mirror of https://github.com/docker/cli.git
vendor: containerd c80284d4b5291a351bb471bcdabb5c1d95e7a583
full diff: 4d242818bf...c80284d4b5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
0d57a400b3
commit
458c2336c9
|
@ -3,7 +3,7 @@ github.com/agl/ed25519 5312a61534124124185d41f09206
|
||||||
github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
|
github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
|
||||||
github.com/beorn7/perks 37c8de3658fcb183f997c4e13e8337516ab753e6 # v1.0.1
|
github.com/beorn7/perks 37c8de3658fcb183f997c4e13e8337516ab753e6 # v1.0.1
|
||||||
github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 # v1.0.0
|
github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 # v1.0.0
|
||||||
github.com/containerd/containerd 4d242818bf55542e5d7876ca276fea83029e803c
|
github.com/containerd/containerd c80284d4b5291a351bb471bcdabb5c1d95e7a583 # master / v1.4.0-dev
|
||||||
github.com/containerd/continuity 26c1120b8d4107d2471b93ad78ef7ce1fc84c4c4
|
github.com/containerd/continuity 26c1120b8d4107d2471b93ad78ef7ce1fc84c4c4
|
||||||
github.com/containerd/cgroups 44306b6a1d46985d916b48b4199f93a378af314f
|
github.com/containerd/cgroups 44306b6a1d46985d916b48b4199f93a378af314f
|
||||||
github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12
|
github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
![containerd banner](https://raw.githubusercontent.com/cncf/artwork/master/projects/containerd/horizontal/color/containerd-horizontal-color.png)
|
![containerd banner](https://raw.githubusercontent.com/cncf/artwork/master/projects/containerd/horizontal/color/containerd-horizontal-color.png)
|
||||||
|
|
||||||
[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd)
|
[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd)
|
||||||
[![Build Status](https://travis-ci.org/containerd/containerd.svg?branch=master)](https://travis-ci.org/containerd/containerd)
|
[![Build Status](https://github.com/containerd/containerd/workflows/CI/badge.svg)](https://github.com/containerd/containerd/actions?query=workflow%3ACI)
|
||||||
[![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)
|
[![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)
|
||||||
![](https://github.com/containerd/containerd/workflows/Nightly/badge.svg)
|
[![Nightlies](https://github.com/containerd/containerd/workflows/Nightly/badge.svg)](https://github.com/containerd/containerd/actions?query=workflow%3ANightly)
|
||||||
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield)
|
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield)
|
||||||
[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd)
|
[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd)
|
||||||
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271)
|
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271)
|
||||||
|
|
|
@ -92,7 +92,11 @@ func NewLabeledStore(root string, ls LabelStore) (content.Store, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *store) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
|
func (s *store) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
|
||||||
p := s.blobPath(dgst)
|
p, err := s.blobPath(dgst)
|
||||||
|
if err != nil {
|
||||||
|
return content.Info{}, errors.Wrapf(err, "calculating blob info path")
|
||||||
|
}
|
||||||
|
|
||||||
fi, err := os.Stat(p)
|
fi, err := os.Stat(p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
|
@ -123,7 +127,10 @@ func (s *store) info(dgst digest.Digest, fi os.FileInfo, labels map[string]strin
|
||||||
|
|
||||||
// ReaderAt returns an io.ReaderAt for the blob.
|
// ReaderAt returns an io.ReaderAt for the blob.
|
||||||
func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
|
func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
|
||||||
p := s.blobPath(desc.Digest)
|
p, err := s.blobPath(desc.Digest)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrapf(err, "calculating blob path for ReaderAt")
|
||||||
|
}
|
||||||
fi, err := os.Stat(p)
|
fi, err := os.Stat(p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if !os.IsNotExist(err) {
|
if !os.IsNotExist(err) {
|
||||||
|
@ -150,7 +157,12 @@ func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.
|
||||||
// While this is safe to do concurrently, safe exist-removal logic must hold
|
// While this is safe to do concurrently, safe exist-removal logic must hold
|
||||||
// some global lock on the store.
|
// some global lock on the store.
|
||||||
func (s *store) Delete(ctx context.Context, dgst digest.Digest) error {
|
func (s *store) Delete(ctx context.Context, dgst digest.Digest) error {
|
||||||
if err := os.RemoveAll(s.blobPath(dgst)); err != nil {
|
bp, err := s.blobPath(dgst)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrapf(err, "calculating blob path for delete")
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := os.RemoveAll(bp); err != nil {
|
||||||
if !os.IsNotExist(err) {
|
if !os.IsNotExist(err) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -166,7 +178,11 @@ func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...str
|
||||||
return content.Info{}, errors.Wrapf(errdefs.ErrFailedPrecondition, "update not supported on immutable content store")
|
return content.Info{}, errors.Wrapf(errdefs.ErrFailedPrecondition, "update not supported on immutable content store")
|
||||||
}
|
}
|
||||||
|
|
||||||
p := s.blobPath(info.Digest)
|
p, err := s.blobPath(info.Digest)
|
||||||
|
if err != nil {
|
||||||
|
return content.Info{}, errors.Wrapf(err, "calculating blob path for update")
|
||||||
|
}
|
||||||
|
|
||||||
fi, err := os.Stat(p)
|
fi, err := os.Stat(p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
|
@ -512,7 +528,10 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di
|
||||||
// TODO(stevvooe): Need to actually store expected here. We have
|
// TODO(stevvooe): Need to actually store expected here. We have
|
||||||
// code in the service that shouldn't be dealing with this.
|
// code in the service that shouldn't be dealing with this.
|
||||||
if expected != "" {
|
if expected != "" {
|
||||||
p := s.blobPath(expected)
|
p, err := s.blobPath(expected)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "calculating expected blob path for writer")
|
||||||
|
}
|
||||||
if _, err := os.Stat(p); err == nil {
|
if _, err := os.Stat(p); err == nil {
|
||||||
return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", expected)
|
return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", expected)
|
||||||
}
|
}
|
||||||
|
@ -607,11 +626,17 @@ func (s *store) Abort(ctx context.Context, ref string) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *store) blobPath(dgst digest.Digest) string {
|
func (s *store) blobPath(dgst digest.Digest) (string, error) {
|
||||||
return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Hex())
|
if err := dgst.Validate(); err != nil {
|
||||||
|
return "", errors.Wrapf(errdefs.ErrInvalidArgument, "cannot calculate blob path from invalid digest: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Hex()), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *store) ingestRoot(ref string) string {
|
func (s *store) ingestRoot(ref string) string {
|
||||||
|
// we take a digest of the ref to keep the ingest paths constant length.
|
||||||
|
// Note that this is not the current or potential digest of incoming content.
