diff --git a/go.mod b/go.mod index 2b5da2344..148901748 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Microsoft/hcsshim v0.9.0 github.com/containerd/aufs v1.0.0 github.com/containerd/btrfs v1.0.0 - github.com/containerd/cgroups v1.0.1 + github.com/containerd/cgroups v1.0.2 github.com/containerd/console v1.0.3 github.com/containerd/containerd/api v0.0.0 github.com/containerd/continuity v0.2.0 diff --git a/go.sum b/go.sum index 0a467a24f..79340dff4 100644 --- a/go.sum +++ b/go.sum @@ -112,8 +112,9 @@ github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj github.com/containerd/btrfs v1.0.0 h1:osn1exbzdub9L5SouXO5swW4ea/xVdJZ3wokxN5GrnA= github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss= github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= -github.com/containerd/cgroups v1.0.1 h1:iJnMvco9XGvKUvNQkv88bE4uJXxRQH18efbKo9w5vHQ= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= +github.com/containerd/cgroups v1.0.2 h1:mZBclaSgNDfPWtfhj2xJY28LZ9nYIgzB0pwSURPl6JM= +github.com/containerd/cgroups v1.0.2/go.mod h1:qpbpJ1jmlqsR9f2IyaLPsdkCdnt0rbDVqIDlhuu5tRY= github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= diff --git a/integration/client/go.mod b/integration/client/go.mod index 62e2626e1..6833546ef 100644 --- a/integration/client/go.mod +++ b/integration/client/go.mod @@ -5,7 +5,7 @@ go 1.15 require ( github.com/Microsoft/hcsshim v0.9.0 github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1 - github.com/containerd/cgroups v1.0.1 + github.com/containerd/cgroups v1.0.2 // the actual version of containerd is replaced with the code at the root of this repository github.com/containerd/containerd v1.5.7 github.com/containerd/containerd/api v0.0.0 diff --git a/integration/client/go.sum b/integration/client/go.sum index 4053d588e..00cefcc59 100644 --- a/integration/client/go.sum +++ b/integration/client/go.sum @@ -108,8 +108,9 @@ github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss= github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= -github.com/containerd/cgroups v1.0.1 h1:iJnMvco9XGvKUvNQkv88bE4uJXxRQH18efbKo9w5vHQ= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= +github.com/containerd/cgroups v1.0.2 h1:mZBclaSgNDfPWtfhj2xJY28LZ9nYIgzB0pwSURPl6JM= +github.com/containerd/cgroups v1.0.2/go.mod h1:qpbpJ1jmlqsR9f2IyaLPsdkCdnt0rbDVqIDlhuu5tRY= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ= diff --git a/runtime/opts/opts_linux.go b/runtime/opts/opts_linux.go index eb509dadb..9bf94f4a0 100644 --- a/runtime/opts/opts_linux.go +++ b/runtime/opts/opts_linux.go @@ -29,9 +29,6 @@ func WithNamespaceCgroupDeletion(ctx context.Context, i *namespaces.DeleteInfo) if cgroups.Mode() == cgroups.Unified { cg, err := cgroupsv2.LoadManager("/sys/fs/cgroup", i.Name) if err != nil { - if err == cgroupsv2.ErrCgroupDeleted { - return nil - } return err } return cg.Delete() diff --git a/services/server/server_linux.go b/services/server/server_linux.go index cbb2b0f33..48d2684b0 100644 --- a/services/server/server_linux.go +++ b/services/server/server_linux.go @@ -41,12 +41,7 @@ func apply(ctx context.Context, config *srvconfig.Config) error { if cgroups.Mode() == cgroups.Unified { cg, err := cgroupsv2.LoadManager("/sys/fs/cgroup", config.Cgroup.Path) if err != nil { - if err != cgroupsv2.ErrCgroupDeleted { - return err - } - if cg, err = cgroupsv2.NewManager("/sys/fs/cgroup", config.Cgroup.Path, nil); err != nil { - return err - } + return err } if err := cg.AddProc(uint64(os.Getpid())); err != nil { return err diff --git a/vendor/github.com/containerd/cgroups/README.md b/vendor/github.com/containerd/cgroups/README.md index d4b09f3d6..fc2c7a9be 100644 --- a/vendor/github.com/containerd/cgroups/README.md +++ b/vendor/github.com/containerd/cgroups/README.md @@ -1,7 +1,7 @@ # cgroups [![Build Status](https://github.com/containerd/cgroups/workflows/CI/badge.svg)](https://github.com/containerd/cgroups/actions?query=workflow%3ACI) -[![codecov](https://codecov.io/gh/containerd/cgroups/branch/master/graph/badge.svg)](https://codecov.io/gh/containerd/cgroups) +[![codecov](https://codecov.io/gh/containerd/cgroups/branch/main/graph/badge.svg)](https://codecov.io/gh/containerd/cgroups) [![GoDoc](https://godoc.org/github.com/containerd/cgroups?status.svg)](https://godoc.org/github.com/containerd/cgroups) [![Go Report Card](https://goreportcard.com/badge/github.com/containerd/cgroups)](https://goreportcard.com/report/github.com/containerd/cgroups) @@ -142,8 +142,8 @@ All static path should not include `/sys/fs/cgroup/` prefix, it should start wit Cgroups is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE). As a containerd sub-project, you will find the: - * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md), - * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS), - * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md) + * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md), + * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS), + * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md) information in our [`containerd/project`](https://github.com/containerd/project) repository. diff --git a/vendor/github.com/containerd/cgroups/blkio.go b/vendor/github.com/containerd/cgroups/blkio.go index a837e19fb..f59c75bb5 100644 --- a/vendor/github.com/containerd/cgroups/blkio.go +++ b/vendor/github.com/containerd/cgroups/blkio.go @@ -130,7 +130,7 @@ func (b *blkioController) Stat(path string, stats *v1.Metrics) error { } } - f, err := os.Open(filepath.Join(b.procRoot, "diskstats")) + f, err := os.Open(filepath.Join(b.procRoot, "partitions")) if err != nil { return err } @@ -335,7 +335,10 @@ func getDevices(r io.Reader) (map[deviceKey]string, error) { s = bufio.NewScanner(r) devices = make(map[deviceKey]string) ) - for s.Scan() { + for i := 0; s.Scan(); i++ { + if i < 2 { + continue + } fields := strings.Fields(s.Text()) major, err := strconv.Atoi(fields[0]) if err != nil { @@ -352,7 +355,7 @@ func getDevices(r io.Reader) (map[deviceKey]string, error) { if _, ok := devices[key]; ok { continue } - devices[key] = filepath.Join("/dev", fields[2]) + devices[key] = filepath.Join("/dev", fields[3]) } return devices, s.Err() } diff --git a/vendor/github.com/containerd/cgroups/cgroup.go b/vendor/github.com/containerd/cgroups/cgroup.go index e0e014b28..0fab1cecf 100644 --- a/vendor/github.com/containerd/cgroups/cgroup.go +++ b/vendor/github.com/containerd/cgroups/cgroup.go @@ -17,6 +17,7 @@ package cgroups import ( + "errors" "fmt" "os" "path/filepath" @@ -25,8 +26,8 @@ import ( "sync" v1 "github.com/containerd/cgroups/stats/v1" - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" + + "github.com/opencontainers/runtime-spec/specs-go" ) // New returns a new control via the cgroup cgroups interface @@ -83,7 +84,7 @@ func Load(hierarchy Hierarchy, path Path, opts ...InitOpts) (Cgroup, error) { for _, s := range pathers(subsystems) { p, err := path(s.Name()) if err != nil { - if os.IsNotExist(errors.Cause(err)) { + if errors.Is(err, os.ErrNotExist) { return nil, ErrCgroupDeleted } if err == ErrControllerNotActive { @@ -149,8 +150,50 @@ func (c *cgroup) Subsystems() []Subsystem { return c.subsystems } -// Add moves the provided process into the new cgroup -func (c *cgroup) Add(process Process) error { +func (c *cgroup) subsystemsFilter(subsystems ...Name) []Subsystem { + if len(subsystems) == 0 { + return c.subsystems + } + + var filteredSubsystems = []Subsystem{} + for _, s := range c.subsystems { + for _, f := range subsystems { + if s.Name() == f { + filteredSubsystems = append(filteredSubsystems, s) + break + } + } + } + + return filteredSubsystems +} + +// Add moves the provided process into the new cgroup. +// Without additional arguments, the process is added to all the cgroup subsystems. +// When giving Add a list of subsystem names, the process is only added to those +// subsystems, provided that they are active in the targeted cgroup. +func (c *cgroup) Add(process Process, subsystems ...Name) error { + return c.add(process, cgroupProcs, subsystems...) +} + +// AddProc moves the provided process id into the new cgroup. +// Without additional arguments, the process with the given id is added to all +// the cgroup subsystems. When giving AddProc a list of subsystem names, the process +// id is only added to those subsystems, provided that they are active in the targeted +// cgroup. +func (c *cgroup) AddProc(pid uint64, subsystems ...Name) error { + return c.add(Process{Pid: int(pid)}, cgroupProcs, subsystems...) +} + +// AddTask moves the provided tasks (threads) into the new cgroup. +// Without additional arguments, the task is added to all the cgroup subsystems. +// When giving AddTask a list of subsystem names, the task is only added to those +// subsystems, provided that they are active in the targeted cgroup. +func (c *cgroup) AddTask(process