-
Notifications
You must be signed in to change notification settings - Fork 522
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0180e1c
commit 232c574
Showing
6 changed files
with
985 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
From 28daf0653d324fad545a7031e64b6891f399969b Mon Sep 17 00:00:00 2001 | ||
From: Kir Kolyshkin <kolyshkin@gmail.com> | ||
Date: Tue, 23 Feb 2021 17:58:07 -0800 | ||
Subject: [PATCH 1/5] libct/newInitConfig: nit | ||
|
||
Move the initialization of Console* fields as they are unconditional. | ||
|
||
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> | ||
--- | ||
libcontainer/container_linux.go | 7 ++++--- | ||
1 file changed, 4 insertions(+), 3 deletions(-) | ||
|
||
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go | ||
index 3dca29e4c3f2..b6100aae9d5a 100644 | ||
--- a/libcontainer/container_linux.go | ||
+++ b/libcontainer/container_linux.go | ||
@@ -594,6 +594,9 @@ func (c *linuxContainer) newInitConfig(process *Process) *initConfig { | ||
AppArmorProfile: c.config.AppArmorProfile, | ||
ProcessLabel: c.config.ProcessLabel, | ||
Rlimits: c.config.Rlimits, | ||
+ CreateConsole: process.ConsoleSocket != nil, | ||
+ ConsoleWidth: process.ConsoleWidth, | ||
+ ConsoleHeight: process.ConsoleHeight, | ||
} | ||
if process.NoNewPrivileges != nil { | ||
cfg.NoNewPrivileges = *process.NoNewPrivileges | ||
@@ -607,9 +610,7 @@ func (c *linuxContainer) newInitConfig(process *Process) *initConfig { | ||
if len(process.Rlimits) > 0 { | ||
cfg.Rlimits = process.Rlimits | ||
} | ||
- cfg.CreateConsole = process.ConsoleSocket != nil | ||
- cfg.ConsoleWidth = process.ConsoleWidth | ||
- cfg.ConsoleHeight = process.ConsoleHeight | ||
+ | ||
return cfg | ||
} | ||
|
||
-- | ||
2.31.1 | ||
|
||
|
140 changes: 140 additions & 0 deletions
140
packages/runc/rc93-0002-libct-rootfs-introduce-and-use-mountConfig.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
From 46ec7b5a94d370c4963ca361e9d96cb78d75d118 Mon Sep 17 00:00:00 2001 | ||
From: Kir Kolyshkin <kolyshkin@gmail.com> | ||
Date: Tue, 23 Feb 2021 18:14:37 -0800 | ||
Subject: [PATCH 2/5] libct/rootfs: introduce and use mountConfig | ||
|
||
The code is already passing three parameters around from | ||
mountToRootfs to mountCgroupV* to mountToRootfs again. | ||
|
||
I am about to add another parameter, so let's introduce and | ||
use struct mountConfig to pass around. | ||
|
||
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> | ||
--- | ||
libcontainer/rootfs_linux.go | 42 ++++++++++++++++++++++-------------- | ||
1 file changed, 26 insertions(+), 16 deletions(-) | ||
|
||
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go | ||
index 411496ab7c6d..a384abb7e8a5 100644 | ||
--- a/libcontainer/rootfs_linux.go | ||
+++ b/libcontainer/rootfs_linux.go | ||
@@ -29,6 +29,12 @@ import ( | ||
|
||
const defaultMountFlags = unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV | ||
|
||
+type mountConfig struct { | ||
+ root string | ||
+ label string | ||
+ cgroupns bool | ||
+} | ||
+ | ||
// needsSetupDev returns true if /dev needs to be set up. | ||
func needsSetupDev(config *configs.Config) bool { | ||
for _, m := range config.Mounts { | ||
@@ -48,7 +54,11 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) { | ||
