Commit graph

2992 commits

Author SHA1 Message Date
Sebastiaan van Stijn
9ff990a2b9
pkg/chrootarchive: use containerd/sys to detect UserNamespaces
The implementation in libcontainer/system is quite complicated,
and we only use it to detect if user-namespaces are enabled.

In addition, the implementation in containerd uses a sync.Once,
so that detection (and reading/parsing `/proc/self/uid_map`) is
only performed once.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-15 13:07:23 +02:00
Sebastiaan van Stijn
f7d5d70e44
pkg/archive: use containerd/sys to detect UserNamespaces
The implementation in libcontainer/system is quite complicated,
and we only use it to detect if user-namespaces are enabled.

In addition, the implementation in containerd uses a sync.Once,
so that detection (and reading/parsing `/proc/self/uid_map`) is
only performed once.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-15 13:06:47 +02:00
Sebastiaan van Stijn
3aac5f0bbb
Merge pull request #41018 from akhilerm/identity-mapping
remove group name from identity mapping
2020-06-08 15:15:05 +02:00
Akhil Mohan
7ad0da7051
remove group name from identity mapping
NewIdentityMapping took group name as an argument, and used
the group name also to parse the /etc/sub{uid,gui}. But as per
linux man pages, the sub{uid,gid} file maps username or uid,
not a group name.

Therefore, all occurrences where mapping is used need to
consider only username and uid. Code trying to map using gid
and group name in the daemon is also removed.

Signed-off-by: Akhil Mohan <akhil.mohan@mayadata.io>
2020-06-03 20:04:42 +05:30
Akihiro Suda
41ac6bef8d
Merge pull request #41026 from XiaodongLoong/master
fix "stat.Rdev" invalid operation mismatched types on mips64el
2020-05-26 16:51:31 +09:00
Xiaodong Liu
a366fe41cb fix "stat.Rdev" invalid operation mismatched types on mips64el
compile error the "stat.Rdev" variable and "s.Rdev" mismatched types on mips64el
convert "stat.Rdev" type to uint64 explicitly

Signed-off-by: Xiaodong Liu <liuxiaodong@loongson.cn>
2020-05-26 14:50:06 +08:00
Kir Kolyshkin
d5da7e5330 pkg/sysinfo/sysinfo_linux.go: fix some comments
Some were misleading or vague, some were plain wrong.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-05-22 13:13:27 -07:00
Kir Kolyshkin
f02a53d6b9 pkg/sysinfo.applyPIDSCgroupInfo: optimize
For some reason, commit 69cf03700f chose not to use information
already fetched, and called cgroups.FindCgroupMountpoint() instead.
This is not a cheap call, as it has to parse the whole nine yards
of /proc/self/mountinfo, and the info which it tries to get (whether
the pids controller is present) is already available from cgMounts map.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-05-22 13:13:27 -07:00
Gaurav Singh
2a331a5ef7 rm_test: fix goroutine leak
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
2020-05-18 20:58:26 -04:00
Akihiro Suda
6a5e3547fb pkg/archive: escape ":" symbol in overlay lowerdir
lowerdir needs escaping:
https://github.com/torvalds/linux/blob/v5.4/fs/overlayfs/super.c#L835-L853

Fix #40939

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-05-12 13:28:04 +09:00
Brian Goff
35bf4f87d9 Don't use ini() to set unpigz path
`func init()` is evil here, and the logrus calls are being made before
the logger is even setup.
It also means in order to use pigz you have to restart the daemon.

