Skip to content

Commit

Permalink
deprecate RunningInUserNS(), migrate to github.com/moby/sys/userns
Browse files Browse the repository at this point in the history
The userns package in libcontainer was integrated into the moby/sys/user
module at commit 3778ae603c706494fd1e2c2faf83b406e38d687d.

The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.

[3778ae603c706494fd1e2c2faf83b406e38d687d]: opencontainers/runc@3778ae6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information
thaJeztah committed Jul 16, 2024
1 parent a506c2b commit 53b1a75
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 31 deletions.
4 changes: 2 additions & 2 deletions cgroup1/subsystem.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ import (
"fmt"
"os"

"github.com/containerd/cgroups/v3"
v1 "github.com/containerd/cgroups/v3/cgroup1/stats"
"github.com/moby/sys/user/userns"
specs "github.com/opencontainers/runtime-spec/specs-go"
)

Expand Down Expand Up @@ -60,7 +60,7 @@ func Subsystems() []Name {
Blkio,
Rdma,
}
if !cgroups.RunningInUserNS() {
if !userns.RunningInUserNS() {
n = append(n, Devices)
}
if _, err := os.Stat("/sys/kernel/mm/hugepages"); err == nil {
Expand Down
3 changes: 2 additions & 1 deletion cgroup1/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (

"github.com/containerd/cgroups/v3"
units "github.com/docker/go-units"
"github.com/moby/sys/user/userns"
specs "github.com/opencontainers/runtime-spec/specs-go"
)

Expand All @@ -53,7 +54,7 @@ func defaults(root string) ([]Subsystem, error) {
}
// only add the devices cgroup if we are not in a user namespace
// because modifications are not allowed
if !cgroups.RunningInUserNS() {
if !userns.RunningInUserNS() {
s = append(s, NewDevices(root))
}
// add the hugetlb cgroup if error wasn't due to missing hugetlb
Expand Down
4 changes: 4 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,16 @@ module github.com/containerd/cgroups/v3

go 1.21

// FIXME(thaJeztah): testing https://github.com/moby/sys/pull/140
replace github.com/moby/sys/user => github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af

require (
github.com/cilium/ebpf v0.11.0
github.com/containerd/log v0.1.0
github.com/coreos/go-systemd/v22 v22.3.2
github.com/docker/go-units v0.5.0
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/user v0.1.0
github.com/opencontainers/runtime-spec v1.0.2
github.com/stretchr/testify v1.8.4
go.uber.org/goleak v1.1.12
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af h1:5VrEoF9+k36FwMBMQ09SUO8isUEjxbd2yZCBMkWuu04=
github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af/go.mod h1:RYstrcWOJpVh+6qzUqp2bU3eaRpdiQeKGlKitaH0PM8=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
Expand Down
32 changes: 4 additions & 28 deletions utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"strings"
"sync"

"github.com/moby/sys/user/userns"
"golang.org/x/sys/unix"
)

Expand Down Expand Up @@ -77,35 +78,10 @@ func Mode() CGMode {

// RunningInUserNS detects whether we are currently running in a user namespace.
// Copied from github.com/lxc/lxd/shared/util.go
//
// Deprecated: use [userns.RunningInUserNS].
func RunningInUserNS() bool {
nsOnce.Do(func() {
file, err := os.Open("/proc/self/uid_map")
if err != nil {
// This kernel-provided file only exists if user namespaces are supported
return
}
defer file.Close()

buf := bufio.NewReader(file)
l, _, err := buf.ReadLine()
if err != nil {
return
}

line := string(l)
var a, b, c int64
fmt.Sscanf(line, "%d %d %d", &a, &b, &c)

/*
* We assume we are in the initial user namespace if we have a full
* range - 4294967295 uids starting at uid 0.
*/
if a == 0 && b == 0 && c == 4294967295 {
return
}
inUserNS = true
})
return inUserNS
return userns.RunningInUserNS()
}

// ParseCgroupFileUnified returns legacy subsystem paths as the first value,
Expand Down

0 comments on commit 53b1a75

Please sign in to comment.