sys: un-export runningPrivileged(), remove runningUnprivileged()

These are currently only used inside this package, so we might as well un-export them until we need them elsewhere. Also updated SetOOMScore() to first check for privileged; check for privileged looks to be the "faster" path, and checking it first could (in case of non- privileged) save having to read and parse /proc/self/uid_map. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-23 11:00:24 +01:00 · 2021-03-23 11:00:24 +01:00 · badd60d3f6
commit badd60d3f6
parent 8b00eafcaa
4 changed files with 11 additions and 37 deletions
--- a/sys/env.go
+++ b/sys/env.go
@ -1,33 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package sys
-
-import "golang.org/x/sys/unix"
-
-// RunningPrivileged returns true if the effective user ID of the
-// calling process is 0
-func RunningPrivileged() bool {
-	return unix.Geteuid() == 0
-}
-
-// RunningUnprivileged returns true if the effective user ID of the
-// calling process is not 0
-func RunningUnprivileged() bool {
-	return !RunningPrivileged()
-}
--- a/sys/mount_linux_test.go
+++ b/sys/mount_linux_test.go
@ -32,7 +32,7 @@ import (
 type fMountatCaseFunc func(t *testing.T, root string)

 func TestFMountat(t *testing.T) {
-	if RunningUnprivileged() {
+	if !runningPrivileged() {
 		t.Skip("Needs to be run as root")
 		return
 	}
--- a/sys/oom_linux.go
+++ b/sys/oom_linux.go
@ -24,6 +24,7 @@ import (
 	"strings"

 	"github.com/containerd/containerd/pkg/userns"
+	"golang.org/x/sys/unix"
 )

 const (
@ -42,7 +43,7 @@ func SetOOMScore(pid, score int) error {
 	}
 	defer f.Close()
 	if _, err = f.WriteString(strconv.Itoa(score)); err != nil {
-		if os.IsPermission(err) && (userns.RunningInUserNS() || RunningUnprivileged()) {
+		if os.IsPermission(err) && (!runningPrivileged() || userns.RunningInUserNS()) {
 			return nil
 		}
 		return err
@ -59,3 +60,9 @@ func GetOOMScoreAdj(pid int) (int, error) {
 	}
 	return strconv.Atoi(strings.TrimSpace(string(data)))
 }
+
+// runningPrivileged returns true if the effective user ID of the
+// calling process is 0
+func runningPrivileged() bool {
+	return unix.Geteuid() == 0
+}
--- a/sys/oom_linux_test.go
+++ b/sys/oom_linux_test.go
@ -37,7 +37,7 @@ func TestSetPositiveOomScoreAdjustment(t *testing.T) {
 }

 func TestSetNegativeOomScoreAdjustmentWhenPrivileged(t *testing.T) {
-	if RunningUnprivileged() {
+	if !runningPrivileged() {
 		t.Skip("Needs to be run as root")
 		return
 	}
@ -51,7 +51,7 @@ func TestSetNegativeOomScoreAdjustmentWhenPrivileged(t *testing.T) {
 }

 func TestSetNegativeOomScoreAdjustmentWhenUnprivilegedHasNoEffect(t *testing.T) {
-	if RunningPrivileged() {
+	if runningPrivileged() {
 		t.Skip("Needs to be run as non-root")
 		return
 	}