Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package runc for openSUSE:Factory checked in at 2023-11-07 21:25:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/runc (Old) and /work/SRC/openSUSE:Factory/.runc.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "runc" Tue Nov 7 21:25:34 2023 rev:58 rq:1123912 version:1.1.10 Changes: -------- --- /work/SRC/openSUSE:Factory/runc/runc.changes 2023-09-14 16:27:00.861472974 +0200 +++ /work/SRC/openSUSE:Factory/.runc.new.17445/runc.changes 2023-11-07 21:25:43.438111684 +0100 @@ -1,0 +2,6 @@ +Wed Nov 1 07:25:46 UTC 2023 - Aleksa Sarai <[email protected]> + +- Update to runc v1.1.10. Upstream changelog is available from + <https://github.com/opencontainers/runc/releases/tag/v1.1.10>. + +------------------------------------------------------------------- Old: ---- runc-1.1.9.tar.xz runc-1.1.9.tar.xz.asc New: ---- runc-1.1.10.tar.xz runc-1.1.10.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ runc.spec ++++++ --- /var/tmp/diff_new_pack.tdBRFI/_old 2023-11-07 21:25:44.958167658 +0100 +++ /var/tmp/diff_new_pack.tdBRFI/_new 2023-11-07 21:25:44.962167805 +0100 @@ -18,13 +18,13 @@ # MANUAL: Make sure you update this each time you update runc. -%define git_version ccaecfcbc907d70a7aa870a6650887b901b25b82 -%define git_short ccaecfcbc907 +%define git_version 18a0cb0f32bcac2ecc9a10f327d282759c144dab +%define git_short 18a0cb0f32bc %define project github.com/opencontainers/runc Name: runc -Version: 1.1.9 +Version: 1.1.10 Release: 0 Summary: Tool for spawning and running OCI containers License: Apache-2.0 ++++++ runc-1.1.9.tar.xz -> runc-1.1.10.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/.github/workflows/test.yml new/runc-1.1.10/.github/workflows/test.yml --- old/runc-1.1.9/.github/workflows/test.yml 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/.github/workflows/test.yml 2023-11-01 08:01:51.000000000 +0100 @@ -43,7 +43,7 @@ REPO: https://download.opensuse.org/repositories/devel:/tools:/criu/xUbuntu_20.04 run: | # criu repo - curl -fSsl $REPO/Release.key | sudo apt-key add - + curl -fSsLl $REPO/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_tools_criu.gpg > /dev/null echo "deb $REPO/ /" | sudo tee /etc/apt/sources.list.d/criu.list sudo apt update sudo apt install libseccomp-dev criu sshfs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/CHANGELOG.md new/runc-1.1.10/CHANGELOG.md --- old/runc-1.1.9/CHANGELOG.md 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/CHANGELOG.md 2023-11-01 08:01:51.000000000 +0100 @@ -6,6 +6,26 @@ ## [Unreleased 1.1.z] +## [1.1.10] - 2023-10-31 + +> Åruba, przykrÄcona we Ånie, nie zmieni sytuacji, jaka panuje na jawie. + +### Added + +* Support for `hugetlb.<pagesize>.rsvd` limiting and accounting. Fixes the + issue of postres failing when hugepage limits are set. (#3859, #4077) + +### Fixed + +* Fixed permissions of a newly created directories to not depend on the value + of umask in tmpcopyup feature implementation. (#3991, #4060) +* libcontainer: cgroup v1 GetStats now ignores missing `kmem.limit_in_bytes` + (fixes the compatibility with Linux kernel 6.1+). (#4028) +* Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb + configuration. This issue is not a security issue because it requires a + malicious `config.json`, which is outside of our threat model. (#4103) +* Various CI fixes. (#4081, #4055) + ## [1.1.9] - 2023-08-10 > There is a crack in everything. That's how the light gets in. @@ -456,8 +476,9 @@ [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1 <!