|
||||||
dgst := digest.FromString(ref)
|
dgst := digest.FromString(ref)
|
||||||
return filepath.Join(s.root, "ingest", dgst.Hex())
|
return filepath.Join(s.root, "ingest", dgst.Hex())
|
||||||
}
|
}
|
||||||
|
|
|
@ -116,7 +116,7 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
|
||||||
|
|
||||||
var (
|
var (
|
||||||
ingest = filepath.Join(w.path, "data")
|
ingest = filepath.Join(w.path, "data")
|
||||||
target = w.s.blobPath(dgst)
|
target, _ = w.s.blobPath(dgst) // ignore error because we calculated this dgst
|
||||||
)
|
)
|
||||||
|
|
||||||
// make sure parent directories of blob exist
|
// make sure parent directories of blob exist
|
||||||
|
|
|
@ -51,43 +51,43 @@ var (
|
||||||
|
|
||||||
// IsInvalidArgument returns true if the error is due to an invalid argument
|
// IsInvalidArgument returns true if the error is due to an invalid argument
|
||||||
func IsInvalidArgument(err error) bool {
|
func IsInvalidArgument(err error) bool {
|
||||||
return errors.Cause(err) == ErrInvalidArgument
|
return errors.Is(err, ErrInvalidArgument)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsNotFound returns true if the error is due to a missing object
|
// IsNotFound returns true if the error is due to a missing object
|
||||||
func IsNotFound(err error) bool {
|
func IsNotFound(err error) bool {
|
||||||
return errors.Cause(err) == ErrNotFound
|
return errors.Is(err, ErrNotFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsAlreadyExists returns true if the error is due to an already existing
|
// IsAlreadyExists returns true if the error is due to an already existing
|
||||||
// metadata item
|
// metadata item
|
||||||
func IsAlreadyExists(err error) bool {
|
func IsAlreadyExists(err error) bool {
|
||||||
return errors.Cause(err) == ErrAlreadyExists
|
return errors.Is(err, ErrAlreadyExists)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsFailedPrecondition returns true if an operation could not proceed to the
|
// IsFailedPrecondition returns true if an operation could not proceed to the
|
||||||
// lack of a particular condition
|
// lack of a particular condition
|
||||||
func IsFailedPrecondition(err error) bool {
|
func IsFailedPrecondition(err error) bool {
|
||||||
return errors.Cause(err) == ErrFailedPrecondition
|
return errors.Is(err, ErrFailedPrecondition)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsUnavailable returns true if the error is due to a resource being unavailable
|
// IsUnavailable returns true if the error is due to a resource being unavailable
|
||||||
func IsUnavailable(err error) bool {
|
func IsUnavailable(err error) bool {
|
||||||
return errors.Cause(err) == ErrUnavailable
|
return errors.Is(err, ErrUnavailable)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsNotImplemented returns true if the error is due to not being implemented
|
// IsNotImplemented returns true if the error is due to not being implemented
|
||||||
func IsNotImplemented(err error) bool {
|
func IsNotImplemented(err error) bool {
|
||||||
return errors.Cause(err) == ErrNotImplemented
|
return errors.Is(err, ErrNotImplemented)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsCanceled returns true if the error is due to `context.Canceled`.
|
// IsCanceled returns true if the error is due to `context.Canceled`.
|
||||||
func IsCanceled(err error) bool {
|
func IsCanceled(err error) bool {
|
||||||
return errors.Cause(err) == context.Canceled
|
return errors.Is(err, context.Canceled)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsDeadlineExceeded returns true if the error is due to
|
// IsDeadlineExceeded returns true if the error is due to
|
||||||
// `context.DeadlineExceeded`.
|
// `context.DeadlineExceeded`.
|
||||||
func IsDeadlineExceeded(err error) bool {
|
func IsDeadlineExceeded(err error) bool {
|
||||||
return errors.Cause(err) == context.DeadlineExceeded
|
return errors.Is(err, context.DeadlineExceeded)
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,17 +20,14 @@ package sys
|
||||||
|
|
||||||
import "golang.org/x/sys/unix"
|
import "golang.org/x/sys/unix"
|
||||||
|
|
||||||
// EpollCreate1 directly calls unix.EpollCreate1
|
// EpollCreate1 is an alias for unix.EpollCreate1
|
||||||
func EpollCreate1(flag int) (int, error) {
|
// Deprecated: use golang.org/x/sys/unix.EpollCreate1
|
||||||
return unix.EpollCreate1(flag)
|
var EpollCreate1 = unix.EpollCreate1
|
||||||
}
|
|
||||||
|
|
||||||
// EpollCtl directly calls unix.EpollCtl
|
// EpollCtl is an alias for unix.EpollCtl
|
||||||
func EpollCtl(epfd int, op int, fd int, event *unix.EpollEvent) error {
|
// Deprecated: use golang.org/x/sys/unix.EpollCtl
|
||||||
return unix.EpollCtl(epfd, op, fd, event)
|
var EpollCtl = unix.EpollCtl
|
||||||
}
|
|
||||||
|
|
||||||
// EpollWait directly calls unix.EpollWait
|
// EpollWait is an alias for unix.EpollWait
|
||||||
func EpollWait(epfd int, events []unix.EpollEvent, msec int) (int, error) {
|
// Deprecated: use golang.org/x/sys/unix.EpollWait
|
||||||
return unix.EpollWait(epfd, events, msec)
|
var EpollWait = unix.EpollWait
|
||||||
}
|
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
/*
|
||||||
|
Copyright The containerd Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package sys
|
||||||
|
|
||||||
|
import "os"
|
||||||
|
|
||||||
|
// IsFifo checks if a file is a (named pipe) fifo
|
||||||
|
// if the file does not exist then it returns false
|
||||||
|
func IsFifo(path string) (bool, error) {
|
||||||
|
stat, err := os.Stat(path)
|
||||||
|
if err != nil {
|
||||||
|
if os.IsNotExist(err) {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
if stat.Mode()&os.ModeNamedPipe == os.ModeNamedPipe {
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
return false, nil
|
||||||
|
}
|
|
@ -26,8 +26,8 @@ import (
|
||||||
"syscall"
|
"syscall"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
winio "github.com/Microsoft/go-winio"
|
|
||||||
"github.com/Microsoft/hcsshim"
|
"github.com/Microsoft/hcsshim"
|
||||||
|
"golang.org/x/sys/windows"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -41,7 +41,8 @@ func MkdirAllWithACL(path string, perm os.FileMode) error {
|
||||||
return mkdirall(path, true)
|
return mkdirall(path, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
// MkdirAll implementation that is volume path aware for Windows.