Process, subsystems ...Name) error { + return c.add(process, cgroupTasks, subsystems...) +} + +func (c *cgroup) add(process Process, pType procType, subsystems ...Name) error { if process.Pid <= 0 { return ErrInvalidPid } @@ -159,52 +202,19 @@ func (c *cgroup) Add(process Process) error { if c.err != nil { return c.err } - return c.add(process) -} - -func (c *cgroup) add(process Process) error { - for _, s := range pathers(c.subsystems) { + for _, s := range pathers(c.subsystemsFilter(subsystems...)) { p, err := c.path(s.Name()) if err != nil { return err } - if err := retryingWriteFile( - filepath.Join(s.Path(p), cgroupProcs), + err = retryingWriteFile( + filepath.Join(s.Path(p), pType), []byte(strconv.Itoa(process.Pid)), defaultFilePerm, - ); err != nil { - return err - } - } - return nil -} - -// AddTask moves the provided tasks (threads) into the new cgroup -func (c *cgroup) AddTask(process Process) error { - if process.Pid <= 0 { - return ErrInvalidPid - } - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return c.err - } - return c.addTask(process) -} - -func (c *cgroup) addTask(process Process) error { - for _, s := range pathers(c.subsystems) { - p, err := c.path(s.Name()) + ) if err != nil { return err } - if err := retryingWriteFile( - filepath.Join(s.Path(p), cgroupTasks), - []byte(strconv.Itoa(process.Pid)), - defaultFilePerm, - ); err != nil { - return err - } } return nil } @@ -326,15 +336,29 @@ func (c *cgroup) Processes(subsystem Name, recursive bool) ([]Process, error) { if c.err != nil { return nil, c.err } - return c.processes(subsystem, recursive) + return c.processes(subsystem, recursive, cgroupProcs) } -func (c *cgroup) processes(subsystem Name, recursive bool) ([]Process, error) { +// Tasks returns the tasks running inside the cgroup along +// with the subsystem used, pid, and path +func (c *cgroup) Tasks(subsystem Name, recursive bool) ([]Task, error) { + c.mu.Lock() + defer c.mu.Unlock() + if c.err != nil { + return nil, c.err + } + return c.processes(subsystem, recursive, cgroupTasks) +} + +func (c *cgroup) processes(subsystem Name, recursive bool, pType procType) ([]Process, error) { s := c.getSubsystem(subsystem) sp, err := c.path(subsystem) if err != nil { return nil, err } + if s == nil { + return nil, fmt.Errorf("cgroups: %s doesn't exist in %s subsystem", sp, subsystem) + } path := s.(pather).Path(sp) var processes []Process err = filepath.Walk(path, func(p string, info os.FileInfo, err error) error { @@ -348,10 +372,10 @@ func (c *cgroup) processes(subsystem Name, recursive bool) ([]Process, error) { return filepath.SkipDir } dir, name := filepath.Split(p) - if name != cgroupProcs { + if name != pType { return nil } - procs, err := readPids(dir, subsystem) + procs, err := readPids(dir, subsystem, pType) if err != nil { return err } @@ -361,49 +385,6 @@ func (c *cgroup) processes(subsystem Name, recursive bool) ([]Process, error) { return processes, err } -// Tasks returns the tasks running inside the cgroup along -// with the subsystem used, pid, and path -func (c *cgroup) Tasks(subsystem Name, recursive bool) ([]Task, error) { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return nil, c.err - } - return c.tasks(subsystem, recursive) -} - -func (c *cgroup) tasks(subsystem Name, recursive bool) ([]Task, error) { - s := c.getSubsystem(subsystem) - sp, err := c.path(subsystem) - if err != nil { - return nil, err - } - path := s.(pather).Path(sp) - var tasks []Task - err = filepath.Walk(path, func(p string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if !recursive && info.IsDir() { - if p == path { - return nil - } - return filepath.SkipDir - } - dir, name := filepath.Split(p) - if name != cgroupTasks { - return nil - } - procs, err := readTasksPids(dir, subsystem) - if err != nil { - return err - } - tasks = append(tasks, procs...) - return nil - }) - return tasks, err -} - // Freeze freezes the entire cgroup and all the processes inside it func (c *cgroup) Freeze() error { c.mu.Lock() @@ -511,7 +492,7 @@ func (c *cgroup) MoveTo(destination Cgroup) error { return c.err } for _, s := range c.subsystems { - processes, err := c.processes(s.Name(), true) + processes, err := c.processes(s.Name(), true, cgroupProcs) if err != nil { return err } diff --git a/vendor/github.com/containerd/cgroups/control.go b/vendor/github.com/containerd/cgroups/control.go index a4cb9b832..5fcaac6d0 100644 --- a/vendor/github.com/containerd/cgroups/control.go +++ b/vendor/github.com/containerd/cgroups/control.go @@ -23,10 +23,12 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" ) +type procType = string + const ( - cgroupProcs = "cgroup.procs" - cgroupTasks = "tasks" - defaultDirPerm = 0755 + cgroupProcs procType = "cgroup.procs" + cgroupTasks procType = "tasks" + defaultDirPerm = 0755 ) // defaultFilePerm is a var so that the test framework can change the filemode @@ -37,32 +39,37 @@ const ( var defaultFilePerm = os.FileMode(0) type Process struct { - // Subsystem is the name of the subsystem that the process is in + // Subsystem is the name of the subsystem that the process / task is in. Subsystem Name - // Pid is the process id of the process + // Pid is the process id of the process / task. Pid int - // Path is the full path of the subsystem and location that the process is in + // Path is the full path of the subsystem and location that the process / task is in. Path string } -type Task struct { - // Subsystem is the name of the subsystem that the task is in - Subsystem Name - // Pid is the process id of the task - Pid int - // Path is the full path of the subsystem and location that the task is in - Path string -} +type Task = Process // Cgroup handles interactions with the individual groups to perform // actions on them as them main interface to this cgroup package type Cgroup interface { // New creates a new cgroup under the calling cgroup New(string, *specs.LinuxResources) (Cgroup, error) - // Add adds a process to the cgroup (cgroup.procs) - Add(Process) error - // AddTask adds a process to the cgroup (tasks) - AddTask(Process) error + // Add adds a process to the cgroup (cgroup.procs). Without additional arguments, + // the process is added to all the cgroup subsystems. When giving Add a list of + // subsystem names, the process is only added to those subsystems, provided that + // they are active in the targeted cgroup. + Add(Process, ...Name) error + // AddProc adds the process with the given id to the cgroup (cgroup.procs). + // Without additional arguments, the process with the given id is added to all + // the cgroup subsystems. When giving AddProc a list of subsystem names, the process + // id is only added to those subsystems, provided that they are active in the targeted + // cgroup. + AddProc(uint64, ...Name) error + // AddTask adds a process to the cgroup (tasks). Without additional arguments, the + // task is added to all the cgroup subsystems. When giving AddTask a list of subsystem + // names, the task is only added to those subsystems, provided that they are active in + // the targeted cgroup. + AddTask(Process, ...Name) error // Delete removes the cgroup as a whole Delete() error // MoveTo moves all the processes under the calling cgroup to the provided one diff --git a/vendor/github.com/containerd/cgroups/go.mod b/vendor/github.com/containerd/cgroups/go.mod index eed71ffb4..b3df917d5 100644 --- a/vendor/github.com/containerd/cgroups/go.mod +++ b/vendor/github.com/containerd/cgroups/go.mod @@ -1,17 +1,16 @@ module github.com/containerd/cgroups -go 1.13 +go 1.16 require ( github.com/cilium/ebpf v0.4.0 - github.com/coreos/go-systemd/v22 v22.1.0 + github.com/coreos/go-systemd/v22 v22.3.2 github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect github.com/docker/go-units v0.4.0 - github.com/godbus/dbus/v5 v5.0.3 + github.com/godbus/dbus/v5 v5.0.4 github.com/gogo/protobuf v1.3.2 github.com/opencontainers/runtime-spec v1.0.2 - github.com/pkg/errors v0.9.1 - github.com/sirupsen/logrus v1.7.0 + github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.6.1 github.com/urfave/cli v1.22.2 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c diff --git a/vendor/github.com/containerd/cgroups/go.sum b/vendor/github.com/containerd/cgroups/go.sum index f08610237..20ed896ad 100644 --- a/vendor/github.com/containerd/cgroups/go.sum +++ b/vendor/github.com/containerd/cgroups/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/cilium/ebpf v0.4.0 h1:QlHdikaxALkqWasW8hAC1mfR0jdmvbfaBdBPFmRSglA= github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= -github.com/coreos/go-systemd/v22 v22.1.0 h1:kq/SbG2BCKLkDKkjQf5OWwKWUKj1lgs3lFI4PxnR5lg= -github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= +github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= +github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -13,8 +13,8 @@ github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/frankban/quicktest v1.11.3 h1:8sXhOn0uLys67V8EsXLc6eszDs8VXWxL3iRvebPhedY= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= -github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME= -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.0.4 h1:9349emZab16e7zQvpmsbtjc18ykshndd8y2PG3sgJbA= +github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M= @@ -28,16 +28,14 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= +github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= diff --git a/vendor/github.com/containerd/cgroups/opts.go b/vendor/github.com/containerd/cgroups/opts.go index a1449e298..1e428d048 100644 --- a/vendor/github.com/containerd/cgroups/opts.go +++ b/vendor/github.com/containerd/cgroups/opts.go @@ -17,7 +17,7 @@ package cgroups import ( - "github.com/pkg/errors" + "errors" ) var ( diff --git a/vendor/github.com/containerd/cgroups/paths.go b/vendor/github.com/containerd/cgroups/paths.go index 27197ecad..bddc4e9cd 100644 --- a/vendor/github.com/containerd/cgroups/paths.go +++ b/vendor/github.com/containerd/cgroups/paths.go @@ -17,10 +17,9 @@ package cgroups import ( + "errors" "fmt" "path/filepath" - - "github.com/pkg/errors" ) type Path func(subsystem Name) (string, error) @@ -39,7 +38,7 @@ func StaticPath(path string) Path { // NestedPath will nest the cgroups based on the calling processes cgroup // placing its child processes inside its own path func NestedPath(suffix string) Path { - paths, err := parseCgroupFile("/proc/self/cgroup") + paths, err := ParseCgroupFile("/proc/self/cgroup") if err != nil { return errorPath(err) } @@ -50,9 +49,9 @@ func NestedPath(suffix string) Path { // This is commonly used for the Load function to restore an existing container func PidPath(pid int) Path { p := fmt.Sprintf("/proc/%d/cgroup", pid) - paths, err := parseCgroupFile(p) + paths, err := ParseCgroupFile(p) if err != nil { - return errorPath(errors.Wrapf(err, "parse cgroup file %s", p)) + return errorPath(fmt.Errorf("parse cgroup file %s: %w", p, err)) } return existingPath(paths, "") } diff --git a/vendor/github.com/containerd/cgroups/systemd.go b/vendor/github.com/containerd/cgroups/systemd.go index c17f34a62..4da57cb4b 100644 --- a/vendor/github.com/containerd/cgroups/systemd.go +++ b/vendor/github.com/containerd/cgroups/systemd.go @@ -17,6 +17,7 @@ package cgroups import ( + "context" "path/filepath" "strings" "sync" @@ -78,7 +79,8 @@ func (s *SystemdController) Name() Name { } func (s *SystemdController) Create(path string, _ *specs.LinuxResources) error { - conn, err := systemdDbus.New() + ctx := context.TODO() + conn, err := systemdDbus.NewWithContext(ctx) if err != nil { return err } @@ -90,7 +92,7 @@ func (s *SystemdController) Create(path string, _ *specs.LinuxResources) error { checkDelegate := func() { canDelegate = true dlSlice := newProperty("Delegate", true) - if _, err := conn.StartTransientUnit(slice, "testdelegate", []systemdDbus.Property{dlSlice}, nil); err != nil { + if _, err := conn.StartTransientUnitContext(ctx, slice, "testdelegate", []systemdDbus.Property{dlSlice}, nil); err != nil { if dbusError, ok := err.(dbus.Error); ok { // Starting with systemd v237, Delegate is not even a property of slices anymore, // so the D-Bus call fails with "InvalidArgs" error. @@ -100,7 +102,7 @@ func (s *SystemdController) Create(path string, _ *specs.LinuxResources) error { } } - conn.StopUnit(slice, "testDelegate", nil) + _, _ = conn.StopUnitContext(ctx, slice, "testDelegate", nil) } once.Do(checkDelegate) properties := []systemdDbus.Property{ @@ -118,7 +120,7 @@ func (s *SystemdController) Create(path string, _ *specs.LinuxResources) error { } ch := make(chan string) - _, err = conn.StartTransientUnit(name, "replace", properties, ch) + _, err = conn.StartTransientUnitContext(ctx, name, "replace", properties, ch) if err != nil { return err } @@ -127,14 +129,15 @@ func (s *SystemdController) Create(path string, _ *specs.LinuxResources) error { } func (s *SystemdController) Delete(path string) error { - conn, err := systemdDbus.New() + ctx := context.TODO() + conn, err := systemdDbus.NewWithContext(ctx) if err != nil { return err } defer conn.Close() _, name := splitName(path) ch := make(chan string) - _, err = conn.StopUnit(name, "replace", ch) + _, err = conn.StopUnitContext(ctx, name, "replace", ch) if err != nil { return err } diff --git a/vendor/github.com/containerd/cgroups/utils.go b/vendor/github.com/containerd/cgroups/utils.go index ed894b3ec..2297980d9 100644 --- a/vendor/github.com/containerd/cgroups/utils.go +++ b/vendor/github.com/containerd/cgroups/utils.go @@ -164,9 +164,9 @@ func remove(path string) error { return fmt.Errorf("cgroups: unable to remove path %q", path) } -// readPids will read all the pids of processes in a cgroup by the provided path -func readPids(path string, subsystem Name) ([]Process, error) { - f, err := os.Open(filepath.Join(path, cgroupProcs)) +// readPids will read all the pids of processes or tasks in a cgroup by the provided path +func readPids(path string, subsystem Name, pType procType) ([]Process, error) { + f, err := os.Open(filepath.Join(path, pType)) if err != nil { return nil, err } @@ -195,36 +195,6 @@ func readPids(path string, subsystem Name) ([]Process, error) { return out, nil } -// readTasksPids will read all the pids of tasks in a cgroup by the provided path -func readTasksPids(path string, subsystem Name) ([]Task, error) { - f, err := os.Open(filepath.Join(path, cgroupTasks)) - if err != nil { - return nil, err - } - defer f.Close() - var ( - out []Task - s = bufio.NewScanner(f) - ) - for s.Scan() { - if t := s.Text(); t != "" { - pid, err := strconv.Atoi(t) - if err != nil { - return nil, err - } - out = append(out, Task{ - Pid: pid, - Subsystem: subsystem, - Path: path, - }) - } - } - if err := s.Err(); err != nil { - return nil, err - } - return out, nil -} - func hugePageSizes() ([]string, error) { var ( pageSizes []string @@ -285,7 +255,16 @@ func parseKV(raw string) (string, uint64, error) { } } -func parseCgroupFile(path string) (map[string]string, error) { +// ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup +// or /proc//cgroup, into a map of subsystems to cgroup paths, e.g. +// "cpu": "/user.slice/user-1000.slice" +// "pids": "/user.slice/user-1000.slice" +// etc. +// +// Note that for cgroup v2 unified hierarchy, there are no per-controller +// cgroup paths, so the resulting map will have a single element where the key +// is empty string ("") and the value is the cgroup path the is in. +func ParseCgroupFile(path string) (map[string]string, error) { f, err := os.Open(path) if err != nil { return nil, err diff --git a/vendor/github.com/containerd/cgroups/v2/devicefilter.go b/vendor/github.com/containerd/cgroups/v2/devicefilter.go index 4b8c32be9..0882036c2 100644 --- a/vendor/github.com/containerd/cgroups/v2/devicefilter.go +++ b/vendor/github.com/containerd/cgroups/v2/devicefilter.go @@ -23,15 +23,16 @@ // // This particular Go implementation based on runc version // https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/ebpf/devicefilter/devicefilter.go + package v2 import ( + "errors" "fmt" "math" "github.com/cilium/ebpf/asm" "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -106,13 +107,13 @@ func (p *program) appendDevice(dev specs.LinuxDeviceCgroup) error { hasType = false default: // if not specified in OCI json, typ is set to DeviceTypeAll - return errors.Errorf("invalid DeviceType %q", dev.Type) + return fmt.Errorf("invalid DeviceType %q", dev.Type) } if *dev.Major > math.MaxUint32 { - return errors.Errorf("invalid major %d", *dev.Major) + return fmt.Errorf("invalid major %d", *dev.Major) } if *dev.Minor > math.MaxUint32 { - return errors.Errorf("invalid minor %d", *dev.Major) + return fmt.Errorf("invalid minor %d", *dev.Major) } hasMajor := *dev.Major >= 0 // if not specified in OCI json, major is set to -1 hasMinor := *dev.Minor >= 0 @@ -126,7 +127,7 @@ func (p *program) appendDevice(dev specs.LinuxDeviceCgroup) error { case 'm': bpfAccess |= unix.BPF_DEVCG_ACC_MKNOD default: - return errors.Errorf("unknown device access %v", r) + return fmt.Errorf("unknown device access %v", r) } } // If the access is rwm, skip the check. diff --git a/vendor/github.com/containerd/cgroups/v2/ebpf.go b/vendor/github.com/containerd/cgroups/v2/ebpf.go index bd384818c..45bf5f99e 100644 --- a/vendor/github.com/containerd/cgroups/v2/ebpf.go +++ b/vendor/github.com/containerd/cgroups/v2/ebpf.go @@ -17,11 +17,12 @@ package v2 import ( + "fmt" + "github.com/cilium/ebpf" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/link" "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -50,7 +51,7 @@ func LoadAttachCgroupDeviceFilter(insts asm.Instructions, license string, dirFD Flags: unix.BPF_F_ALLOW_MULTI, }) if