From 918728900a681e58b0b2fea85744b868f60e5b2f Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Tue, 22 Mar 2016 20:56:43 -0700 Subject: [PATCH] vendor: update runc Signed-off-by: Tonis Tiigi --- hack/vendor.sh | 2 +- .../runc/libcontainer/cgroups/fs/apply_raw.go | 5 ++++- .../runc/libcontainer/cgroups/fs/memory.go | 11 +++++++++++ .../runc/libcontainer/cgroups/fs/pids.go | 14 ++++++++++++-- .../runc/libcontainer/cgroups/stats.go | 9 ++++++--- .../cgroups/systemd/apply_systemd.go | 12 ++---------- .../runc/libcontainer/configs/cgroup_unix.go | 3 +++ .../runc/libcontainer/container_linux.go | 12 +----------- .../runc/libcontainer/factory_linux.go | 2 +- .../runc/libcontainer/generic_error.go | 3 +-- .../runc/libcontainer/init_linux.go | 13 ++++++++----- .../runc/libcontainer/process_linux.go | 6 +++--- .../runc/libcontainer/system/linux.go | 18 ++++++++++++++++++ .../runc/libcontainer/user/lookup.go | 8 +++++--- 14 files changed, 76 insertions(+), 42 deletions(-) diff --git a/hack/vendor.sh b/hack/vendor.sh index bf4c69c2e..ffe26b9cc 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -14,7 +14,7 @@ clone git github.com/docker/go-units master clone git github.com/godbus/dbus master clone git github.com/golang/glog master clone git github.com/golang/protobuf master -clone git github.com/opencontainers/runc 2faade9bc7815d0ccdf1fe9608bc75f43aa983ae +clone git github.com/opencontainers/runc 5f182ce7380f41b8c60a2ecaec14996d7e9cfd4a clone git github.com/opencontainers/specs/specs-go 3ce138b1934bf227a418e241ead496c383eaba1c clone git github.com/rcrowley/go-metrics master clone git github.com/satori/go.uuid master diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go index 6def4ea54..114f002ec 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go @@ -351,7 +351,10 @@ func writeFile(dir, file, data string) error { if dir == "" { return fmt.Errorf("no such directory for %s.", file) } - return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700) + if err := ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700); err != nil { + return fmt.Errorf("failed to write %v to %v: %v", data, file, err) + } + return nil } func readFile(dir, file string) (string, error) { diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/memory.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/memory.go index e3fd327e9..3b8ff21ab 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/memory.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/memory.go @@ -81,6 +81,11 @@ func (s *MemoryGroup) Set(path string, cgroup *configs.Cgroup) error { return err } } + if cgroup.Resources.KernelMemoryTCP != 0 { + if err := writeFile(path, "memory.kmem.tcp.limit_in_bytes", strconv.FormatInt(cgroup.Resources.KernelMemoryTCP, 10)); err != nil { + return err + } + } if cgroup.Resources.OomKillDisable { if err := writeFile(path, "memory.oom_control", "1"); err != nil { return err @@ -139,6 +144,11 @@ func (s *MemoryGroup) GetStats(path string, stats *cgroups.Stats) error { return err } stats.MemoryStats.KernelUsage = kernelUsage + kernelTCPUsage, err := getMemoryData(path, "kmem.tcp") + if err != nil { + return err + } + stats.MemoryStats.KernelTCPUsage = kernelTCPUsage return nil } @@ -148,6 +158,7 @@ func memoryAssigned(cgroup *configs.Cgroup) bool { cgroup.Resources.MemoryReservation != 0 || cgroup.Resources.MemorySwap > 0 || cgroup.Resources.KernelMemory > 0 || + cgroup.Resources.KernelMemoryTCP > 0 || cgroup.Resources.OomKillDisable || (cgroup.Resources.MemorySwappiness != nil && *cgroup.Resources.MemorySwappiness != -1) } diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/pids.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/pids.go index 8f187a59e..f1e372055 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/pids.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/pids.go @@ -4,6 +4,7 @@ package fs import ( "fmt" + "path/filepath" "strconv" "github.com/opencontainers/runc/libcontainer/cgroups" @@ -52,12 +53,21 @@ func (s *PidsGroup) GetStats(path string, stats *cgroups.Stats) error { return fmt.Errorf("failed to parse pids.current - %s", err) } - max, err := getCgroupParamUint(path, "pids.max") + maxString, err := getCgroupParamString(path, "pids.max") if err != nil { return fmt.Errorf("failed to parse pids.max - %s", err) } + // Default if pids.max == "max" is 0 -- which represents "no limit". + var max uint64 + if maxString != "max" { + max, err = parseUint(maxString, 10, 64) + if err != nil { + return fmt.Errorf("failed to parse pids.max - unable to parse %q as a uint from Cgroup file %q", maxString, filepath.Join(path, "pids.max")) + } + } + stats.PidsStats.Current = current - stats.PidsStats.Max = max + stats.PidsStats.Limit = max return nil } diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/stats.