From 7fc291fd4513839122c5198982e5b3077a7c3d42 Mon Sep 17 00:00:00 2001 From: John Hwang Date: Sat, 16 May 2020 17:20:44 -0700 Subject: [PATCH 1/2] Replace formatted errors when unneeded Signed-off-by: John Hwang --- checkpoint.go | 7 +++--- delete.go | 3 ++- events.go | 3 ++- libcontainer/cgroups/fs/apply_raw.go | 4 ++-- libcontainer/cgroups/fs/cpuset.go | 4 ++-- libcontainer/cgroups/fs/devices.go | 6 ++--- libcontainer/cgroups/fs/stats_util_test.go | 3 ++- libcontainer/cgroups/systemd/unsupported.go | 22 +++++++++--------- libcontainer/configs/validate/rootless.go | 11 ++++----- libcontainer/configs/validate/validator.go | 25 +++++++++++---------- libcontainer/container_linux.go | 18 +++++++-------- libcontainer/init_linux.go | 6 ++--- libcontainer/keys/keyctl.go | 3 +-- libcontainer/process_linux.go | 7 +++--- libcontainer/seccomp/seccomp_linux.go | 17 +++++++------- libcontainer/sync.go | 5 +++-- list.go | 3 ++- ps.go | 5 +++-- update.go | 5 +++-- utils_linux.go | 16 ++++++------- 20 files changed, 91 insertions(+), 82 deletions(-) diff --git a/checkpoint.go b/checkpoint.go index b759db42..a6d4f885 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -3,6 +3,7 @@ package main import ( + "errors" "fmt" "os" "strconv" @@ -91,11 +92,11 @@ func setPageServer(context *cli.Context, options *libcontainer.CriuOpts) { if psOpt := context.String("page-server"); psOpt != "" { addressPort := strings.Split(psOpt, ":") if len(addressPort) != 2 { - fatal(fmt.Errorf("Use --page-server ADDRESS:PORT to specify page server")) + fatal(errors.New("Use --page-server ADDRESS:PORT to specify page server")) } portInt, err := strconv.Atoi(addressPort[1]) if err != nil { - fatal(fmt.Errorf("Invalid port number")) + fatal(errors.New("Invalid port number")) } options.PageServer = libcontainer.CriuPageServerInfo{ Address: addressPort[0], @@ -114,7 +115,7 @@ func setManageCgroupsMode(context *cli.Context, options *libcontainer.CriuOpts) case "strict": options.ManageCgroupsMode = libcontainer.CRIU_CG_MODE_STRICT default: - fatal(fmt.Errorf("Invalid manage cgroups mode")) + fatal(errors.New("Invalid manage cgroups mode")) } } } diff --git a/delete.go b/delete.go index de8cd7ea..84f5b62a 100644 --- a/delete.go +++ b/delete.go @@ -3,6 +3,7 @@ package main import ( + "errors" "fmt" "os" "path/filepath" @@ -23,7 +24,7 @@ func killContainer(container libcontainer.Container) error { return nil } } - return fmt.Errorf("container init still running") + return errors.New("container init still running") } var deleteCommand = cli.Command{ diff --git a/events.go b/events.go index 0a687c32..b3a339ef 100644 --- a/events.go +++ b/events.go @@ -4,6 +4,7 @@ package main import ( "encoding/json" + "errors" "fmt" "os" "sync" @@ -40,7 +41,7 @@ information is displayed once every 5 seconds.`, } duration := context.Duration("interval") if duration <= 0 { - return fmt.Errorf("duration interval must be greater than 0") + return errors.New("duration interval must be greater than 0") } status, err := container.Status() if err != nil { diff --git a/libcontainer/cgroups/fs/apply_raw.go b/libcontainer/cgroups/fs/apply_raw.go index c3d2c9ef..f51dbc3d 100644 --- a/libcontainer/cgroups/fs/apply_raw.go +++ b/libcontainer/cgroups/fs/apply_raw.go @@ -35,7 +35,7 @@ var ( HugePageSizes, _ = cgroups.GetHugePageSize() ) -var errSubsystemDoesNotExist = fmt.Errorf("cgroup: subsystem does not exist") +var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist") type subsystemSet []subsystem @@ -308,7 +308,7 @@ func getCgroupData(c *configs.Cgroup, pid int) (*cgroupData, error) { } if (c.Name != "" || c.Parent != "") && c.Path != "" { - return nil, fmt.Errorf("cgroup: either Path or Name and Parent should be used") + return nil, errors.New("cgroup: either Path or Name and Parent should be used") } // XXX: Do not remove this code. Path safety is important! -- cyphar diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index bfc900e3..8f55c933 100644 --- a/libcontainer/cgroups/fs/cpuset.go +++ b/libcontainer/cgroups/fs/cpuset.go @@ -4,7 +4,7 @@ package fs import ( "bytes" - "fmt" + "errors" "io/ioutil" "os" "path/filepath" @@ -108,7 +108,7 @@ func (s *CpusetGroup) ensureParent(current, root string) error { } // Avoid infinite recursion. if parent == current { - return fmt.Errorf("cpuset: cgroup parent path outside cgroup root") + return errors.New("cpuset: cgroup parent path outside cgroup root") } if err := s.ensureParent(parent, root); err != nil { return err diff --git a/libcontainer/cgroups/fs/devices.go b/libcontainer/cgroups/fs/devices.go index 4fc3951d..a70619cb 100644 --- a/libcontainer/cgroups/fs/devices.go +++ b/libcontainer/cgroups/fs/devices.go @@ -4,7 +4,7 @@ package fs import ( "bytes" - "fmt" + "errors" "reflect" "github.com/opencontainers/runc/libcontainer/cgroups" @@ -95,9 +95,9 @@ func (s *DevicesGroup) Set(path string, cgroup *configs.Cgroup) error { return err } if !target.IsBlacklist() && !reflect.DeepEqual(currentAfter, target) { - return fmt.Errorf("resulting devices cgroup doesn't precisely match target") + return errors.New("resulting devices cgroup doesn't precisely match target") } else if target.IsBlacklist() != currentAfter.IsBlacklist() { - return fmt.Errorf("resulting devices cgroup doesn't match target mode") + return errors.New("resulting devices cgroup doesn't match target mode") } } return nil diff --git a/libcontainer/cgroups/fs/stats_util_test.go b/libcontainer/cgroups/fs/stats_util_test.go index cdce03cf..08f717ea 100644 --- a/libcontainer/cgroups/fs/stats_util_test.go +++ b/libcontainer/cgroups/fs/stats_util_test.go @@ -3,6 +3,7 @@ package fs import ( + "errors" "fmt" "reflect" "testing" @@ -12,7 +13,7 @@ import ( func blkioStatEntryEquals(expected, actual []cgroups.BlkioStatEntry) error { if len(expected) != len(actual) { - return fmt.Errorf("blkioStatEntries length do not match") + return errors.New("blkioStatEntries length do not match") } for i, expValue := range expected { actValue := actual[i] diff --git a/libcontainer/cgroups/systemd/unsupported.go b/libcontainer/cgroups/systemd/unsupported.go index 37fa5035..46d3beca 100644 --- a/libcontainer/cgroups/systemd/unsupported.go +++ b/libcontainer/cgroups/systemd/unsupported.go @@ -3,7 +3,7 @@ package systemd import ( - "fmt" + "errors" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" @@ -19,23 +19,23 @@ func IsRunningSystemd() bool { } func NewSystemdCgroupsManager() (func(config *configs.Cgroup, paths map[string]string) cgroups.Manager, error) { - return nil, fmt.Errorf("Systemd not supported") + return nil, errors.New("Systemd not supported") } func (m *Manager) Apply(pid int) error { - return fmt.Errorf("Systemd not supported") + return errors.New("Systemd not supported") } func (m *Manager) GetPids() ([]int, error) { - return nil, fmt.Errorf("Systemd not supported") + return nil, errors.New("Systemd not supported") } func (m *Manager) GetAllPids() ([]int, error) { - return nil, fmt.Errorf("Systemd not supported") + return nil, errors.New("Systemd not supported") } func (m *Manager) Destroy() error { - return fmt.Errorf("Systemd not supported") + return errors.New("Systemd not supported") } func (m *Manager) GetPaths() map[string]string { @@ -47,21 +47,21 @@ func (m *Manager) Path(_ string) string { } func (m *Manager) GetStats() (*cgroups.Stats, error) { - return nil, fmt.Errorf("Systemd not supported") + return nil, errors.New("Systemd not supported") } func (m *Manager) Set(container *configs.Config) error { - return fmt.Errorf("Systemd not supported") + return errors.New("Systemd not supported") } func (m *Manager) Freeze(state configs.FreezerState) error { - return fmt.Errorf("Systemd not supported") + return errors.New("Systemd not supported") } func Freeze(c *configs.Cgroup, state configs.FreezerState) error { - return fmt.Errorf("Systemd not supported") + return errors.New("Systemd not supported") } func (m *Manager) GetCgroups() (*configs.Cgroup, error) { - return nil, fmt.Errorf("Systemd not