return newSystemErrorWithCause(err, "preparing rootfs") | ||
} | ||
|
||
- hasCgroupns := config.Namespaces.Contains(configs.NEWCGROUP) | ||
+ mountConfig := &mountConfig{ | ||
+ root: config.Rootfs, | ||
+ label: config.MountLabel, | ||
+ cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), | ||
+ } | ||
setupDev := needsSetupDev(config) | ||
for _, m := range config.Mounts { | ||
for _, precmd := range m.PremountCmds { | ||
@@ -56,7 +66,7 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) { | ||
return newSystemErrorWithCause(err, "running premount command") | ||
} | ||
} | ||
- if err := mountToRootfs(m, config.Rootfs, config.MountLabel, hasCgroupns); err != nil { | ||
+ if err := mountToRootfs(m, mountConfig); err != nil { | ||
return newSystemErrorWithCausef(err, "mounting %q to rootfs at %q", m.Source, m.Destination) | ||
} | ||
|
||
@@ -222,7 +232,7 @@ func prepareBindMount(m *configs.Mount, rootfs string) error { | ||
return nil | ||
} | ||
|
||
-func mountCgroupV1(m *configs.Mount, rootfs, mountLabel string, enableCgroupns bool) error { | ||
+func mountCgroupV1(m *configs.Mount, c *mountConfig) error { | ||
binds, err := getCgroupMounts(m) | ||
if err != nil { | ||
return err | ||
@@ -242,12 +252,12 @@ func mountCgroupV1(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b | ||
Data: "mode=755", | ||
PropagationFlags: m.PropagationFlags, | ||
} | ||
- if err := mountToRootfs(tmpfs, rootfs, mountLabel, enableCgroupns); err != nil { | ||
+ if err := mountToRootfs(tmpfs, c); err != nil { | ||
return err | ||
} | ||
for _, b := range binds { | ||
- if enableCgroupns { | ||
- subsystemPath := filepath.Join(rootfs, b.Destination) | ||
+ if c.cgroupns { | ||
+ subsystemPath := filepath.Join(c.root, b.Destination) | ||
if err := os.MkdirAll(subsystemPath, 0755); err != nil { | ||
return err | ||
} | ||
@@ -266,7 +276,7 @@ func mountCgroupV1(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b | ||
return err | ||
} | ||
} else { | ||
- if err := mountToRootfs(b, rootfs, mountLabel, enableCgroupns); err != nil { | ||
+ if err := mountToRootfs(b, c); err != nil { | ||
return err | ||
} | ||
} | ||
@@ -276,7 +286,7 @@ func mountCgroupV1(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b | ||
// symlink(2) is very dumb, it will just shove the path into | ||
// the link and doesn't do any checks or relative path | ||
// conversion. Also, don't error out if the cgroup already exists. | ||
- if err := os.Symlink(mc, filepath.Join(rootfs, m.Destination, ss)); err != nil && !os.IsExist(err) { | ||
+ if err := os.Symlink(mc, filepath.Join(c.root, m.Destination, ss)); err != nil && !os.IsExist(err) { | ||
return err | ||
} | ||
} | ||
@@ -284,8 +294,8 @@ func mountCgroupV1(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b | ||
return nil | ||
} | ||
|
||
-func mountCgroupV2(m *configs.Mount, rootfs, mountLabel string, enableCgroupns bool) error { | ||
- cgroupPath, err := securejoin.SecureJoin(rootfs, m.Destination) | ||
+func mountCgroupV2(m *configs.Mount, c *mountConfig) error { | ||
+ cgroupPath, err := securejoin.SecureJoin(c.root, m.Destination) | ||
if err != nil { | ||
return err | ||
} | ||
@@ -302,10 +312,10 @@ func mountCgroupV2(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b | ||
return nil | ||
} | ||
