bump runc v1.0.0-rc8-32-gf4982d86

full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...f4982d86f7fde0b6f953cc62ccc4022c519a10a9 possibly relevant changes included: - opencontainers/runc#2074 Update dependency libseccomp-golang - fixes https://nvd.nist.gov/vuln/detail/CVE-2017-18367 - opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB - opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func - opencontainers/runc#2042 main: not reopen /dev/stderr - opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method - opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND - opencontainers/runc#2035 Move systemd.Manager initialization into a function in that module - opencontainers/runc#2034 Support for logging from children processes Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-25 13:03:23 +02:00 · 2019-06-25 13:03:23 +02:00 · cb4a8f51a6
commit cb4a8f51a6
parent 287582585f
3 changed files with 62 additions and 33 deletions
--- a/vendor.conf
+++ b/vendor.conf
@ -20,7 +20,7 @@ github.com/gogo/protobuf v1.2.1
 github.com/gogo/googleapis v1.2.0
 github.com/golang/protobuf v1.2.0
 github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db
-github.com/opencontainers/runc v1.0.0-rc8
+github.com/opencontainers/runc f4982d86f7fde0b6f953cc62ccc4022c519a10a9 # v1.0.0-rc8-32-gf4982d86
 github.com/konsorten/go-windows-terminal-sequences v1.0.1
 github.com/sirupsen/logrus v1.4.1
 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
--- a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
+++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
@ -37,9 +37,6 @@ enum sync_t {
 	SYNC_RECVPID_ACK = 0x43,	/* PID was correctly received by parent. */
 	SYNC_GRANDCHILD = 0x44,	/* The grandchild is ready to run. */
 	SYNC_CHILD_READY = 0x45,	/* The child or grandchild is ready to return. */
 	/* XXX: This doesn't help with segfaults and other such issues. */
 	SYNC_ERR = 0xFF,	/* Fatal error, no turning back. The error code follows. */
 };
 /*
@ -95,6 +92,15 @@ struct nlconfig_t {
 	size_t gidmappath_len;
 };
 #define PANIC   "panic"
 #define FATAL   "fatal"
 #define ERROR   "error"
 #define WARNING "warning"
 #define INFO    "info"
 #define DEBUG   "debug"
 static int logfd = -1;
 /*
 * List of netlink message types sent to us as part of bootstrapping the init.
 * These constants are defined in libcontainer/message_linux.go.
@ -131,22 +137,34 @@ int setns(int fd, int nstype)
 }
 #endif
 static void write_log_with_info(const char *level, const char *function, int line, const char *format, ...)
 {
 	char message[1024] = {};
 	va_list args;
 	if (logfd < 0 || level == NULL)
 		return;
 	va_start(args, format);
 	if (vsnprintf(message, sizeof(message), format, args) < 0)
 		return;
 	va_end(args);
 	if (dprintf(logfd, "{\"level\":\"%s\", \"msg\": \"%s:%d %s\"}\n", level, function, line, message) < 0)
 		return;
 }
 #define write_log(level, fmt, ...) \
 	write_log_with_info((level), __FUNCTION__, __LINE__, (fmt), ##__VA_ARGS__)
 /* XXX: This is ugly. */
 static int syncfd = -1;
-/* TODO(cyphar): Fix this so it correctly deals with syncT. */
+#define bail(fmt, ...)                                       \
-#define bail(fmt, ...)								\
+	do {                                                       \
-	do {									\
+		write_log(FATAL, "nsenter: " fmt ": %m", ##__VA_ARGS__); \
-		int ret = __COUNTER__ + 1;					\
+		exit(1);                                                 \
 		fprintf(stderr, "nsenter: " fmt ": %m\n", ##__VA_ARGS__);	\
 		if (syncfd >= 0) {						\
 			enum sync_t s = SYNC_ERR;				\
 			if (write(syncfd, &s, sizeof(s)) != sizeof(s))		\
 				fprintf(stderr, "nsenter: failed: write(s)");	\
 			if (write(syncfd, &ret, sizeof(ret)) != sizeof(ret))	\
 				fprintf(stderr, "nsenter: failed: write(ret)");	\
 		}								\
 		exit(ret);							\
 	} while(0)
 static int write_file(char *data, size_t data_len, char *pathfmt, ...)
