diff --git a/go.mod b/go.mod index 333aa46c..651d8051 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/golang/protobuf v1.4.2 github.com/moby/sys/mountinfo v0.1.3 github.com/mrunalp/fileutils v0.0.0-20200520151820-abd8a0e76976 - github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 + github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6 github.com/opencontainers/selinux v1.6.0 github.com/pkg/errors v0.9.1 github.com/seccomp/libseccomp-golang v0.9.1 diff --git a/go.sum b/go.sum index 61e6dc7f..f2b27bcc 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,10 @@ github.com/moby/sys/mountinfo v0.1.3 h1:KIrhRO14+AkwKvG/g2yIpNMOUVZ02xNhOw8KY1Ws github.com/moby/sys/mountinfo v0.1.3/go.mod h1:w2t2Avltqx8vE7gX5l+QiBKxODu2TX0+Syr3h52Tw4o= github.com/mrunalp/fileutils v0.0.0-20200520151820-abd8a0e76976 h1:aZQToFSLH8ejFeSkTc3r3L4dPImcj7Ib/KgmkQqbGGg= github.com/mrunalp/fileutils v0.0.0-20200520151820-abd8a0e76976/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0= -github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 h1:9mv9SC7GWmRWE0J/+oD8w3GsN2KYGKtg6uwLN7hfP5E= -github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.3-0.20200710190001-3e4195d92445 h1:y8cfsJRmn8g3VkM4IDpusKSgMUZEXhudm/BuYANLozE= +github.com/opencontainers/runtime-spec v1.0.3-0.20200710190001-3e4195d92445/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6 h1:NhsM2gc769rVWDqJvapK37r+7+CBXI8xHhnfnt8uQsg= +github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.6.0 h1:+bIAS/Za3q5FTwWym4fTB0vObnfCf3G/NC7K6Jx62mY= github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index ac523b41..540f0f85 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -239,15 +239,6 @@ const ( Poststop = "poststop" ) -// TODO move this to runtime-spec -// See: https://github.com/opencontainers/runtime-spec/pull/1046 -const ( - Creating = "creating" - Created = "created" - Running = "running" - Stopped = "stopped" -) - type Capabilities struct { // Bounding is the set of capabilities checked by the kernel. Bounding []string diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index c5188b1d..e43bff67 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1863,7 +1863,7 @@ func (c *linuxContainer) currentOCIState() (*specs.State, error) { if err != nil { return nil, err } - state.Status = status.String() + state.Status = specs.ContainerState(status.String()) if status != Stopped { if c.initProcess != nil { state.Pid = c.initProcess.pid() diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 028fe8ab..cb8c724a 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -19,7 +19,7 @@ import ( "github.com/opencontainers/runc/libcontainer/logs" "github.com/opencontainers/runc/libcontainer/system" "github.com/opencontainers/runc/libcontainer/utils" - + "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -400,7 +400,7 @@ func (p *initProcess) start() (retErr error) { } // initProcessStartTime hasn't been set yet. s.Pid = p.cmd.Process.Pid - s.Status = configs.Creating + s.Status = specs.StateCreating hooks := p.config.Config.Hooks if err := hooks[configs.Prestart].RunHooks(s); err != nil { @@ -433,7 +433,7 @@ func (p *initProcess) start() (retErr error) { } // initProcessStartTime hasn't been set yet. s.Pid = p.cmd.Process.Pid - s.Status = configs.Creating + s.Status = specs.StateCreating hooks := p.config.Config.Hooks if err := hooks[configs.Prestart].RunHooks(s); err != nil { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 5073870d..e00df0a2 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -20,6 +20,7 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/system" libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" "golang.org/x/sys/unix" @@ -100,7 +101,7 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) { s := iConfig.SpecState s.Pid = unix.Getpid() - s.Status = configs.Creating + s.Status = specs.StateCreating if err := iConfig.Config.Hooks[configs.CreateContainer].RunHooks(s); err != nil { return err } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 08e6b471..b20ce148 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -13,9 +13,9 @@ import ( "github.com/opencontainers/runc/libcontainer/keys" "github.com/opencontainers/runc/libcontainer/seccomp" "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux" "github.com/pkg/errors" - "golang.org/x/sys/unix" ) @@ -210,7 +210,7 @@ func (l *linuxStandardInit) Init() error { s := l.config.SpecState s.Pid = unix.Getpid() - s.Status = configs.Created + s.Status = specs.StateCreated if err := l.config.Config.Hooks[configs.StartContainer].RunHooks(s); err != nil { return err } diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index aa800c36..0deb22d1 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -8,7 +8,7 @@ import ( "path/filepath" "github.com/opencontainers/runc/libcontainer/configs" - + "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -70,7 +70,7 @@ func runPoststopHooks(c *linuxContainer) error { if err != nil { return err } - s.Status = configs.Stopped + s.Status = specs.StateStopped if err := hooks[configs.Poststop].RunHooks(s); err != nil { return err diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 7b60f8bb..3dc9efd2 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -90,7 +90,7 @@ type User struct { // GID is the group id. GID uint32 `json:"gid" platform:"linux,solaris"` // Umask is the umask for the init process. - Umask uint32 `json:"umask,omitempty" platform:"linux,solaris"` + Umask *uint32 `json:"umask,omitempty" platform:"linux,solaris"` // AdditionalGids are additional group ids set for the container's process. AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"` // Username is the user name. @@ -635,12 +635,13 @@ type LinuxSeccompAction string // Define actions for Seccomp rules const ( - ActKill LinuxSeccompAction = "SCMP_ACT_KILL" - ActTrap LinuxSeccompAction = "SCMP_ACT_TRAP" - ActErrno LinuxSeccompAction = "SCMP_ACT_ERRNO" - ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE" - ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW" - ActLog LinuxSeccompAction = "SCMP_ACT_LOG" + ActKill LinuxSeccompAction = "SCMP_ACT_KILL" + ActKillProcess LinuxSeccompAction = "SCMP_ACT_KILL_PROCESS" + ActTrap LinuxSeccompAction = "SCMP_ACT_TRAP" + ActErrno LinuxSeccompAction = "SCMP_ACT_ERRNO" + ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE" + ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW" + ActLog LinuxSeccompAction = "SCMP_ACT_LOG" ) // LinuxSeccompOperator used to match syscall arguments in Seccomp diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go index 89dce34b..e2e64c66 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go @@ -1,5 +1,23 @@ package specs +// ContainerState represents the state of a container. +type ContainerState string + +const ( + // StateCreating indicates that the container is being created + StateCreating ContainerState = "creating" + + // StateCreated indicates that the runtime has finished the create operation + StateCreated ContainerState = "created" + + // StateRunning indicates that the container process has executed the + // user-specified program but has not exited + StateRunning ContainerState = "running" + + // StateStopped indicates that the container process has exited + StateStopped ContainerState = "stopped" +) + // State holds information about the runtime state of the container. type State struct { // Version is the version of the specification that is supported. @@ -7,7 +25,7 @@ type State struct { // ID is the container ID ID string `json:"id"` // Status is the runtime status of the container. - Status string `json:"status"` + Status ContainerState `json:"status"` // Pid is the process ID for the container process. Pid int `json:"pid,omitempty"` // Bundle is the path to the container's bundle directory. diff --git a/vendor/modules.txt b/vendor/modules.txt index a05c5225..19724331 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -38,7 +38,7 @@ github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.0.0-20200520151820-abd8a0e76976 ## explicit github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 +# github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6 ## explicit github.com/opencontainers/runtime-spec/specs-go # github.com/opencontainers/selinux v1.6.0