From cfb8cb43750320fdf2b8c5662c8ac2590ba0d328 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 16 Jul 2024 21:31:35 +0200 Subject: [PATCH] libcontainer/userns: migrate to github.com/moby/sys/user/userns The userns package was integrated into the moby/sys/user module at commit 3778ae603c706494fd1e2c2faf83b406e38d687d. This patch deprecates the old location, and adds it as an alias for the moby/sys/user/userns package. Signed-off-by: Sebastiaan van Stijn --- checkpoint.go | 5 +-- go.mod | 3 ++ go.sum | 4 +-- libcontainer/cgroups/devices/v1.go | 2 +- libcontainer/cgroups/devices/v1_test.go | 3 +- libcontainer/cgroups/devices/v2.go | 2 +- libcontainer/cgroups/systemd/user.go | 3 +- libcontainer/cgroups/utils.go | 2 +- libcontainer/rootfs_linux.go | 2 +- libcontainer/userns/userns_deprecated.go | 13 +++++++ libcontainer/userns/userns_linux_test.go | 34 ------------------- restore.go | 2 +- rootless_linux.go | 5 +-- vendor/github.com/moby/sys/user/user.go | 1 - .../moby/sys/user}/userns/userns.go | 3 ++ .../moby/sys/user}/userns/userns_linux.go | 0 .../sys/user}/userns/userns_linux_fuzzer.go | 0 .../sys/user}/userns/userns_unsupported.go | 0 vendor/modules.txt | 6 ++-- 19 files changed, 39 insertions(+), 51 deletions(-) create mode 100644 libcontainer/userns/userns_deprecated.go delete mode 100644 libcontainer/userns/userns_linux_test.go rename {libcontainer => vendor/github.com/moby/sys/user}/userns/userns.go (66%) rename {libcontainer => vendor/github.com/moby/sys/user}/userns/userns_linux.go (100%) rename {libcontainer => vendor/github.com/moby/sys/user}/userns/userns_linux_fuzzer.go (100%) rename {libcontainer => vendor/github.com/moby/sys/user}/userns/userns_unsupported.go (100%) diff --git a/checkpoint.go b/checkpoint.go index 1f5f5e73975..d10a2b4d79a 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -9,12 +9,13 @@ import ( "strconv" criu "github.com/checkpoint-restore/go-criu/v6/rpc" - "github.com/opencontainers/runc/libcontainer" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/user/userns" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" "github.com/urfave/cli" "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer" ) var checkpointCommand = cli.Command{ diff --git a/go.mod b/go.mod index 98b23ab872d..9f7d555dcbd 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,9 @@ module github.com/opencontainers/runc go 1.21 +// FIXME(thaJeztah): testing https://github.com/moby/sys/pull/140 +replace github.com/moby/sys/user => github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af + require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 github.com/cilium/ebpf v0.12.3 diff --git a/go.sum b/go.sum index 13b88a4850c..cd663592398 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,6 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= -github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= -github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= @@ -62,6 +60,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af h1:5VrEoF9+k36FwMBMQ09SUO8isUEjxbd2yZCBMkWuu04= +github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af/go.mod h1:RYstrcWOJpVh+6qzUqp2bU3eaRpdiQeKGlKitaH0PM8= github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= diff --git a/libcontainer/cgroups/devices/v1.go b/libcontainer/cgroups/devices/v1.go index 397c00c8d46..9c8a63b660c 100644 --- a/libcontainer/cgroups/devices/v1.go +++ b/libcontainer/cgroups/devices/v1.go @@ -5,10 +5,10 @@ import ( "errors" "reflect" + "github.com/moby/sys/user/userns" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" ) var testingSkipFinalCheck bool diff --git a/libcontainer/cgroups/devices/v1_test.go b/libcontainer/cgroups/devices/v1_test.go index aed1024b2ef..d956b8196a3 100644 --- a/libcontainer/cgroups/devices/v1_test.go +++ b/libcontainer/cgroups/devices/v1_test.go @@ -5,11 +5,12 @@ import ( "path" "testing" + "github.com/moby/sys/user/userns" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" ) func init() { diff --git a/libcontainer/cgroups/devices/v2.go b/libcontainer/cgroups/devices/v2.go index 4bcf860b5bb..e291f04dd58 100644 --- a/libcontainer/cgroups/devices/v2.go +++ b/libcontainer/cgroups/devices/v2.go @@ -3,11 +3,11 @@ package devices import ( "fmt" + "github.com/moby/sys/user/userns" "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" ) func isRWM(perms devices.Permissions) bool { diff --git a/libcontainer/cgroups/systemd/user.go b/libcontainer/cgroups/systemd/user.go index 6fa1cc77639..66aa3b5dbe3 100644 --- a/libcontainer/cgroups/systemd/user.go +++ b/libcontainer/cgroups/systemd/user.go @@ -13,8 +13,7 @@ import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" dbus "github.com/godbus/dbus/v5" - - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/user/userns" ) // newUserSystemdDbus creates a connection for systemd user-instance. diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index d303cf204c9..63efed2bb09 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -12,7 +12,7 @@ import ( "sync" "time" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/user/userns" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 