From 6f4af8b641e84180ca1408fdf676373a4d90844b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 16 Jul 2024 22:20:39 +0200 Subject: [PATCH] deprecate RunningInUserNS(), migrate to github.com/moby/sys/userns The userns package in libcontainer was integrated into the moby/sys/user module at commit 3778ae603c706494fd1e2c2faf83b406e38d687d. The userns package is used in many places, and currently either depends on runc/libcontainer, or on containerd, both of which have a complex dependency tree. This patch is part of a series of patches to unify the implementations, and to migrate toward that implementation to simplify the dependency tree. [3778ae603c706494fd1e2c2faf83b406e38d687d]: https://github.com/opencontainers/runc/commit/3778ae603c706494fd1e2c2faf83b406e38d687d Signed-off-by: Sebastiaan van Stijn --- cgroup1/subsystem.go | 4 ++-- cgroup1/utils.go | 3 ++- cmd/go.mod | 1 + cmd/go.sum | 2 ++ go.mod | 1 + go.sum | 2 ++ utils.go | 34 ++++------------------------------ 7 files changed, 14 insertions(+), 33 deletions(-) diff --git a/cgroup1/subsystem.go b/cgroup1/subsystem.go index d32ea2ca..59ff0290 100644 --- a/cgroup1/subsystem.go +++ b/cgroup1/subsystem.go @@ -20,8 +20,8 @@ import ( "fmt" "os" - "github.com/containerd/cgroups/v3" v1 "github.com/containerd/cgroups/v3/cgroup1/stats" + "github.com/moby/sys/userns" specs "github.com/opencontainers/runtime-spec/specs-go" ) @@ -60,7 +60,7 @@ func Subsystems() []Name { Blkio, Rdma, } - if !cgroups.RunningInUserNS() { + if !userns.RunningInUserNS() { n = append(n, Devices) } if _, err := os.Stat("/sys/kernel/mm/hugepages"); err == nil { diff --git a/cgroup1/utils.go b/cgroup1/utils.go index 5d4fe322..264c3d50 100644 --- a/cgroup1/utils.go +++ b/cgroup1/utils.go @@ -28,6 +28,7 @@ import ( "github.com/containerd/cgroups/v3" units "github.com/docker/go-units" + "github.com/moby/sys/userns" specs "github.com/opencontainers/runtime-spec/specs-go" ) @@ -53,7 +54,7 @@ func defaults(root string) ([]Subsystem, error) { } // only add the devices cgroup if we are not in a user namespace // because modifications are not allowed - if !cgroups.RunningInUserNS() { + if !userns.RunningInUserNS() { s = append(s, NewDevices(root)) } // add the hugetlb cgroup if error wasn't due to missing hugetlb diff --git a/cmd/go.mod b/cmd/go.mod index 6fc979c2..355bd22c 100644 --- a/cmd/go.mod +++ b/cmd/go.mod @@ -15,6 +15,7 @@ require ( github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect github.com/godbus/dbus/v5 v5.0.4 // indirect + github.com/moby/sys/userns v0.1.0 // indirect github.com/opencontainers/runtime-spec v1.0.2 // indirect github.com/russross/blackfriday/v2 v2.0.1 // indirect github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect diff --git a/cmd/go.sum b/cmd/go.sum index dec8b15a..c73b9003 100644 --- a/cmd/go.sum +++ b/cmd/go.sum @@ -20,6 +20,8 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/go.mod b/go.mod index 0979ca8e..e3d1fa9b 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/coreos/go-systemd/v22 v22.3.2 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.0.4 + github.com/moby/sys/userns v0.1.0 github.com/opencontainers/runtime-spec v1.0.2 github.com/stretchr/testify v1.8.4 go.uber.org/goleak v1.1.12 diff --git a/go.sum b/go.sum index e0582b12..d84b73dc 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/utils.go b/utils.go index ebff755a..6b4d04fd 100644 --- a/utils.go +++ b/utils.go @@ -25,12 +25,11 @@ import ( "strings" "sync" + "github.com/moby/sys/userns" "golang.org/x/sys/unix" ) var ( - nsOnce sync.Once - inUserNS bool checkMode sync.Once cgMode CGMode ) @@ -77,35 +76,10 @@ func Mode() CGMode { // RunningInUserNS detects whether we are currently running in a user namespace. // Copied from github.com/lxc/lxd/shared/util.go +// +// Deprecated: use [userns.RunningInUserNS]. func RunningInUserNS() bool { - nsOnce.Do(func() { - file, err := os.Open("/proc/self/uid_map") - if err != nil { - // This kernel-provided file only exists if user namespaces are supported - return - } - defer file.Close() - - buf := bufio.NewReader(file) - l, _, err := buf.ReadLine() - if err != nil { - return - } - - line := string(l) - var a, b, c int64 - fmt.Sscanf(line, "%d %d %d", &a, &b, &c) - - /* - * We assume we are in the initial user namespace if we have a full - * range - 4294967295 uids starting at uid 0. - */ - if a == 0 && b == 0 && c == 4294967295 { - return - } - inUserNS = true - }) - return inUserNS + return userns.RunningInUserNS() } // ParseCgroupFileUnified returns legacy subsystem paths as the first value,