Factory cleanup #3354
Factory cleanup #3354
Conversation
kolyshkin
force-pushed
the
factory-cleanup
branch
from
5d49eda
to
9477860
Compare
|
Release job failed because of a network glitch:
Restarted. |
|
@opencontainers/runc-maintainers PTAL (I have more changes pending that depend on these commits) |
Those are *always* /proc/self/exe init, and it does not make sense to ever change these. More to say, if InitArgs option func (removed by this commit) is used to change these parameters, it will break things, since "init" is hardcoded elsewhere. Remove this. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
We only have one implementation of config validator, which is always used. It makes no sense to have Validator interface. Having validate.Validator field in Factory does not make sense for all the same reasons. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
These were introduced in commit d8b6694 back in 2017, with a TODO of "make binary names configurable". Apparently, everyone is happy with the hardcoded names. In fact, they *are* configurable (by prepending the PATH with a directory containing own version of newuidmap/newgidmap). Now, these binaries are only needed in a few specific cases (when rootless is set etc.), so let's look them up only when needed. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Interesting. From my assessment, it seems we are fine. If the PATH contains Now, theoretically, if the code does Nevertheless, out of abundance of caution it might make sense to not allow a non-absolute path to |
kolyshkin
force-pushed
the
factory-cleanup
branch
from
9477860
to
908f33f
Compare
Added. I also took a look at other uses of exec.LookPath and exec.Command, and it seems that these should be left as is. |
kolyshkin
force-pushed
the
factory-cleanup
branch
from
908f33f
to
f817847
Compare
Since we are looking up the path to newuidmap/newgidmap in one context, and executing those in another (libct/nsenter), it might make sense to use a stricter rules for looking up path to those binaries. Practically it means that if someone wants to use custom newuidmap and newgidmap binaries from $PATH, it would be impossible to use these from the current directory by means of PATH=.:$PATH; instead one would have to do something like PATH=$(pwd):$PATH. See https://go.dev/blog/path-security for background. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
TestGetContainerStats test a function that is smaller than the test itself, and only calls a couple of other functions (which are represented by mocks). It does not make sense to have it. mockIntelRdtManager is only needed for TestGetContainerStats and TestGetContainerState, which basically tests that Path is called. Also, it does not make much sense to have it. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Remove intelrtd.Manager interface, since we only have a single implementation, and do not expect another one. Rename intelRdtManager to Manager, and modify its users accordingly. Remove NewIntelRdtManager from factory. Remove IntelRdtfs. Instead, make intelrdt.NewManager return nil if the feature is not available. Remove TestFactoryNewIntelRdt as it is now identical to TestFactoryNew. Add internal function newManager to be used for tests (to make sure some testing is done even when the feature is not available in kernel/hardware). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
force-pushed
the
factory-cleanup
branch
from
f817847
to
dbd990d
Compare
|
Thanks for looking at that; yes I was thinking along the same lines; in normal situations, |
|
@opencontainers/runc-maintainers PTAL |
|
@opencontainers/runc-maintainers PTAL 🙏🏻 (I have a few more cleanups on top of this) |
|
Some of the changes might make code less scalable, but we can add them back when we really want to scale someday, it does make code cleaner, 👍 |
This used to be part of #3316.
This set cleanups LinuxFactory, removing some interfaces, option functions etc. Lots of changes, but mostly removal.
This removes about 6K of code and 5K of data from the binary, reducing its overall size by 0.1% (not counting debuginfo, i.e. for a stripped binary) without any change in functionality.
More importantly, this improves readability a notch by simplifying some code and data structures, and removing about 200 lines of code and tests.