Function fatal() and method (*FatalWriter).Write log the error to the
logger when prints it to stderr just be be sure. Since by default the
logger is configured to write to os.Stderr, we get something like this
as a result:
> # ./runc checkpoint xx5
> ERRO[0000] Container cannot be checkpointed in stopped state
> Container cannot be checkpointed in stopped state
or
> # ./runc sdf
> ERRO[0000] No help topic for 'sdf'
> No help topic for 'sdf'
This is very annoying.
To fix, check if logrus is logging into stderr, and if it is, skip
the second write.
After this commit:
> # ./runc sdf
> ERRO[0000] No help topic for 'sdf'
> [root@kir-rhat runc]# ./runc --log=out sdf
> No help topic for 'sdf'
Note that now the logrus prefix might be in or out, depending on whether
logrus is logging to stderr or not. This is not perfect, but better than
the old behavior.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The error message was including both the rootfs path, and the full
mount path, which also includes the path of the rootfs.
This patch removes the rootfs path from the error message, as it
was redundant, and made the error message overly verbose
Before this patch (errors wrapped for readability):
```
container_linux.go:348: starting container process caused: process_linux.go:438:
container init caused: rootfs_linux.go:58: mounting "/foo.txt"
to rootfs "/var/lib/docker/overlay2/de506d67da606b807009e23b548fec60d72359c77eec88785d8c7ecd54a6e4b2/merged"
at "/var/lib/docker/overlay2/de506d67da606b807009e23b548fec60d72359c77eec88785d8c7ecd54a6e4b2/merged/usr/share/nginx/html"
caused: not a directory: unknown
```
With this patch applied:
```
container_linux.go:348: starting container process caused: process_linux.go:438:
container init caused: rootfs_linux.go:58: mounting "/foo.txt"
to rootfs at "/var/lib/docker/overlay2/de506d67da606b807009e23b548fec60d72359c77eec88785d8c7ecd54a6e4b2/merged/usr/share/nginx/html"
caused: not a directory: unknown
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
genericError.Error() was formatting the underlying error using `%q`; as a
result, quotes in underlying errors were escaped multiple times, which
caused the output to become hard to read, for example (wrapped for readability):
```
container_linux.go:345: starting container process caused "process_linux.go:430:
container init caused \"rootfs_linux.go:58: mounting \\\"/foo.txt\\\"
to rootfs \\\"/var/lib/docker/overlay2/f49a0ae0ec6646c818dcf05dbcbbdd79fc7c42561f3684fbb1fc5d2b9d3ad192/merged\\\"
at \\\"/var/lib/docker/overlay2/f49a0ae0ec6646c818dcf05dbcbbdd79fc7c42561f3684fbb1fc5d2b9d3ad192/merged/usr/share/nginx/html\\\"
caused \\\"not a directory\\\"\"": unknown
```
With this patch applied:
```
container_linux.go:348: starting container process caused: process_linux.go:438:
container init caused: rootfs_linux.go:58: mounting "/foo.txt"
to rootfs "/var/lib/docker/overlay2/de506d67da606b807009e23b548fec60d72359c77eec88785d8c7ecd54a6e4b2/merged"
at "/var/lib/docker/overlay2/de506d67da606b807009e23b548fec60d72359c77eec88785d8c7ecd54a6e4b2/merged/usr/share/nginx/html"
caused: not a directory: unknown
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
1. Disable updating the kernel (we're not going to reboot into it
anyway)
2. Disable weak dependencies (that includes git, svn and a ton of perl
modules).
3. Add git-core to list of packages since it is used from Makefile.
Before:
default: Transaction Summary
default: ================================================================================
default: Install 123 Packages
default: Upgrade 63 Packages
default: Total size: 326 M
default: Total download size: 326 M
After:
default: Transaction Summary
default: ================================================================================
default: Install 53 Packages
default: Upgrade 63 Packages
default: Total size: 181 M
default: Total download size: 180 M
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
...just to test the new package.
This complexity is temporary: once criu-3.14 will be moved from testing
to stable, this will be removed.
Also remove criu build deps as we're no longer building it from source.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Function defaultPath always parses /proc/self/cgroup, but
the resulting value is not always used.
Avoid unnecessary reading/parsing by moving the code
to just before its use.
Modify the test case accordingly.
[v2: test: use UnifiedMountpoint, skip test if not on v2]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
I realised that the terminal documentation which covers detached
terminals fails to mention that callers need to make themselves a
subreaper. Probably a good idea to mention this. I've also included a
minor comparison to LXC.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
RELEASE_DIR is only used once, so it doesn't make sense to have it.