Instead this takes a small hit and resolves pigz on each extraction.
In the grand scheme of decompressing this is a very small hit.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-05-09 09:51:30 -07:00
Tibor Vass
751d5f879a
Merge pull request #40646 from thaJeztah/builder_use_pkg_sys_windows
pkg/system: deprecate SetNamedSecurityInfo, GetSecurityDescriptorDacl
2020-05-08 08:21:17 -07:00
Brian Goff
232ebf7fa4
Merge pull request #40868 from thaJeztah/what_is_the_cause
Replace errors.Cause() with errors.Is() / errors.As()
2020-05-07 11:33:26 -07:00
Brian Goff
f6163d3f7a
Merge pull request #40673 from kolyshkin/scan
Simplify daemon.overlaySupportsSelinux(), fix use of bufio.Scanner.Err()
2020-04-29 17:18:37 -07:00
Sebastiaan van Stijn
c3b3aedfa4
Merge pull request #40662 from AkihiroSuda/cgroup2-dockerinfo
cgroup2: implement `docker info`
2020-04-29 22:57:00 +02:00
Sebastiaan van Stijn
07d60bc257
Replace errors.Cause() with errors.Is() / errors.As()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-29 00:28:41 +02:00
Sebastiaan van Stijn
8312004f41
remove uses of deprecated pkg/term
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 16:29:27 +02:00
Sebastiaan van Stijn
41d4112e89
pkg/term: vendor moby/term and make pkg/term an alias
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 16:29:19 +02:00
Sebastiaan van Stijn
701b39f5f0
pkg/term: deprecate package in favor of moby/term
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 16:24:18 +02:00
Brian Goff
71626b7bdf
Merge pull request #40766 from thaJeztah/lcow_build_tag
LCOW: add "no_lcow" build tag to allow disabling lcow
2020-04-20 10:43:53 -07:00
Akihiro Suda
f350b53241 cgroup2: implement docker info
ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-17 07:20:01 +09:00
Brian Goff
620bce847d
Merge pull request #40749 from DanielQujun/zombie_check_for_container
add zombie check for container when killing it
2020-04-16 12:01:58 -07:00
Sebastiaan van Stijn
7d0e9399a3
Merge pull request #39728 from bamarni/term-proxy-pty
Support reading multiple bytes in escapeProxy
2020-04-16 09:21:40 +02:00
Sebastiaan van Stijn
33e8670ae0
Merge pull request #40786 from alanhoyle/master
Fixed typo in inventor comments.
2020-04-15 16:27:32 +02:00
屈骏
f3c1eec99e add zombie check for container when killing it, alernative fix for #40735.
Signed-off-by: 屈骏 <qujun@tiduyun.com>
2020-04-10 16:46:31 +08:00
Roman Mazur
f2c432636b
pkg/authorization: Fix test failures on macOS
On macOS, unit tests were failing with

root@c4101a75c792:/go/src/github.com/docker/docker/pkg/authorization# go test .
--- FAIL: TestAuthZRequestPluginError (0.00s)
    authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long
--- FAIL: TestAuthZRequestPlugin (0.00s)
    authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long
--- FAIL: TestAuthZResponsePlugin (0.00s)
    authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long
time="2020-04-07T10:07:04Z" level=warning msg="Request body is larger than: '1048576' skipping body"
--- FAIL: TestMiddlewareWrapHandler (0.00s)
    authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long
FAIL
FAIL	github.com/docker/docker/pkg/authorization	0.120s

This change moves the socket creation from a working test directory to a tmp directory,
so the path is shorter.

Change-type: patch
Signed-off-by: Roman Mazur <roman@balena.io>
2020-04-08 13:06:50 +03:00
Alan Hoyle
06ca1606e1 Fixed typo in inventor comments.
Kirby and Noyce worked with "silicon" not "silicone"

Signed-off-by: Alan Hoyle <alan@alanhoyle.com>
2020-04-07 09:03:56 -04:00
Akihiro Suda
ff9fa7b43a
Merge pull request #40496 from thaJeztah/locally_scope_variable
TestCatchAll, TestStopCatch: remove unneeded goroutine
2020-04-07 09:54:25 +09:00
Kir Kolyshkin
85dc0fb7d5 pkg/mount: make standalone golint happy
We do our CI via golangci-lint, which understands nolint: annotations.

