We recently updated golangci-lint, which is checking for some
additional linting rules, causing a failure in code that was
just merged to master; 5bd02b8a86
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It makes sense to use mount package here because
- it no longer requires /proc to be mounted
- it provides verbose errors so the caller doesn't have to
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was added in PR #6669 (commit f87afda123) because it was
otherwise impossible to do a re-mount of already mounted file system.
It is way better to just remove the Mounted() check altogether.
This change might potentially lead to multiple mounts to the same
mount point, so I audited all the users (except tests) and it looks
like no one is doing that:
* volume/local maintains 'mounted' flag for every volume
* pkg/chrootarchive already calls Mounted() before Mount()
(so it actually parsed /proc/self/mountinfo twice, oops!)
* daemon.mountVolumes() is called for docker cp only, and
it is called once
* daemon/graphdriver/zfs keeps track of 'mounted' status
* daemon/graphdriver/devmapper: ditto
* daemon.createSecretsDir() is only called once during container start
Surely I might have easily missed something so this needs a careful
review.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Calling mount.Mounted() after an error from Unmount() is
questionable -- if umount failed, the mount is probably
still there anyway, it doesn't make sense to check it.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
1. Call to mount.Mounted() is very expensive and it's redundant
to call it before Unmount().
2. Calling mount.Mounted() after an error from Unmount() is
questionable -- if umount failed, the mount is probably
still there anyway, it doesn't make sense to check it.
This should result in faster code with no change in functionality.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This function was added in 9c4570a958,
but appears to never have been used.
Removing it, as it's not used in the codebase and, from a quick
search on GitHub, also doesn't look to be used by other projects.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
follow-up to 069fdc8a08, replacing
more uses of the syscall package in favor of their "windows"
equivalents in golang.org/x/sys.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
lgetxattr(2) man page says:
> If size is specified as zero, these calls return the current size of
> the named extended attribute (and leave value unchanged). This can be
> used to determine the size of the buffer that should be supplied in a
> subsequent call. (But, bear in mind that there is a possibility that
> the attribute value may change between the two calls, so that it is
> still necessary to check the return status from the second call.)
The current code does not handle the case when the size changes between
the two calls, and the new size is larger.
Fix the above problem, and slightly simplify the code.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
enable resource limitation by disabling cgroup v1 warnings
resource limitation still doesn't work with rootless mode (even with systemd mode)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
If `unix.Lgetxattr` returns an error, then `sz == -1` which will cause a
runtime panic if `errno == unix.ERANGE`.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
This clarifies comments about static linking made in commit a8608b5b67.
1. There are two ways to create a static binary, one is to disable
cgo, the other is to set linker flags. When cgo is disabled,
there is no need to use osusergo build tag.
2. osusergo only needs to be set when linking against glibc.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
TL;DR: there is no way to do this right.
We do know that in some combination of build tags set (or unset),
linker flags, environment variables, and libc implementation,
this package won't work right. In fact, there is one specific
combination:
1. `CGO_ENABLED=1` (or unset)
2. static binary is being built (e.g. `go build` is run with `-extldflags -static`)
3. `go build` links the binary against glibc
4. `osusergo` is not set
This particular combination results in the following legitimate linker warning:
> cgo_lookup_unix.go: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
If this warning is ignored and the resulting binary is used on a system
with files from a different glibc version (or without those files), it
could result in a segfault.
The commit being reverted tried to guard against such possibility,
but the problem is, we can only use build tags to account for items
1 and 4 from the above list, while items 2 and 3 do not result in
any build tags being set or unset, making this guard excessive.
Remove it.
This reverts commit 023b072288.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