|
// MkdirAll implementation that is volume path aware for Windows. It can be used
|
||||||
|
// as a drop-in replacement for os.MkdirAll()
|
||||||
func MkdirAll(path string, _ os.FileMode) error {
|
func MkdirAll(path string, _ os.FileMode) error {
|
||||||
return mkdirall(path, false)
|
return mkdirall(path, false)
|
||||||
}
|
}
|
||||||
|
@ -111,26 +112,26 @@ func mkdirall(path string, adminAndLocalSystem bool) error {
|
||||||
// mkdirWithACL creates a new directory. If there is an error, it will be of
|
// mkdirWithACL creates a new directory. If there is an error, it will be of
|
||||||
// type *PathError. .
|
// type *PathError. .
|
||||||
//
|
//
|
||||||
// This is a modified and combined version of os.Mkdir and syscall.Mkdir
|
// This is a modified and combined version of os.Mkdir and windows.Mkdir
|
||||||
// in golang to cater for creating a directory am ACL permitting full
|
// in golang to cater for creating a directory am ACL permitting full
|
||||||
// access, with inheritance, to any subfolder/file for Built-in Administrators
|
// access, with inheritance, to any subfolder/file for Built-in Administrators
|
||||||
// and Local System.
|
// and Local System.
|
||||||
func mkdirWithACL(name string) error {
|
func mkdirWithACL(name string) error {
|
||||||
sa := syscall.SecurityAttributes{Length: 0}
|
sa := windows.SecurityAttributes{Length: 0}
|
||||||
sd, err := winio.SddlToSecurityDescriptor(SddlAdministratorsLocalSystem)
|
sd, err := windows.SecurityDescriptorFromString(SddlAdministratorsLocalSystem)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &os.PathError{Op: "mkdir", Path: name, Err: err}
|
return &os.PathError{Op: "mkdir", Path: name, Err: err}
|
||||||
}
|
}
|
||||||
sa.Length = uint32(unsafe.Sizeof(sa))
|
sa.Length = uint32(unsafe.Sizeof(sa))
|
||||||
sa.InheritHandle = 1
|
sa.InheritHandle = 1
|
||||||
sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
|
sa.SecurityDescriptor = sd
|
||||||
|
|
||||||
namep, err := syscall.UTF16PtrFromString(name)
|
namep, err := windows.UTF16PtrFromString(name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &os.PathError{Op: "mkdir", Path: name, Err: err}
|
return &os.PathError{Op: "mkdir", Path: name, Err: err}
|
||||||
}
|
}
|
||||||
|
|
||||||
e := syscall.CreateDirectory(namep, &sa)
|
e := windows.CreateDirectory(namep, &sa)
|
||||||
if e != nil {
|
if e != nil {
|
||||||
return &os.PathError{Op: "mkdir", Path: name, Err: e}
|
return &os.PathError{Op: "mkdir", Path: name, Err: e}
|
||||||
}
|
}
|
||||||
|
@ -153,7 +154,7 @@ func IsAbs(path string) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// The origin of the functions below here are the golang OS and syscall packages,
|
// The origin of the functions below here are the golang OS and windows packages,
|
||||||
// slightly modified to only cope with files, not directories due to the
|
// slightly modified to only cope with files, not directories due to the
|
||||||
// specific use case.
|
// specific use case.
|
||||||
//
|
//
|
||||||
|
@ -185,74 +186,74 @@ func OpenFileSequential(name string, flag int, _ os.FileMode) (*os.File, error)
|
||||||
if name == "" {
|
if name == "" {
|
||||||
return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT}
|
return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT}
|
||||||
}
|
}
|
||||||
r, errf := syscallOpenFileSequential(name, flag, 0)
|
r, errf := windowsOpenFileSequential(name, flag, 0)
|
||||||
if errf == nil {
|
if errf == nil {
|
||||||
return r, nil
|
return r, nil
|
||||||
}
|
}
|
||||||
return nil, &os.PathError{Op: "open", Path: name, Err: errf}
|
return nil, &os.PathError{Op: "open", Path: name, Err: errf}
|
||||||
}
|
}
|
||||||
|
|
||||||
func syscallOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
|
func windowsOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
|
||||||
r, e := syscallOpenSequential(name, flag|syscall.O_CLOEXEC, 0)
|
r, e := windowsOpenSequential(name, flag|windows.O_CLOEXEC, 0)
|
||||||
if e != nil {
|
if e != nil {
|
||||||
return nil, e
|
return nil, e
|
||||||
}
|
}
|
||||||
return os.NewFile(uintptr(r), name), nil
|
return os.NewFile(uintptr(r), name), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeInheritSa() *syscall.SecurityAttributes {
|
func makeInheritSa() *windows.SecurityAttributes {
|
||||||
var sa syscall.SecurityAttributes
|
var sa windows.SecurityAttributes
|
||||||
sa.Length = uint32(unsafe.Sizeof(sa))
|
sa.Length = uint32(unsafe.Sizeof(sa))
|
||||||
sa.InheritHandle = 1
|
sa.InheritHandle = 1
|
||||||
return &sa
|
return &sa
|
||||||
}
|
}
|
||||||
|
|
||||||
func syscallOpenSequential(path string, mode int, _ uint32) (fd syscall.Handle, err error) {
|
func windowsOpenSequential(path string, mode int, _ uint32) (fd windows.Handle, err error) {
|
||||||
if len(path) == 0 {
|
if len(path) == 0 {
|
||||||
return syscall.InvalidHandle, syscall.ERROR_FILE_NOT_FOUND
|
return windows.InvalidHandle, windows.ERROR_FILE_NOT_FOUND
|
||||||
}
|
}
|
||||||
pathp, err := syscall.UTF16PtrFromString(path)
|
pathp, err := windows.UTF16PtrFromString(path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return syscall.InvalidHandle, err
|
return windows.InvalidHandle, err
|
||||||
}
|
}
|
||||||
var access uint32
|
var access uint32
|
||||||
switch mode & (syscall.O_RDONLY | syscall.O_WRONLY | syscall.O_RDWR) {
|
switch mode & (windows.O_RDONLY | windows.O_WRONLY | windows.O_RDWR) {
|
||||||
case syscall.O_RDONLY:
|
case windows.O_RDONLY:
|
||||||
access = syscall.GENERIC_READ
|
access = windows.GENERIC_READ
|
||||||
case syscall.O_WRONLY:
|
case windows.O_WRONLY:
|
||||||
access = syscall.GENERIC_WRITE
|
access = windows.GENERIC_WRITE
|
||||||
case syscall.O_RDWR:
|
case windows.O_RDWR:
|
||||||