A standalone linter tool, golint, does not, and it insists on
documenting these:

> pkg/mount/deprecated.go:47:1: comment on exported var MergeTmpfsOptions should be of the form "MergeTmpfsOptions ..."
> pkg/mount/deprecated.go:51:1: comment on exported type FilterFunc should be of the form "FilterFunc ..." (with optional leading article)
> pkg/mount/deprecated.go:51:1: comment on exported type Info should be of the form "Info ..." (with optional leading article)

For `MergeTmpfsOptions`, the workaround is to put it inside a
`var ( ... )` block.

For the other two warnings, we have to provide the "actual"
documentation (or something that looks like it).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-04-02 11:32:27 -07:00
Sebastiaan van Stijn
0d3b400ab5
LCOW: add "no_lcow" build tag to allow disabling lcow
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-02 19:54:16 +02:00
Kir Kolyshkin
745ed9686b pkg/idtools: fix use of bufio.Scanner.Err
The Err() method should be called after the Scan() loop,
not inside it.

Fixes: 9a3ab0358e
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-31 14:32:49 -07:00
Kir Kolyshkin
99beb2ca02 pkg/mount: deprecate
Add a deprecation/removal notice, pointing out to appropriate
replacement packages.

I was not sure if a package-level deprecation is enough, so
I also added notices around each block.

Note that `nolint:golint` annotations are left as is, otherwise
golint complains like this:

> pkg/mount/deprecated.go:45:1: comment on exported var `MergeTmpfsOptions` should be of the form `MergeTmpfsOptions ...` (golint)
> // Deprecated: use github.com/moby/sys/mount instead.
> ^

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-20 09:46:25 -07:00
Kir Kolyshkin
39048cf656 Really switch to moby/sys/mount*
Switch to moby/sys/mount and mountinfo. Keep the pkg/mount for potential
outside users.

This commit was generated by the following bash script:

```
set -e -u -o pipefail

for file in $(git grep -l 'docker/docker/pkg/mount"' | grep -v ^pkg/mount); do
	sed -i -e 's#/docker/docker/pkg/mount"#/moby/sys/mount"#' \
		-e 's#mount\.\(GetMounts\|Mounted\|Info\|[A-Za-z]*Filter\)#mountinfo.\1#g' \
		$file
	goimports -w $file
done
```

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-20 09:46:25 -07:00
Kir Kolyshkin
59c0495409 pkg/mount: make it shallow
Make pkg/mount a shallow package, relying on
github.com/moby/sys/mount and github.com/moby/sys/mountinfo

The plan is to
 - switch the rest of this repo to use moby/sys directly
 - add deprecation notice to pkg/mount
 - (eventually) remove pkg/mount

The nolint:golint annotation is added to suppress warnings like
"exported XXX should have comment or be unexported".

The ForceMount function is deprecated (and is identical to Mount),
so let's not use it (but still provide an alias for those who do).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-20 09:46:25 -07:00
Bilal Amarni
8dd1490473 Support reading multiple bytes in escapeProxy
Currently, the escapeProxy works under the assumption that the
underlying reader will always return 1 byte at a time. Even though this
is usually true, it is not always the case, for example when using a pty
and writing multiple bytes to the master before flushing it.

In such cases the proxy reader doesn't work properly. For example with
an escape sequence being `ctrl-p,ctrl-q`, when the underlying reader
returns `ctrl-p,ctrl-q` at once, the escape sequence isn't detected.

This updates the reader to support this use-case and adds unit tests.

Signed-off-by: Bilal Amarni <bilal.amarni@gmail.com>
2020-03-18 00:19:53 +04:00
liuxiaodong
25d6047ec0 unit test on TestParseSignal failed within pkg/signal package on mips64el
error log :
signal_test.go:20: assertion failed: error is not nil: Invalid signal: SIGEMT
signal_test.go:22: assertion failed:
When "ParseSignal" function parse sigStr from SignalMap, it find the signal object with key ("SIG"+sigStr). But  EMT signal named "SIGEMT" in SignalMap structrue, so the real key is "SIGSIGEMT" , and cannot find the target signal.
modify "SIGEMT" to "EMT" in SignalMap structrue.

