Bump dependency opencontainers/runc@v1.0.0-rc9

2019-10-05 13:45:54 +02:00
parent 00096d8fed
commit 708a917b7d
30 changed files with 1463 additions and 197 deletions
--- a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
@@ -19,7 +19,7 @@ import (
 	"syscall" // only for SysProcAttr and Signal
 	"time"

-	"github.com/cyphar/filepath-securejoin"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/intelrdt"
@@ -1176,7 +1176,7 @@ func (c *linuxContainer) makeCriuRestoreMountpoints(m *configs.Mount) error {
 		if err != nil {
 			return err
 		}
-		if err := checkMountDestination(c.config.Rootfs, dest); err != nil {
+		if err := checkProcMount(c.config.Rootfs, dest, ""); err != nil {
 			return err
 		}
 		m.Destination = dest
@@ -1814,7 +1814,14 @@ func (c *linuxContainer) isPaused() (bool, error) {
 		// A container doesn't have a freezer cgroup
 		return false, nil
 	}
-	data, err := ioutil.ReadFile(filepath.Join(fcg, "freezer.state"))
+	pausedState := "FROZEN"
+	filename := "freezer.state"
+	if cgroups.IsCgroup2UnifiedMode() {
+		filename = "cgroup.freeze"
+		pausedState = "1"
+	}
+
+	data, err := ioutil.ReadFile(filepath.Join(fcg, filename))
 	if err != nil {
 		// If freezer cgroup is not mounted, the container would just be not paused.
 		if os.IsNotExist(err) {
@@ -1822,7 +1829,7 @@ func (c *linuxContainer) isPaused() (bool, error) {
 		}
 		return false, newSystemErrorWithCause(err, "checking if container is paused")
 	}
-	return bytes.Equal(bytes.TrimSpace(data), []byte("FROZEN")), nil
+	return bytes.Equal(bytes.TrimSpace(data), []byte(pausedState)), nil
 }

 func (c *linuxContainer) currentState() (*State, error) {