pkg/archive: use containerd/sys to detect UserNamespaces
The implementation in libcontainer/system is quite complicated, and we only use it to detect if user-namespaces are enabled. In addition, the implementation in containerd uses a sync.Once, so that detection (and reading/parsing `/proc/self/uid_map`) is only performed once. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
parent
4534a7afc3
commit
f7d5d70e44
4 changed files with 9 additions and 9 deletions
|
|
@ -9,10 +9,10 @@ import (
|
|||
"syscall"
|
||||
"testing"
|
||||
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/docker/docker/pkg/reexec"
|
||||
"github.com/docker/docker/pkg/system"
|
||||
"github.com/moby/sys/mount"
|
||||
rsystem "github.com/opencontainers/runc/libcontainer/system"
|
||||
"github.com/pkg/errors"
|
||||
"golang.org/x/sys/unix"
|
||||
"gotest.tools/v3/assert"
|
||||
|
|
@ -30,7 +30,7 @@ import (
|
|||
// └── f1 # whiteout, 0644
|
||||
func setupOverlayTestDir(t *testing.T, src string) {
|
||||
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
||||
skip.If(t, rsystem.RunningInUserNS(), "skipping test that requires initial userns (trusted.overlay.opaque xattr cannot be set in userns, even with Ubuntu kernel)")
|
||||
skip.If(t, sys.RunningInUserNS(), "skipping test that requires initial userns (trusted.overlay.opaque xattr cannot be set in userns, even with Ubuntu kernel)")
|
||||
// Create opaque directory containing single file and permission 0700
|
||||
err := os.Mkdir(filepath.Join(src, "d1"), 0700)
|
||||
assert.NilError(t, err)
|
||||
|
|
@ -248,7 +248,7 @@ func isOpaque(dir string) error {
|
|||
|
||||
func TestReexecUserNSOverlayWhiteoutConverter(t *testing.T) {
|
||||
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
||||
skip.If(t, rsystem.RunningInUserNS(), "skipping test that requires initial userns")
|
||||
skip.If(t, sys.RunningInUserNS(), "skipping test that requires initial userns")
|
||||
if err := supportsUserNSOverlay(); err != nil {
|
||||
t.Skipf("skipping test that requires kernel support for overlay-in-userns: %v", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/docker/docker/pkg/ioutils"
|
||||
rsystem "github.com/opencontainers/runc/libcontainer/system"
|
||||
"gotest.tools/v3/assert"
|
||||
is "gotest.tools/v3/assert/cmp"
|
||||
"gotest.tools/v3/skip"
|
||||
|
|
@ -1230,7 +1230,7 @@ func TestReplaceFileTarWrapper(t *testing.T) {
|
|||
// version of this package that was built with <=go17 are still readable.
|
||||
func TestPrefixHeaderReadable(t *testing.T) {
|
||||
skip.If(t, runtime.GOOS != "windows" && os.Getuid() != 0, "skipping test that requires root")
|
||||
skip.If(t, rsystem.RunningInUserNS(), "skipping test that requires more than 010000000 UIDs, which is unlikely to be satisfied when running in userns")
|
||||
skip.If(t, sys.RunningInUserNS(), "skipping test that requires more than 010000000 UIDs, which is unlikely to be satisfied when running in userns")
|
||||
// https://gist.github.com/stevvooe/e2a790ad4e97425896206c0816e1a882#file-out-go
|
||||
var testFile = []byte("\x1f\x8b\x08\x08\x44\x21\x68\x59\x00\x03\x74\x2e\x74\x61\x72\x00\x4b\xcb\xcf\x67\xa0\x35\x30\x80\x00\x86\x06\x10\x47\x01\xc1\x37\x40\x00\x54\xb6\xb1\xa1\xa9\x99\x09\x48\x25\x1d\x40\x69\x71\x49\x62\x91\x02\xe5\x76\xa1\x79\x84\x21\x91\xd6\x80\x72\xaf\x8f\x82\x51\x30\x0a\x46\x36\x00\x00\xf0\x1c\x1e\x95\x00\x06\x00\x00")
|
||||
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ import (
|
|||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/docker/docker/pkg/system"
|
||||
rsystem "github.com/opencontainers/runc/libcontainer/system"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
|
|
@ -81,7 +81,7 @@ func getFileUIDGID(stat interface{}) (idtools.Identity, error) {
|
|||
// handleTarTypeBlockCharFifo is an OS-specific helper function used by
|
||||
// createTarFile to handle the following types of header: Block; Char; Fifo
|
||||
func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
|
||||
if rsystem.RunningInUserNS() {
|
||||
if sys.RunningInUserNS() {
|
||||
// cannot create a device if running in user namespace
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ import (
|
|||
"syscall"
|
||||
"testing"
|
||||
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/docker/docker/pkg/system"
|
||||
rsystem "github.com/opencontainers/runc/libcontainer/system"
|
||||
"golang.org/x/sys/unix"
|
||||
"gotest.tools/v3/assert"
|
||||
is "gotest.tools/v3/assert/cmp"
|
||||
|
|
@ -184,7 +184,7 @@ func getInode(path string) (uint64, error) {
|
|||
|
||||
func TestTarWithBlockCharFifo(t *testing.T) {
|
||||
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
||||
skip.If(t, rsystem.RunningInUserNS(), "skipping test that requires initial userns")
|
||||
skip.If(t, sys.RunningInUserNS(), "skipping test that requires initial userns")
|
||||
origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
|
||||
assert.NilError(t, err)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue