bump runc v1.0.0-rc8-32-gf4982d86
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...f4982d86f7fde0b6f953cc62ccc4022c519a10a9 possibly relevant changes included: - opencontainers/runc#2074 Update dependency libseccomp-golang - fixes https://nvd.nist.gov/vuln/detail/CVE-2017-18367 - opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB - opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func - opencontainers/runc#2042 main: not reopen /dev/stderr - opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method - opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND - opencontainers/runc#2035 Move systemd.Manager initialization into a function in that module - opencontainers/runc#2034 Support for logging from children processes Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
@@ -20,7 +20,7 @@ github.com/gogo/protobuf v1.2.1
|
||||
github.com/gogo/googleapis v1.2.0
|
||||
github.com/golang/protobuf v1.2.0
|
||||
github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db
|
||||
github.com/opencontainers/runc v1.0.0-rc8
|
||||
github.com/opencontainers/runc f4982d86f7fde0b6f953cc62ccc4022c519a10a9 # v1.0.0-rc8-32-gf4982d86
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1
|
||||
github.com/sirupsen/logrus v1.4.1
|
||||
github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
|
||||
|
||||
85
vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
generated
vendored
85
vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
generated
vendored
@@ -37,9 +37,6 @@ enum sync_t {
|
||||
SYNC_RECVPID_ACK = 0x43, /* PID was correctly received by parent. */
|
||||
SYNC_GRANDCHILD = 0x44, /* The grandchild is ready to run. */
|
||||
SYNC_CHILD_READY = 0x45, /* The child or grandchild is ready to return. */
|
||||
|
||||
/* XXX: This doesn't help with segfaults and other such issues. */
|
||||
SYNC_ERR = 0xFF, /* Fatal error, no turning back. The error code follows. */
|
||||
};
|
||||
|
||||
/*
|
||||
@@ -95,6 +92,15 @@ struct nlconfig_t {
|
||||
size_t gidmappath_len;
|
||||
};
|
||||
|
||||
#define PANIC "panic"
|
||||
#define FATAL "fatal"
|
||||
#define ERROR "error"
|
||||
#define WARNING "warning"
|
||||
#define INFO "info"
|
||||
#define DEBUG "debug"
|
||||
|
||||
static int logfd = -1;
|
||||
|
||||
/*
|
||||
* List of netlink message types sent to us as part of bootstrapping the init.
|
||||
* These constants are defined in libcontainer/message_linux.go.
|
||||
@@ -131,22 +137,34 @@ int setns(int fd, int nstype)
|
||||
}
|
||||
#endif
|
||||
|
||||
static void write_log_with_info(const char *level, const char *function, int line, const char *format, ...)
|
||||
{
|
||||
char message[1024] = {};
|
||||
|
||||
va_list args;
|
||||
|
||||
if (logfd < 0 || level == NULL)
|
||||
return;
|
||||
|
||||
va_start(args, format);
|
||||
if (vsnprintf(message, sizeof(message), format, args) < 0)
|
||||
return;
|
||||
va_end(args);
|
||||
|
||||
if (dprintf(logfd, "{\"level\":\"%s\", \"msg\": \"%s:%d %s\"}\n", level, function, line, message) < 0)
|
||||
return;
|
||||
}
|
||||
|
||||
#define write_log(level, fmt, ...) \
|
||||
write_log_with_info((level), __FUNCTION__, __LINE__, (fmt), ##__VA_ARGS__)
|
||||
|
||||
/* XXX: This is ugly. */
|
||||
static int syncfd = -1;
|
||||
|
||||
/* TODO(cyphar): Fix this so it correctly deals with syncT. */
|
||||
#define bail(fmt, ...) \
|
||||
do { \
|
||||
int ret = __COUNTER__ + 1; \
|
||||
fprintf(stderr, "nsenter: " fmt ": %m\n", ##__VA_ARGS__); \
|
||||
if (syncfd >= 0) { \
|
||||
enum sync_t s = SYNC_ERR; \
|
||||
if (write(syncfd, &s, sizeof(s)) != sizeof(s)) \
|
||||
fprintf(stderr, "nsenter: failed: write(s)"); \
|
||||
if (write(syncfd, &ret, sizeof(ret)) != sizeof(ret)) \
|
||||
fprintf(stderr, "nsenter: failed: write(ret)"); \
|
||||
} \
|
||||
exit(ret); \
|
||||
write_log(FATAL, "nsenter: " fmt ": %m", ##__VA_ARGS__); \
|
||||
exit(1); \
|
||||
} while(0)
|
||||
|
||||
static int write_file(char *data, size_t data_len, char *pathfmt, ...)