SHELL was introduced in commit 54390f89a7 and was used
implicitly (since Makefile contained some bash-specific code),
but is no longer needed since commit ed68ee1e10.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Target `install-man` was not dependent on `man`, meaning no man pages
were installed unless one called `make man` beforehand. Fix this.
Remove many man-related variables, only leaving MANDIR, which is
an installation directory for man pages.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
These targets are not very reliable and, depending on environment
variables, migth result in data loss. For example:
make DESTDIR=`pwd`/tmp install
...
make uninstall
The first make command will install $CURDIR/tmp/usr/local/bin/runc,
while the last command will remove /usr/local/bin/runc.
One way to support uninstall would be to write a temp file during
installation, which would contain the files we have installed.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Otherwise, in case go < 1.14 is used, all the go deps are downloaded
instead of using vendor subdir.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This fixes the following bug:
> $ GO111MODULE=off make
> go build "-mod=vendor" -buildmode=pie -tags "seccomp selinux apparmor" -ldflags "-X main.gitCommit="19ba7688cb4e0922d53029e2f7c1f2af45d40938-dirty" -X main.version=1.0.0-rc10+dev " -o runc .
> build flag -mod=vendor only valid when using modules
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Since go has its own way to track dependencies and rebuild if needed,
and it is efficient enough, let's drop using SOURCES variable, mark
all targets as PHONY and let golang do its job.
The primary motivation for this was concern about using find on every
make invocation to build the list of all sources.
Some unscientific performance analisys:
Before:
> $ time make
> make: 'runc' is up to date.
>
> real 0m0.202s
> user 0m0.177s
> sys 0m0.031s
After:
> $ time make
> go build -mod=vendor -buildmode=pie -tags "seccomp selinux apparmor" -ldflags "-X main.gitCommit="5a8210a58bd0f07cc987e6201b4174e5b93fa115" -X main.version=1.0.0-rc10+dev " -o runc .
>
> real 0m0.149s
> user 0m0.315s
> sys 0m0.106s
So, it is slightly faster using the wall clock, uses more CPU, but
we can be sure the binary is always up to date.
This also fixes the Makefile to mark all targets as PHONY. The list
was generated by `grep -E '^[a-z-]+:' Makefile | sed 's/:.*//'`.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was added by commit 993cbf9db but since some time ago (go 1.13
for sure, but may be earlier) is no longer needed since all the tools
are correctly skipping vendor subdir.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Since we already have to build everything and run integration tests
on the Vagrant Fedora 31 host (in order to test how runc talks to
systemd), let's do the same for unit tests (otherwise we build
everything twice).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Since we carry vendor/ subdir, let's actually use it. Should speed up CI
a bit, possibly also making it a tad more stable.
This is actually implemented in go 1.14 already (i.e. it turns mod=vendor
automatically if it sees vendor/ dir), but we still use go 1.13.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
It's hard to read otherwise (at least for me).
While at it, replace ${FOO} with $(FOO) -- both are
identical, but the second style looks to be used more.
No functional change.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
There are way to many arguments to go build, and they are repeatedly
used across the makefile. Separate them out to GO_BUILD and
GO_BUILD_STATIC variables.
While at it, let's be consistem about the style and use $(FOO) everywhere
(there is no difference from ${FOO}).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
To make a bind mount read-only, it needs to be remounted. This is what
the code removed does, but it is not needed here.
We have to deal with three cases here:
1. cgroup v2 unified mode. In this case the mount is real mount with
fstype=cgroup2, and there is no need to have a bind mount on top,
as we pass readonly flag to the mount as is.
2. cgroup v1 + cgroupns (enableCgroupns == true). In this case the
"mount" is in fact a set of real mounts with fstype=cgroup, and
they are all performed in mountCgroupV1, with readonly flag
added if needed.
3. cgroup v1 as is (enableCgroupns == false). In this case
mountCgroupV1() calls mountToRootfs() again with an argument
from the list obtained from getCgroupMounts(), i.e. a bind
mount with the same flags as the original mount has (plus
unix.MS_BIND | unix.MS_REC), and mountToRootfs() does remounting
(under the case "bind":).
So, the code which this patch is removing is not needed -- it
essentially does nothing in case 3 above (since the bind mount
is already remounted readonly), and in cases 1 and 2 it
creates an unneeded extra bind mount on top of a real one (or set of
real ones).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>