-- 1.1.z patch releases --> -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.9...release-1.1 -[1.1.8]: https://github.com/opencontainers/runc/compare/v1.1.8...v1.1.9 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.10...release-1.1 +[1.1.10]: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10 +[1.1.9]: https://github.com/opencontainers/runc/compare/v1.1.8...v1.1.9 [1.1.8]: https://github.com/opencontainers/runc/compare/v1.1.7...v1.1.8 [1.1.7]: https://github.com/opencontainers/runc/compare/v1.1.6...v1.1.7 [1.1.6]: https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.6 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/VERSION new/runc-1.1.10/VERSION --- old/runc-1.1.9/VERSION 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/VERSION 2023-11-01 08:01:51.000000000 +0100 @@ -1 +1 @@ -1.1.9 +1.1.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/go.mod new/runc-1.1.10/go.mod --- old/runc-1.1.9/go.mod 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/go.mod 2023-11-01 08:01:51.000000000 +0100 @@ -11,7 +11,7 @@ github.com/docker/go-units v0.4.0 github.com/godbus/dbus/v5 v5.0.6 github.com/moby/sys/mountinfo v0.5.0 - github.com/mrunalp/fileutils v0.5.0 + github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/selinux v1.10.0 github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/go.sum new/runc-1.1.10/go.sum --- old/runc-1.1.9/go.sum 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/go.sum 2023-11-01 08:01:51.000000000 +0100 @@ -31,8 +31,8 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= -github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= -github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= +github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= +github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/libcontainer/cgroups/file.go new/runc-1.1.10/libcontainer/cgroups/file.go --- old/runc-1.1.9/libcontainer/cgroups/file.go 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/libcontainer/cgroups/file.go 2023-11-01 08:01:51.000000000 +0100 @@ -10,6 +10,7 @@ "strings" "sync" + "github.com/opencontainers/runc/libcontainer/utils" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -122,7 +123,7 @@ flags |= os.O_TRUNC | os.O_CREATE mode = 0o600 } - path := path.Join(dir, file) + path := path.Join(dir, utils.CleanPath(file)) if prepareOpenat2() != nil { return openFallback(path, flags, mode) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/libcontainer/cgroups/fs/hugetlb.go new/runc-1.1.10/libcontainer/cgroups/fs/hugetlb.go --- old/runc-1.1.9/libcontainer/cgroups/fs/hugetlb.go 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/libcontainer/cgroups/fs/hugetlb.go 2023-11-01 08:01:51.000000000 +0100 @@ -1,6 +1,8 @@ package fs import ( + "errors" + "os" "strconv" "github.com/opencontainers/runc/libcontainer/cgroups" @@ -19,8 +21,23 @@ } func (s *HugetlbGroup) Set(path string, r *configs.Resources) error { + const suffix = ".limit_in_bytes" + skipRsvd := false + for _, hugetlb := range r.HugetlbLimit { - if err := cgroups.WriteFile(path, "hugetlb."