@ -352,6 +370,23 @@ static int initpipe(void)
 	return pipenum;
 }
 static void setup_logpipe(void)
 {
 	char *logpipe, *endptr;
 	logpipe = getenv("_LIBCONTAINER_LOGPIPE");
 	if (logpipe == NULL || *logpipe == '\0') {
 		return;
 	}
 	logfd = strtol(logpipe, &endptr, 10);
 	if (logpipe == endptr || *endptr != '\0') {
 		fprintf(stderr, "unable to parse _LIBCONTAINER_LOGPIPE, value: %s\n", logpipe);
 		/* It is too early to use bail */
 		exit(1);
 	}
 }
 /* Returns the clone(2) flag for a namespace, given the name of a namespace. */
 static int nsflag(char *name)
 {
@ -544,6 +579,12 @@ void nsexec(void)
 	int sync_child_pipe[2], sync_grandchild_pipe[2];
 	struct nlconfig_t config = { 0 };
 	/*
 	 * Setup a pipe to send logs to the parent. This should happen
 	 * first, because bail will use that pipe.
 	 */
 	setup_logpipe();
 	/*
 	 * If we don't have an init pipe, just return to the go routine.
 	 * We'll only get an init pipe for start or exec.
@ -560,6 +601,8 @@ void nsexec(void)
 	if (ensure_cloned_binary() < 0)
 		bail("could not ensure we are a cloned binary");
 	write_log(DEBUG, "nsexec started");
 	/* Parse all of the netlink configuration. */
 	nl_parse(pipenum, &config);
@ -676,7 +719,6 @@ void nsexec(void)
 			 */
 			while (!ready) {
 				enum sync_t s;
 				int ret;
 				syncfd = sync_child_pipe[1];
 				close(sync_child_pipe[0]);
@ -685,12 +727,6 @@ void nsexec(void)
 					bail("failed to sync with child: next state");
 				switch (s) {
 				case SYNC_ERR:
 					/* We have to mirror the error code of the child. */
 					if (read(syncfd, &ret, sizeof(ret)) != sizeof(ret))
 						bail("failed to sync with child: read(error code)");
 					exit(ret);
 				case SYNC_USERMAP_PLS:
 					/*
 					 * Enable setgroups(2) if we've been asked to. But we also
@ -759,7 +795,6 @@ void nsexec(void)
 			ready = false;
 			while (!ready) {
 				enum sync_t s;
 				int ret;
 				syncfd = sync_grandchild_pipe[1];
 				close(sync_grandchild_pipe[0]);
@ -774,12 +809,6 @@ void nsexec(void)
 					bail("failed to sync with child: next state");
 				switch (s) {
 				case SYNC_ERR:
 					/* We have to mirror the error code of the child. */
 					if (read(syncfd, &ret, sizeof(ret)) != sizeof(ret))
 						bail("failed to sync with child: read(error code)");
 					exit(ret);
 				case SYNC_CHILD_READY:
 					ready = true;
 					break;
--- a/vendor/github.com/opencontainers/runc/vendor.conf
+++ b/vendor/github.com/opencontainers/runc/vendor.conf
@ -6,8 +6,8 @@ github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4
 github.com/checkpoint-restore/go-criu v3.11
 github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
 github.com/opencontainers/selinux v1.2.2
-github.com/seccomp/libseccomp-golang 84e90a91acea0f4e51e62bc1a75de18b1fc0790f
+github.com/seccomp/libseccomp-golang v0.9.1
-github.com/sirupsen/logrus a3f95b5c423586578a4e099b11a46c2479628cac
+github.com/sirupsen/logrus 8bdbc7bcc01dcbb8ec23dc8a28e332258d25251f
 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
 github.com/vishvananda/netlink 1e2e08e8a2dcdacaae3f14ac44c5cfa31361f270
 # systemd integration.