supported") + return nil, errors.New("Systemd not supported") } diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go index 393d9e81..717d0f00 100644 --- a/libcontainer/configs/validate/rootless.go +++ b/libcontainer/configs/validate/rootless.go @@ -1,6 +1,7 @@ package validate import ( + "errors" "fmt" "strings" @@ -35,14 +36,14 @@ func hasIDMapping(id int, mappings []configs.IDMap) bool { func rootlessEUIDMappings(config *configs.Config) error { if !config.Namespaces.Contains(configs.NEWUSER) { - return fmt.Errorf("rootless container requires user namespaces") + return errors.New("rootless container requires user namespaces") } if len(config.UidMappings) == 0 { - return fmt.Errorf("rootless containers requires at least one UID mapping") + return errors.New("rootless containers requires at least one UID mapping") } if len(config.GidMappings) == 0 { - return fmt.Errorf("rootless containers requires at least one GID mapping") + return errors.New("rootless containers requires at least one GID mapping") } return nil } @@ -67,7 +68,7 @@ func rootlessEUIDMount(config *configs.Config) error { continue } if !hasIDMapping(uid, config.UidMappings) { - return fmt.Errorf("cannot specify uid= mount options for unmapped uid in rootless containers") + return errors.New("cannot specify uid= mount options for unmapped uid in rootless containers") } } @@ -79,7 +80,7 @@ func rootlessEUIDMount(config *configs.Config) error { continue } if !hasIDMapping(gid, config.GidMappings) { - return fmt.Errorf("cannot specify gid= mount options for unmapped gid in rootless containers") + return errors.New("cannot specify gid= mount options for unmapped gid in rootless containers") } } } diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 3b42f301..49b5f4c6 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -1,6 +1,7 @@ package validate import ( + "errors" "fmt" "os" "path/filepath" @@ -80,7 +81,7 @@ func (v *ConfigValidator) rootfs(config *configs.Config) error { func (v *ConfigValidator) network(config *configs.Config) error { if !config.Namespaces.Contains(configs.NEWNET) { if len(config.Networks) > 0 || len(config.Routes) > 0 { - return fmt.Errorf("unable to apply network settings without a private NET namespace") + return errors.New("unable to apply network settings without a private NET namespace") } } return nil @@ -88,7 +89,7 @@ func (v *ConfigValidator) network(config *configs.Config) error { func (v *ConfigValidator) hostname(config *configs.Config) error { if config.Hostname != "" && !config.Namespaces.Contains(configs.NEWUTS) { - return fmt.Errorf("unable to set hostname without a private UTS namespace") + return errors.New("unable to set hostname without a private UTS namespace") } return nil } @@ -97,10 +98,10 @@ func (v *ConfigValidator) security(config *configs.Config) error { // restrict sys without mount namespace if (len(config.MaskPaths) > 0 || len(config.ReadonlyPaths) > 0) && !config.Namespaces.Contains(configs.NEWNS) { - return fmt.Errorf("unable to restrict sys entries without a private MNT namespace") + return errors.New("unable to restrict sys entries without a private MNT namespace") } if config.ProcessLabel != "" && !selinux.GetEnabled() { - return fmt.Errorf("selinux label is specified in config, but selinux is disabled or not supported") + return errors.New("selinux label is specified in config, but selinux is disabled or not supported") } return nil @@ -109,11 +110,11 @@ func (v *ConfigValidator) security(config *configs.Config) error { func (v *ConfigValidator) usernamespace(config *configs.Config) error { if config.Namespaces.Contains(configs.NEWUSER) { if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { - return fmt.Errorf("USER namespaces aren't enabled in the kernel") + return errors.New("USER namespaces aren't enabled in the kernel") } } else { if config.UidMappings != nil || config.GidMappings != nil { - return fmt.Errorf("User namespace mappings specified, but USER namespace isn't enabled in the