Signed-off-by: liuxiaodong <liuxiaodong@loongson.cn>
2020-03-12 20:45:02 +08:00
Sebastiaan van Stijn
5d86e4a840
Merge pull request #40670 from thaJeztah/fix_linting
fix linting in pkg/mount
2020-03-11 20:04:49 +01:00
Kir Kolyshkin
26f8c7de91
Merge pull request #40647 from thaJeztah/simplify_is_abs
pkg/system: minor linting issues and refactor
2020-03-11 10:52:49 -07:00
Sebastiaan van Stijn
6c0eb9e849
fix linting in pkg/mount
We recently updated golangci-lint, which is checking for some
additional linting rules, causing a failure in code that was
just merged to master; 5bd02b8a86

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-11 18:45:50 +01:00
Sebastiaan van Stijn
8bbba72499
Merge pull request #40637 from kolyshkin/ensure-remove-all
EnsureRemoveAll, RecursiveUnmount: don't call Mounted around Unmount
2020-03-11 18:05:36 +01:00
Sebastiaan van Stijn
d93860bd8d
Merge pull request #40656 from kolyshkin/mount-faster
Make mount.Mount() faster^W great again
2020-03-11 17:58:59 +01:00
Kir Kolyshkin
b890c20555 pkg/archive: use mount pkg
It makes sense to use mount package here because
 - it no longer requires /proc to be mounted
 - it provides verbose errors so the caller doesn't have to

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-10 18:23:53 -07:00
Kir Kolyshkin
83ed668688 pkg/mount.Mount: speedup (remove Mounted check)
This was added in PR #6669 (commit f87afda123) because it was
otherwise impossible to do a re-mount of already mounted file system.

It is way better to just remove the Mounted() check altogether.

This change might potentially lead to multiple mounts to the same
mount point, so I audited all the users (except tests) and it looks
like no one is doing that:

 * volume/local maintains 'mounted' flag for every volume
 * pkg/chrootarchive already calls Mounted() before Mount()
   (so it actually parsed /proc/self/mountinfo twice, oops!)
 * daemon.mountVolumes() is called for docker cp only, and
   it is called once
 * daemon/graphdriver/zfs keeps track of 'mounted' status
 * daemon/graphdriver/devmapper: ditto
 * daemon.createSecretsDir() is only called once during container start

Surely I might have easily missed something so this needs a careful
review.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-10 17:06:26 -07:00
Brian Goff
389ddfd07c
Merge pull request #40649 from thaJeztah/deprecate_CommandLineToArgv
pkg/system: remove unused CommandLineToArgv
2020-03-10 15:46:01 -07:00
Brian Goff
4634ce647c
Merge pull request #40648 from thaJeztah/standalone_symlink
pkg/symlink: don't depend on pkg/system and pkg/longpath
2020-03-10 09:37:18 -07:00
Kir Kolyshkin
5bd02b8a86 pkg/mount.RecursiveUnmount(): don't call Mounted()
Calling mount.Mounted() after an error from Unmount() is
questionable -- if umount failed, the mount is probably
still there anyway, it doesn't make sense to check it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-09 13:08:57 -07:00
Kir Kolyshkin
f8dbc31b78 pkg/system.EnsureRemoveAll: don't call Mounted
1. Call to mount.Mounted() is very expensive and it's redundant
   to call it before Unmount().

2. Calling mount.Mounted() after an error from Unmount() is
   questionable -- if umount failed, the mount is probably
   still there anyway, it doesn't make sense to check it.

This should result in faster code with no change in functionality.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-09 13:08:57 -07:00
Sebastiaan van Stijn
bd2e288e56
pkg/system: remove unused CommandLineToArgv
This function was added in 9c4570a958,
but appears to never have been used.

Removing it, as it's not used in the codebase and, from a quick
search on GitHub, also doesn't look to be used by other projects.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 17:02:53 +01:00
Sebastiaan van Stijn
a48c6e3005
pkg/symlink: don't depend on pkg/system and pkg/longpath
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 16:41:54 +01:00
Sebastiaan van Stijn
f2d49cb7ee
pkg/system: fix minor linting issues
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 16:40:05 +01:00
Sebastiaan van Stijn
dec7a1befb
pkg/system: simplify IsAbs()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 16:35:12 +01:00
Sebastiaan van Stijn
079fb80657
pkg/system: replace more uses of "syscall"
follow-up to 069fdc8a08, replacing
more uses of the syscall package in favor of their "windows"
equivalents in golang.org/x/sys.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 15:50:43 +01:00
Sebastiaan van Stijn
3bba43b894
pkg/system: deprecate SetNamedSecurityInfo, GetSecurityDescriptorDacl
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 12:41:31 +01:00
Kir Kolyshkin
669056f93d pkg/system.getxattr: handle changed size case
lgetxattr(2) man page says:

> If size is specified as zero, these calls return the  current  size  of
> the  named extended attribute (and leave value unchanged).  This can be
> used to determine the size of the buffer that should be supplied  in  a
> subsequent  call.   (But, bear in mind that there is a possibility that
> the attribute value may change between the two calls,  so  that  it  is
> still necessary to check the return status from the second call.)

The current code does not handle the case when the size changes between
the two calls, and the new size is larger.

Fix the above problem, and slightly simplify the code.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-02-26 07:56:12 -08:00
Sebastiaan van Stijn
af2a11f316
TestCatchAll, TestStopCatch: remove unneeded goroutine
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-15 00:41:28 +01:00
Akihiro Suda
7270d7eb94 fix goimports
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-02-11 22:16:54 +09:00
Sebastiaan van Stijn
9f0b3f5609
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-11 00:06:42 +01:00
Hsing-Hui Hsu
c90254c746 Add George Washington Carver to name generator
Signed-off-by: Hsing-Hui Hsu <hsinghui@amazon.com>
2020-01-20 14:59:36 -08:00
Hsing-Hui Hsu
ac1d8bc760 Add Mae Jemison to name generator
Signed-off-by: Hsing-Hui Hsu <hsinghui@amazon.com>
2020-01-20 14:57:32 -08:00
Akihiro Suda
409bbdc321 cgroup2: enable resource limitation
enable resource limitation by disabling cgroup v1 warnings

resource limitation still doesn't work with rootless mode (even with systemd mode)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-01-01 02:58:40 +09:00
Brian Goff
8d2456d1e6
Merge pull request #40246 from thaJeztah/system_windows_cleanup
pkg/system: minor cleanups and remove use of deprecated system.GetOSVersion()
2019-12-19 11:36:29 -08:00
Brian Goff
db85ef598b
Merge pull request #40247 from thaJeztah/pkg_system_consts
pkg/system: deprecate constants in favor of golang.org/x/sys/windows
2019-12-19 11:35:00 -08:00
Brian Goff
b95fad8e51
Merge pull request #40263 from thaJeztah/normalize_comments
Normalize comment formatting
2019-12-12 12:06:22 -08:00
Sascha Grunert
4138cd22ab
Fix possible runtime panic in Lgetxattr
If `unix.Lgetxattr` returns an error, then `sz == -1` which will cause a
runtime panic if `errno == unix.ERANGE`.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2019-12-04 14:26:02 +01:00
Sebastiaan van Stijn
5331e6ab2d
pkg/tailfile: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:42:07 +01:00
Sebastiaan van Stijn
b95fbe7630
pkg/signal: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:41:47 +01:00
Sebastiaan van Stijn
1d97da61a2
pkg/progress: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:41:23 +01:00
Sebastiaan van Stijn
e2addf46bf
pkg/mount: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:40:58 +01:00
Sebastiaan van Stijn
0b155db389
pkg/jsonmessage: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:40:39 +01:00
Sebastiaan van Stijn
a45b3a92f6
pkg/idtools: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:40:23 +01:00
Sebastiaan van Stijn
14cad10cea
pkg/containerfs: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:39:57 +01:00
Sebastiaan van Stijn
9de5d3da89
pkg/chrootarchive: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:39:12 +01:00
Sebastiaan van Stijn
ecb898dcb9
pkg/archive: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:38:49 +01:00
Sebastiaan van Stijn
0fb5630784
pkg/system: normalize comment formatting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-27 15:38:17 +01:00
Sebastiaan van Stijn
f572df7c22
pkg/system: deprecate constants in favor of golang.org/x/sys/windows
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-25 15:39:34 +01:00
Sebastiaan van Stijn
81f9edc7b0
pkg/parsers: remove use of deprecated system.GetOSVersion()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-25 13:39:25 +01:00
Sebastiaan van Stijn
33d8492ce4
pkg/system/windows: remove unnecessary conversions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-25 13:35:00 +01:00
Sebastiaan van Stijn
4cdb796b54
pkg/system/windows: remove obsolete comment
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-25 13:31:09 +01:00
Brian Goff
8840071c26
Merge pull request #40135 from thaJeztah/nitfix_galore
pkg/system: make OSVersion an alias for hcsshim OSVersion
2019-11-24 07:36:05 -08:00
Tõnis Tiigi
d1d5f64766
Merge pull request #40021 from thaJeztah/carry_40017
Use newer x/sys/windows SecurityAttributes struct (carry 40017)
2019-11-21 08:57:22 -08:00
Ziheng Liu
d7bc994a08 awslogs & archive: prevent 2 goroutine leaks in test functions
Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>
2019-10-29 17:03:38 -04:00
Tibor Vass
a09e6e323e
Merge pull request #40134 from kolyshkin/homedir-osusergo
Revert "homedir: add cgo or osusergo buildtag constraints for unix"
2019-10-25 15:55:06 -07:00
Kir Kolyshkin
7ef475fc16 pkg/homedir: clarify Get() docs wrt static linking
This clarifies comments about static linking made in commit a8608b5b67.

1. There are two ways to create a static binary, one is to disable
cgo, the other is to set linker flags. When cgo is disabled,
there is no need to use osusergo build tag.

2. osusergo only needs to be set when linking against glibc.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-10-24 16:39:24 -07:00
Sebastiaan van Stijn
9d12bc2573
pkg/system: make OSVersion an alias for hcsshim OSVersion
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-25 00:31:36 +02:00
Kir Kolyshkin
80e338a18d Revert "homedir: add cgo or osusergo buildtag constraints for unix"
TL;DR: there is no way to do this right.

We do know that in some combination of build tags set (or unset),
linker flags, environment variables, and libc implementation,
this package won't work right. In fact, there is one specific
combination:

1. `CGO_ENABLED=1` (or unset)
2. static binary is being built (e.g. `go build` is run with `-extldflags -static`)
3. `go build` links the binary against glibc
4. `osusergo` is not set

This particular combination results in the following legitimate linker warning:

> cgo_lookup_unix.go: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

If this warning is ignored and the resulting binary is used on a system
with files from a different glibc version (or without those files), it
could result in a segfault.

The commit being reverted tried to guard against such possibility,
but the problem is, we can only use build tags to account for items
1 and 4 from the above list, while items 2 and 3 do not result in
any build tags being set or unset, making this guard excessive.

Remove it.