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/stats.go index 7eba44148..797a923c3 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/stats.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/stats.go @@ -47,15 +47,18 @@ type MemoryStats struct { // usage of memory + swap SwapUsage MemoryData `json:"swap_usage,omitempty"` // usage of kernel memory - KernelUsage MemoryData `json:"kernel_usage,omitempty"` - Stats map[string]uint64 `json:"stats,omitempty"` + KernelUsage MemoryData `json:"kernel_usage,omitempty"` + // usage of kernel TCP memory + KernelTCPUsage MemoryData `json:"kernel_tcp_usage,omitempty"` + + Stats map[string]uint64 `json:"stats,omitempty"` } type PidsStats struct { // number of pids in the cgroup Current uint64 `json:"current,omitempty"` // active pids hard limit - Max uint64 `json:"max,omitempty"` + Limit uint64 `json:"limit,omitempty"` } type BlkioStatEntry struct { diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go index 63a14b4ca..b61580956 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go @@ -150,16 +150,6 @@ func UseSystemd() bool { return hasStartTransientUnit } -func getIfaceForUnit(unitName string) string { - if strings.HasSuffix(unitName, ".scope") { - return "Scope" - } - if strings.HasSuffix(unitName, ".service") { - return "Service" - } - return "Unit" -} - func (m *Manager) Apply(pid int) error { var ( c = m.Cgroups @@ -193,6 +183,8 @@ func (m *Manager) Apply(pid int) error { systemdDbus.PropSlice(slice), systemdDbus.PropDescription("docker container "+c.Name), newProp("PIDs", []uint32{uint32(pid)}), + // This is only supported on systemd versions 218 and above. + newProp("Delegate", true), ) // Always enable accounting, this gets us the same behaviour as the fs implementation, diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go index 2ea00658f..f2eff91cf 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go @@ -56,6 +56,9 @@ type Resources struct { // Kernel memory limit (in bytes) KernelMemory int64 `json:"kernel_memory"` + // Kernel memory limit for TCP use (in bytes) + KernelMemoryTCP int64 `json:"kernel_memory_tcp"` + // CPU shares (relative weight vs. other containers) CpuShares int64 `json:"cpu_shares"` diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go index 29bf1b8c0..7d39b7887 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go @@ -407,16 +407,6 @@ func (c *linuxContainer) NotifyMemoryPressure(level PressureLevel) (<-chan struc return notifyMemoryPressure(c.cgroupManager.GetPaths(), level) } -// XXX debug support, remove when debugging done. -func addArgsFromEnv(evar string, args *[]string) { - if e := os.Getenv(evar); e != "" { - for _, f := range strings.Fields(e) { - *args = append(*args, f) - } - } - fmt.Printf(">>> criu %v\n", *args) -} - // check Criu version greater than or equal to min_version func (c *linuxContainer) checkCriuVersion(min_version string) error { var x, y, z, versionReq int @@ -881,7 +871,7 @@ func (c *linuxContainer) criuSwrk(process *Process, req *criurpc.CriuReq, opts * if err != nil { return err } - n, err = criuClient.Write(data) + _, err = criuClient.Write(data) if err != nil { return err } diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go index 14e4f33a8..3a0ad81ee 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go @@ -26,7 +26,7 @@ const ( ) var ( - idRegex = regexp.MustCompile(`^[\w_-]+$`) + idRegex = regexp.MustCompile(`^[\w-\.]+$`) maxIdLen = 1024 ) diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/generic_error.go b/vendor/src/github.com/opencontainers/runc/libcontainer/generic_error.go index 93bb7570d..3ed33da6d 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/generic_error.