Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix rest of the comments #37

Open
wants to merge 404 commits into
base: psi
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
404 commits
Select commit Hold shift + click to select a range
627e815
Merge pull request #3654 from AkihiroSuda/go-mod-sys-v0.1.0
thaJeztah Nov 8, 2022
467dd23
build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0
dependabot[bot] Nov 9, 2022
f264cf9
Merge pull request #3657 from opencontainers/dependabot/go_modules/go…
AkihiroSuda Nov 10, 2022
9f38379
build(deps): bump golang.org/x/net from 0.1.0 to 0.2.0
dependabot[bot] Nov 10, 2022
313723f
fix libcontainer example
yzxiu Nov 11, 2022
ee88b90
notify_socket.go: avoid use of bytes.Buffer
Dec 9, 2021
067ca8f
notify_socket.go: use sd_notify_barrier mechanism
Nov 22, 2021
9fc707e
Fixed init state error variable
vipulnewaskar7 Nov 13, 2022
23389fc
Merge pull request #3658 from opencontainers/dependabot/go_modules/go…
AkihiroSuda Nov 16, 2022
8e9128f
Vagrantfile.fedora: upgrade Fedora to 37
AkihiroSuda Nov 18, 2022
c1045cc
Merge pull request #3662 from vipulnewaskar7/3659-wrong-error-variabl…
mrunalp Nov 22, 2022
25c9e88
Merge pull request #3655 from kolyshkin/cpt-destroy-on-err
mrunalp Nov 22, 2022
2da0194
Merge pull request #3670 from AkihiroSuda/fedora-37
kolyshkin Nov 30, 2022
ab84808
types/features: fix docstrings
kolyshkin Sep 1, 2022
076745a
runc features: add seccomp filter flags
kolyshkin Sep 2, 2022
ac04154
seccomp: set SPEC_ALLOW by default
kolyshkin Aug 30, 2022
19a9d9f
tests/int: use runc features in seccomp flags test
kolyshkin Sep 28, 2022
4f2af60
build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
dependabot[bot] Dec 8, 2022
0b21e02
Merge pull request #3681 from opencontainers/dependabot/go_modules/go…
kolyshkin Dec 8, 2022
e7461c8
Merge pull request #3291 from indyjo/fix/sd-notify-barrier
kolyshkin Dec 8, 2022
ff3b4f3
restore: fix ignoring --manage-cgroups-mode
kolyshkin Aug 1, 2022
212d25e
checkpoint/restore: add --manage-cgroups-mode ignore
kolyshkin Aug 1, 2022
3438ef3
restore: fix --manage-cgroups-mode ignore on cgroup v2
kolyshkin Aug 1, 2022
e8cf878
libct/criuApplyCgroups: add a TODO
kolyshkin Aug 1, 2022
d4582ae
tests/int: add "--manage-cgroups-mode ignore" test
kolyshkin Aug 2, 2022
6835287
man/runc-restore: describe restore into different cgroup
kolyshkin Aug 4, 2022
c4aa452
tests/int/checkpoint: fix lazy migration flakiness
kolyshkin Aug 4, 2022
15677e7
ci: fix delete.bats for GHA
kolyshkin Jul 26, 2022
b44da4c
libct: validateID: stop using regexp
kolyshkin Apr 14, 2022
0ac9880
libct/cg/sd: stop using regex, fix systemdVersionAtoi
kolyshkin Apr 14, 2022
7c14308
Merge pull request #3542 from kolyshkin/ci-fix-vs-azsec
hqhq Dec 16, 2022
dfd1aef
Merge pull request #3660 from yzxiu/fix-example
AkihiroSuda Dec 24, 2022
eacada7
build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0
dependabot[bot] Jan 5, 2023
da548c1
Merge pull request #3693 from opencontainers/dependabot/go_modules/go…
AkihiroSuda Jan 10, 2023
6676f98
tests/integration/get-images.sh: fix busybox.tar.xz URL
AkihiroSuda Jan 11, 2023
3c12cbd
Merge pull request #3700 from AkihiroSuda/fix-3699
kolyshkin Jan 17, 2023
cc63d07
build(deps): bump github.com/cilium/ebpf from 0.9.3 to 0.10.0
dependabot[bot] Jan 17, 2023
e29e57b
libcontainer: configs: ensure can build on darwin