|
||||
@@ -352,6 +370,23 @@ static int initpipe(void)
|
||||
return pipenum;
|
||||
}
|
||||
|
||||
static void setup_logpipe(void)
|
||||
{
|
||||
char *logpipe, *endptr;
|
||||
|
||||
logpipe = getenv("_LIBCONTAINER_LOGPIPE");
|
||||
if (logpipe == NULL || *logpipe == '\0') {
|
||||
return;
|
||||
}
|
||||
|
||||
logfd = strtol(logpipe, &endptr, 10);
|
||||
if (logpipe == endptr || *endptr != '\0') {
|
||||
fprintf(stderr, "unable to parse _LIBCONTAINER_LOGPIPE, value: %s\n", logpipe);
|
||||
/* It is too early to use bail */
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
/* Returns the clone(2) flag for a namespace, given the name of a namespace. */
|
||||
static int nsflag(char *name)
|
||||
{
|
||||
@@ -544,6 +579,12 @@ void nsexec(void)
|
||||
int sync_child_pipe[2], sync_grandchild_pipe[2];
|
||||
struct nlconfig_t config = { 0 };
|
||||
|
||||
/*
|
||||
* Setup a pipe to send logs to the parent. This should happen
|
||||
* first, because bail will use that pipe.
|
||||
*/
|
||||
setup_logpipe();
|
||||
|
||||
/*
|
||||
* If we don't have an init pipe, just return to the go routine.
|
||||
* We'll only get an init pipe for start or exec.
|
||||
@@ -560,6 +601,8 @@ void nsexec(void)
|
||||
if (ensure_cloned_binary() < 0)
|
||||
bail("could not ensure we are a cloned binary");
|
||||
|
||||
write_log(DEBUG, "nsexec started");
|
||||
|
||||
/* Parse all of the netlink configuration. */
|
||||
nl_parse(pipenum, &config);
|
||||
|
||||
@@ -676,7 +719,6 @@ void nsexec(void)
|
||||
*/
|
||||
while (!ready) {
|
||||
enum sync_t s;
|
||||
int ret;
|
||||
|
||||
syncfd = sync_child_pipe[1];
|
||||
close(sync_child_pipe[0]);
|
||||
@@ -685,12 +727,6 @@ void nsexec(void)
|
||||
bail("failed to sync with child: next state");
|
||||
|
||||
switch (s) {
|
||||
case SYNC_ERR:
|
||||
/* We have to mirror the error code of the child. */
|
||||
if (read(syncfd, &ret, sizeof(ret)) != sizeof(ret))
|
||||
bail("failed to sync with child: read(error code)");
|
||||
|
||||
exit(ret);
|
||||
case SYNC_USERMAP_PLS:
|
||||
/*
|
||||
* Enable setgroups(2) if we've been asked to. But we also
|
||||
@@ -759,7 +795,6 @@ void nsexec(void)
|
||||
ready = false;
|
||||
while (!ready) {
|
||||
enum sync_t s;
|
||||
int ret;
|
||||
|
||||
syncfd = sync_grandchild_pipe[1];
|
||||
close(sync_grandchild_pipe[0]);
|
||||
@@ -774,12 +809,6 @@ void nsexec(void)
|
||||
bail("failed to sync with child: next state");
|
||||
|
||||
switch (s) {
|
||||
case SYNC_ERR:
|
||||
/* We have to mirror the error code of the child. */
|
||||
if (read(syncfd, &ret, sizeof(ret)) != sizeof(ret))
|
||||
bail("failed to sync with child: read(error code)");
|
||||
|
||||
exit(ret);
|
||||
case SYNC_CHILD_READY:
|
||||
ready = true;
|
||||
break;
|
||||
|
||||
4
vendor/github.com/opencontainers/runc/vendor.conf
generated
vendored
4
vendor/github.com/opencontainers/runc/vendor.conf
generated
vendored
@@ -6,8 +6,8 @@ github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4
|
||||
github.com/checkpoint-restore/go-criu v3.11
|
||||
github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
|
||||
github.com/opencontainers/selinux v1.2.2
|
||||
github.com/seccomp/libseccomp-golang 84e90a91acea0f4e51e62bc1a75de18b1fc0790f
|
||||
github.com/sirupsen/logrus a3f95b5c423586578a4e099b11a46c2479628cac
|
||||
github.com/seccomp/libseccomp-golang v0.9.1
|
||||
github.com/sirupsen/logrus 8bdbc7bcc01dcbb8ec23dc8a28e332258d25251f
|
||||
github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
|
||||
github.com/vishvananda/netlink 1e2e08e8a2dcdacaae3f14ac44c5cfa31361f270
|
||||
# systemd integration.
|
||||
|
||||
Reference in New Issue
Block a user