opencontainers/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-04-18 19:44:09 +03:00
Code
7,444 Commits 6 Branches 61 Tags
Commit Graph

7444 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kir Kolyshkin
e55fe63aed
Merge pull request #4727 from askervin/5aY_fix_invalid_workflow 
Fix "invalid workflow file" github actions error
 2025-04-17 11:54:04 -07:00
Antti Kervinen
d7285e46d8 Fix "invalid workflow file" github actions error 
The colon after "Error:" caused actionlint to report error on map in
context where map is not allowed.

Signed-off-by: Antti Kervinen <antti.kervinen@intel.com>
 2025-04-16 14:16:55 +03:00
Akihiro Suda
3d8a278bdd
Merge pull request #4722 from kolyshkin/rm-criu-opt 
Completely remove --criu option
 2025-04-16 15:41:19 +09:00
lfbzhm
f1eaad8597
Merge pull request #4725 from kolyshkin/novar 
libct/apparmor: don't use vars for public functions
 2025-04-15 18:10:28 +08:00
Kir Kolyshkin
5f4d3f3670 libct/apparmor: don't use vars for public functions 
Unfortunately, Go documentation formatter does a sloppy job formatting
documentation for variables -- it is rendered as comments (see [1]).

Switch to using wrapper functions, solely for the sake of better
documentation formatting.

[1]: https://pkg.go.dev/github.com/opencontainers/runc@v1.3.0-rc.2/libcontainer/apparmor

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-04-14 13:59:39 -07:00
Rodrigo Campos
021973353f
Merge pull request #4723 from chenx97/stat-uint32-mips 
tests/cmd/remap-rootfs: fix mips builds
 2025-04-14 05:44:59 -03:00
Rodrigo Campos
35c4d964cc
Merge pull request #4721 from kolyshkin/no-toolchain-check 
ci: add check for toolchain in go.mod
 2025-04-11 06:14:54 -03:00
Henry Chen
08ebbfc8c7 tests/cmd/remap-rootfs: fix mips builds 
Similar to #1824, we need to convert the device number to uint64 for
mips.

Signed-off-by: Henry Chen <henry.chen@oss.cipunited.com>
 2025-04-10 14:59:58 +08:00
Kir Kolyshkin
1d78cb2112 Completely remove --criu option 
This option is ignored since commit 6e1d476a, it's now time to actually
remove it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-04-09 10:10:50 -07:00
Kir Kolyshkin
c899193643 ci: add check for toolchain in go.mod 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-04-09 10:04:37 -07:00
Kir Kolyshkin
7483452016
Merge pull request #4716 from rata/changelog-1.2-updates 
CHANGELOG: Port 1.2.x changes
 2025-04-09 09:45:23 -07:00
Rodrigo Campos
e34c1a0408 CHANGELOG: Port 1.2.x changes 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2025-04-09 09:23:13 -07:00
Rodrigo Campos
491e35213b
Merge pull request #4709 from kolyshkin/pause-warn 
runc pause/unpause/ps: get rid of excessive warning
 2025-04-09 07:15:51 -03:00
Rodrigo Campos
636eb4bc6a
Merge pull request #4717 from kolyshkin/no-toolchain 
go.mod: rm toolchain
 2025-04-09 07:12:58 -03:00
Kir Kolyshkin
c5ab4b6e30 runc pause/unpause/ps: get rid of excessive warning 
This issue was originally reported in podman PR 25792.

When calling runc pause/unpause for an ordinary user, podman do not
provide --systemd-cgroups option, and shouldUseRootlessCgroupManager
returns true. This results in a warning:

	$ podman pause sleeper
	WARN[0000] runc pause may fail if you don't have the full access to cgroups
	sleeper

Actually, it does not make sense to call shouldUseRootlessCgroupManager
at this point, because we already know if we're rootless or not, from
the container state.json (same for systemd).

Also, busctl binary is not available either in this context, so
shouldUseRootlessCgroupManager would not work properly.

Finally, it doesn't really matter if we use systemd or not, because we
use fs/fs2 manager to freeze/unfreeze, and it will return something like
EPERM (or tell that cgroups is not configured, for a true rootless
container).

