-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve nsexec logging #2836
Improve nsexec logging #2836
Conversation
d1e0960
to
73d5aba
Compare
This still draft? |
No longer a draft; @cyphar PTAL (this is mostly your code) |
In order to make 'runc --debug' actually useful for debugging nsexec bugs, provide information about all the internal operations when in debug mode. [@kolyshkin: rebasing; fix formatting via indent for make validate to pass] Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
73d5aba
to
8c15967
Compare
Rebased again; PTAL @cyphar |
centos7 fails
This is the second time I see it, not sure what's happening but definitely unrelated to this PR. CI restarted. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I'll take your word for it that most of this new code is mine. 😬
CentOS CI failure is a flake (#2760), restarting. |
Since the previous commit, some strings logged by write_log() contain a literal newline, which leads to errors like this one: > # time="2020-06-07T15:41:37Z" level=error msg="failed to decode \"{\\\"level\\\":\\\"debug\\\", \\\"msg\\\": \\\"nsexec-0[2265]: update /proc/2266/uid_map to '0 1000 1\\n\" to json: invalid character '\\n' in string literal" The fix is to escape such characters. Add a simple (as much as it can be) routine which implements JSON string escaping as required by RFC4627, section 2.5, plus escaping of DEL (0x7f) character (not required, but allowed by the standard, and usually done by tools such as jq). As much as I hate to code something like this, I was not able to find a ready to consume and decent C implementation (not using glib). Added a test case (and some additional asserts in C code, conditionally enabled by the test case) to make sure the implementation is correct. The test case have to live in a separate directory so we can use different C flags to compile the test, and use C from go test. [v2: try to simplify the code, add more tests] [v3: don't do exit(1), try returning an error instead] Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
8c15967
to
928ef7a
Compare
@cyphar PTAL; the only change after your review was this: #2836 (comment) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
free(s); | ||
// As malloc failed, strdup can fail, too, so in the worst case | ||
// scenario NULL will be returned from here. | ||
return strdup("escape_json_string: out of memory"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like it makes more sense to always return NULL (and then in the caller provide the fallback error message), but it doesn't really matter imho.
Draft as it's blocked by #2835In order to make
runc --debug
actually useful for debugging nsexecbugs, provide information about all the internal operations when in
debug mode.
Before:
After:
This is a carry of #2460 with a few fixes on top:
make cfmt
;Closes: #2460
(this was originally developed in #2487)