err != nil { - return nilCloser, errors.Wrap(err, "failed to call BPF_PROG_ATTACH (BPF_CGROUP_DEVICE, BPF_F_ALLOW_MULTI)") + return nilCloser, fmt.Errorf("failed to call BPF_PROG_ATTACH (BPF_CGROUP_DEVICE, BPF_F_ALLOW_MULTI): %w", err) } closer := func() error { err = link.RawDetachProgram(link.RawDetachProgramOptions{ @@ -59,7 +60,7 @@ func LoadAttachCgroupDeviceFilter(insts asm.Instructions, license string, dirFD Attach: ebpf.AttachCGroupDevice, }) if err != nil { - return errors.Wrap(err, "failed to call BPF_PROG_DETACH (BPF_CGROUP_DEVICE)") + return fmt.Errorf("failed to call BPF_PROG_DETACH (BPF_CGROUP_DEVICE): %w", err) } return nil } diff --git a/vendor/github.com/containerd/cgroups/v2/errors.go b/vendor/github.com/containerd/cgroups/v2/errors.go index dfab548e3..eeae362b2 100644 --- a/vendor/github.com/containerd/cgroups/v2/errors.go +++ b/vendor/github.com/containerd/cgroups/v2/errors.go @@ -18,29 +18,9 @@ package v2 import ( "errors" - "os" ) var ( - ErrInvalidPid = errors.New("cgroups: pid must be greater than 0") - ErrMountPointNotExist = errors.New("cgroups: cgroup mountpoint does not exist") - ErrInvalidFormat = errors.New("cgroups: parsing file with invalid format failed") - ErrFreezerNotSupported = errors.New("cgroups: freezer cgroup (v2) not supported on this system") - ErrMemoryNotSupported = errors.New("cgroups: memory cgroup (v2) not supported on this system") - ErrPidsNotSupported = errors.New("cgroups: pids cgroup (v2) not supported on this system") - ErrCPUNotSupported = errors.New("cgroups: cpu cgroup (v2) not supported on this system") - ErrCgroupDeleted = errors.New("cgroups: cgroup deleted") - ErrNoCgroupMountDestination = errors.New("cgroups: cannot find cgroup mount destination") - ErrInvalidGroupPath = errors.New("cgroups: invalid group path") + ErrInvalidFormat = errors.New("cgroups: parsing file with invalid format failed") + ErrInvalidGroupPath = errors.New("cgroups: invalid group path") ) - -// ErrorHandler is a function that handles and acts on errors -type ErrorHandler func(err error) error - -// IgnoreNotExist ignores any errors that are for not existing files -func IgnoreNotExist(err error) error { - if os.IsNotExist(err) { - return nil - } - return err -} diff --git a/vendor/github.com/containerd/cgroups/v2/manager.go b/vendor/github.com/containerd/cgroups/v2/manager.go index 3bb546cb6..203b02723 100644 --- a/vendor/github.com/containerd/cgroups/v2/manager.go +++ b/vendor/github.com/containerd/cgroups/v2/manager.go @@ -18,6 +18,9 @@ package v2 import ( "bufio" + "context" + "errors" + "fmt" "io/ioutil" "math" "os" @@ -28,10 +31,10 @@ import ( "time" "github.com/containerd/cgroups/v2/stats" + systemdDbus "github.com/coreos/go-systemd/v22/dbus" "github.com/godbus/dbus/v5" "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -270,7 +273,9 @@ func (c *Manager) ToggleControllers(controllers []string, t ControllerToggle) er // When running as rootless, the user may face EPERM on parent groups, but it is neglible when the // controller is already written. // So we only return the last error. - lastErr = errors.Wrapf(err, "failed to write subtree controllers %+v to %q", controllers, filePath) + lastErr = fmt.Errorf("failed to write subtree controllers %+v to %q: %w", controllers, filePath, err) + } else { + lastErr = nil } } return lastErr @@ -300,15 +305,23 @@ func (c *Manager) NewChild(name string, resources *Resources) (*Manager, error) if err := os.MkdirAll(path, defaultDirPerm); err != nil { return nil, err } + m := Manager{ + unifiedMountpoint: c.unifiedMountpoint, + path: path, + } + if resources != nil { + if err := m.ToggleControllers(resources.EnabledControllers(), Enable); err != nil { + // clean up cgroup dir on failure + os.Remove(path) + return nil, err + } + } if err := setResources(path, resources); err != nil { // clean up cgroup dir on failure os.Remove(path) return nil, err } - return &Manager{ - unifiedMountpoint: c.unifiedMountpoint, - path: path, - }, nil + return &m, nil } func (c *Manager) AddProc(pid uint64) error { @@ -515,7 +528,7 @@ func readKVStatsFile(path string, file string, out map[string]interface{}) error for s.Scan() { name, value, err := parseKV(s.Text()) if err != nil { - return errors.Wrapf(err, "error while parsing %s (line=%q)", filepath.Join(path, file), s.Text()) + return fmt.Errorf("error while parsing %s (line=%q): %w", filepath.Join(path, file), s.Text(), err) } out[name] = value } @@ -552,12 +565,12 @@ func (c *Manager) MemoryEventFD() (int, uint32, error) { fpath := filepath.Join(c.path, "memory.events") fd, err := syscall.InotifyInit() if err != nil { - return 0, 0, errors.Errorf("Failed to create inotify fd") + return 0, 0, errors.New("failed to create inotify fd") } wd, err := syscall.InotifyAddWatch(fd, fpath, unix.IN_MODIFY) if wd < 0 { syscall.Close(fd) - return 0, 0, errors.Errorf("Failed to add inotify watch for %q", fpath) + return 0, 0, fmt.Errorf("failed to add inotify watch for %q", fpath) } return fd, uint32(wd), nil @@ -596,35 +609,35 @@ func (c *Manager) waitForEvents(ec chan<- Event, errCh chan<- error) { if v, ok := out["high"]; ok { e.High, ok = v.(uint64) if !ok { - errCh <- errors.Errorf("cannot convert high to uint64: %+v", v) + errCh <- fmt.Errorf("cannot convert high to uint64: %+v", v) return } } if v, ok := out["low"]; ok { e.Low, ok = v.(uint64) if !ok { - errCh <- errors.Errorf("cannot convert low to uint64: %+v", v) + errCh <- fmt.Errorf("cannot convert low to uint64: %+v", v) return } } if v, ok := out["max"]; ok { e.Max, ok = v.(uint64) if !ok { - errCh <- errors.Errorf("cannot convert max to uint64: %+v", v) + errCh <- fmt.Errorf("cannot convert max to uint64: %+v", v) return } } if v, ok := out["oom"]; ok { e.OOM, ok = v.(uint64) if !ok { - errCh <- errors.Errorf("cannot convert oom to uint64: %+v", v) + errCh <- fmt.Errorf("cannot convert oom to uint64: %+v", v) return } } if v, ok := out["oom_kill"]; ok { e.OOMKill, ok = v.(uint64) if !ok { - errCh <- errors.Errorf("cannot convert oom_kill to uint64: %+v", v) + errCh <- fmt.Errorf("cannot convert oom_kill to uint64: %+v", v) return } } @@ -647,7 +660,7 @@ func setDevices(path string, devices []specs.LinuxDeviceCgroup) error { } dirFD, err := unix.Open(path, unix.O_DIRECTORY|unix.O_RDONLY, 0600) if err != nil { - return errors.Errorf("cannot get dir FD for %s", path) + return fmt.Errorf("cannot get dir FD for %s", path) } defer unix.Close(dirFD) if _, err := LoadAttachCgroupDeviceFilter(insts, license, dirFD); err != nil { @@ -662,8 +675,9 @@ func NewSystemd(slice, group string, pid int, resources *Resources) (*Manager, e if slice == "" { slice = defaultSlice } + ctx := context.TODO() path := filepath.Join(defaultCgroup2Path, slice, group) - conn, err := systemdDbus.New() + conn, err := systemdDbus.NewWithContext(ctx) if err != nil { return &Manager{}, err } @@ -733,7 +747,7 @@ func NewSystemd(slice, group string, pid int, resources *Resources) (*Manager, e } statusChan := make(chan string, 1) - if _, err := conn.StartTransientUnit(group, "replace", properties, statusChan); err == nil { + if _, err := conn.StartTransientUnitContext(ctx, group, "replace", properties, statusChan); err == nil { select { case <-statusChan: case <-time.After(time.Second): @@ -759,14 +773,15 @@ func LoadSystemd(slice, group string) (*Manager, error) { } func (c *Manager) DeleteSystemd() error { - conn, err := systemdDbus.New() + ctx := context.TODO() + conn, err := systemdDbus.NewWithContext(ctx) if err != nil { return err } defer conn.Close() group := systemdUnitFromPath(c.path) ch := make(chan string) - _, err = conn.StopUnit(group, "replace", ch) + _, err = conn.StopUnitContext(ctx, group, "replace", ch) if err != nil { return err } diff --git a/vendor/github.com/containerd/cgroups/v2/utils.go b/vendor/github.com/containerd/cgroups/v2/utils.go index 8b8d654d6..902466f51 100644 --- a/vendor/github.com/containerd/cgroups/v2/utils.go +++ b/vendor/github.com/containerd/cgroups/v2/utils.go @@ -29,9 +29,9 @@ import ( "time" "github.com/containerd/cgroups/v2/stats" + "github.com/godbus/dbus/v5" "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -61,7 +61,7 @@ func remove(path string) error { return nil } } - return errors.Wrapf(err, "cgroups: unable to remove path %q", path) + return fmt.Errorf("cgroups: unable to remove path %q: %w", path, err) } // parseCgroupProcsFile parses /sys/fs/cgroup/$GROUPPATH/cgroup.procs diff --git a/vendor/modules.txt b/vendor/modules.txt index b92e27a24..aae08151c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -69,7 +69,7 @@ github.com/containerd/aufs/plugin # github.com/containerd/btrfs v1.0.0 ## explicit github.com/containerd/btrfs -# github.com/containerd/cgroups v1.0.1 +# github.com/containerd/cgroups v1.0.2 ## explicit github.com/containerd/cgroups github.com/containerd/cgroups/stats/v1