egernst Jan 11, 2023
ba994dc
Merge pull request #3697 from egernst/fixup-configs
AkihiroSuda Jan 19, 2023
a2f27f0
Merge pull request #3588 from kolyshkin/seccomp-flags-rework
AkihiroSuda Jan 20, 2023
947a616
Merge pull request #3703 from opencontainers/dependabot/go_modules/gi…
kolyshkin Jan 23, 2023
6d28928
Explicitly pin busybox and debian downloads
tianon Jan 12, 2023
3fbc5ba
ci: add tests/int/get-images.sh check
kolyshkin Jan 25, 2023
a1c51c5
Merge pull request #3701 from tianon/pin-busybox-debian
AkihiroSuda Jan 25, 2023
0147921
Merge pull request #3546 from kolyshkin/criu-add-ignore-cgroup
mrunalp Jan 27, 2023
5ce511d
nsexec: Check for errors in write_log()
rata Jan 27, 2023
8c5d3f0
Merge pull request #3712 from kinvolk/rata/nsexec-fixes
AkihiroSuda Jan 31, 2023
81c379f
support SCHED_IDLE for runc cgroupfs
wineway May 12, 2022
32d7413
Merge pull request #3377 from wineway/main
kolyshkin Feb 1, 2023
81ca678
Disable clang-format
kolyshkin Feb 2, 2023
5ecd40b
Add Go 1.20, require Go 1.19, drop Go 1.18
austinvazquez Feb 2, 2023
7e5e017
libcontainer: skip chown of /dev/null caused by fd redirection
Dzejrou Jan 20, 2023
1bb6209
tests/int: test for /dev/null owner regression
kolyshkin Feb 2, 2023
df47453
Merge pull request #3460 from kolyshkin/no-regexp
thaJeztah Feb 6, 2023
14e3ce9
build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0
dependabot[bot] Feb 7, 2023
70df83f
Merge pull request #3719 from kolyshkin/no-clang-format
thaJeztah Feb 7, 2023
f8e2629
Merge pull request #3707 from Dzejrou/main
thaJeztah Feb 7, 2023
dee9f5f
Merge pull request #3725 from opencontainers/dependabot/go_modules/go…
AkihiroSuda Feb 8, 2023
99968fc
Merge pull request #3718 from austinvazquez/upgrade-go-compiler
kolyshkin Feb 9, 2023
42dffaa
Dockerfile: fix build wrt new git
kolyshkin Feb 9, 2023
ca39878
Merge pull request #3730 from kolyshkin/fix-build
thaJeztah Feb 9, 2023
0e1346f
build(deps): bump golang.org/x/net from 0.5.0 to 0.6.0
dependabot[bot] Feb 9, 2023
bc8d6e3
build(deps): bump github.com/opencontainers/selinux
dependabot[bot] Feb 10, 2023
fbfc6af
tests: add tests for capabilities
chuanchangjia Aug 25, 2022
aa21df9
Merge pull request #3732 from opencontainers/dependabot/go_modules/gi…
kolyshkin Feb 10, 2023
5c2a1a0
Merge pull request #3733 from opencontainers/dependabot/go_modules/go…
kolyshkin Feb 10, 2023
787fcf0
go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.1
AkihiroSuda Feb 1, 2023
e412b4e
docs: add docs/spec-conformance.md
AkihiroSuda Feb 1, 2023
2ca3d23
nsexec: Add debug logs to send mount sources
rata Feb 9, 2023
4d0a60c
tests: Fix weird error on centos-9
rata Feb 10, 2023
2adeb6f
nsexec: Remove bogus kill to stage_2_pid
rata Feb 6, 2023
92a4ccb
specconv: avoid mapping "acl" to MS_POSIXACL
AkihiroSuda Feb 10, 2023
514ea70
Merge pull request #3740 from kinvolk/rata/fix-basename-test
AkihiroSuda Feb 11, 2023
b199fb2
Merge pull request #3573 from chuanchang/add_tests_for_capabilities
kolyshkin Feb 14, 2023
2e44a20
Makefile: fix typo in LDFLAGS_STATIC
crazy-max Feb 14, 2023
4e3699c
Merge pull request #3746 from crazy-max/fix-static-pie
AkihiroSuda Feb 15, 2023
b3b0bde
build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
dependabot[bot] Feb 15, 2023
537645f
Merge pull request #3747 from opencontainers/dependabot/go_modules/go…
kolyshkin Feb 16, 2023
97ea125
Fix runc crushes when parsing invalid JSON