config") + return errors.New("User namespace mappings specified, but USER namespace isn't enabled in the config") } } return nil @@ -122,7 +123,7 @@ func (v *ConfigValidator) usernamespace(config *configs.Config) error { func (v *ConfigValidator) cgroupnamespace(config *configs.Config) error { if config.Namespaces.Contains(configs.NEWCGROUP) { if _, err := os.Stat("/proc/self/ns/cgroup"); os.IsNotExist(err) { - return fmt.Errorf("cgroup namespaces aren't enabled in the kernel") + return errors.New("cgroup namespaces aren't enabled in the kernel") } } return nil @@ -182,21 +183,21 @@ func (v *ConfigValidator) sysctl(config *configs.Config) error { func (v *ConfigValidator) intelrdt(config *configs.Config) error { if config.IntelRdt != nil { if !intelrdt.IsCatEnabled() && !intelrdt.IsMbaEnabled() { - return fmt.Errorf("intelRdt is specified in config, but Intel RDT is not supported or enabled") + return errors.New("intelRdt is specified in config, but Intel RDT is not supported or enabled") } if !intelrdt.IsCatEnabled() && config.IntelRdt.L3CacheSchema != "" { - return fmt.Errorf("intelRdt.l3CacheSchema is specified in config, but Intel RDT/CAT is not enabled") + return errors.New("intelRdt.l3CacheSchema is specified in config, but Intel RDT/CAT is not enabled") } if !intelrdt.IsMbaEnabled() && config.IntelRdt.MemBwSchema != "" { - return fmt.Errorf("intelRdt.memBwSchema is specified in config, but Intel RDT/MBA is not enabled") + return errors.New("intelRdt.memBwSchema is specified in config, but Intel RDT/MBA is not enabled") } if intelrdt.IsCatEnabled() && config.IntelRdt.L3CacheSchema == "" { - return fmt.Errorf("Intel RDT/CAT is enabled and intelRdt is specified in config, but intelRdt.l3CacheSchema is empty") + return errors.New("Intel RDT/CAT is enabled and intelRdt is specified in config, but intelRdt.l3CacheSchema is empty") } if intelrdt.IsMbaEnabled() && config.IntelRdt.MemBwSchema == "" { - return fmt.Errorf("Intel RDT/MBA is enabled and intelRdt is specified in config, but intelRdt.memBwSchema is empty") + return errors.New("Intel RDT/MBA is enabled and intelRdt is specified in config, but intelRdt.memBwSchema is empty") } } diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index e7220843..43a8c887 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -209,7 +209,7 @@ func (c *linuxContainer) Set(config configs.Config) error { return err } if status == Stopped { - return newGenericError(fmt.Errorf("container not running"), ContainerNotRunning) + return newGenericError(errors.New("container not running"), ContainerNotRunning) } if err := c.cgroupManager.Set(&config); err != nil { // Set configs back @@ -295,7 +295,7 @@ func readFromExecFifo(execFifo io.Reader) error { return err } if len(data) <= 0 { - return fmt.Errorf("cannot start an already running container") + return errors.New("cannot start an already running container") } return nil } @@ -398,7 +398,7 @@ func (c *linuxContainer) Signal(s os.Signal, all bool) error { } return nil } - return newGenericError(fmt.Errorf("container not running"), ContainerNotRunning) + return newGenericError(errors.New("container not running"), ContainerNotRunning) } func (c *linuxContainer) createExecFifo() error { @@ -700,7 +700,7 @@ func (c *linuxContainer) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc. err := c.criuSwrk(nil, req, criuOpts, false, nil) if err != nil { logrus.Debugf("%s", err) - return fmt.Errorf("CRIU feature check failed") + return errors.New("CRIU feature check failed") } logrus.Debugf("Feature check says: %s", criuFeatures) @@ -727,7 +727,7 @@ func (c *linuxContainer) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc. } if missingFeatures { - return fmt.Errorf("CRIU is missing features") + return errors.New("CRIU is missing features") } return nil @@ -944,7 +944,7 @@ func (c *linuxContainer) Checkpoint(criuOpts *CriuOpts) error { } if criuOpts.ImagesDirectory == "" { - return fmt.Errorf("invalid directory to save checkpoint") + return