access = syscall.GENERIC_READ | syscall.GENERIC_WRITE
|
access = windows.GENERIC_READ | windows.GENERIC_WRITE
|
||||||
}
|
}
|
||||||
if mode&syscall.O_CREAT != 0 {
|
if mode&windows.O_CREAT != 0 {
|
||||||
access |= syscall.GENERIC_WRITE
|
access |= windows.GENERIC_WRITE
|
||||||
}
|
}
|
||||||
if mode&syscall.O_APPEND != 0 {
|
if mode&windows.O_APPEND != 0 {
|
||||||
access &^= syscall.GENERIC_WRITE
|
access &^= windows.GENERIC_WRITE
|
||||||
access |= syscall.FILE_APPEND_DATA
|
access |= windows.FILE_APPEND_DATA
|
||||||
}
|
}
|
||||||
sharemode := uint32(syscall.FILE_SHARE_READ | syscall.FILE_SHARE_WRITE)
|
sharemode := uint32(windows.FILE_SHARE_READ | windows.FILE_SHARE_WRITE)
|
||||||
var sa *syscall.SecurityAttributes
|
var sa *windows.SecurityAttributes
|
||||||
if mode&syscall.O_CLOEXEC == 0 {
|
if mode&windows.O_CLOEXEC == 0 {
|
||||||
sa = makeInheritSa()
|
sa = makeInheritSa()
|
||||||
}
|
}
|
||||||
var createmode uint32
|
var createmode uint32
|
||||||
switch {
|
switch {
|
||||||
case mode&(syscall.O_CREAT|syscall.O_EXCL) == (syscall.O_CREAT | syscall.O_EXCL):
|
case mode&(windows.O_CREAT|windows.O_EXCL) == (windows.O_CREAT | windows.O_EXCL):
|
||||||
createmode = syscall.CREATE_NEW
|
createmode = windows.CREATE_NEW
|
||||||
case mode&(syscall.O_CREAT|syscall.O_TRUNC) == (syscall.O_CREAT | syscall.O_TRUNC):
|
case mode&(windows.O_CREAT|windows.O_TRUNC) == (windows.O_CREAT | windows.O_TRUNC):
|
||||||
createmode = syscall.CREATE_ALWAYS
|
createmode = windows.CREATE_ALWAYS
|
||||||
case mode&syscall.O_CREAT == syscall.O_CREAT:
|
case mode&windows.O_CREAT == windows.O_CREAT:
|
||||||
createmode = syscall.OPEN_ALWAYS
|
createmode = windows.OPEN_ALWAYS
|
||||||
case mode&syscall.O_TRUNC == syscall.O_TRUNC:
|
case mode&windows.O_TRUNC == windows.O_TRUNC:
|
||||||
createmode = syscall.TRUNCATE_EXISTING
|
createmode = windows.TRUNCATE_EXISTING
|
||||||
default:
|
default:
|
||||||
createmode = syscall.OPEN_EXISTING
|
createmode = windows.OPEN_EXISTING
|
||||||
}
|
}
|
||||||
// Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang.
|
// Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang.
|
||||||
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
|
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
|
||||||
const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
|
const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
|
||||||
h, e := syscall.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
|
h, e := windows.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
|
||||||
return h, e
|
return h, e
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -21,6 +21,7 @@ import (
|
||||||
"syscall"
|
"syscall"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
|
"github.com/containerd/containerd/log"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
)
|
)
|
||||||
|
@ -30,9 +31,8 @@ func FMountat(dirfd uintptr, source, target, fstype string, flags uintptr, data
|
||||||
var (
|
var (
|
||||||
sourceP, targetP, fstypeP, dataP *byte
|
sourceP, targetP, fstypeP, dataP *byte
|
||||||
pid uintptr
|
pid uintptr
|
||||||
ws unix.WaitStatus
|
|
||||||
err error
|
err error
|
||||||
errno syscall.Errno
|
errno, status syscall.Errno
|
||||||
)
|
)
|
||||||
|
|
||||||
sourceP, err = syscall.BytePtrFromString(source)
|
sourceP, err = syscall.BytePtrFromString(source)
|
||||||
|
@ -60,37 +60,62 @@ func FMountat(dirfd uintptr, source, target, fstype string, flags uintptr, data
|
||||||
runtime.LockOSThread()
|
runtime.LockOSThread()
|
||||||
defer runtime.UnlockOSThread()
|
defer runtime.UnlockOSThread()
|
||||||
|
|
||||||
|
var pipefds [2]int
|
||||||
|
if err := syscall.Pipe2(pipefds[:], syscall.O_CLOEXEC); err != nil {
|
||||||
|
return errors.Wrap(err, "failed to open pipe")
|
||||||
|
}
|
||||||
|
|
||||||
|
defer func() {
|
||||||
|
// close both ends of the pipe in a deferred function, since open file
|
||||||
|
// descriptor table is shared with child
|
||||||
|
syscall.Close(pipefds[0])
|
||||||
|
syscall.Close(pipefds[1])
|
||||||
|
}()
|
||||||
|
|
||||||
pid, errno = forkAndMountat(dirfd,
|
pid, errno = forkAndMountat(dirfd,
|
||||||
uintptr(unsafe.Pointer(sourceP)),
|
uintptr(unsafe.Pointer(sourceP)),
|
||||||
uintptr(unsafe.Pointer(targetP)),
|
uintptr(unsafe.Pointer(targetP)),
|
||||||
uintptr(unsafe.Pointer(fstypeP)),
|
uintptr(unsafe.Pointer(fstypeP)),
|
||||||
flags,
|
flags,
|
||||||
uintptr(unsafe.Pointer(dataP)))
|
uintptr(unsafe.Pointer(dataP)),
|
||||||
|
pipefds[1],
|
||||||
|
)
|
||||||
|
|
||||||
if errno != 0 {
|
if errno != 0 {
|
||||||
return errors.Wrap(errno, "failed to fork thread")
|
return errors.Wrap(errno, "failed to fork thread")
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = unix.Wait4(int(pid), &ws, 0, nil)
|
defer func() {
|
||||||
|
_, err := unix.Wait4(int(pid), nil, 0, nil)
|
||||||
for err == syscall.EINTR {
|
for err == syscall.EINTR {
|
||||||
_, err = unix.Wait4(int(pid), &ws, 0, nil)
|
_, err = unix.Wait4(int(pid), nil, 0, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrapf(err, "failed to find pid=%d process", pid)
|
log.L.WithError(err).Debugf("failed to find pid=%d process", pid)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
_, _, errno = syscall.RawSyscall(syscall.SYS_READ,
|
||||||
|
uintptr(pipefds[0]),
|
||||||
|
uintptr(unsafe.Pointer(&status)),
|
||||||
|
unsafe.Sizeof(status))
|
||||||
|
if errno != 0 {
|
||||||
|
return errors.Wrap(errno, "failed to read pipe")
|
||||||
}
|
}
|
||||||
|
|
||||||
errno = syscall.Errno(ws.ExitStatus())
|
if status != 0 {
|
||||||
if errno != 0 {
|
return errors.Wrap(status, "failed to mount")
|
||||||
return errors.Wrap(errno, "failed to mount")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// forkAndMountat will fork thread, change working dir and mount.