AITsygunka Feb 7, 2023
7d4fde2
Merge pull request #3716 from AkihiroSuda/spec-v1.1.0-rc.1
AkihiroSuda Feb 22, 2023
71f8b2a
Merge pull request #3734 from kinvolk/rata/nsexec-add-debug-log
AkihiroSuda Feb 22, 2023
5a0642d
Merge pull request #3728 from AITsygunka/3727-bug-fix
kolyshkin Feb 22, 2023
7c75e84
libc/int: add/use runContainerOk wrapper
kolyshkin Feb 10, 2023
be7e039
libct/int: wording nits
kolyshkin Feb 10, 2023
f2e71b0
libct/int: make TestFdLeaks more robust
kolyshkin Feb 10, 2023
7b4c3fc
Add support for umask when exec container
Wang-squirrel Nov 11, 2022
58c192a
Merge pull request #3661 from Wang-squirrel/dev1
kolyshkin Feb 28, 2023
69225fa
Merge pull request #3724 from kinvolk/rata/nsexec-fixes
kolyshkin Mar 1, 2023
6faef16
build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0
dependabot[bot] Mar 6, 2023
6d0261c
Merge pull request #3757 from opencontainers/dependabot/go_modules/go…
kolyshkin Mar 7, 2023
6b41f8e
build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
dependabot[bot] Mar 9, 2023
7d940bd
Add `.github/ISSUE_TEMPLATE/config.yml`
AkihiroSuda Mar 9, 2023
4ec7b90
Merge pull request #3764 from opencontainers/dependabot/go_modules/go…
kolyshkin Mar 9, 2023
d5be3e2
Merge pull request #3766 from AkihiroSuda/issue-template
AkihiroSuda Mar 10, 2023
afeffb7
.github/ISSUE_TEMPLATE/config.yml: fix contact links
AkihiroSuda Mar 10, 2023
df4eae4
rootless: fix /sys/fs/cgroup mounts
AkihiroSuda Dec 26, 2022
a7046b8
build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
dependabot[bot] Mar 15, 2023
b3a68fe
Merge pull request #3769 from opencontainers/dependabot/go_modules/go…
AkihiroSuda Mar 16, 2023
e3cf217
build(deps): bump actions/setup-go from 3 to 4
dependabot[bot] Mar 16, 2023
784f583
Merge pull request #3771 from opencontainers/dependabot/github_action…
kolyshkin Mar 16, 2023
206008a
Merge pull request #3767 from AkihiroSuda/fix-issue-template-config
kolyshkin Mar 16, 2023
cecb039
nsexec: retry unshare on EINVAL
kolyshkin Mar 16, 2023
8f0d0c4
build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
dependabot[bot] Mar 17, 2023
c6624e6
Merge pull request #3772 from kolyshkin/retry-unshare
kolyshkin Mar 17, 2023
0d72adf
Prohibit /proc and /sys to be symlinks
kolyshkin Mar 16, 2023
f08b4a9
Merge pull request #3775 from opencontainers/dependabot/go_modules/go…
AkihiroSuda Mar 18, 2023
e67dc39
Merge pull request #3739 from AkihiroSuda/fix-acl
kolyshkin Mar 20, 2023
efad7a3
Merge pull request #3735 from kolyshkin/int-fix-flake
AkihiroSuda Mar 20, 2023
9d45ae8
tests: Fix fuzzer location in oss-fuzz config
fish98 Mar 22, 2023
65df6b9
fix wrong notes for `const MaxNameLen`
Mar 23, 2023
a7a836e
libct/cg/dev: skip flaky test of CentOS 7
kolyshkin Mar 22, 2023
948ef27
Merge pull request #3773 from kolyshkin/no-symlinks
AkihiroSuda Mar 25, 2023
da5047c
Merge pull request #3781 from yanggangtony/fix-typo
AkihiroSuda Mar 25, 2023
54e2021
libctr/cgroups: don't take init's cgroup into account
haircommander Mar 24, 2023
da98076
mountToRootfs: minor refactor
kolyshkin Mar 27, 2023
3e3db28
Merge pull request #3778 from kolyshkin/skip-flaky-ce7
kolyshkin Mar 27, 2023
99a337f
Dockefile: bump go go 1.20
kolyshkin Mar 8, 2023
8491d33
Fix runc run "permission denied" when rootless
kolyshkin Feb 27, 2023
8293ef2
tests/int: test for CAP_DAC_OVERRIDE
kolyshkin Feb 14, 2023
2b221a6
