Merge pull request #5906 from thaJeztah/replace_os_exec

archive/compression/compression.go

@@ -24,12 +24,12 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"os/exec"
 	"strconv"
 	"sync"
 
 	"github.com/containerd/containerd/log"
 	"github.com/klauspost/compress/zstd"
+	exec "golang.org/x/sys/execabs"
 )
 
 type (

archive/compression/compression_test.go

@@ -24,11 +24,12 @@ import (
 	"io/ioutil"
 	"math/rand"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"testing"
+
+	exec "golang.org/x/sys/execabs"
 )
 
 func TestMain(m *testing.M) {

archive/tar_test.go

@@ -27,7 +27,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"testing"
 	"time"
@@ -39,6 +38,7 @@ import (
 	"github.com/containerd/continuity/fs"
 	"github.com/containerd/continuity/fs/fstest"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 const tarCmd = "tar"

cmd/containerd-shim/main_unix.go

@@ -27,7 +27,6 @@ import (
 	"io"
 	"net"
 	"os"
-	"os/exec"
 	"os/signal"
 	"runtime"
 	"runtime/debug"
@@ -48,6 +47,7 @@ import (
 	ptypes "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

cmd/containerd/command/service_windows.go

@@ -21,7 +21,6 @@ import (
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"time"
 	"unsafe"
@@ -31,6 +30,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/svc"
 	"golang.org/x/sys/windows/svc/debug"

cmd/ctr/commands/content/content.go

@@ -21,7 +21,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"strings"
 	"text/tabwriter"
 	"time"
@@ -35,6 +34,7 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli"
+	exec "golang.org/x/sys/execabs"
 )
 
 var (

contrib/apparmor/template.go

@@ -27,13 +27,13 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path"
 	"strconv"
 	"strings"
 	"text/template"
 
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 // NOTE: This code is copied from <github.com/docker/docker/profiles/apparmor>.

contrib/fuzz/container_fuzzer.go

@@ -26,17 +26,18 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	fuzz "github.com/AdaLogics/go-fuzz-headers"
-	"github.com/containerd/containerd"
-	"github.com/containerd/containerd/oci"
-	"github.com/containerd/containerd/sys"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"os"
-	"os/exec"
 	"strings"
 	"time"
+
+	fuzz "github.com/AdaLogics/go-fuzz-headers"
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/oci"
+	"github.com/containerd/containerd/sys"
+	exec "golang.org/x/sys/execabs"
 )
 
 var (

contrib/nvidia/nvidia.go

@@ -20,13 +20,13 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"os/exec"
 	"strconv"
 	"strings"
 
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/oci"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
+	exec "golang.org/x/sys/execabs"
 )
 
 // NvidiaCLI is the path to the Nvidia helper binary

diff/stream_unix.go

@@ -25,12 +25,12 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"os/exec"
 	"sync"
 
 	"github.com/gogo/protobuf/proto"
 	"github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 // NewBinaryProcessor returns a binary processor for use with processing content streams

diff/stream_windows.go

@@ -23,7 +23,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"sync"
 
@@ -32,6 +31,7 @@ import (
 	"github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 )
 
 const processorPipe = "STREAM_PROCESSOR_PIPE"

integration/client/client_test.go

@@ -24,7 +24,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"testing"
 	"time"
 
@@ -42,6 +41,7 @@ import (
 	"github.com/opencontainers/go-digest"
 	"github.com/opencontainers/image-spec/identity"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 )
 
 var (

integration/client/container_linux_test.go

@@ -23,7 +23,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
@@ -50,6 +49,7 @@ import (
 	"github.com/containerd/typeurl"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

integration/client/container_test.go

@@ -22,7 +22,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path"
 	"runtime"
 	"strings"
@@ -33,18 +32,18 @@ import (
 	. "github.com/containerd/containerd"
 	"github.com/containerd/containerd/cio"
 	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/oci"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/containerd/plugin"
 	_ "github.com/containerd/containerd/runtime"
 	"github.com/containerd/containerd/runtime/v2/runc/options"
-	"github.com/containerd/typeurl"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-
-	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/go-runc"
+	"github.com/containerd/typeurl"
 	gogotypes "github.com/gogo/protobuf/types"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	exec "golang.org/x/sys/execabs"
 )
 
 func empty() cio.Creator {

integration/client/daemon_config_linux_test.go

@@ -23,7 +23,6 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"syscall"
@@ -37,6 +36,7 @@ import (
 	"github.com/containerd/containerd/plugin"
 	"github.com/containerd/containerd/runtime/v2/runc/options"
 	srvconfig "github.com/containerd/containerd/services/server/config"
+	exec "golang.org/x/sys/execabs"
 )
 
 // the following nolint is for shutting up gometalinter on non-linux.

integration/client/daemon_test.go

@@ -19,12 +19,12 @@ package client
 import (
 	"context"
 	"io"
-	"os/exec"
 	"sync"
 	"syscall"
 
 	. "github.com/containerd/containerd"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 type daemon struct {

integration/image_load_test.go

@@ -19,13 +19,13 @@ package integration
 import (
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	exec "golang.org/x/sys/execabs"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )
 

integration/main_test.go

@@ -22,7 +22,6 @@ import (
 	"flag"
 	"fmt"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -31,19 +30,19 @@ import (
 
 	"github.com/containerd/containerd"
 	cri "github.com/containerd/containerd/integration/cri-api/pkg/apis"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"google.golang.org/grpc"
-	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
-
 	"github.com/containerd/containerd/integration/remote"
 	dialer "github.com/containerd/containerd/integration/util"
 	criconfig "github.com/containerd/containerd/pkg/cri/config"
 	"github.com/containerd/containerd/pkg/cri/constants"
 	"github.com/containerd/containerd/pkg/cri/server"
 	"github.com/containerd/containerd/pkg/cri/util"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	exec "golang.org/x/sys/execabs"
+	"google.golang.org/grpc"
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )
 
 const (

integration/volume_copy_up_test.go

@@ -18,13 +18,13 @@ package integration
 
 import (
 	"fmt"
-	"os/exec"
 	goruntime "runtime"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	exec "golang.org/x/sys/execabs"
 )
 
 func TestVolumeCopyUp(t *testing.T) {

mount/lookup_linux_test.go

@@ -20,7 +20,6 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"testing"
@@ -29,6 +28,7 @@ import (
 	// so we use continuity/testutil instead.
 	"github.com/containerd/continuity/testutil"
 	"github.com/containerd/continuity/testutil/loopback"
+	exec "golang.org/x/sys/execabs"
 	"gotest.tools/v3/assert"
 )
 

mount/mount_freebsd.go

@@ -18,10 +18,10 @@ package mount
 
 import (
 	"os"
-	"os/exec"
 	"time"
 
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

mount/mount_linux.go

@@ -19,12 +19,12 @@ package mount
 import (
 	"fmt"
 	"os"
-	"os/exec"
 	"path"
 	"strings"
 	"time"
 
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

mount/mount_linux_test.go

@@ -20,12 +20,12 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"reflect"
 	"testing"
 
 	"github.com/containerd/continuity/testutil"
+	exec "golang.org/x/sys/execabs"
 )
 
 func TestLongestCommonPrefix(t *testing.T) {

pkg/process/io.go

@@ -25,7 +25,6 @@ import (
 	"io"
 	"net/url"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"sync"
 	"sync/atomic"
@@ -39,6 +38,7 @@ import (
 	runc "github.com/containerd/go-runc"
 	"github.com/hashicorp/go-multierror"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 const binaryIOProcTermTimeout = 12 * time.Second // Give logger process solid 10 seconds for cleanup

pkg/process/io_util.go

@@ -19,7 +19,8 @@ package process
 import (
 	"net/url"
 	"os"
-	"os/exec"
+
+	exec "golang.org/x/sys/execabs"
 )
 
 // NewBinaryCmd returns a Cmd to be used to start a logging binary.

runtime/v1/shim/client/client.go

@@ -26,7 +26,6 @@ import (
 	"io/ioutil"
 	"net"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -34,12 +33,6 @@ import (
 	"syscall"
 	"time"
 
-	"golang.org/x/sys/unix"
-
-	"github.com/containerd/ttrpc"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-
 	"github.com/containerd/containerd/events"
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/pkg/dialer"
@@ -47,7 +40,12 @@ import (
 	"github.com/containerd/containerd/runtime/v1/shim"
 	shimapi "github.com/containerd/containerd/runtime/v1/shim/v1"
 	"github.com/containerd/containerd/sys"
+	"github.com/containerd/ttrpc"
 	ptypes "github.com/gogo/protobuf/types"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
+	"golang.org/x/sys/unix"
 )
 
 var empty = &ptypes.Empty{}

runtime/v1/shim/client/client_linux.go

@@ -17,11 +17,11 @@
 package client
 
 import (
-	"os/exec"
 	"syscall"
 
 	"github.com/containerd/cgroups"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 func getSysProcAttr() *syscall.SysProcAttr {

runtime/v1/shim/client/client_unix.go

@@ -20,8 +20,9 @@
 package client
 
 import (
-	"os/exec"
 	"syscall"
+
+	exec "golang.org/x/sys/execabs"
 )
 
 func getSysProcAttr() *syscall.SysProcAttr {

runtime/v2/runc/v1/service.go

@@ -23,7 +23,6 @@ import (
 	"context"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"sync"
 	"syscall"
@@ -50,6 +49,7 @@ import (
 	ptypes "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

runtime/v2/runc/v2/service.go

@@ -24,7 +24,6 @@ import (
 	"encoding/json"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"sync"
 	"syscall"
@@ -54,6 +53,7 @@ import (
 	ptypes "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

runtime/v2/shim/util.go

@@ -23,7 +23,6 @@ import (
 	"io/ioutil"
 	"net"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -33,6 +32,7 @@ import (
 	"github.com/gogo/protobuf/proto"
 	"github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 var runtimePaths sync.Map
@@ -73,12 +73,9 @@ func Command(ctx context.Context, runtime, containerdAddress, containerdTTRPCAdd
 			if cmdPath, lerr = exec.LookPath(name); lerr != nil {
 				if eerr, ok := lerr.(*exec.Error); ok {
 					if eerr.Err == exec.ErrNotFound {
-						// LookPath only finds current directory matches based on
-						// the callers current directory but the caller is not
-						// likely in the same directory as the containerd
-						// executables. Instead match the calling binaries path
-						// (containerd) and see if they are side by side. If so
-						// execute the shim found there.
+						// Match the calling binaries (containerd) path and see
+						// if they are side by side. If so, execute the shim
+						// found there.
 						testPath := filepath.Join(filepath.Dir(self), name)
 						if _, serr := os.Stat(testPath); serr == nil {
 							cmdPath = testPath

snapshots/btrfs/btrfs_test.go

@@ -24,7 +24,6 @@ import (
 	"context"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"testing"
@@ -37,6 +36,7 @@ import (
 	"github.com/containerd/containerd/snapshots/testsuite"
 	"github.com/containerd/continuity/testutil/loopback"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

snapshots/devmapper/blkdiscard/blkdiscard.go

@@ -19,7 +19,7 @@
 
 package blkdiscard
 
-import "os/exec"
+import exec "golang.org/x/sys/execabs"
 
 // Version returns the output of "blkdiscard --version"
 func Version() (string, error) {

snapshots/devmapper/dmsetup/dmsetup.go

@@ -25,12 +25,12 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"os/exec"
 	"strconv"
 	"strings"
 
 	blkdiscard "github.com/containerd/containerd/snapshots/devmapper/blkdiscard"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

snapshots/devmapper/pool_device_test.go

@@ -24,7 +24,6 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"testing"
 	"time"
@@ -34,6 +33,7 @@ import (
 	"github.com/containerd/containerd/snapshots/devmapper/dmsetup"
 	"github.com/docker/go-units"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 	"gotest.tools/v3/assert"
 )
 

snapshots/devmapper/snapshotter.go

@@ -23,7 +23,6 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -37,6 +36,7 @@ import (
 	"github.com/hashicorp/go-multierror"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 )
 
 const (

snapshots/overlay/overlayutils/check_test.go

@@ -22,11 +22,11 @@ package overlayutils
 import (
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"testing"
 
 	"github.com/containerd/containerd/pkg/testutil"
 	"github.com/containerd/continuity/testutil/loopback"
+	exec "golang.org/x/sys/execabs"
 )
 
 func testOverlaySupported(t testing.TB, expected bool, mkfs ...string) {

sys/oom_linux_test.go

@@ -20,11 +20,11 @@ import (
 	"errors"
 	"fmt"
 	"os"
-	"os/exec"
 	"testing"
 	"time"
 
