/exe against attackers.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2025-02-25 13:46:05 +11:00
Aleksa Sarai ef9830a0bf merge #4513 into opencontainers/runc:main
Tomasz Duda (1):
  support cgroup v1 mounted with noprefix

LGTMs: kolyshkin cyphar
2025-02-25 13:21:49 +11:00
lfbzhm 5f8abe5754 Merge pull request #4637 from mirendev/evanphx/b-eintr
Retry direct unix package calls if observing EINTR
2025-02-25 08:24:20 +08:00
lifubang ad09197e41 libct: don't send config to nsexec when joining an existing timens
We should configure the process's timens offset only when we need to
create new time namespace, we shouldn't do it if we are joining an
existing time namespace. (#4635)

Signed-off-by: lifubang <lifubang@acmcoder.com>
2025-02-22 16:42:33 +00:00
Evan Phoenix 28475f12e3 Retry direct unix package calls if observing EINTR
Retry Recvfrom, Sendmsg, Readmsg, and Read as they can return EINTR.

Signed-off-by: Evan Phoenix <evan@phx.io>
2025-02-21 15:19:54 -08:00
Kir Kolyshkin 4e0f7a203d libct/cg/dev: remove specconv dependency
This was needed for a test case only, but we can easily copy the data
needed.

The alternatives are:
 - keep things as is (and have cgroups depend on
   runc/libcontainer/specconv);
 - remove this test case;
 - move AllowedDevices to cgroups/devices/config.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-21 14:23:58 -08:00
Kir Kolyshkin 69792827b4 libct/cg: don't use utils.CleanPath
Instead, we can just do filepath.Clean("/"+path) here.

While at it, add a comment telling why this is needed and important.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-21 14:23:58 -08:00
Kir Kolyshkin 5e1dcdf564 libct/cg: add internal/path.Inner
The code which determines inner cgroup path from cgroup config is
identical in fs and fs2 drivers, and it is using utils.CleanPath.

In preparation to move libcontainer/cgroups to a separate repo,
we have to get rid of libcontainer/utils dependency. So,
 - copy the utils.CleanPath implementation to internal/path;
 - consolidate the two innerPath implementations to internal/path.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-21 14:23:58 -08:00
Kir Kolyshkin 271aa88ed5 libct/cg/fs2: rm _defaultDirPath
The _defaultDirPath was only used for testing, and the test case
is quite easy to adopt to defaultDirPath.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-21 14:23:58 -08:00
Kir Kolyshkin 7bebe68c7a libct/cg: stop using utils.ProcThreadSelf
We were using utils.ProcThreadSelf since commit 8e8b136c,
which provides two things:
1. locking the OS tread;
2. fallback to /proc/self/task/$TID when /proc/thread-self
   is not available (kernel < 3.17).

Now, (1) is not needed since we only call readlink and not perform any
file data operation, and (2) is not needed here as this code is
only running when openat2 syscall is available, meaning kernel >= v5.6.

Also, check the error from readlink, so when it fails, we do not try to
enhance the error message.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-21 14:14:22 -08:00
Rodrigo Campos b0b186e64d Merge pull request #4630 from kolyshkin/clean-path
libc/utils: simplify CleanPath
2025-02-13 13:59:23 -03:00
lfbzhm c3c111d2a6 Merge pull request #4585 from kolyshkin/per-process-properties
Fix process/config properties merging
2025-02-13 18:47:32 +08:00
Rodrigo Campos 20727c62d5 Merge pull request #4598 from kolyshkin/go124
Add Go 1.24, drop Go 1.22
2025-02-13 07:46:47 -03:00
Kir Kolyshkin 0f88286077 Merge pull request #4470 from kolyshkin/strings-cut
Use strings.Cut and strings.CutPrefix where possible
2025-02-12 23:35:20 -08:00
Kir Kolyshkin 8db6ffbeef libc/utils: simplify CleanPath
This simplifies the code flow and basically removes the last
filepath.Clean, which is not necessary in either case:

 - for absolute path, single filepath.Clean is enough (as it is
   guaranteed to remove all dot and dot-dot elements);

 - for relative path, filepath.Rel calls Clean at the end
   (which is even documented).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-12 20:17:51 -08:00
Kir Kolyshkin 35a28ad0a4 Merge pull request #4596 from evanphx/evanphx/b-close-range
utils: Handle close_range more gracefully
2025-02-11 18:04:07 -08:00
Kir Kolyshkin 16d7336791 Require Go 1.23.x, drop Go 1.22 support
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:03:06 -08:00
Kir Kolyshkin 99f9ed94dc runc exec: fix setting process.Scheduler
Commit 770728e1 added Scheduler field into both Config and Process,
but forgot to add a mechanism to actually use Process.Scheduler.
As a result, runc exec does not set Process.Scheduler ever.

Fix it, and a test case (which fails before the fix).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:01:30 -08:00
Kir Kolyshkin b9114d91e2 runc exec: fix setting process.ioPriority
Commit bfbd0305b added IOPriority field into both Config and Process,
but forgot to add a mechanism to actually use Process.IOPriority.
As a result, runc exec does not set Process.IOPriority ever.

Fix it, and a test case (which fails before the fix).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:01:30 -08:00
Kir Kolyshkin 73849e797f libct: simplify Caps inheritance
For all other properties that are available in both Config and Process,
the merging is performed by newInitConfig.

Let's do the same for Capabilities for the sake of code uniformity.

Also, thanks to the previous commit, we no longer have to make sure we
do not call capabilities.New(nil).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:01:30 -08:00
Kir Kolyshkin 049a5f76cf libct/cap: allow New(nil)
In runtime-spec, capabilities property is optional, but
libcontainer/capabilities panics when New(nil) is called.

Because of this, there's a kludge in finalizeNamespace to ensure
capabilities.New is not called with nil argument, and there's a
TestProcessEmptyCaps to ensure runc won't panic.

Let's fix this at the source, allowing libct/cap to work with nil
capabilities.

(The caller is fixed by the next commit.)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:01:30 -08:00
Kir Kolyshkin f26ec92221 libct: rm Rootless* properties from initConfig
They are passed in initConfig twice, so it does not make sense.

NB: the alternative to that would be to remove Config field from
initConfig, but it results in a much bigger patch and more maintenance
down the road.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:01:30 -08:00