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/generic_error.go @@ -1,7 +1,6 @@ package libcontainer import ( - "fmt" "io" "text/template" "time" @@ -76,7 +75,7 @@ type genericError struct { } func (e *genericError) Error() string { - return fmt.Sprintf("[%d] %s: %s", e.ECode, e.ECode, e.Message) + return e.Message } func (e *genericError) Code() ErrorCode { diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/init_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/init_linux.go index 24e8f7146..eb8ad83ae 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/init_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/init_linux.go @@ -346,11 +346,14 @@ func killCgroupProcesses(m cgroups.Manager) error { return err } for _, pid := range pids { - if p, err := os.FindProcess(pid); err == nil { - procs = append(procs, p) - if err := p.Kill(); err != nil { - logrus.Warn(err) - } + p, err := os.FindProcess(pid) + if err != nil { + logrus.Warn(err) + continue + } + procs = append(procs, p) + if err := p.Kill(); err != nil { + logrus.Warn(err) } } if err := m.Freeze(configs.Thawed); err != nil { diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go index 9ff438615..889a4b18d 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go @@ -85,13 +85,13 @@ func (p *setnsProcess) start() (err error) { return newSystemError(err) } } - if err := utils.WriteJSON(p.parentPipe, p.config); err != nil { - return newSystemError(err) - } // set oom_score_adj if err := setOomScoreAdj(p.config.Config.OomScoreAdj, p.pid()); err != nil { return newSystemError(err) } + if err := utils.WriteJSON(p.parentPipe, p.config); err != nil { + return newSystemError(err) + } if err := syscall.Shutdown(int(p.parentPipe.Fd()), syscall.SHUT_WR); err != nil { return newSystemError(err) diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/system/linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/linux.go index babf55048..d109d7f88 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/system/linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/system/linux.go @@ -11,6 +11,19 @@ import ( "unsafe" ) +// If arg2 is nonzero, set the "child subreaper" attribute of the +// calling process; if arg2 is zero, unset the attribute. When a +// process is marked as a child subreaper, all of the children +// that it creates, and their descendants, will be marked as +// having a subreaper. In effect, a subreaper fulfills the role +// of init(1) for its descendant processes. Upon termination of +// a process that is orphaned (i.e., its immediate parent has +// already terminated) and marked as having a subreaper, the +// nearest still living ancestor subreaper will receive a SIGCHLD +// signal and be able to wait(2) on the process to discover its +// termination status. +const PR_SET_CHILD_SUBREAPER = 36 + type ParentDeathSignal int func (p ParentDeathSignal) Restore() error { @@ -113,6 +126,11 @@ func RunningInUserNS() bool { return true } +// SetSubreaper sets the value i as the subreaper setting for the calling process +func SetSubreaper(i int) error { + return Prctl(PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0) +} + func Prctl(option int, arg2, arg3, arg4, arg5 uintptr) (err error) { _, _, e1 := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0) if e1 != 0 { diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup.go index 6f8a982ff..ab1439f36 100644 --- a/vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup.go @@ -2,13 +2,15 @@ package user import ( "errors" - "fmt" "syscall" ) var ( // The current operating system does not provide the required data for user lookups. ErrUnsupported = errors.New("user lookup: operating system does not provide passwd-formatted data") + // No matching entries found in file. + ErrNoPasswdEntries = errors.New("no matching entries in passwd file") + ErrNoGroupEntries = errors.New("no matching entries in group file") ) func lookupUser(filter func(u User) bool) (User, error) { @@ -27,7 +29,7 @@ func lookupUser(filter func(u User) bool) (User, error) { // No user entries found. if len(users) == 0 { - return User{}, fmt.Errorf("no matching entries in passwd file") + return User{}, ErrNoPasswdEntries } // Assume the first entry is the "correct" one. @@ -75,7 +77,7 @@ func lookupGroup(filter func(g Group) bool) (Group, error) { // No user entries found. if len(groups) == 0 { - return Group{}, fmt.Errorf("no matching entries in group file") + return Group{}, ErrNoGroupEntries } // Assume the first entry is the "correct" one.