|
// forkAndMountat will fork thread, change working dir and mount.
|
||||||
//
|
//
|
||||||
// precondition: the runtime OS thread must be locked.
|
// precondition: the runtime OS thread must be locked.
|
||||||
func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr) (pid uintptr, errno syscall.Errno) {
|
func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr, pipefd int) (pid uintptr, errno syscall.Errno) {
|
||||||
|
|
||||||
// block signal during clone
|
// block signal during clone
|
||||||
beforeFork()
|
beforeFork()
|
||||||
|
|
||||||
|
@ -114,6 +139,7 @@ func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr)
|
||||||
_, _, errno = syscall.RawSyscall6(syscall.SYS_MOUNT, source, target, fstype, flags, data, 0)
|
_, _, errno = syscall.RawSyscall6(syscall.SYS_MOUNT, source, target, fstype, flags, data, 0)
|
||||||
|
|
||||||
childerr:
|
childerr:
|
||||||
|
_, _, errno = syscall.RawSyscall(syscall.SYS_WRITE, uintptr(pipefd), uintptr(unsafe.Pointer(&errno)), unsafe.Sizeof(errno))
|
||||||
syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
|
syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
|
||||||
panic("unreachable")
|
panic("unreachable")
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,8 +24,6 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/opencontainers/runc/libcontainer/system"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer
|
// OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer
|
||||||
|
@ -40,7 +38,7 @@ func SetOOMScore(pid, score int) error {
|
||||||
}
|
}
|
||||||
defer f.Close()
|
defer f.Close()
|
||||||
if _, err = f.WriteString(strconv.Itoa(score)); err != nil {
|
if _, err = f.WriteString(strconv.Itoa(score)); err != nil {
|
||||||
if os.IsPermission(err) && (system.RunningInUserNS() || RunningUnprivileged()) {
|
if os.IsPermission(err) && (RunningInUserNS() || RunningUnprivileged()) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -1,80 +0,0 @@
|
||||||
// +build linux
|
|
||||||
|
|
||||||
/*
|
|
||||||
Copyright The containerd Authors.
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package sys
|
|
||||||
|
|
||||||
import (
|
|
||||||
"bufio"
|
|
||||||
"fmt"
|
|
||||||
"os"
|
|
||||||
"strconv"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/opencontainers/runc/libcontainer/system"
|
|
||||||
)
|
|
||||||
|
|
||||||
const nanoSecondsPerSecond = 1e9
|
|
||||||
|
|
||||||
var clockTicksPerSecond = uint64(system.GetClockTicks())
|
|
||||||
|
|
||||||
// GetSystemCPUUsage returns the host system's cpu usage in
|
|
||||||
// nanoseconds. An error is returned if the format of the underlying
|
|
||||||
// file does not match.
|
|
||||||
//
|
|
||||||
// Uses /proc/stat defined by POSIX. Looks for the cpu
|
|
||||||
// statistics line and then sums up the first seven fields
|
|
||||||
// provided. See `man 5 proc` for details on specific field
|
|
||||||
// information.
|
|
||||||
func GetSystemCPUUsage() (uint64, error) {
|
|
||||||
var line string
|
|
||||||
f, err := os.Open("/proc/stat")
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
bufReader := bufio.NewReaderSize(nil, 128)
|
|
||||||
defer func() {
|
|
||||||
bufReader.Reset(nil)
|
|
||||||
f.Close()
|
|
||||||
}()
|
|
||||||
bufReader.Reset(f)
|
|
||||||
err = nil
|
|
||||||
for err == nil {
|
|
||||||
line, err = bufReader.ReadString('\n')
|
|
||||||
if err != nil {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
parts := strings.Fields(line)
|
|
||||||
switch parts[0] {
|
|
||||||
case "cpu":
|
|
||||||
if len(parts) < 8 {
|
|
||||||
return 0, fmt.Errorf("bad format of cpu stats")
|
|
||||||
}
|
|
||||||
var totalClockTicks uint64
|
|
||||||
for _, i := range parts[1:8] {
|
|
||||||
v, err := strconv.ParseUint(i, 10, 64)
|
|
||||||
if err != nil {
|
|
||||||
return 0, fmt.Errorf("error parsing cpu stats")
|
|
||||||
}
|
|
||||||
totalClockTicks += v
|
|
||||||
}
|
|
||||||
return (totalClockTicks * nanoSecondsPerSecond) /
|
|
||||||
clockTicksPerSecond, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 0, fmt.Errorf("bad stats format")
|
|
||||||
}
|
|
|
@ -1,69 +0,0 @@
|
||||||
// +build !windows
|
|
||||||
|
|
||||||
/*
|
|
||||||
Copyright The containerd Authors.
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package sys
|
|
||||||
|
|
||||||
import (
|
|
||||||
"golang.org/x/sys/unix"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Exit is the wait4 information from an exited process
|
|
||||||
type Exit struct {
|
|
||||||
Pid int
|
|
||||||
Status int
|
|
||||||
}
|
|
||||||
|
|
||||||
// Reap reaps all child processes for the calling process and returns their
|
|
||||||
// exit information
|
|
||||||
func Reap(wait bool) (exits []Exit, err error) {
|
|
||||||
var (
|
|
||||||
ws unix.WaitStatus
|
|
||||||
rus unix.Rusage
|
|
||||||
)
|
|
||||||
flag := unix.WNOHANG
|
|
||||||
if wait {
|
|
||||||
flag = 0
|
|
||||||
}
|
|
||||||
for {
|
|
||||||
pid, err := unix.Wait4(-1, &ws, flag, &rus)
|
|
||||||
if err != nil {
|
|
||||||
if err == unix.ECHILD {
|
|
||||||
return exits, nil
|
|
||||||
}
|
|
||||||
return exits, err
|
|
||||||
}
|
|
||||||
if pid <= 0 {
|
|
||||||
return exits, nil
|
|
||||||
}
|
|
||||||
exits = append(exits, Exit{
|
|
||||||
Pid: pid,
|
|
||||||
Status: exitStatus(ws),
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
const exitSignalOffset = 128
|
|
||||||
|
|
||||||
// exitStatus returns the correct exit status for a process based on if it
|
|
||||||
// was signaled or exited cleanly
|
|
||||||
func exitStatus(status unix.WaitStatus) int {
|
|
||||||
if status.Signaled() {
|
|
||||||
return exitSignalOffset + int(status.Signal())
|
|
||||||
}
|
|
||||||
return status.ExitStatus()
|
|
||||||
}
|
|
|
@ -1,52 +0,0 @@
|
||||||
/*
|
|
||||||
Copyright The containerd Authors.
