Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Update golang.org/x/sys to get newly added functions and constants which
will be used in successive commits.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
We don't have that many scripts and for the amount of errors this is
causing on a weekly basis for contributors its not worth the overhead.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Recent changes in upstream shfmt have started causing our scripts to no
longer be "correctly formatted". Fix up with `shfmt -w`.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Solaris runc equivalent is not open source. The unsupported option does
not build as other code is Linux specific.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Using MS_PRIVATE meant that there was a race between the mount(2) and
the umount2(2) calls where runc inadvertently has a live reference to a
mountpoint that existed on the host (which the host cannot kill
implicitly through an unmount and peer sharing).
In particular, this means that if we have a devicemapper mountpoint and
the host is trying to delete the underlying device, the delete will fail
because it is "in use" during the race. While the race is _very_ small
(and libdm actually retries to avoid these sorts of cases) this appears
to manifest in various cases.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
replace #1492#1494fix#1422
Since https://github.com/opencontainers/runtime-spec/pull/876 the memory
specifications are now `int64`, as that better matches the visible interface where
`-1` is a valid value. Otherwise finding the correct value was difficult as it
was kernel dependent.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
CI has fixed kernel version for stack gap bug, updated to
3ca8e575b4
which seems to fix the failed tests.
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
print out errors in checkpoint/restore log when it failed similar to how we did i
in `checkpoint --pre-dump` tests
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
This updates criu to the latest release to help resolve some of the
issues we are seeing on the CI.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Use unix.Eventfd() instead of calling manually reimplementing it using
the raw syscall. Also use the correct corresponding unix.EFD_CLOEXEC
flag instead of unix.FD_CLOEXEC (which can have a different value on
some architectures and thus might lead to unexpected behavior).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Update golang.org/x/sys to get the Eventfd syscall wrapper and the
corresponding EFD_* flags. These will be used in a successive commit to
simplify code in libcontainer/notify_linux.go.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
And Stat_t.PID and Stat_t.Name while we're at it. Then use the new
.State property in runType to distinguish between running and
zombie/dead processes, since kill(2) does not [1]. With this change
we no longer claim Running status for zombie/dead processes.
I've also removed the kill(2) call from runType. It was originally
added in 13841ef3 (new-api: return the Running state only if the init
process is alive, 2014-12-23), but we've been accessing
/proc/[pid]/stat since 14e95b2a (Make state detection precise,
2016-07-05, #930), and with the /stat access the kill(2) check is
redundant.
I also don't see much point to the previously-separate
doesInitProcessExist, so I've inlined that logic in runType.
It would be nice to distinguish between "/proc/[pid]/stat doesn't
exist" and errors parsing its contents, but I've skipped that for the
moment.
The Running -> Stopped change in checkpoint_test.go is because the
post-checkpoint process is a zombie, and with this commit zombie
processes are Stopped (and no longer Running).
[1]: https://github.com/opencontainers/runc/pull/1483#issuecomment-307527789
Signed-off-by: W. Trevor King <wking@tremily.us>
And convert the various start-time properties from strings to uint64s.
This removes all internal consumers of the deprecated
GetProcessStartTime function.
Signed-off-by: W. Trevor King <wking@tremily.us>
If someone forks runc and wants to check changes in travis, he will find
that the command 'make BUILDTAGS="${BUILDTAGS}"' fails, because
github.com/opencontainers/runc/ is used in many places to import
packages (e.g. libcontainer).
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Use KeyctlJoinSessionKeyring, KeyctlString and KeyctlSetperm from
golang.org/x/sys/unix instead of manually reimplementing them.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
And use it only in local tooling that is forwarding the pseudoterminal
master. That way runC no longer has an opinion on the onlcr setting
for folks who are creating a terminal and detaching. They'll use
--console-socket and can setup the pseudoterminal however they like
without runC having an opinion. With this commit, the only cases
where runC still has applies SaneTerminal is when *it* is the process
consuming the master descriptor.
Signed-off-by: W. Trevor King <wking@tremily.us>
Some architectures don't have all the signals listed.
(Those architectures are mips and mips64, which don't have SIGSTKFLT
and SIGUNUSED. The next commit defines the map for mips and mips64.)
Signed-off-by: Vladimir Stefanovic <vladimir.stefanovic@imgtec.com>
Use the NLA_ALIGNTO and NLA_HDRLEN constants from x/sys/unix instead of
syscall, as the syscall package shouldn't be used anymore (except for a
few exceptions).
This also makes the syscall_NLA_HDRLEN workaround for gccgo unnecessary.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Use the symlink xattr syscall wrappers Lgetxattr, Llistxattr and
Lsetxattr from x/sys/unix (introduced in
golang/sys@b90f89a1e7) instead of
providing own wrappers. Leave the functionality of system.Lgetxattr
intact with respect to the retry with a larger buffer, but switch it to
use unix.Lgetxattr.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Tobias Klauser
Michael Crosby
Daniel, Dao Quang Minh
Aleksa Sarai
Justin Cormack
Mrunal Patel
W. Trevor King
Andrei Vagin
Kang Liang
Vladimir Stefanovic