 	"github.com/containerd/containerd/pkg/userns"
+	exec "golang.org/x/sys/execabs"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

sys/reaper/reaper_unix.go

@@ -20,12 +20,12 @@
 package reaper
 
 import (
-	"os/exec"
 	"sync"
 	"time"
 
 	runc "github.com/containerd/go-runc"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )
 

vendor/golang.org/x/sys/execabs/execabs.go

@@ -0,0 +1,102 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package execabs is a drop-in replacement for os/exec
+// that requires PATH lookups to find absolute paths.
+// That is, execabs.Command("cmd") runs the same PATH lookup
+// as exec.Command("cmd"), but if the result is a path
+// which is relative, the Run and Start methods will report
+// an error instead of running the executable.
+//
+// See https://blog.golang.org/path-security for more information
+// about when it may be necessary or appropriate to use this package.
+package execabs
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"unsafe"
+)
+
+// ErrNotFound is the error resulting if a path search failed to find an executable file.
+// It is an alias for exec.ErrNotFound.
+var ErrNotFound = exec.ErrNotFound
+
+// Cmd represents an external command being prepared or run.
+// It is an alias for exec.Cmd.
+type Cmd = exec.Cmd
+
+// Error is returned by LookPath when it fails to classify a file as an executable.
+// It is an alias for exec.Error.
+type Error = exec.Error
+
+// An ExitError reports an unsuccessful exit by a command.
+// It is an alias for exec.ExitError.
+type ExitError = exec.ExitError
+
+func relError(file, path string) error {
+	return fmt.Errorf("%s resolves to executable in current directory (.%c%s)", file, filepath.Separator, path)
+}
+
+// LookPath searches for an executable named file in the directories
+// named by the PATH environment variable. If file contains a slash,
+// it is tried directly and the PATH is not consulted. The result will be
+// an absolute path.
+//
+// LookPath differs from exec.LookPath in its handling of PATH lookups,
+// which are used for file names without slashes. If exec.LookPath's
+// PATH lookup would have returned an executable from the current directory,
+// LookPath instead returns an error.
+func LookPath(file string) (string, error) {
+	path, err := exec.LookPath(file)
+	if err != nil {
+		return "", err
+	}
+	if filepath.Base(file) == file && !filepath.IsAbs(path) {
+		return "", relError(file, path)
+	}
+	return path, nil
+}
+
+func fixCmd(name string, cmd *exec.Cmd) {
+	if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) {
+		// exec.Command was called with a bare binary name and
+		// exec.LookPath returned a path which is not absolute.
+		// Set cmd.lookPathErr and clear cmd.Path so that it
+		// cannot be run.
+		lookPathErr := (*error)(unsafe.Pointer(reflect.ValueOf(cmd).Elem().FieldByName("lookPathErr").Addr().Pointer()))
+		if *lookPathErr == nil {
+			*lookPathErr = relError(name, cmd.Path)
+		}
+		cmd.Path = ""
+	}
+}
+
+// CommandContext is like Command but includes a context.
+//
+// The provided context is used to kill the process (by calling os.Process.Kill)
+// if the context becomes done before the command completes on its own.
+func CommandContext(ctx context.Context, name string, arg ...string) *exec.Cmd {
+	cmd := exec.CommandContext(ctx, name, arg...)
+	fixCmd(name, cmd)
+	return cmd
+
+}
+
+// Command returns the Cmd struct to execute the named program with the given arguments.
+// See exec.Command for most details.
+//
+// Command differs from exec.Command in its handling of PATH lookups,
+// which are used when the program name contains no slashes.
+// If exec.Command would have returned an exec.Cmd configured to run an
+// executable from the current directory, Command instead
+// returns an exec.Cmd that will return an error from Start or Run.
+func Command(name string, arg ...string) *exec.Cmd {
+	cmd := exec.Command(name, arg...)
+	fixCmd(name, cmd)
+	return cmd
+}

vendor/modules.txt

@@ -444,6 +444,7 @@ golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
 # golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
 ## explicit
+golang.org/x/sys/execabs
 golang.org/x/sys/internal/unsafeheader
 golang.org/x/sys/plan9
 golang.org/x/sys/unix