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package sys
|
|
||||||
|
|
||||||
import (
|
|
||||||
"unsafe"
|
|
||||||
|
|
||||||
"golang.org/x/sys/unix"
|
|
||||||
)
|
|
||||||
|
|
||||||
// If arg2 is nonzero, set the "child subreaper" attribute of the
|
|
||||||
// calling process; if arg2 is zero, unset the attribute. When a
|
|
||||||
// process is marked as a child subreaper, all of the children
|
|
||||||
// that it creates, and their descendants, will be marked as
|
|
||||||
// having a subreaper. In effect, a subreaper fulfills the role
|
|
||||||
// of init(1) for its descendant processes. Upon termination of
|
|
||||||
// a process that is orphaned (i.e., its immediate parent has
|
|
||||||
// already terminated) and marked as having a subreaper, the
|
|
||||||
// nearest still living ancestor subreaper will receive a SIGCHLD
|
|
||||||
// signal and be able to wait(2) on the process to discover its
|
|
||||||
// termination status.
|
|
||||||
const setChildSubreaper = 36
|
|
||||||
|
|
||||||
// SetSubreaper sets the value i as the subreaper setting for the calling process
|
|
||||||
func SetSubreaper(i int) error {
|
|
||||||
return unix.Prctl(setChildSubreaper, uintptr(i), 0, 0, 0)
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetSubreaper returns the subreaper setting for the calling process
|
|
||||||
func GetSubreaper() (int, error) {
|
|
||||||
var i uintptr
|
|
||||||
|
|
||||||
if err := unix.Prctl(unix.PR_GET_CHILD_SUBREAPER, uintptr(unsafe.Pointer(&i)), 0, 0, 0); err != nil {
|
|
||||||
return -1, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return int(i), nil
|
|
||||||
}
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
/*
|
||||||
|
Copyright The containerd Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package sys
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bufio"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"sync"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
inUserNS bool
|
||||||
|
nsOnce sync.Once
|
||||||
|
)
|
||||||
|
|
||||||
|
// RunningInUserNS detects whether we are currently running in a user namespace.
|
||||||
|
// Originally copied from github.com/lxc/lxd/shared/util.go
|
||||||
|
func RunningInUserNS() bool {
|
||||||
|
nsOnce.Do(func() {
|
||||||
|
file, err := os.Open("/proc/self/uid_map")
|
||||||
|
if err != nil {
|
||||||
|
// This kernel-provided file only exists if user namespaces are supported
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer file.Close()
|
||||||
|
|
||||||
|
buf := bufio.NewReader(file)
|
||||||
|
l, _, err := buf.ReadLine()
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
line := string(l)
|
||||||
|
var a, b, c int64
|
||||||
|
fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We assume we are in the initial user namespace if we have a full
|
||||||
|
* range - 4294967295 uids starting at uid 0.
|
||||||
|
*/
|
||||||
|
if a == 0 && b == 0 && c == 4294967295 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
inUserNS = true
|
||||||
|
})
|
||||||
|
return inUserNS
|
||||||
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
// +build !linux
|
||||||
|
|
||||||
|
/*
|
||||||
|
Copyright The containerd Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package sys
|
||||||
|
|
||||||
|
// RunningInUserNS is a stub for non-Linux systems
|
||||||
|
// Always returns false
|
||||||
|
func RunningInUserNS() bool {
|
||||||
|
return false
|
||||||
|
}
|
|
@ -2,16 +2,16 @@ github.com/beorn7/perks 37c8de3658fcb183f997c4e13e83
|
||||||
github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1
|
github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1
|
||||||
github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
|
github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
|
||||||
github.com/containerd/btrfs 153935315f4ab9be5bf03650a1341454b05efa5d
|
github.com/containerd/btrfs 153935315f4ab9be5bf03650a1341454b05efa5d
|
||||||
github.com/containerd/cgroups 7347743e5d1e8500d9f27c8e748e689ed991d92b
|
github.com/containerd/cgroups b4448137398923af7f4918b8b2ad8249172ca7a6
|
||||||
github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6
|
github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 # v1.0.0
|
||||||
github.com/containerd/continuity 0ec596719c75bfd42908850990acea594b7593ac
|
github.com/containerd/continuity 0ec596719c75bfd42908850990acea594b7593ac
|
||||||
github.com/containerd/fifo bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13
|
github.com/containerd/fifo bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13
|
||||||
github.com/containerd/go-runc a5c2862aed5e6358b305b0e16bfce58e0549b1cd
|
github.com/containerd/go-runc a5c2862aed5e6358b305b0e16bfce58e0549b1cd
|
||||||
github.com/containerd/ttrpc 92c8520ef9f86600c650dd540266a007bf03670f
|
github.com/containerd/ttrpc 72bb1b21c5b0a4a107f59dd85f6ab58e564b68d6 # v1.0.1
|
||||||
github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
|
github.com/containerd/typeurl cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1
|
||||||
github.com/coreos/go-systemd/v22 2d78030078ef61b3cae27f42ad6d0e46db51b339 # v22.0.0
|
github.com/coreos/go-systemd/v22 2d78030078ef61b3cae27f42ad6d0e46db51b339 # v22.0.0
|
||||||
github.com/cpuguy83/go-md2man 7762f7e404f8416dfa1d9bb6a8c192aa9acb4d19 # v1.0.10
|
github.com/cpuguy83/go-md2man 7762f7e404f8416dfa1d9bb6a8c192aa9acb4d19 # v1.0.10
|
||||||
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
|
github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f
|
||||||
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
|
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