errors.New("invalid directory to save checkpoint") } // Since a container can be C/R'ed multiple times, @@ -1281,7 +1281,7 @@ func (c *linuxContainer) Restore(process *Process, criuOpts *CriuOpts) error { } defer workDir.Close() if criuOpts.ImagesDirectory == "" { - return fmt.Errorf("invalid directory to restore checkpoint") + return errors.New("invalid directory to restore checkpoint") } imageDir, err := os.Open(criuOpts.ImagesDirectory) if err != nil { @@ -1577,10 +1577,10 @@ func (c *linuxContainer) criuSwrk(process *Process, req *criurpc.CriuReq, opts * return err } if n == 0 { - return fmt.Errorf("unexpected EOF") + return errors.New("unexpected EOF") } if n == len(buf) { - return fmt.Errorf("buffer is too small") + return errors.New("buffer is too small") } resp := new(criurpc.CriuResp) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index f7b4b892..2c304001 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -271,10 +271,10 @@ func setupUser(config *initConfig) error { // Rather than just erroring out later in setuid(2) and setgid(2), check // that the user is mapped here. if _, err := config.Config.HostUID(execUser.Uid); err != nil { - return fmt.Errorf("cannot set uid to unmapped user in user namespace") + return errors.New("cannot set uid to unmapped user in user namespace") } if _, err := config.Config.HostGID(execUser.Gid); err != nil { - return fmt.Errorf("cannot set gid to unmapped user in user namespace") + return errors.New("cannot set gid to unmapped user in user namespace") } if config.RootlessEUID { @@ -283,7 +283,7 @@ func setupUser(config *initConfig) error { // this check earlier, but if libcontainer.Process.User was typesafe // this might work. if len(addGroups) > 0 { - return fmt.Errorf("cannot set any additional groups in a rootless container") + return errors.New("cannot set any additional groups in a rootless container") } } diff --git a/libcontainer/keys/keyctl.go b/libcontainer/keys/keyctl.go index 74dedd56..e73af7ae 100644 --- a/libcontainer/keys/keyctl.go +++ b/libcontainer/keys/keyctl.go @@ -3,7 +3,6 @@ package keys import ( - "fmt" "strconv" "strings" @@ -33,7 +32,7 @@ func ModKeyringPerm(ringId KeySerial, mask, setbits uint32) error { res := strings.Split(dest, ";") if len(res) < 5 { - return fmt.Errorf("Destination buffer for key description is too small") + return errors.New("Destination buffer for key description is too small") } // parse permissions diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index a18cfa57..6123d68b 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -5,7 +5,6 @@ package libcontainer import ( "encoding/json" "errors" - "fmt" "io" "os" "os/exec" @@ -131,7 +130,7 @@ func (p *setnsProcess) start() (err error) { // This shouldn't happen. panic("unexpected procHooks in setns") default: - return newSystemError(fmt.Errorf("invalid JSON payload from child")) + return newSystemError(errors.New("invalid JSON payload from child")) } }) @@ -428,7 +427,7 @@ func (p *initProcess) start() (retErr error) { } sentResume = true default: - return newSystemError(fmt.Errorf("invalid JSON payload from child")) + return newSystemError(errors.New("invalid JSON payload from child")) } return nil @@ -438,7 +437,7 @@ func (p *initProcess) start() (retErr error) { return newSystemErrorWithCause(ierr, "container init") } if p.config.Config.Namespaces.Contains(configs.NEWNS) && !sentResume { - return newSystemError(fmt.Errorf("could not synchronise after executing prestart hooks with container process")) + return newSystemError(errors.New("could not synchronise after executing prestart hooks with container process")) } if err := unix.Shutdown(int(p.messageSockPair.parent.Fd()), unix.SHUT_WR); err != nil { return newSystemErrorWithCause(err, "shutting down init pipe") diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index 1b7a0711..33afbbb9 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -4,6 +4,7 @@ package seccomp import ( "bufio" + "errors" "fmt" "os" "strings" @@ -34,12 +35,12 @@ const ( // of the init until they join the namespace func InitSeccomp(config *configs.Seccomp) error { if config == nil { - return fmt.Errorf("cannot initialize Seccomp - nil config passed") + return errors.New("cannot initialize Seccomp - nil config passed") } defaultAction, err := getAction(config.DefaultAction) if err != nil { - return fmt.Errorf("error initializing seccomp - invalid default action") + return errors.New("error initializing seccomp - invalid default action") } filter, err := libseccomp.NewFilter(defaultAction) @@ -67,7 +68,7 @@ func InitSeccomp(config *configs.Seccomp) error { // Add a rule for each syscall for _, call := range config.Syscalls { if call == nil { - return fmt.Errorf("encountered nil syscall while initializing Seccomp") + return errors.New("encountered nil syscall while initializing Seccomp") } if err = matchCall(filter, call); err != nil { @@ -116,7 +117,7 @@ func getAction(act configs.Action) (libseccomp.ScmpAction, error) { case configs.Log: return actLog, nil default: - return libseccomp.ActInvalid, fmt.Errorf("invalid action, cannot use in rule") + return libseccomp.ActInvalid, errors.New("invalid action, cannot use in rule") } } @@ -138,7 +139,7 @@ func getOperator(op configs.Operator) (libseccomp.ScmpCompareOp, error) { case configs.MaskEqualTo: return libseccomp.CompareMaskedEqual, nil default: - return libseccomp.CompareInvalid, fmt.Errorf("invalid operator, cannot use in rule") + return libseccomp.CompareInvalid, errors.New("invalid operator, cannot use in rule") } } @@ -147,7 +148,7 @@ func getCondition(arg *configs.Arg) (libseccomp.ScmpCondition, error) { cond := libseccomp.ScmpCondition{} if arg == nil { - return cond, fmt.Errorf("cannot convert nil to syscall condition") + return cond, errors.New("cannot convert nil to syscall condition") } op, err := getOperator(arg.Op) @@ -161,11 +162,11 @@ func getCondition(arg *configs.Arg) (libseccomp.ScmpCondition, error) { // Add a rule to match a single syscall func matchCall(filter *libseccomp.ScmpFilter, call *configs.Syscall) error { if call == nil || filter == nil { - return fmt.Errorf("cannot use nil as syscall to block") + return errors.New("cannot use nil as syscall to block") } if len(call.Name) == 0 { - return fmt.Errorf("empty string is not a valid syscall") + return errors.New("empty string is not a valid syscall") } // If we can't resolve the syscall, assume it's not supported on this kernel diff --git a/libcontainer/sync.go b/libcontainer/sync.go index bb4b4208..ac88ad22 100644 --- a/libcontainer/sync.go +++ b/libcontainer/sync.go @@ -2,6 +2,7 @@ package libcontainer import ( "encoding/json" + "errors" "fmt" "io" @@ -45,7 +46,7 @@ func readSync(pipe io.Reader, expected syncType) error { var procSync syncT if err := json.NewDecoder(pipe).Decode(&procSync); err != nil { if err == io.EOF { - return fmt.Errorf("parent closed synchronisation channel") + return errors.New("parent closed synchronisation channel") } return fmt.Errorf("failed reading error from parent: %v", err) } @@ -61,7 +62,7 @@ func readSync(pipe io.Reader, expected syncType) error { } if procSync.Type != expected { - return fmt.Errorf("invalid synchronisation flag from parent") + return errors.New("invalid synchronisation flag from parent") } return nil } diff --git a/list.go b/list.go index 0313d8cc..04dfca07 100644 --- a/list.go +++ b/list.go @@ -3,6 +3,7 @@ package main import ( + "errors" "fmt" "io/ioutil" "os" @@ -107,7 +108,7 @@ To list containers created using a non-default value for "--root": return err } default: - return fmt.Errorf("invalid format option") + return errors.New("invalid format option") } return nil }, diff --git a/ps.go b/ps.go index e7f635f4..d18aa15f 100644 --- a/ps.go +++ b/ps.go @@ -4,6 +4,7 @@ package main import ( "encoding/json" + "errors" "fmt" "os" "os/exec" @@ -52,7 +53,7 @@ var psCommand = cli.Command{ case "json": return json.NewEncoder(os.Stdout).Encode(pids) default: - return fmt.Errorf("invalid