So, let's only print the warning after pause/unpause failed,
if the error returned looks like a permission error.

Same applies to "runc ps".

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-04-08 14:00:56 -07:00
Kir Kolyshkin
fda034c9ec pause: refactor 
This is to simplify code review for the next commit.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-04-08 14:00:56 -07:00
Kir Kolyshkin
75a4546b2b go.mod: rm toolchain 
This was added by dependabot in commit 0b536265. Seems there is a bug
about it: https://github.com/dependabot/dependabot-core/issues/11933.

Having "toolchain" means instead of using installed go version to
build/test, the version specified in toolchain is [downloaded and] used,
which might not be what we actually want.

For more details on toolchain directive, see
https://go.dev/doc/toolchain.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-04-08 12:31:03 -07:00
Rodrigo Campos
932e83428a
Merge pull request #4715 from opencontainers/dependabot/go_modules/golang.org/x/net-0.39.0 
build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
 2025-04-08 06:03:40 -03:00
dependabot[bot]
0a9639e380
build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.38.0 to 0.39.0.
- [Commits](https://github.com/golang/net/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-08 04:41:06 +00:00
Akihiro Suda
a996fe8bf8
Merge pull request #4704 from rata/env-var-fixes 
Override HOME if its set to the empty string
 2025-04-07 20:49:54 +09:00
Rodrigo Campos
bf9e609b3b
Merge pull request #4710 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.32.0 
build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0
 2025-04-07 07:20:15 -03:00
Akihiro Suda
9edb49733e
Merge pull request #4707 from opencontainers/dependabot/go_modules/github.com/moby/sys/user-0.4.0 
build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0
 2025-04-07 08:53:35 +01:00
dependabot[bot]
c5e0ece494
build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.31.0 to 0.32.0.
- [Commits](https://github.com/golang/sys/compare/v0.31.0...v0.32.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-07 04:09:11 +00:00
Rodrigo Campos
19c6515471 tests: Add env var tests 
This adds some e2e tests for environment variables set in the
config.json. These were based on tests that failed on docker CI[1][2] after
the refactor on 06f1e0765 ("libct: speedup process.Env handling") and
some bugs that I had along the way trying to fix it.

These tests pass with runc 1.2 too.

[1]: 843e51459f/integration-cli/docker_cli_run_test.go (L822-L843)
[2]: 843e51459f/integration-cli/docker_cli_links_test.go (L197-L204)

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2025-04-04 15:44:47 +02:00
Rodrigo Campos
09501d96d2 libct: Override HOME if its set to the empty string 
Before commit 06f1e0765 ("libct: speedup process.Env handling") we were
overriding HOME if it was set to "" too[1]. But now we only override it
if it wasn't set at all.

This patch restores the old behavior of overriding it if it was set to
an empty value.

Docker relies on this behaviour since ages[2].

[1]: 1c50804572/libcontainer/init_linux.go (L544-L549)
[2]: 843e51459f/integration-cli/docker_cli_run_test.go (L822-L843)

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2025-04-04 15:37:22 +02:00
dependabot[bot]
bb5aa11622
build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0 
Bumps [github.com/moby/sys/user](https://github.com/moby/sys) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](https://github.com/moby/sys/compare/user/v0.3.0...user/v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/moby/sys/user
  dependency-version: 0.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-04 04:34:30 +00:00
Rodrigo Campos
c3a41d77db
Merge pull request #4696 from avagin/criu-vs-exec 
criu: Add time namespace to container config after checkpoint/restore
 2025-04-01 14:54:33 -03:00
Rodrigo Campos
f88669c0c9
Merge pull request #4693 from lifubang/fix-home-env-check-set 
libct: we should set envs after we are in the jail of the container
 2025-04-01 13:18:00 -03:00
lifubang
bf38646497 libct: we should set envs after we are in the jail of the container 
Because we have to set a default HOME env for the current container
user, so we should set it after we are in the jail of the container,
or else we'll use host's `/etc/passwd` to get a wrong HOME value.
Please see: #4688.