Merge pull request #3787 from kolyshkin/rec-fixup
AkihiroSuda Mar 28, 2023
7f3f4be
Merge pull request #3753 from kolyshkin/user-exec
AkihiroSuda Mar 28, 2023
0d62b95
Merge pull request from GHSA-m8cg-xc2p-r3fc
hqhq Mar 29, 2023
a37109c
tests/int/mount: fix issues with ro cgroup test
kolyshkin Mar 30, 2023
370e3be
tests/int/mounts: only check non-shadowed mounts
kolyshkin Mar 30, 2023
8edf478
Merge pull request #3798 from kolyshkin/fix-mount-test
kolyshkin Mar 31, 2023
b2fc0a5
verify-changelog: allow non-ASCII
kolyshkin Mar 30, 2023
4ff4904
Makefile: add verify-changelog as release dependency
kolyshkin Mar 29, 2023
73acc77
libct/cg: rm EnterPid
kolyshkin Mar 29, 2023
9f32ce6
CHANGELOG: forward-port 1.1.4 and 1.1.5 changes
kolyshkin Mar 31, 2023
c6e8cb7
libct/cg/sd: refactor startUnit
kolyshkin Mar 23, 2023
c253342
libct/cg/sd: ignore UnitExists only for Apply(-1)
kolyshkin Mar 23, 2023
1d18743
libct/cg/sd: reset-failed and retry startUnit on UnitExists
kolyshkin Mar 23, 2023
82bc89c
runc run: refuse a non-empty cgroup
kolyshkin Mar 23, 2023
ba61870
Merge pull request #3797 from kolyshkin/enter-pid
kolyshkin Mar 31, 2023
17922e3
Merge pull request #3800 from kolyshkin/fp-ch
AkihiroSuda Apr 3, 2023
9f24513
Merge pull request #3782 from kolyshkin/fix-sd-start
kolyshkin Apr 3, 2023
509b312
libct/cg/sd/v2: unifiedResToSystemdProps nit
kolyshkin Mar 28, 2023
3ffbd4c
tests/int: fix update cpu.idle failure on CS9
kolyshkin Mar 27, 2023
b5ecad7
tests/int/update: test bad cpu.idle values
kolyshkin Mar 28, 2023
ed9651b
libct/cg/sd: support setting cpu.idle via systemd
kolyshkin Mar 27, 2023
7ba53a1
Merge pull request #3788 from kolyshkin/systemd-cpu-idle
mrunalp Apr 4, 2023
cc60a39
Merge pull request #3784 from haircommander/root-cgroup-no-init
kolyshkin Apr 4, 2023
1034cfa
build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
dependabot[bot] Apr 4, 2023
fd5debf
libct/cg: rm GetInitCgroup[Path]
kolyshkin Apr 4, 2023
0cab3b3
Merge pull request #3779 from fish98/main
AkihiroSuda Apr 4, 2023
1b4cf1d
Merge pull request #3809 from opencontainers/dependabot/github_action…
AkihiroSuda Apr 4, 2023
67b542b
Merge pull request #3810 from kolyshkin/rm-get-init-cgroup-path
AkihiroSuda Apr 5, 2023
a6e95c5
build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
dependabot[bot] Apr 5, 2023
5726682
Merge pull request #3813 from opencontainers/dependabot/go_modules/go…
thaJeztah Apr 5, 2023
9dbb9f9
ci: bump bats 1.3.0 -> 1.8.2
kolyshkin Apr 5, 2023
9b71787
tests/int: fix some checks
kolyshkin Apr 5, 2023
611bbac
libct/cg: add misc controller to v1 drivers
kolyshkin Apr 5, 2023
873d7bb
ci/cirrus: use Go 1.19.x not 1.19
kolyshkin Apr 5, 2023
fd1a79f
ci/cirrus: improve host_info
kolyshkin Apr 5, 2023
941e592
Merge pull request #3814 from kolyshkin/go-1.19-minor
mrunalp Apr 6, 2023
439673d
build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0
dependabot[bot] Apr 7, 2023
1789002
Merge pull request #3819 from opencontainers/dependabot/go_modules/go…
kolyshkin Apr 7, 2023
d8a3daa
Merge pull request #3815 from kolyshkin/bump-bats
mrunalp Apr 8, 2023
953e1cc
ci/gha: switch to or add ubuntu 22.04
kolyshkin Apr 7, 2023
e42c219
Merge pull request #3820 from kolyshkin/ubu-22.04
kolyshkin Apr 11, 2023
6053aea
Fix undefined behavior.
nanasi880 Mar 28, 2023
1198389
merge #3790 into main
cyphar Apr 12, 2023
d923060
Implement to set a domainname