|
||
-func mountToRootfs(m *configs.Mount, rootfs, mountLabel string, enableCgroupns bool) error { | ||
- var ( | ||
- dest = m.Destination | ||
- ) | ||
+func mountToRootfs(m *configs.Mount, c *mountConfig) error { | ||
+ rootfs := c.root | ||
+ mountLabel := c.label | ||
+ dest := m.Destination | ||
if !strings.HasPrefix(dest, rootfs) { | ||
dest = filepath.Join(rootfs, dest) | ||
} | ||
@@ -424,9 +434,9 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b | ||
} | ||
case "cgroup": | ||
if cgroups.IsCgroup2UnifiedMode() { | ||
- return mountCgroupV2(m, rootfs, mountLabel, enableCgroupns) | ||
+ return mountCgroupV2(m, c) | ||
} | ||
- return mountCgroupV1(m, rootfs, mountLabel, enableCgroupns) | ||
+ return mountCgroupV1(m, c) | ||
default: | ||
// ensure that the destination of the mount is resolved of symlinks at mount time because | ||
// any previous mounts can invalidate the next mount's destination. | ||
-- | ||
2.31.1 | ||
|
||
|
53 changes: 53 additions & 0 deletions
53
packages/runc/rc93-0003-libct-rootfs-mountCgroupV2-minor-refactor.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
From 198a2806b0b5522cff1c53bf4671cfee85e45608 Mon Sep 17 00:00:00 2001 | ||
From: Kir Kolyshkin <kolyshkin@gmail.com> | ||
Date: Tue, 23 Feb 2021 18:25:56 -0800 | ||
Subject: [PATCH 3/5] libct/rootfs/mountCgroupV2: minor refactor | ||
|
||
1. s/cgroupPath/dest/ | ||
|
||
2. don't hardcode /sys/fs/cgroup | ||
|
||
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> | ||
--- | ||
libcontainer/rootfs_linux.go | 10 ++++++---- | ||
1 file changed, 6 insertions(+), 4 deletions(-) | ||
|
||
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go | ||
index a384abb7e8a5..0f0495b93b3e 100644 | ||
--- a/libcontainer/rootfs_linux.go | ||
+++ b/libcontainer/rootfs_linux.go | ||
@@ -17,6 +17,7 @@ import ( | ||
"github.com/moby/sys/mountinfo" | ||
"github.com/mrunalp/fileutils" | ||
"github.com/opencontainers/runc/libcontainer/cgroups" | ||
+ "github.com/opencontainers/runc/libcontainer/cgroups/fs2" | ||
"github.com/opencontainers/runc/libcontainer/configs" | ||
"github.com/opencontainers/runc/libcontainer/devices" | ||
"github.com/opencontainers/runc/libcontainer/system" | ||
@@ -295,17 +296,18 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { | ||
} | ||
|
||
func mountCgroupV2(m *configs.Mount, c *mountConfig) error { | ||
- cgroupPath, err := securejoin.SecureJoin(c.root, m.Destination) | ||
+ dest, err := securejoin.SecureJoin(c.root, m.Destination) | ||
if err != nil { | ||
return err | ||
} | ||
- if err := os.MkdirAll(cgroupPath, 0755); err != nil { | ||
+ if err := os.MkdirAll(dest, 0755); err != nil { | ||
return err | ||
} | ||
- if err := unix.Mount(m.Source, cgroupPath, "cgroup2", uintptr(m.Flags), m.Data); err != nil { | ||
+ if err := unix.Mount(m.Source, dest, "cgroup2", uintptr(m.Flags), m.Data); err != nil { | ||
// when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158) | ||
if err == unix.EPERM || err == unix.EBUSY { | ||
- return unix.Mount("/sys/fs/cgroup", cgroupPath, "", uintptr(m.Flags)|unix.MS_BIND, "") | ||
+ src := fs2.UnifiedMountpoint | ||
+ return unix.Mount(src, dest, "", uintptr(m.Flags)|unix.MS_BIND, "") | ||
} | ||
return err | ||
} | ||
-- | ||
2.31.1 | ||
|
||
|
Oops, something went wrong.