|
||||||
github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
|
github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
|
||||||
github.com/godbus/dbus/v5 37bf87eef99d69c4f1d3528bd66e3a87dc201472 # v5.0.3
|
github.com/godbus/dbus/v5 37bf87eef99d69c4f1d3528bd66e3a87dc201472 # v5.0.3
|
||||||
|
@ -25,65 +25,78 @@ github.com/hashicorp/errwrap 8a6fb523712970c966eefc6b39ed
|
||||||
github.com/hashicorp/go-multierror 886a7fbe3eb1c874d46f623bfa70af45f425b3d1 # v1.0.0
|
github.com/hashicorp/go-multierror 886a7fbe3eb1c874d46f623bfa70af45f425b3d1 # v1.0.0
|
||||||
github.com/hashicorp/golang-lru 7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
|
github.com/hashicorp/golang-lru 7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
|
||||||
github.com/imdario/mergo 7c29201646fa3de8506f701213473dd407f19646 # v0.3.7
|
github.com/imdario/mergo 7c29201646fa3de8506f701213473dd407f19646 # v0.3.7
|
||||||
github.com/konsorten/go-windows-terminal-sequences 5c8c8bd35d3832f5d134ae1e1e375b69a4d25242 # v1.0.1
|
github.com/konsorten/go-windows-terminal-sequences edb144dfd453055e1e49a3d8b410a660b5a87613 # v1.0.3
|
||||||
github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
|
github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
|
||||||
github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
|
github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
|
||||||
github.com/Microsoft/hcsshim 0b571ac85d7c5842b26d2571de4868634a4c39d7 # v0.8.7-24-g0b571ac8
|
github.com/Microsoft/hcsshim 5bc557dd210ff2caf615e6e22d398123de77fc11 # v0.8.9
|
||||||
github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7
|
github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7
|
||||||
github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
|
github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
|
||||||
github.com/opencontainers/runc dc9208a3303feef5b3839f4323d9beb36df0a9dd # v1.0.0-rc10
|
github.com/opencontainers/runc dc9208a3303feef5b3839f4323d9beb36df0a9dd # v1.0.0-rc10
|
||||||
github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db
|
github.com/opencontainers/runtime-spec c4ee7d12c742ffe806cd9350b6af3b4b19faed6f # v1.0.2
|
||||||
github.com/pkg/errors ba968bfe8b2f7e042a574c888954fccecfa385b4 # v0.8.1
|
github.com/pkg/errors 614d223910a179a466c1767a985424175c39b465 # v0.9.1
|
||||||
github.com/prometheus/client_golang c42bebe5a5cddfc6b28cd639103369d8a75dfa89 # v1.3.0
|
github.com/prometheus/client_golang c42bebe5a5cddfc6b28cd639103369d8a75dfa89 # v1.3.0
|
||||||
github.com/prometheus/client_model d1d2010b5beead3fa1c5f271a5cf626e40b3ad6e # v0.1.0
|
github.com/prometheus/client_model d1d2010b5beead3fa1c5f271a5cf626e40b3ad6e # v0.1.0
|
||||||
github.com/prometheus/common 287d3e634a1e550c9e463dd7e5a75a422c614505 # v0.7.0
|
github.com/prometheus/common 287d3e634a1e550c9e463dd7e5a75a422c614505 # v0.7.0
|
||||||
github.com/prometheus/procfs 6d489fc7f1d9cd890a250f3ea3431b1744b9623f # v0.0.8
|
github.com/prometheus/procfs 6d489fc7f1d9cd890a250f3ea3431b1744b9623f # v0.0.8
|
||||||
github.com/russross/blackfriday 05f3235734ad95d0016f6a23902f06461fcf567a # v1.5.2
|
github.com/russross/blackfriday 05f3235734ad95d0016f6a23902f06461fcf567a # v1.5.2
|
||||||
github.com/sirupsen/logrus 8bdbc7bcc01dcbb8ec23dc8a28e332258d25251f # v1.4.1
|
github.com/sirupsen/logrus 60c74ad9be0d874af0ab0daef6ab07c5c5911f0d # v1.6.0
|
||||||
github.com/syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2
|
github.com/syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2
|
||||||
github.com/urfave/cli bfe2e925cfb6d44b40ad3a779165ea7e8aff9212 # v1.22.0
|
github.com/urfave/cli bfe2e925cfb6d44b40ad3a779165ea7e8aff9212 # v1.22.0
|
||||||
go.etcd.io/bbolt a0458a2b35708eef59eb5f620ceb3cd1c01a824d # v1.3.3
|
go.etcd.io/bbolt a0458a2b35708eef59eb5f620ceb3cd1c01a824d # v1.3.3
|
||||||
go.opencensus.io 9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0
|
go.opencensus.io 9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0
|
||||||
golang.org/x/net f3200d17e092c607f615320ecaad13d87ad9a2b3
|
golang.org/x/net f3200d17e092c607f615320ecaad13d87ad9a2b3
|
||||||
golang.org/x/sync 42b317875d0fa942474b76e1b46a6060d720ae6e
|
golang.org/x/sync 42b317875d0fa942474b76e1b46a6060d720ae6e
|
||||||
golang.org/x/sys c990c680b611ac1aeb7d8f2af94a825f98d69720 https://github.com/golang/sys
|
golang.org/x/sys 5c8b2ff67527cb88b770f693cebf3799036d8bc0
|
||||||
golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
|
golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
|
||||||
google.golang.org/genproto e50cd9704f63023d62cd06a1994b98227fc4d21a
|
google.golang.org/genproto e50cd9704f63023d62cd06a1994b98227fc4d21a
|
||||||
google.golang.org/grpc f495f5b15ae7ccda3b38c53a1bfcde4c1a58a2bc # v1.27.1
|
google.golang.org/grpc f495f5b15ae7ccda3b38c53a1bfcde4c1a58a2bc # v1.27.1
|
||||||
gotest.tools 1083505acf35a0bd8a696b26837e1fb3187a7a83 # v2.3.0
|
gotest.tools/v3 bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2
|
||||||
|
|
||||||
|
# cgroups dependencies
|
||||||
|
github.com/cilium/ebpf 4032b1d8aae306b7bb94a2a11002932caf88c644
|
||||||
|
|
||||||
# cri dependencies
|
# cri dependencies
|
||||||
github.com/containerd/cri c0294ebfe0b4342db85c0faf7727ceb8d8c3afce # master
|
github.com/containerd/cri 65830369b6b2b4edc454bf5cebbd9b76c1c1ac66 # master
|
||||||
github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
|
|
||||||
github.com/containernetworking/cni 4cfb7b568922a3c79a23e438dc52fe537fc9687e # v0.7.1
|
|
||||||
github.com/containernetworking/plugins 9f96827c7cabb03f21d86326000c00f61e181f6a # v0.7.6
|
|
||||||
github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
|
github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
|
||||||
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
|
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
|
||||||
github.com/docker/docker d1d5f6476656c6aad457e2a91d3436e66b6f2251
|
github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f
|
||||||
github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
|
github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
|
||||||
github.com/emicklei/go-restful b993709ae1a4f6dd19cfa475232614441b11c9d5 # v2.9.5
|
github.com/emicklei/go-restful b993709ae1a4f6dd19cfa475232614441b11c9d5 # v2.9.5
|
||||||
github.com/google/gofuzz f140a6486e521aad38f5917de355cbf147cc0496 # v1.0.0
|
github.com/google/gofuzz db92cf7ae75e4a7a28abc005addab2b394362888 # v1.1.0
|
||||||
github.com/json-iterator/go 03217c3e97663914aec3faafde50d081f197a0a2 # v1.1.8
|
github.com/json-iterator/go 03217c3e97663914aec3faafde50d081f197a0a2 # v1.1.8
|
||||||
github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
|
github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
|
||||||
github.com/modern-go/reflect2 4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd # 1.0.1
|
github.com/modern-go/reflect2 4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd # 1.0.1
|
||||||
github.com/opencontainers/selinux 5215b1806f52b1fcc2070a8826c542c9d33cd3cf
|
github.com/opencontainers/selinux 0d49ba2a6aae052c614dfe5de62a158711a6c461 # 1.5.1
|
||||||
github.com/seccomp/libseccomp-golang 689e3c1541a84461afc49c1c87352a6cedf72e9c # v0.9.1
|
github.com/seccomp/libseccomp-golang 689e3c1541a84461afc49c1c87352a6cedf72e9c # v0.9.1
|
||||||
github.com/stretchr/testify 221dbe5ed46703ee255b1da0dec05086f5035f62 # v1.4.0
|
github.com/stretchr/testify 221dbe5ed46703ee255b1da0dec05086f5035f62 # v1.4.0
|
||||||
github.com/tchap/go-patricia 666120de432aea38ab06bd5c818f04f4129882c9 # v2.2.6
|
github.com/tchap/go-patricia 666120de432aea38ab06bd5c818f04f4129882c9 # v2.2.6
|
||||||
golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382
|
golang.org/x/crypto bac4c82f69751a6dd76e702d54b3ceb88adab236
|
||||||
golang.org/x/oauth2 0f29369cfe4552d0e4bcddc57cc75f4d7e672a33
|
golang.org/x/oauth2 0f29369cfe4552d0e4bcddc57cc75f4d7e672a33
|
||||||
golang.org/x/time 9d24e82272b4f38b78bc8cff74fa936d31ccd8ef
|
golang.org/x/time 9d24e82272b4f38b78bc8cff74fa936d31ccd8ef
|
||||||
gopkg.in/inf.v0 d2d2541c53f18d2a059457998ce2876cc8e67cbf # v0.9.1
|
gopkg.in/inf.v0 d2d2541c53f18d2a059457998ce2876cc8e67cbf # v0.9.1
|
||||||
gopkg.in/yaml.v2 53403b58ad1b561927d19068c655246f2db79d48 # v2.2.8
|
gopkg.in/yaml.v2 53403b58ad1b561927d19068c655246f2db79d48 # v2.2.8
|
||||||
k8s.io/api 7643814f1c97f24ccfb38c2b85a7bb3c7f494346 # kubernetes-1.17.1
|
k8s.io/api d2dce8e1788e4be2be3a62b6439b3eaa087df0df # v0.18.0
|
||||||
k8s.io/apimachinery 79c2a76c473a20cdc4ce59cae4b72529b5d9d16b # kubernetes-1.17.1
|
k8s.io/apimachinery 105e0c6d63f10531ed07f3b5a2195771a0fa444b # v0.18.0
|
||||||
k8s.io/apiserver 5381f05fcb881d39af12eeecab5645364229300c # kubernetes-1.17.1
|
k8s.io/apiserver 5c8e895629a454efd75a453d1dea5b8142db0013 # v0.18.0
|
||||||
k8s.io/client-go 69012f50f4b0243bccdb82c24402a10224a91f51 # kubernetes-1.17.1
|
k8s.io/client-go 0b19784585bd0a0ee5509855829ead81feaa2bdc # v0.18.0
|
||||||
k8s.io/cri-api 775aa3c1cf7380ba8b7362f5a52f1e6d2e130bb9 # kubernetes-1.17.1
|
k8s.io/cri-api 3d1680d8d202aa12c5dc5689170c3c03a488d35b # v0.18.0
|
||||||
k8s.io/klog 2ca9ad30301bf30a8a6e0fa2110db6b8df699a91 # v1.0.0
|
k8s.io/klog 2ca9ad30301bf30a8a6e0fa2110db6b8df699a91 # v1.0.0
|
||||||
k8s.io/kubernetes d224476cd0730baca2b6e357d144171ed74192d6 # v1.17.1
|
k8s.io/kubernetes 9e991415386e4cf155a24b1da15becaa390438d8 # v1.18.0
|
||||||
k8s.io/utils e782cd3c129fc98ee807f3c889c0f26eb7c9daf5
|
k8s.io/utils a9aa75ae1b89e1b992c33383f48e942d97e52dae
|
||||||
sigs.k8s.io/yaml fd68e9863619f6ec2fdd8625fe1f02e7c877e480 # v1.1.0
|
sigs.k8s.io/structured-merge-diff/v3 877aee05330847a873a1a8998b40e12a1e0fde25 # v3.0.0
|
||||||
|
sigs.k8s.io/yaml 9fc95527decd95bb9d28cc2eab08179b2d0f6971 # v1.2.0
|
||||||
|
|
||||||
|
# cni dependencies
|
||||||
|
github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
|
||||||
|
github.com/containernetworking/cni 4cfb7b568922a3c79a23e438dc52fe537fc9687e # v0.7.1
|
||||||
|
github.com/containernetworking/plugins 9f96827c7cabb03f21d86326000c00f61e181f6a # v0.7.6
|
||||||
|
github.com/fsnotify/fsnotify 4bf2d1fec78374803a39307bfb8d340688f4f28e # v1.4.8
|
||||||
|
|
||||||
|
# image decrypt depedencies
|
||||||
|
github.com/containerd/imgcrypt 9e761ccd6069fb707ec9493435f31475b5524b38 # v1.0.1
|
||||||
|
github.com/containers/ocicrypt 0343cc6053fd65069df55bce6838096e09b4033a # v1.0.1 from containerd/imgcrypt
|
||||||
|
github.com/fullsailor/pkcs7 8306686428a5fe132eac8cb7c4848af725098bd4 # from containers/ocicrypt
|
||||||
|
gopkg.in/square/go-jose.v2 730df5f748271903322feb182be83b43ebbbe27d # v2.3.1 from containers/ocicrypt
|
||||||
|
|
||||||
# zfs dependencies
|
# zfs dependencies
|
||||||
github.com/containerd/zfs 9abf673ca6ff9ab8d9bd776a4ceff8f6dc699c3d
|
github.com/containerd/zfs 9abf673ca6ff9ab8d9bd776a4ceff8f6dc699c3d
|
||||||
|
@ -91,6 +104,3 @@ github.com/mistifyio/go-zfs f784269be439d704d3dfa1906f45
|
||||||
|
|
||||||
# aufs dependencies
|
# aufs dependencies
|
||||||
github.com/containerd/aufs 371312c1e31c210a21e49bf3dfd3f31729ed9f2f
|
github.com/containerd/aufs 371312c1e31c210a21e49bf3dfd3f31729ed9f2f
|
||||||
|
|
||||||
# cgroups dependencies
|
|
||||||
github.com/cilium/ebpf 60c3aa43f488292fe2ee50fb8b833b383ca8ebbb
|
|
||||||
|
|
Loading…
Reference in New Issue