This reverts commit 023b072288.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-10-24 13:13:09 -07:00
Sebastiaan van Stijn
86b3703182
Deprecate pkg/system.GetOSVersion() in favor of hcsshim/osversion.Get()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-22 02:53:09 +02:00
Sebastiaan van Stijn
6b91ceff74
Use hcsshim osversion package for Windows versions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-22 02:53:00 +02:00
Tibor Vass
c4cf72bad3
Merge pull request #39964 from thaJeztah/bump_golangci_lint
bump golangci-lint v1.20.0
2019-10-21 10:57:02 -07:00
trace-andreason
ddb64c14e1 fixed typo, changed "perfectd to perfected"
Signed-off-by: Trace <tandreason@gmail.com>
2019-10-19 12:43:59 -07:00
Sebastiaan van Stijn
4840fd8953
pkg/mount: SA4011: ineffective break statement (staticcheck)
```
pkg/mount/mountinfo_linux.go:93:5: SA4011: ineffective break statement. Did you mean to break out of the outer loop? (staticcheck)
				break
				^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-18 00:46:02 +02:00
Sebastiaan van Stijn
04fcb6cfbf
pkg/jsonmessage: fix SA1006: printf-style function with no arguments
Also fixed some incorrectly formatted comments

```
pkg/jsonmessage/jsonmessage.go:180:20: SA1006: printf-style function with dynamic format string and no further arguments should use print-style function instead (staticcheck)
		fmt.Fprintf(out, endl)
		                 ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-18 00:45:37 +02:00
Sebastiaan van Stijn
aa655a4d73
pkg/plugins: use constants for http methods
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-13 19:11:30 +02:00
Sebastiaan van Stijn
5ba167ce8a
pkg/authorization: use constants for http methods
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-13 19:11:28 +02:00
Jason A. Donenfeld
c3a0a37446
Use newer x/sys/windows SecurityAttributes struct
This struct now has a properly typed member, so use the properly typed
functions with it.

Also update the vendor directory and hope nothing explodes.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-02 21:12:23 +02:00
Sebastiaan van Stijn
0b5140dd66
Merge pull request #39994 from tiborvass/homedir-buildtags
homedir: add cgo or osusergo buildtag constraints for unix
2019-09-30 20:18:36 +02:00
HuanHuan Ye
8498ee7514 Fix pkg/pools staticcheck SA6002
change bufferPool use pointer instead byte slice

Signed-off-by: HuanHuan Ye <logindaveye@gmail.com>
2019-09-30 12:19:03 +08:00
Tibor Vass
023b072288 homedir: add cgo or osusergo buildtag constraints for unix
This is to ensure that users of the homedir package cannot
compile statically (CGO_ENABLED=0) without also setting the osusergo
build tag.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-09-26 21:09:36 +00:00
Sebastiaan van Stijn
2c6d368992
Merge pull request #39975 from tiborvass/homedir-less-deps
homedir: remove idtools and libcontainer's user package dependencies
2019-09-26 20:49:39 +02:00
hn3000
77d3c68f97 Remove minsky and stallman
Their inclusion is no longer defensible.
closes #39981

Signed-off-by: Harald Niesche <harald@niesche.de>
2019-09-24 23:47:31 +02:00
Tibor Vass
a8608b5b67 homedir: remove idtools and libcontainer's user package dependencies
About github.com/opencontainers/runc/libcontainer/user:

According to 195d8d544a
this package has two functions:
- Have a static implementation of user lookup, which is now supported in the
  os/user stdlib package with the osusergo build tag, but wasn't at the time.
- Have extra functions that os/user doesn't have, but none of those are used
  in homedir.

Since https://github.com/moby/moby/pull/11287, homedir depended directly on
libcontainer's user package for CurrentUser().
This is being replaced with os/user.Current(), because all of our static
binaries are compiled with the osusergo tag, and for dynamic libraries it
is more correct to use libc's implementation than parsing /etc/passwd.

About github.com/docker/docker/pkg/idtools:

Only dependency was from GetStatic() which uses idtools.LookupUID(uid).
The implementation of idtools.LookupUID just calls to
github.com/opencontainers/runc/libcontainer/user.LookupUid or fallbacks
to exec-ing to getent (since https://github.com/moby/moby/pull/27599).

This patch replaces calls to homedir.GetStatic by homedir.Get(), opting out
of supporting nss lookups in static binaries via exec-ing to getent for
the homedir package.

If homedir package users need to support nss lookups, they are advised
to compile dynamically instead.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-09-24 00:32:13 +00:00