Unverified Commit 1b61b16c authored by Yoan Blanc's avatar Yoan Blanc
Browse files
parent 67051f01
Showing with 63 additions and 125 deletions
+63 -125
......@@ -1134,7 +1134,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
dst = filepath.Join(dst, filepath.Base(src))
}
// Create the holding directory if necessary
if err := system.MkdirAll(filepath.Dir(dst), 0700, ""); err != nil {
if err := system.MkdirAll(filepath.Dir(dst), 0700); err != nil {
return err
}
......@@ -1218,6 +1218,9 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) {
return nil, err
}
// Ensure the command has exited before we clean anything up
done := make(chan struct{})
// Copy stdout to the returned pipe
go func() {
if err := cmd.Wait(); err != nil {
......@@ -1225,9 +1228,16 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) {
} else {
pipeW.Close()
}
close(done)
}()
return pipeR, nil
return ioutils.NewReadCloserWrapper(pipeR, func() error {
// Close pipeR, and then wait for the command to complete before returning. We have to close pipeR first, as
// cmd.Wait waits for any non-file stdout/stderr/stdin to close.
err := pipeR.Close()
<-done
return err
}), nil
}
// NewTempArchive reads the content of src into a temporary file, and returns the contents
......
......@@ -151,9 +151,7 @@ func mknodChar0Overlay(cleansedOriginalPath string) error {
if err := ioutil.WriteFile(lowerDummy, []byte{}, 0600); err != nil {
return errors.Wrapf(err, "failed to create a dummy lower file %s", lowerDummy)
}
// lowerdir needs ":" to be escaped: https://github.com/moby/moby/issues/40939#issuecomment-627098286
lowerEscaped := strings.ReplaceAll(lower, ":", "\\:")
mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerEscaped, upper, work)
mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lower, upper, work)
// docker/pkg/mount.Mount() requires procfs to be mounted. So we use syscall.Mount() directly instead.
if err := syscall.Mount("overlay", merged, "overlay", uintptr(0), mOpts); err != nil {
return errors.Wrapf(err, "failed to mount overlay (%s) on %s", mOpts, merged)
......@@ -238,9 +236,7 @@ func createDirWithOverlayOpaque(tmp string) (string, error) {
if err := os.MkdirAll(lowerDummy, 0700); err != nil {
return "", errors.Wrapf(err, "failed to create a dummy lower directory %s", lowerDummy)
}
// lowerdir needs ":" to be escaped: https://github.com/moby/moby/issues/40939#issuecomment-627098286
lowerEscaped := strings.ReplaceAll(lower, ":", "\\:")
mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerEscaped, upper, work)
mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lower, upper, work)
// docker/pkg/mount.Mount() requires procfs to be mounted. So we use syscall.Mount() directly instead.
if err := syscall.Mount("overlay", merged, "overlay", uintptr(0), mOpts); err != nil {
return "", errors.Wrapf(err, "failed to mount overlay (%s) on %s", mOpts, merged)
......
......@@ -84,7 +84,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
parentPath := filepath.Join(dest, parent)
if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
err = system.MkdirAll(parentPath, 0600, "")
err = system.MkdirAll(parentPath, 0600)
if err != nil {
return 0, err
}
......@@ -196,7 +196,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
return 0, err
}
if err := createTarFile(path, dest, srcHdr, srcData, true, nil, options.InUserNS); err != nil {
if err := createTarFile(path, dest, srcHdr, srcData, !options.NoLchown, nil, options.InUserNS); err != nil {
return 0, err
}
......
......@@ -59,7 +59,7 @@ func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting
paths = append(paths, dirPath)
}
}
if err := system.MkdirAll(path, mode, ""); err != nil {
if err := system.MkdirAll(path, mode); err != nil {
return err
}
} else {
......
......@@ -11,7 +11,7 @@ import (
// Ownership is handled elsewhere, but in the future could be support here
// too.
func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting bool) error {
if err := system.MkdirAll(path, mode, ""); err != nil {
if err := system.MkdirAll(path, mode); err != nil {
return err
}
return nil
......
......@@ -8,14 +8,14 @@ import (
"path/filepath"
)
// MkdirAllWithACL is a wrapper for MkdirAll on unix systems.