utam0k Oct 4, 2022
8721494
release: add runc.keyring file and script
cyphar Apr 7, 2023
957bccf
scripts: release: add verification checks for signing keys
cyphar Apr 7, 2023
22538f8
keyring: verify runc.keyring has legitimate maintainer keys
cyphar Apr 19, 2023
0c9c60a
keyring: add Aleksa's <asarai@suse.com> signing key
cyphar Apr 7, 2023
056ec0c
keyring: add Aleksa's <cyphar@cyphar.com> signing key
cyphar Apr 19, 2023
fdc2515
Merge pull request #3600 from utam0k/domainname
kolyshkin Apr 19, 2023
3a2c0c2
Merge pull request #3824 from cyphar/release-gpgkeys
AkihiroSuda Apr 19, 2023
fe278b9
libct: fix a race with systemd removal
kolyshkin Apr 4, 2023
42a1091
runc-kill(8): amend the --all description
kolyshkin Apr 21, 2023
e61ce72
Merge pull request #3834 from kolyshkin/doc-kill-a
AkihiroSuda Apr 21, 2023
dac3852
Merge pull request #3812 from kolyshkin/sd-rm-race
AkihiroSuda Apr 21, 2023
a758310
runc.keyring: add Kolyshkin
kolyshkin Apr 22, 2023
5f5b35d
merge #3836 into main
cyphar Apr 22, 2023
cfc3c6d
scripts: keyring validate: print some more information
cyphar Apr 22, 2023
3e76cc4
Merge pull request #3840 from cyphar/keyring-script-extra-info
kolyshkin Apr 24, 2023
d7208f5
libct/cg/sd: use systemd version when generating dev props
kolyshkin Apr 24, 2023
14d6c7d
runc.keyring: add Akihiro Suda
AkihiroSuda Apr 25, 2023
bf6a78c
Merge pull request #3842 from kolyshkin/rm-warning
mrunalp Apr 25, 2023
30f9f80
merge #3844 into main
cyphar Apr 25, 2023
33b6ec2
ci/cirrus: use vagrant from hashicorp repo
kolyshkin Apr 26, 2023
a192000
Vagrantfile.fedora: bump to 38
kolyshkin Apr 26, 2023
13091ee
ci: bump bats 1.8.2 -> 1.9.0
kolyshkin Apr 26, 2023
39fe1c3
Merge pull request #3848 from kolyshkin/bump-vagrant
thaJeztah Apr 27, 2023
defb1cc
libct/cg/dev: optimize and test findDeviceGroup
kolyshkin Jan 28, 2022
8af2f48
Merge pull request #3357 from kolyshkin/more-bytes-less-strings
thaJeztah Apr 27, 2023
20e38fb
init: do not print environment variable value
cyphar Apr 28, 2023
5a17746
deps: bump urfave/cli
kolyshkin Apr 28, 2023
253707d
Merge pull request #3850 from cyphar/env-nul-byte
AkihiroSuda Apr 29, 2023
5a9266b
Merge pull request #3851 from kolyshkin/bump-urfave
thaJeztah May 1, 2023
976748e
libct: add mountViaFDs, simplify mount
kolyshkin Jun 16, 2022
a60933b
libct/rootfs: introduce and use mountEntry
kolyshkin Jun 17, 2022
02afa9f
build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
dependabot[bot] May 5, 2023
712a781
Merge pull request #3856 from opencontainers/dependabot/go_modules/go…
AkihiroSuda May 9, 2023
882a2cc
build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
dependabot[bot] May 9, 2023
8eb801d
Merge pull request #3512 from kolyshkin/fix-mntns-userns-II
kolyshkin May 9, 2023
6beb3c6
go.mod: runtime-spec v1.1.0-rc.2
AkihiroSuda Apr 18, 2023
d782db4
Merge pull request #3830 from AkihiroSuda/spec-v1.1.0-rc.2
thaJeztah May 10, 2023
2685116
Merge pull request #3858 from opencontainers/dependabot/go_modules/go…
kolyshkin May 10, 2023
b32655d
ci/gha: rm kludges for cross-i386 job
kolyshkin May 15, 2023
da5cdfe
ci/gha: fix cross-i386
kolyshkin May 15, 2023
57952fe
Merge pull request #3870 from kolyshkin/ci-386
mrunalp May 16, 2023
083e978
ci/gha: rm actions/cache from validate/deps job
kolyshkin Apr 10, 2023
62cc13e
gha: disable setup-go cache for golangci job
kolyshkin Apr 10, 2023
b492357
Merge pull request #3822 from kolyshkin/gha-rm-cache
kolyshkin May 16, 2023
2a34704
build(deps): bump tim-actions/get-pr-commits from 1.2.0 to 1.3.0
dependabot[bot] May 17, 2023
8cbf640
Merge pull request #3871 from opencontainers/dependabot/github_action…
kolyshkin May 17, 2023
72657ea
libct: move StartInitialization
kolyshkin Apr 11, 2023
4f0a7e7
libct/init: call Init from containerInit
kolyshkin Dec 9, 2021
eba31a7
libct/StartInitialization: rename returned error
kolyshkin Aug 4, 2022
7e481ee
libct/int: remove logger from init
kolyshkin Dec 10, 2021
a2b60cf
Merge pull request #3854 from kolyshkin/refff
mrunalp May 17, 2023
b9d2d8d
build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
dependabot[bot] May 18, 2023
ba58ee9
Merge pull request #3873 from opencontainers/dependabot/go_modules/gi…
kolyshkin May 18, 2023
650efb2
Fix Vagrant caching
kolyshkin May 23, 2023
bb4dbbc
ci/cirrus: limit numcpu
kolyshkin May 23, 2023
df57f74
Merge pull request #3880 from kolyshkin/fix-vagrant-cache
kolyshkin Jun 6, 2023
511c761
man/runc: fixes
kolyshkin Jun 5, 2023
fed0b12
tests/int: increase num retries for oom tests
kolyshkin May 18, 2023
9c6b913
Merge pull request #3887 from kolyshkin/manman
kolyshkin Jun 7, 2023
f075e26
Merge pull request #3874 from kolyshkin/fix-cs9-oom
kolyshkin Jun 8, 2023
67bc4bc
tests/rootless.sh: drop set -x
kolyshkin May 12, 2023
e0e8d9c
tests/int/kill: add kill -a with host pidns test
kolyshkin May 12, 2023
5b8f871
libct: signalAllProcesses: remove child reaping
kolyshkin May 12, 2023
2a7dcbb
libct: fix shared pidns detection
kolyshkin May 12, 2023
9583b3d
libct: move killing logic to container.Signal
kolyshkin Apr 13, 2023
f8ad20f
runc kill: drop -a option
kolyshkin May 12, 2023
7d09ba1
libct: implement support for cgroup.kill
kolyshkin May 12, 2023
31e3c22
build(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
dependabot[bot] Jun 8, 2023
5f3f559
Merge pull request #3884 from opencontainers/dependabot/go_modules/gi…
dependabot[bot] Jun 9, 2023
e83ca51
tests/int/cgroups: filter out rdma
kolyshkin May 16, 2023
41e04aa
tests/int: rename a variable
kolyshkin Aug 9, 2022
78d31a4
ci/cirrus: enable rootless tests on cs9
kolyshkin Aug 8, 2022
14456ef
merge pr #3825
cyphar Jun 10, 2023
0b9d545
Merge pull request #3553 from kolyshkin/moar-ci
AkihiroSuda Jun 10, 2023
1810bd3
support psi for cgroupv2
dqminh Jan 28, 2022
5daac84
integration test for PSI metrics in runc events
dqminh Jan 31, 2022
b8b9d8b
fix rest of the comments
szuecs Nov 4, 2022
8845e97
fix type errors
szuecs Nov 4, 2022
9205d6c
fix float64/uint64 ptr issues
szuecs Dec 6, 2022
b29afcc
fix: gofumpt
szuecs Dec 6, 2022
8649887
fix: initialize struct of ptrs
szuecs Dec 6, 2022
59f554c
hack to understand what is nil
szuecs Dec 6, 2022
5ddd2b8
next small hacks to test if we can make CPU PSI tests work
szuecs Dec 6, 2022
9bd5bf6
fix memory and blkio PSI types and assume cg.*Stats.PSI is not nil
szuecs Dec 6, 2022
364ac14
handle PSIStats nil in src structures
szuecs Dec 6, 2022
6af9cc0
remove ptr types that were introduced by comment, but do not fit
szuecs May 16, 2023
ce1a73e
make linter happy
szuecs May 16, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
tests/int: use runc features in seccomp flags test
This test (initially added by commit 58ea21d and later amended in
commit 26dc55e) currently has two major deficiencies:

1. All possible flag combinations, and their respective numeric values,
   have to be explicitly listed. Currently we support 3 flags, so
   there is only 2^3 - 1 = 7 combinations, but adding more flags will
   become increasingly difficult (for example, 5 flags will result in
   31 combinations).

2. The test requires kernel 4.17 (for SECCOMP_FILTER_FLAG_SPEC_ALLOW),
   and not doing any tests when running on an older kernel. This, too,
   will make it more difficult to add extra flags in the future.

Both issues can be solved by using runc features which now prints all
known and supported runc flags. We still have to hardcode the numeric
values of all flags, but most of the other work is coded now.

In particular:

 * The test only uses supported flags, meaning it can be used with
   older kernels, removing the limitation (2) above.

 * The test calculates the powerset (all possible combinations) of
   flags and their numeric values. This makes it easier to add more
   flags, removing the limitation (1) above.

 * The test will fail (in flags_value) if any new flags will be added
   to runc but the test itself is not amended.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
  • Loading branch information
kolyshkin committed Nov 30, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 19a9d9fc9e3530f483a7f121ae28f3f5764d8522
2 changes: 1 addition & 1 deletion libcontainer/seccomp/seccomp_linux.go
Original file line number Diff line number Diff line change
@@ -163,7 +163,7 @@ func setFlag(filter *libseccomp.ScmpFilter, flag specs.LinuxSeccompFlag) error {
}
// NOTE when adding more flags above, do not forget to also:
// - add new flags to `flags` slice in config.go;
// - add new flags to tests/integration/seccomp.bats flags test;
// - add new flag values to flags_value() in tests/integration/seccomp.bats;
// - modify func filterFlags in patchbpf/ accordingly.