+hugetlb.Pagesize+".limit_in_bytes", strconv.FormatUint(hugetlb.Limit, 10)); err != nil { + prefix := "hugetlb." + hugetlb.Pagesize + val := strconv.FormatUint(hugetlb.Limit, 10) + if err := cgroups.WriteFile(path, prefix+suffix, val); err != nil { + return err + } + if skipRsvd { + continue + } + if err := cgroups.WriteFile(path, prefix+".rsvd"+suffix, val); err != nil { + if errors.Is(err, os.ErrNotExist) { + skipRsvd = true + continue + } return err } } @@ -32,24 +49,29 @@ if !cgroups.PathExists(path) { return nil } + rsvd := ".rsvd" hugetlbStats := cgroups.HugetlbStats{} for _, pageSize := range cgroups.HugePageSizes() { - usage := "hugetlb." + pageSize + ".usage_in_bytes" - value, err := fscommon.GetCgroupParamUint(path, usage) + again: + prefix := "hugetlb." + pageSize + rsvd + + value, err := fscommon.GetCgroupParamUint(path, prefix+".usage_in_bytes") if err != nil { + if rsvd != "" && errors.Is(err, os.ErrNotExist) { + rsvd = "" + goto again + } return err } hugetlbStats.Usage = value - maxUsage := "hugetlb." + pageSize + ".max_usage_in_bytes" - value, err = fscommon.GetCgroupParamUint(path, maxUsage) + value, err = fscommon.GetCgroupParamUint(path, prefix+".max_usage_in_bytes") if err != nil { return err } hugetlbStats.MaxUsage = value - failcnt := "hugetlb." + pageSize + ".failcnt" - value, err = fscommon.GetCgroupParamUint(path, failcnt) + value, err = fscommon.GetCgroupParamUint(path, prefix+".failcnt") if err != nil { return err } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/libcontainer/cgroups/fs/hugetlb_test.go new/runc-1.1.10/libcontainer/cgroups/fs/hugetlb_test.go --- old/runc-1.1.9/libcontainer/cgroups/fs/hugetlb_test.go 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/libcontainer/cgroups/fs/hugetlb_test.go 2023-11-01 08:01:51.000000000 +0100 @@ -21,6 +21,11 @@ limit = "hugetlb.%s.limit_in_bytes" maxUsage = "hugetlb.%s.max_usage_in_bytes" failcnt = "hugetlb.%s.failcnt" + + rsvdUsage = "hugetlb.%s.rsvd.usage_in_bytes" + rsvdLimit = "hugetlb.%s.rsvd.limit_in_bytes" + rsvdMaxUsage = "hugetlb.%s.rsvd.max_usage_in_bytes" + rsvdFailcnt = "hugetlb.%s.rsvd.failcnt" ) func TestHugetlbSetHugetlb(t *testing.T) { @@ -52,13 +57,15 @@ } for _, pageSize := range cgroups.HugePageSizes() { - limit := fmt.Sprintf(limit, pageSize) - value, err := fscommon.GetCgroupParamUint(path, limit) - if err != nil { - t.Fatal(err) - } - if value != hugetlbAfter { - t.Fatalf("Set hugetlb.limit_in_bytes failed. Expected: %v, Got: %v", hugetlbAfter, value) + for _, f := range []string{limit, rsvdLimit} { + limit := fmt.Sprintf(f, pageSize) + value, err := fscommon.GetCgroupParamUint(path, limit) + if err != nil { + t.Fatal(err) + } + if value != hugetlbAfter { + t.Fatalf("Set %s failed. Expected: %v, Got: %v", limit, hugetlbAfter, value) + } } } } @@ -73,6 +80,28 @@ }) } + hugetlb := &HugetlbGroup{} + actualStats := *cgroups.NewStats() + err := hugetlb.GetStats(path, &actualStats) + if err != nil { + t.Fatal(err) + } + expectedStats := cgroups.HugetlbStats{Usage: 128, MaxUsage: 256, Failcnt: 100} + for _, pageSize := range cgroups.HugePageSizes() { + expectHugetlbStatEquals(t, expectedStats, actualStats.HugetlbStats[pageSize]) + } +} + +func TestHugetlbRStatsRsvd(t *testing.T) { + path := tempDir(t, "hugetlb") + for _, pageSize := range cgroups.HugePageSizes() { + writeFileContents(t, path, map[string]string{ + fmt.Sprintf(rsvdUsage, pageSize): hugetlbUsageContents, + fmt.Sprintf(rsvdMaxUsage, pageSize): hugetlbMaxUsageContents, + fmt.Sprintf(rsvdFailcnt, pageSize): hugetlbFailcnt, + }) + } + hugetlb := &HugetlbGroup{} actualStats := *cgroups.NewStats() err := hugetlb.GetStats(path, &actualStats) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/libcontainer/cgroups/fs/memory.go new/runc-1.1.10/libcontainer/cgroups/fs/memory.go --- old/runc-1.1.9/libcontainer/cgroups/fs/memory.go 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/libcontainer/cgroups/fs/memory.go 2023-11-01 08:01:51.000000000 +0100 @@ -234,6 +234,12 @@ memoryData.Failcnt = value value, err = fscommon.GetCgroupParamUint(path, limit) if err != nil { + if name == "kmem" && os.IsNotExist(err) { + // Ignore ENOENT as kmem.limit_in_bytes has + // been removed in newer kernels. + return memoryData, nil + } + return cgroups.MemoryData{}, err } memoryData.Limit = value diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/libcontainer/cgroups/fs2/hugetlb.go new/runc-1.1.10/libcontainer/cgroups/fs2/hugetlb.go --- old/runc-1.1.9/libcontainer/cgroups/fs2/hugetlb.go 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/libcontainer/cgroups/fs2/hugetlb.go 2023-11-01 08:01:51.000000000 +0100 @@ -1,6 +1,8 @@ package fs2 import ( + "errors" + "os" "strconv" "github.com/opencontainers/runc/libcontainer/cgroups" @@ -16,8 +18,22 @@ if !isHugeTlbSet(r) { return nil } + const suffix = ".max" + skipRsvd := false for _, hugetlb := range r.HugetlbLimit { - if err := cgroups.WriteFile(dirPath, "hugetlb."+hugetlb.Pagesize+".max", strconv.FormatUint(hugetlb.Limit, 10)); err != nil { + prefix := "hugetlb." + hugetlb.Pagesize + val := strconv.FormatUint(hugetlb.Limit, 10) + if err := cgroups.WriteFile(dirPath, prefix+suffix, val); err != nil { + return err + } + if skipRsvd { + continue + } + if err := cgroups.WriteFile(dirPath, prefix+".rsvd"+suffix, val); err != nil { + if errors.Is(err, os.ErrNotExist) { + skipRsvd = true + continue + } return err } } @@ -27,15 +43,21 @@ func statHugeTlb(dirPath string, stats *cgroups.Stats) error { hugetlbStats := cgroups.HugetlbStats{} + rsvd := ".rsvd" for _, pagesize := range cgroups.HugePageSizes() { - value, err := fscommon.GetCgroupParamUint(dirPath, "hugetlb."+pagesize+".current") + again: + prefix := "hugetlb." + pagesize + rsvd + value, err := fscommon.GetCgroupParamUint(dirPath, prefix+".current") if err != nil { + if rsvd != "" && errors.Is(err, os.ErrNotExist) { + rsvd = "" + goto again + } return err } hugetlbStats.Usage = value - fileName := "hugetlb." + pagesize + ".events" - value, err = fscommon.GetValueByKey(dirPath, fileName, "max") + value, err = fscommon.GetValueByKey(dirPath, prefix+".events", "max") if err != nil { return err } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/libcontainer/nsenter/cloned_binary.c new/runc-1.1.10/libcontainer/nsenter/cloned_binary.c --- old/runc-1.1.9/libcontainer/nsenter/cloned_binary.c 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/libcontainer/nsenter/cloned_binary.c 2023-11-01 08:01:51.000000000 +0100 @@ -151,7 +151,7 @@ * Is the binary a fully-sealed memfd? We don't need CLONED_BINARY_ENV for * this, because you cannot write to a sealed memfd no matter what (so * sharing it isn't a bad thing -- and an admin could bind-mount a sealed - * memfd to /usr/bin/runc to allow re-use). + * memfd to /usr/bin/runc to allow reuse). */ ret = fcntl(fd, F_GET_SEALS); if (ret >= 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/libcontainer/seccomp/patchbpf/enosys_linux.go new/runc-1.1.10/libcontainer/seccomp/patchbpf/enosys_linux.go --- old/runc-1.1.9/libcontainer/seccomp/patchbpf/enosys_linux.go 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/libcontainer/seccomp/patchbpf/enosys_linux.go 2023-11-01 08:01:51.000000000 +0100 @@ -81,7 +81,7 @@ var retErrnoEnosys = uint32(C.C_ACT_ERRNO_ENOSYS) // This syscall is used for multiplexing "large" syscalls on s390(x). Unknown -// syscalls will end up with this syscall number, so we need to explcitly +// syscalls will end up with this syscall number, so we need to explicitly // return -ENOSYS for this syscall on those