Signed-off-by: lifubang <lifubang@acmcoder.com>
 2025-04-01 15:22:29 +00:00
lifubang
4a0e282b09 test: check whether runc set a correct default home env or not 
Signed-off-by: lifubang <lifubang@acmcoder.com>
 2025-04-01 15:22:19 +00:00
lfbzhm
e2e3c65383
Merge pull request #4703 from kolyshkin/modernize 
Use Go 1.22+ features
 2025-04-01 18:10:00 +08:00
Kir Kolyshkin
7fdec327a0 Use any instead of interface{} 
The keyword is available since Go 1.18 (see
https://pkg.go.dev/builtin#any).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-31 17:15:06 -07:00
Kir Kolyshkin
17570625c0 Use for range over integers 
This appears in Go 1.22 (see https://tip.golang.org/ref/spec#For_range).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-31 17:15:06 -07:00
Kir Kolyshkin
f64edc4d6d ps: use slices.Contains 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-31 17:15:06 -07:00
Kir Kolyshkin
ef5acfab4f libct/configs: use slices.Delete 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-31 17:15:06 -07:00
Kir Kolyshkin
0fc2338d59 libct/specconv: use maps.Clone 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-31 17:15:06 -07:00
Kir Kolyshkin
7a58d8231f .golanci-extra: disable staticcheck QF1008 
That is,

> QF1008: could remove embedded field "Resources" from selector (staticcheck)

While occasionally useful, in other cases it actually decreases
readability, so let's disable it even for "extra" (i.e. "new code")
linters.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-31 17:13:26 -07:00
Sebastiaan van Stijn
e8a97bae27
Merge pull request #4692 from kolyshkin/golangci-v2 
ci: switch to golangci-lint v2
 2025-03-31 16:31:28 +02:00
Kir Kolyshkin
b3498bd1b8
Merge pull request #4701 from opencontainers/dependabot/github_actions/bats-core/bats-action-3.0.1 
build(deps): bump bats-core/bats-action from 3.0.0 to 3.0.1
 2025-03-30 00:10:08 -07:00
Kir Kolyshkin
3c9a53a94d
Merge pull request #4702 from opencontainers/dependabot/go_modules/golang.org/x/net-0.38.0 
build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
 2025-03-30 00:09:25 -07:00
dependabot[bot]
0b5362651f
build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-28 13:00:18 +00:00
dependabot[bot]
5cfd1a62b3
build(deps): bump bats-core/bats-action from 3.0.0 to 3.0.1 
Bumps [bats-core/bats-action](https://github.com/bats-core/bats-action) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/bats-core/bats-action/releases)
- [Commits](https://github.com/bats-core/bats-action/compare/3.0.0...3.0.1)

---
updated-dependencies:
- dependency-name: bats-core/bats-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-28 04:44:14 +00:00
Akihiro Suda
f3df2627bd
Merge pull request #4697 from kolyshkin/eintr 
Introduce/use internal/linux pkg to handle EINTR and error wrapping
 2025-03-28 10:10:20 +09:00
lfbzhm
1dc89f73b9
Merge pull request #4672 from kolyshkin/key-selinux-label 
tests/int/selinux: test keyring security label
 2025-03-27 09:09:42 +08:00
Kir Kolyshkin
131bdac1f3 tests/int/selinux: test keyring security label 
This tests the functionality added by commit cd96170c1
("Need to setup labeling of kernel keyrings."), for both
runc run and runc exec, with and without user namespace.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-27 08:42:26 +08:00
Kir Kolyshkin
c735c07349 tests/integration/selinux: collect user_avc as well 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-27 08:42:26 +08:00
Kir Kolyshkin
491326cdeb int/linux: add/use Recvfrom 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-26 14:16:53 -07:00
Kir Kolyshkin
e655abc0da int/linux: add/use Dup3, Open, Openat 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-26 14:16:53 -07:00
Kir Kolyshkin
c690b66d7f int/linux: add/use Exec 
Drop the libcontainer/system/exec, and use the linux.Exec instead.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-26 14:16:53 -07:00
Kir Kolyshkin
431b8bb4d8 int/linux: add/use Getwd 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-03-26 14:16:53 -07:00