From 53b1a759ceef7d660b40036f42b52103cb12db17 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 16 Jul 2024 22:20:39 +0200 Subject: [PATCH] deprecate RunningInUserNS(), migrate to github.com/moby/sys/userns The userns package in libcontainer was integrated into the moby/sys/user module at commit 3778ae603c706494fd1e2c2faf83b406e38d687d. The userns package is used in many places, and currently either depends on runc/libcontainer, or on containerd, both of which have a complex dependency tree. This patch is part of a series of patches to unify the implementations, and to migrate toward that implementation to simplify the dependency tree. [3778ae603c706494fd1e2c2faf83b406e38d687d]: https://github.com/opencontainers/runc/commit/3778ae603c706494fd1e2c2faf83b406e38d687d Signed-off-by: Sebastiaan van Stijn --- cgroup1/subsystem.go | 4 ++-- cgroup1/utils.go | 3 ++- go.mod | 4 ++++ go.sum | 2 ++ utils.go | 32 ++++---------------------------- 5 files changed, 14 insertions(+), 31 deletions(-) diff --git a/cgroup1/subsystem.go b/cgroup1/subsystem.go index d32ea2ca..90b02dae 100644 --- a/cgroup1/subsystem.go +++ b/cgroup1/subsystem.go @@ -20,8 +20,8 @@ import ( "fmt" "os" - "github.com/containerd/cgroups/v3" v1 "github.com/containerd/cgroups/v3/cgroup1/stats" + "github.com/moby/sys/user/userns" specs "github.com/opencontainers/runtime-spec/specs-go" ) @@ -60,7 +60,7 @@ func Subsystems() []Name { Blkio, Rdma, } - if !cgroups.RunningInUserNS() { + if !userns.RunningInUserNS() { n = append(n, Devices) } if _, err := os.Stat("/sys/kernel/mm/hugepages"); err == nil { diff --git a/cgroup1/utils.go b/cgroup1/utils.go index 5d4fe322..fa2006ca 100644 --- a/cgroup1/utils.go +++ b/cgroup1/utils.go @@ -28,6 +28,7 @@ import ( "github.com/containerd/cgroups/v3" units "github.com/docker/go-units" + "github.com/moby/sys/user/userns" specs "github.com/opencontainers/runtime-spec/specs-go" ) @@ -53,7 +54,7 @@ func defaults(root string) ([]Subsystem, error) { } // only add the devices cgroup if we are not in a user namespace // because modifications are not allowed - if !cgroups.RunningInUserNS() { + if !userns.RunningInUserNS() { s = append(s, NewDevices(root)) } // add the hugetlb cgroup if error wasn't due to missing hugetlb diff --git a/go.mod b/go.mod index 0979ca8e..0acc87c7 100644 --- a/go.mod +++ b/go.mod @@ -2,12 +2,16 @@ module github.com/containerd/cgroups/v3 go 1.21 +// FIXME(thaJeztah): testing https://github.com/moby/sys/pull/140 +replace github.com/moby/sys/user => github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af + require ( github.com/cilium/ebpf v0.11.0 github.com/containerd/log v0.1.0 github.com/coreos/go-systemd/v22 v22.3.2 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.0.4 + github.com/moby/sys/user v0.1.0 github.com/opencontainers/runtime-spec v1.0.2 github.com/stretchr/testify v1.8.4 go.uber.org/goleak v1.1.12 diff --git a/go.sum b/go.sum index e0582b12..f7f92e08 100644 --- a/go.sum +++ b/go.sum @@ -34,6 +34,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af h1:5VrEoF9+k36FwMBMQ09SUO8isUEjxbd2yZCBMkWuu04= +github.com/thaJeztah/sys/user v0.0.0-20240716182136-7cfea2ca93af/go.mod h1:RYstrcWOJpVh+6qzUqp2bU3eaRpdiQeKGlKitaH0PM8= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= diff --git a/utils.go b/utils.go index ebff755a..e9eae56a 100644 --- a/utils.go +++ b/utils.go @@ -25,6 +25,7 @@ import ( "strings" "sync" + "github.com/moby/sys/user/userns" "golang.org/x/sys/unix" ) @@ -77,35 +78,10 @@ func Mode() CGMode { // RunningInUserNS detects whether we are currently running in a user namespace. // Copied from github.com/lxc/lxd/shared/util.go +// +// Deprecated: use [userns.RunningInUserNS]. func RunningInUserNS() bool { - nsOnce.Do(func() { - file, err := os.Open("/proc/self/uid_map") - if err != nil { - // This kernel-provided file only exists if user namespaces are supported - return - } - defer file.Close() - - buf := bufio.NewReader(file) - l, _, err := buf.ReadLine() - if err != nil { - return - } - - line := string(l) - var a, b, c int64 - fmt.Sscanf(line, "%d %d %d", &a, &b, &c) - - /* - * We assume we are in the initial user namespace if we have a full - * range - 4294967295 uids starting at uid 0. - */ - if a == 0 && b == 0 && c == 4294967295 { - return - } - inUserNS = true - }) - return inUserNS + return userns.RunningInUserNS() } // ParseCgroupFileUnified returns legacy subsystem paths as the first value,