format option") + return errors.New("invalid format option") } // [1:] is to remove command name, ex: @@ -109,5 +110,5 @@ func getPidIndex(title string) (int, error) { } } - return pidIndex, fmt.Errorf("couldn't find PID field in ps output") + return pidIndex, errors.New("couldn't find PID field in ps output") } diff --git a/update.go b/update.go index 42f3ecf0..f9cb2e53 100644 --- a/update.go +++ b/update.go @@ -4,6 +4,7 @@ package main import ( "encoding/json" + "errors" "fmt" "os" "strconv" @@ -274,11 +275,11 @@ other options are ignored. l3CacheSchema := context.String("l3-cache-schema") memBwSchema := context.String("mem-bw-schema") if l3CacheSchema != "" && !intelrdt.IsCatEnabled() { - return fmt.Errorf("Intel RDT/CAT: l3 cache schema is not enabled") + return errors.New("Intel RDT/CAT: l3 cache schema is not enabled") } if memBwSchema != "" && !intelrdt.IsMbaEnabled() { - return fmt.Errorf("Intel RDT/MBA: memory bandwidth schema is not enabled") + return errors.New("Intel RDT/MBA: memory bandwidth schema is not enabled") } if l3CacheSchema != "" || memBwSchema != "" { diff --git a/utils_linux.go b/utils_linux.go index 3cea009e..e81e4228 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -53,7 +53,7 @@ func loadFactory(context *cli.Context) (libcontainer.Factory, error) { cgroupManager = libcontainer.RootlessSystemdCgroups } } else { - return nil, fmt.Errorf("systemd cgroup flag passed, but systemd support for managing cgroups is not available") + return nil, errors.New("systemd cgroup flag passed, but systemd support for managing cgroups is not available") } } @@ -179,7 +179,7 @@ func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, det } uc, ok := conn.(*net.UnixConn) if !ok { - return nil, fmt.Errorf("casting to UnixConn failed") + return nil, errors.New("casting to UnixConn failed") } t.postStart = append(t.postStart, uc) socket, err := uc.File() @@ -369,26 +369,26 @@ func (r *runner) checkTerminal(config *specs.Process) error { detach := r.detach || (r.action == CT_ACT_CREATE) // Check command-line for sanity. if detach && config.Terminal && r.consoleSocket == "" { - return fmt.Errorf("cannot allocate tty if runc will detach without setting console socket") + return errors.New("cannot allocate tty if runc will detach without setting console socket") } if (!detach || !config.Terminal) && r.consoleSocket != "" { - return fmt.Errorf("cannot use console socket if runc will not detach or allocate tty") + return errors.New("cannot use console socket if runc will not detach or allocate tty") } return nil } func validateProcessSpec(spec *specs.Process) error { if spec.Cwd == "" { - return fmt.Errorf("Cwd property must not be empty") + return errors.New("Cwd property must not be empty") } if !filepath.IsAbs(spec.Cwd) { - return fmt.Errorf("Cwd must be an absolute path") + return errors.New("Cwd must be an absolute path") } if len(spec.Args) == 0 { - return fmt.Errorf("args must not be empty") + return errors.New("args must not be empty") } if spec.SelinuxLabel != "" && !selinux.GetEnabled() { - return fmt.Errorf("selinux label is specified in config, but selinux is disabled or not supported") + return errors.New("selinux label is specified in config, but selinux is disabled or not supported") } return nil } From 5aa0601a59c842c62903a2746b645f8f2af95af0 Mon Sep 17 00:00:00 2001 From: John Hwang Date: Fri, 15 May 2020 16:37:26 -0700 Subject: [PATCH 2/2] validateProcessSpec: prevent SEGV when config is valid json, but invalid. Signed-off-by: John Hwang --- utils_linux.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/utils_linux.go b/utils_linux.go index e81e4228..a9587f7d 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -378,6 +378,9 @@ func (r *runner) checkTerminal(config *specs.Process) error { } func validateProcessSpec(spec *specs.Process) error { + if spec == nil { + return errors.New("process property must not be empty") + } if spec.Cwd == "" { return errors.New("Cwd property must not be empty") }