// MkdirAllWithACL is a wrapper for os.MkdirAll on unix systems.
func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
return MkdirAll(path, perm, sddl)
return os.MkdirAll(path, perm)
}
// MkdirAll creates a directory named path along with any necessary parents,
// with permission specified by attribute perm for all dir created.
func MkdirAll(path string, perm os.FileMode, sddl string) error {
func MkdirAll(path string, perm os.FileMode) error {
return os.MkdirAll(path, perm)
}
......
......@@ -11,7 +11,6 @@ import (
"time"
"unsafe"
winio "github.com/Microsoft/go-winio"
"golang.org/x/sys/windows"
)
......@@ -26,9 +25,10 @@ func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
return mkdirall(path, true, sddl)
}
// MkdirAll implementation that is volume path aware for Windows.
func MkdirAll(path string, _ os.FileMode, sddl string) error {
return mkdirall(path, false, sddl)
// MkdirAll implementation that is volume path aware for Windows. It can be used
// as a drop-in replacement for os.MkdirAll()
func MkdirAll(path string, _ os.FileMode) error {
return mkdirall(path, false, "")
}
// mkdirall is a custom version of os.MkdirAll modified for use on Windows
......@@ -102,13 +102,13 @@ func mkdirall(path string, applyACL bool, sddl string) error {
// and Local System.
func mkdirWithACL(name string, sddl string) error {
sa := windows.SecurityAttributes{Length: 0}
sd, err := winio.SddlToSecurityDescriptor(sddl)
sd, err := windows.SecurityDescriptorFromString(sddl)
if err != nil {
return &os.PathError{Op: "mkdir", Path: name, Err: err}
}
sa.Length = uint32(unsafe.Sizeof(sa))
sa.InheritHandle = 1
sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
sa.SecurityDescriptor = sd
namep, err := windows.UTF16PtrFromString(name)
if err != nil {
......
......@@ -18,8 +18,7 @@ var (
// InitLCOW sets whether LCOW is supported or not. Requires RS5+
func InitLCOW(experimental bool) {
v := GetOSVersion()
if experimental && v.Build >= osversion.RS5 {
if experimental && osversion.Build() >= osversion.RS5 {
lcowSupported = true
}
}
......
......@@ -7,7 +7,7 @@ import (
"strconv"
"strings"
"github.com/docker/go-units"
units "github.com/docker/go-units"
)
// ReadMemInfo retrieves memory statistics of the host system and returns a
......@@ -27,6 +27,7 @@ func ReadMemInfo() (*MemInfo, error) {
func parseMemInfo(reader io.Reader) (*MemInfo, error) {
meminfo := &MemInfo{}
scanner := bufio.NewScanner(reader)
memAvailable := int64(-1)
for scanner.Scan() {
// Expected format: ["MemTotal:", "1234", "kB"]
parts := strings.Fields(scanner.Text())
......@@ -48,6 +49,8 @@ func parseMemInfo(reader io.Reader) (*MemInfo, error) {
meminfo.MemTotal = bytes
case "MemFree:":
meminfo.MemFree = bytes
case "MemAvailable:":
memAvailable = bytes
case "SwapTotal:":
meminfo.SwapTotal = bytes
case "SwapFree:":
......@@ -55,6 +58,9 @@ func parseMemInfo(reader io.Reader) (*MemInfo, error) {
}
}
if memAvailable != -1 {
meminfo.MemFree = memAvailable
}
// Handle errors that may have occurred during the reading of the file.
if err := scanner.Err(); err != nil {
......
......@@ -5,8 +5,6 @@ import (
"path/filepath"
"runtime"
"strings"
"github.com/containerd/continuity/pathdriver"
)
const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
......@@ -27,6 +25,12 @@ func DefaultPathEnv(os string) string {
}
// PathVerifier defines the subset of a PathDriver that CheckSystemDriveAndRemoveDriveLetter
// actually uses in order to avoid system depending on containerd/continuity.
type PathVerifier interface {
IsAbs(string) bool
}
// CheckSystemDriveAndRemoveDriveLetter verifies that a path, if it includes a drive letter,
// is the system drive.
// On Linux: this is a no-op.