architectures. const s390xMultiplexSyscall libseccomp.ScmpSyscall = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/man/runc-update.8.md new/runc-1.1.10/man/runc-update.8.md --- old/runc-1.1.9/man/runc-update.8.md 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/man/runc-update.8.md 2023-11-01 08:01:51.000000000 +0100 @@ -41,7 +41,7 @@ # OPTIONS **--resources**|**-r** _resources.json_ -: Read the new resource limtis from _resources.json_. Use **-** to read from +: Read the new resource limits from _resources.json_. Use **-** to read from stdin. If this option is used, all other options are ignored. **--blkio-weight** _weight_ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/tests/integration/cgroups.bats new/runc-1.1.10/tests/integration/cgroups.bats --- old/runc-1.1.9/tests/integration/cgroups.bats 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/tests/integration/cgroups.bats 2023-11-01 08:01:51.000000000 +0100 @@ -187,6 +187,70 @@ [[ "$weights" == *"$major:$minor 444"* ]] } +# Convert size in KB to hugetlb size suffix. +convert_hugetlb_size() { + local size=$1 + local units=("KB" "MB" "GB") + local idx=0 + + while ((size >= 1024)); do + ((size /= 1024)) + ((idx++)) + done + + echo "$size${units[$idx]}" +} + +@test "runc run (hugetlb limits)" { + requires cgroups_hugetlb + [ $EUID -ne 0 ] && requires rootless_cgroup + # shellcheck disable=SC2012 # ls is fine here. + mapfile -t sizes_kb < <(ls /sys/kernel/mm/hugepages/ | sed -e 's/.*hugepages-//' -e 's/kB$//') # + if [ "${#sizes_kb[@]}" -lt 1 ]; then + skip "requires hugetlb" + fi + + # Create two arrays: + # - sizes: hugetlb cgroup file suffixes; + # - limits: limits for each size. + for size in "${sizes_kb[@]}"; do + sizes+=("$(convert_hugetlb_size "$size")") + # Limit to 1 page. + limits+=("$((size * 1024))") + done + + # Set per-size limits. + for ((i = 0; i < ${#sizes[@]}; i++)); do + size="${sizes[$i]}" + limit="${limits[$i]}" + update_config '.linux.resources.hugepageLimits += [{ pagesize: "'"$size"'", limit: '"$limit"' }]' + done + + set_cgroups_path + runc run -d --console-socket "$CONSOLE_SOCKET" test_hugetlb + [ "$status" -eq 0 ] + + lim="max" + [ "$CGROUP_UNIFIED" = "no" ] && lim="limit_in_bytes" + + optional=("") + # Add rsvd, if available. + if test -f "$(get_cgroup_path hugetlb)/hugetlb.${sizes[0]}.rsvd.$lim"; then + optional+=(".rsvd") + fi + + # Check if the limits are as expected. + for ((i = 0; i < ${#sizes[@]}; i++)); do + size="${sizes[$i]}" + limit="${limits[$i]}" + for rsvd in "${optional[@]}"; do + param="hugetlb.${size}${rsvd}.$lim" + echo "checking $param" + check_cgroup_value "$param" "$limit" + done + done +} + @test "runc run (cgroup v2 resources.unified only)" { requires root cgroups_v2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/tests/integration/helpers.bash new/runc-1.1.10/tests/integration/helpers.bash --- old/runc-1.1.9/tests/integration/helpers.bash 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/tests/integration/helpers.bash 2023-11-01 08:01:51.000000000 +0100 @@ -226,19 +226,27 @@ update_config '.linux.cgroupsPath |= "'"${OCI_CGROUPS_PATH}"'"' } -# Get a value from a cgroup file. -function get_cgroup_value() { - local source=$1 - local cgroup var current - +# Get a path to cgroup directory, based on controller name. +# Parameters: +# $1: controller name (like "pids") or a file name (like "pids.max"). +function get_cgroup_path() { if [ "$CGROUP_UNIFIED" = "yes" ]; then - cgroup=$CGROUP_PATH - else - var=${source%%.*} # controller name (e.g. memory) - var=CGROUP_${var^^}_BASE_PATH # variable name (e.g. CGROUP_MEMORY_BASE_PATH) - eval cgroup=\$"${var}${REL_CGROUPS_PATH}" + echo "$CGROUP_PATH" + return fi - cat "$cgroup/$source" + + local var cgroup + var=${1%%.*} # controller name (e.g. memory) + var=CGROUP_${var^^}_BASE_PATH # variable name (e.g. CGROUP_MEMORY_BASE_PATH) + eval cgroup=\$"${var}${REL_CGROUPS_PATH}" + echo "$cgroup" +} + +# Get a value from a cgroup file. +function get_cgroup_value() { + local cgroup + cgroup="$(get_cgroup_path "$1")" + cat "$cgroup/$1" } # Helper to check a if value in a cgroup file matches the expected one. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/tests/integration/mounts.bats new/runc-1.1.10/tests/integration/mounts.bats --- old/runc-1.1.9/tests/integration/mounts.bats 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/tests/integration/mounts.bats 2023-11-01 08:01:51.000000000 +0100 @@ -10,6 +10,24 @@ teardown_bundle } +# https://github.com/opencontainers/runc/issues/3991 +@test "runc run [tmpcopyup]" { + mkdir -p rootfs/dir1/dir2 + chmod 777 rootfs/dir1/dir2 + update_config ' .mounts += [{ + source: "tmpfs", + destination: "/dir1", + type: "tmpfs", + options: ["tmpcopyup"] + }] + | .process.args |= ["ls", "-ld", "/dir1/dir2"]' + + umask 022 + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == *'drwxrwxrwx'* ]] +} + @test "runc run [bind mount]" { update_config ' .mounts += [{ source: ".", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/vendor/github.com/mrunalp/fileutils/fileutils.go new/runc-1.1.10/vendor/github.com/mrunalp/fileutils/fileutils.go --- old/runc-1.1.9/vendor/github.com/mrunalp/fileutils/fileutils.go 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/vendor/github.com/mrunalp/fileutils/fileutils.go 2023-11-01 08:01:51.000000000 +0100 @@ -125,6 +125,7 @@ if err != nil { return nil } + destPath := filepath.Join(dest, relPath) if info.IsDir() { // Skip the source directory. @@ -138,18 +139,20 @@ uid := int(st.Uid) gid := int(st.Gid) - if err := os.Mkdir(filepath.Join(dest, relPath), info.Mode()); err != nil { + if err := os.Mkdir(destPath, info.Mode()); err != nil { return err } - - if err := os.Lchown(filepath.Join(dest, relPath), uid, gid); err != nil { + if err := os.Lchown(destPath, uid, gid); err != nil { + return err + } + if err := os.Chmod(destPath, info.Mode()); err != nil { return err } } return nil } - return CopyFile(path, filepath.Join(dest, relPath)) + return CopyFile(path, destPath) }) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/vendor/github.com/mrunalp/fileutils/idtools.go new/runc-1.1.10/vendor/github.com/mrunalp/fileutils/idtools.go --- old/runc-1.1.9/vendor/github.com/mrunalp/fileutils/idtools.go 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/vendor/github.com/mrunalp/fileutils/idtools.go 2023-11-01 08:01:51.000000000 +0100 @@ -49,6 +49,9 @@ if err := os.Chown(pathComponent, ownerUID, ownerGID); err != nil { return err } + if err := os.Chmod(pathComponent, mode); err != nil { + return err + } } return nil } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.9/vendor/modules.txt new/runc-1.1.10/vendor/modules.txt --- old/runc-1.1.9/vendor/modules.txt 2023-08-10 19:32:18.000000000 +0200 +++ new/runc-1.1.10/vendor/modules.txt 2023-11-01 08:01:51.000000000 +0100 @@ -32,7 +32,7 @@ # github.com/moby/sys/mountinfo v0.5.0 ## explicit; go 1.16 github.com/moby/sys/mountinfo -# github.com/mrunalp/fileutils v0.5.0 +# github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils # github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