348d30fefe8..bb4da864d27 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -14,6 +14,7 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "github.com/moby/sys/mountinfo" + "github.com/moby/sys/user/userns" "github.com/mrunalp/fileutils" "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" @@ -24,7 +25,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/userns/userns_deprecated.go b/libcontainer/userns/userns_deprecated.go new file mode 100644 index 00000000000..200e0c9c50a --- /dev/null +++ b/libcontainer/userns/userns_deprecated.go @@ -0,0 +1,13 @@ +// Deprecated: use github.com/moby/sys/user/userns +package userns + +import "github.com/moby/sys/user/userns" + +// RunningInUserNS detects whether we are currently running in a Linux +// user namespace and memoizes the result. It returns false on non-Linux +// platforms. +// +// Deprecated: use [userns.RunningInUserNS]. +func RunningInUserNS() bool { + return userns.RunningInUserNS() +} diff --git a/libcontainer/userns/userns_linux_test.go b/libcontainer/userns/userns_linux_test.go deleted file mode 100644 index 25c4ac301de..00000000000 --- a/libcontainer/userns/userns_linux_test.go +++ /dev/null @@ -1,34 +0,0 @@ -package userns - -import "testing" - -func TestUIDMapInUserNS(t *testing.T) { - cases := []struct { - s string - expected bool - }{ - { - s: " 0 0 4294967295\n", - expected: false, - }, - { - s: " 0 0 1\n", - expected: true, - }, - { - s: " 0 1001 1\n 1 231072 65536\n", - expected: true, - }, - { - // file exist but empty (the initial state when userns is created. see man 7 user_namespaces) - s: "", - expected: true, - }, - } - for _, c := range cases { - actual := uidMapInUserNS(c.s) - if c.expected != actual { - t.Fatalf("expected %v, got %v for %q", c.expected, actual, c.s) - } - } -} diff --git a/restore.go b/restore.go index d65afcfc788..deae54c05b8 100644 --- a/restore.go +++ b/restore.go @@ -3,7 +3,7 @@ package main import ( "os" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/user/userns" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/rootless_linux.go b/rootless_linux.go index a1f54858635..eb68582f8db 100644 --- a/rootless_linux.go +++ b/rootless_linux.go @@ -3,10 +3,11 @@ package main import ( "os" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/user/userns" "github.com/sirupsen/logrus" "github.com/urfave/cli" + + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" ) func shouldUseRootlessCgroupManager(context *cli.Context) (bool, error) { diff --git a/vendor/github.com/moby/sys/user/user.go b/vendor/github.com/moby/sys/user/user.go index 984466d1ab5..198c4936795 100644 --- a/vendor/github.com/moby/sys/user/user.go +++ b/vendor/github.com/moby/sys/user/user.go @@ -197,7 +197,6 @@ func ParseGroupFilter(r io.Reader, filter func(Group) bool) ([]Group, error) { for { var line []byte line, isPrefix, err = rd.ReadLine() - if err != nil { // We should return no error if EOF is reached // without a match. diff --git a/libcontainer/userns/userns.go b/vendor/github.com/moby/sys/user/userns/userns.go similarity index 66% rename from libcontainer/userns/userns.go rename to vendor/github.com/moby/sys/user/userns/userns.go index a07afe07bc8..70385089c69 100644 --- a/libcontainer/userns/userns.go +++ b/vendor/github.com/moby/sys/user/userns/userns.go @@ -1,3 +1,6 @@ +// Package userns provides utilities to detect whether we are currently running +// in a Linux user namespace. + package userns // RunningInUserNS detects whether we are currently running in a Linux diff --git a/libcontainer/userns/userns_linux.go b/vendor/github.com/moby/sys/user/userns/userns_linux.go similarity index 100% rename from libcontainer/userns/userns_linux.go rename to vendor/github.com/moby/sys/user/userns/userns_linux.go diff --git a/libcontainer/userns/userns_linux_fuzzer.go b/vendor/github.com/moby/sys/user/userns/userns_linux_fuzzer.go similarity index 100% rename from libcontainer/userns/userns_linux_fuzzer.go rename to vendor/github.com/moby/sys/user/userns/userns_linux_fuzzer.go diff --git a/libcontainer/userns/userns_unsupported.go b/vendor/github.com/moby/sys/user/userns/userns_unsupported.go similarity index 100% rename from libcontainer/userns/userns_unsupported.go rename to vendor/github.com/moby/sys/user/userns/userns_unsupported.go diff --git a/vendor/modules.txt b/vendor/modules.txt index 2a0f5b8eb1c..d9a0904aab1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -36,9 +36,10 @@ github.com/godbus/dbus/v5 # github.com/moby/sys/mountinfo v0.7.1 ## explicit; go 1.16 github.com/moby/sys/mountinfo -# github.com/moby/sys/user v0.1.0 -## explicit; go 1.17 +# github.com/moby/sys/user v0.1.0 => github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af +## explicit; go 1.21 github.com/moby/sys/user +github.com/moby/sys/user/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils @@ -115,3 +116,4 @@ google.golang.org/protobuf/reflect/protoreflect google.golang.org/protobuf/reflect/protoregistry google.golang.org/protobuf/runtime/protoiface google.golang.org/protobuf/runtime/protoimpl +# github.com/moby/sys/user => github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af