refactor: refactor security spec #2271
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #2271 +/- ##
==========================================
+ Coverage 64.09% 68.47% +4.37%
==========================================
Files 271 275 +4
Lines 18269 18278 +9
==========================================
+ Hits 11710 12515 +805
+ Misses 5285 4339 -946
- Partials 1274 1424 +150
|
allencloud
reviewed
Sep 30, 2018
pkg/system/sysinfo.go
Outdated
| ) | ||
|
|
||
| // SysInfo defines system info on current machine | ||
| type SysInfo struct { |
There was a problem hiding this comment.
In the built-in package, Sysinfo refers to http://docs.studygolang.com/pkg/syscall/#Sysinfo_t :
type Sysinfo_t struct {
Uptime int64
Loads [3]uint64
Totalram uint64
Freeram uint64
Sharedram uint64
Bufferram uint64
Totalswap uint64
Freeswap uint64
Procs uint16
Pad uint16
Pad_cgo_0 [4]byte
Totalhigh uint64
Freehigh uint64
Unit uint32
X_f [0]byte
Pad_cgo_1 [4]byte
}
So, I am wondering if it is proper to change the definition of SysInfo. @Ace-Tang
There was a problem hiding this comment.
This is not proper, also I recognize the file name is also not proper, it should be system.go, and change the Sysinfo to Info. That will make sense. @allencloud , WDYT.
There was a problem hiding this comment.
Discussed offline. And @Ace-Tang would do some update.
fuweid
reviewed
Nov 1, 2018
vendor/vendor.json
Outdated
| "checksumSHA1": "gVVY8k2G3ws+V1czsfxfuRs8log=", | ||
| "path": "github.com/opencontainers/runc/libcontainer/apparmor", | ||
| "revision": "ab4a8191679806893207d9c1e507a77ff46dafaa", | ||
| "revisionTime": "2018-01-12T20:11:04Z" |
There was a problem hiding this comment.
could we align this package with other existing /runc/libcontainer package?
There was a problem hiding this comment.
I think it add by govender, different directory will be a log.
add package opencontainers/runc/libcontainer/apparmor for apparmor used. Signed-off-by: Ace-Tang <aceapril@126.com>
|
ping @allencloud @fuweid , already updated. |
fuweid
reviewed
Nov 1, 2018
Makefile
Outdated
| @@ -74,7 +76,7 @@ build: build-daemon build-cli ## build PouchContainer both daemon and cli binari | |||
| build-daemon: modules plugin ## build PouchContainer daemon binary | |||
| @echo "$@: bin/${DAEMON_BINARY_NAME}" | |||
| @mkdir -p bin | |||
| @GOOS=linux go build -ldflags ${DEFAULT_LDFLAGS} -o bin/${DAEMON_BINARY_NAME} -tags 'selinux' | |||
| @GOOS=linux go build -ldflags ${DEFAULT_LDFLAGS} ${GOBUILD_TAGS}-o bin/${DAEMON_BINARY_NAME} | |||
There was a problem hiding this comment.
add space before -o
I'm just curious about the CI. In my local, make job will fail.
$ BUILDTAGS="selinux seccomp apparmor" make
build volume modules
build plugin
build-daemon: bin/pouchd
GOOS=linux go build -ldflags "-X github.com/alibaba/pouch/version.GitCommit=1.0.0-230-gb292535-dirty -X github.com/alibaba/pouch/version.Version="1.0.0" -X github.com/alibaba/pouch/version.ApiVersion="1.24" -X github.com/alibaba/pouch/version.BuildTime=2018-11-01T14:05:11+08:00" -tags "selinux seccomp apparmor"-o bin/pouchd
can't load package: package bin/pouchd: cannot find package "bin/pouchd" in any of:
/usr/local/go/src/bin/pouchd (from $GOROOT)
/home/vagrant/go/src/bin/pouchd (from $GOPATH)
Makefile:77: recipe for target 'build-daemon' failed
make: *** [build-daemon] Error 1
There was a problem hiding this comment.
the CI passed because it doesn't use make build-daemon. So please update it @Ace-Tang
security parameter include seccomp, apparmor and no-new-privileges are not implement good, refactor these part when create new spec. Signed-off-by: Ace-Tang <aceapril@126.com>
Signed-off-by: Ace-Tang <aceapril@126.com>
cri tests seems not stable ? |
we will fix in the redesign IO. |
|
@Ace-Tang Please revert it. Something is wrong. In fact, the CI test has failed except the IO problem. |
|
We will discuss this tomorrow. @alibaba/pouch |
This was referenced Nov 2, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ⅰ. Describe what this PR did
Split #2115 PR into 3 independent PR, here is the first, still need 2 more PRs in the TODO List.
are not implement good, refactor these part when create new spec.
TODO List
Ⅱ. Does this pull request fix one issue?
Ⅲ. Why don't you add test cases (unit test/integration test)? (你真的觉得不需要加测试吗?)
no.
Ⅳ. Describe how to verify it
Ⅴ. Special notes for reviews