return &unknownFlagError{flag: flag}
70 changes: 54 additions & 16 deletions tests/integration/seccomp.bats
Original file line number Diff line number Diff line change
@@ -66,11 +66,32 @@ function teardown() {
[[ "$output" == *"Network is down"* ]]
}

@test "runc run [seccomp] (SECCOMP_FILTER_FLAG_*)" {
# Linux 4.14: SECCOMP_FILTER_FLAG_LOG
# Linux 4.17: SECCOMP_FILTER_FLAG_SPEC_ALLOW
requires_kernel 4.17
# Prints the numeric value of provided seccomp flags combination.
# The parameter is flags string, as supplied in OCI spec, for example
# '"SECCOMP_FILTER_FLAG_TSYNC","SECCOMP_FILTER_FLAG_LOG"'.
function flags_value() {
# Numeric values of seccomp flags.
declare -A values=(
['"SECCOMP_FILTER_FLAG_TSYNC"']=0 # Supported but ignored by runc, thus 0.
['"SECCOMP_FILTER_FLAG_LOG"']=2
['"SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=4
# XXX: add new values above this line.
)
# Split the flags.
IFS=',' read -ra flags <<<"$1"

local flag v sum=0
for flag in "${flags[@]}"; do
# This will produce "values[$flag]: unbound variable"
# error for a new flag yet unknown to the test.
v=${values[$flag]}
((sum += v)) || true
done

echo $sum
}

@test "runc run [seccomp] (SECCOMP_FILTER_FLAG_*)" {
update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"]
| .process.noNewPrivileges = false
| .linux.seccomp = {
@@ -79,18 +100,35 @@ function teardown() {
"syscalls":[{"names":["mkdir", "mkdirat"], "action":"SCMP_ACT_ERRNO"}]
}'

declare -A FLAGS=(
['REMOVE']=4 # No setting, use built-in default.
['EMPTY']=0 # Empty set of flags.
['"SECCOMP_FILTER_FLAG_LOG"']=2
['"SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=4
['"SECCOMP_FILTER_FLAG_TSYNC"']=0 # tsync flag is ignored.
['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=6
['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_TSYNC"']=2
['"SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"']=4
['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"']=6
# Get the list of flags supported by runc/seccomp/kernel,
# or "null" if no flags are supported or runc is too old.
mapfile -t flags < <(__runc features | jq -c '.linux.seccomp.supportedFlags' |
tr -d '[]\n' | tr ',' '\n')

# This is a set of all possible flag combinations to test.
declare -A TEST_CASES=(
['EMPTY']=0 # Special value: empty set of flags.
['REMOVE']=0 # Special value: no flags set.
)
for key in "${!FLAGS[@]}"; do

# If supported, runc should set SPEC_ALLOW if no flags are set.
if [[ " ${flags[*]} " == *' "SECCOMP_FILTER_FLAG_SPEC_ALLOW" '* ]]; then
TEST_CASES['REMOVE']=$(flags_value '"SECCOMP_FILTER_FLAG_SPEC_ALLOW"')
fi

# Add all possible combinations of seccomp flags
# and their expected numeric values to TEST_CASES.
if [ "${flags[0]}" != "null" ]; then
# Use shell {a,}{b,}{c,} to generate the powerset.
for fc in $(eval echo "$(printf "{'%s,',}" "${flags[@]}")"); do
# Remove the last comma.
fc="${fc/%,/}"
TEST_CASES[$fc]=$(flags_value "$fc")
done
fi

# Finally, run the tests.
for key in "${!TEST_CASES[@]}"; do
case "$key" in
'REMOVE')
update_config ' del(.linux.seccomp.flags)'
@@ -108,7 +146,7 @@ function teardown() {
[[ "$output" == *"mkdir:"*"/dev/shm/foo"*"Operation not permitted"* ]]

# Check the numeric flags value, as printed in the debug log, is as expected.
exp="\"seccomp filter flags: ${FLAGS[$key]}\""
exp="\"seccomp filter flags: ${TEST_CASES[$key]}\""
echo "flags $key, expecting $exp"
[[ "$output" == *"$exp"* ]]
done