......@@ -42,7 +46,7 @@ func DefaultPathEnv(os string) string {
// a --> a
// /a --> \a
// d:\ --> Fail
func CheckSystemDriveAndRemoveDriveLetter(path string, driver pathdriver.PathDriver) (string, error) {
func CheckSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
if runtime.GOOS != "windows" || LCOWSupported() {
return path, nil
}
......
package system // import "github.com/docker/docker/pkg/system"
import "syscall"
// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
func fromStatT(s *syscall.Stat_t) (*StatT, error) {
return &StatT{size: s.Size,
mode: uint32(s.Mode),
uid: s.Uid,
gid: s.Gid,
rdev: uint64(s.Rdev),
mtim: s.Mtim}, nil
}
......@@ -5,6 +5,7 @@ import (
"syscall"
"unsafe"
"github.com/Microsoft/hcsshim/osversion"
"github.com/sirupsen/logrus"
"golang.org/x/sys/windows"
)
......@@ -55,19 +56,13 @@ var (
ntuserApiset = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
procGetVersionExW = modkernel32.NewProc("GetVersionExW")
procGetProductInfo = modkernel32.NewProc("GetProductInfo")
procSetNamedSecurityInfo = modadvapi32.NewProc("SetNamedSecurityInfoW")
procGetSecurityDescriptorDacl = modadvapi32.NewProc("GetSecurityDescriptorDacl")
)
// OSVersion is a wrapper for Windows version information
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
type OSVersion struct {
Version uint32
MajorVersion uint8
MinorVersion uint8
Build uint16
}
type OSVersion osversion.OSVersion
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
type osVersionInfoEx struct {
......@@ -85,19 +80,10 @@ type osVersionInfoEx struct {
}
// GetOSVersion gets the operating system version on Windows. Note that
// docker.exe must be manifested to get the correct version information.
// dockerd.exe must be manifested to get the correct version information.
// Deprecated: use github.com/Microsoft/hcsshim/osversion.Get() instead
func GetOSVersion() OSVersion {
var err error
osv := OSVersion{}
osv.Version, err = windows.GetVersion()
if err != nil {
// GetVersion never fails.
panic(err)
}
osv.MajorVersion = uint8(osv.Version & 0xFF)
osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF)
osv.Build = uint16(osv.Version >> 16)
return osv
return OSVersion(osversion.Get())
}
func (osv OSVersion) ToString() string {
......@@ -118,22 +104,6 @@ func IsWindowsClient() bool {
return osviex.ProductType == verNTWorkstation
}
// IsIoTCore returns true if the currently running image is based off of
// Windows 10 IoT Core.
// @engine maintainers - this function should not be removed or modified as it
// is used to enforce licensing restrictions on Windows.
func IsIoTCore() bool {
var returnedProductType uint32
r1, _, err := procGetProductInfo.Call(6, 1, 0, 0, uintptr(unsafe.Pointer(&returnedProductType)))
if r1 == 0 {
logrus.Warnf("GetProductInfo failed - assuming this is not IoT: %v", err)
return false
}
const productIoTUAP = 0x0000007B
const productIoTUAPCommercial = 0x00000083
return returnedProductType == productIoTUAP || returnedProductType == productIoTUAPCommercial
}
// Unmount is a platform-specific helper function to call
// the unmount syscall. Not supported on Windows
func Unmount(dest string) error {
......
package system // import "github.com/docker/docker/pkg/system"
import (
"syscall"
"unsafe"
"golang.org/x/sys/unix"
)
// LUtimesNano is used to change access and modification time of the specified path.
// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
func LUtimesNano(path string, ts []syscall.Timespec) error {
atFdCwd := unix.AT_FDCWD
var _path *byte
_path, err := unix.BytePtrFromString(path)
if err != nil {
return err
}
if _, _, err := unix.Syscall6(unix.SYS_UTIMENSAT, uintptr(atFdCwd), uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), unix.AT_SYMLINK_NOFOLLOW, 0, 0); err != 0 && err != unix.ENOSYS {
return err
}
return nil
}
// +build linux freebsd
package system // import "github.com/docker/docker/pkg/system"
import (
"syscall"
"unsafe"
"golang.org/x/sys/unix"
)
......@@ -10,13 +11,12 @@ import (
// LUtimesNano is used to change access and modification time of the specified path.
// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
func LUtimesNano(path string, ts []syscall.Timespec) error {
var _path *byte
_path, err := unix.BytePtrFromString(path)
if err != nil {
return err
uts := []unix.Timespec{
unix.NsecToTimespec(syscall.TimespecToNsec(ts[0])),
unix.NsecToTimespec(syscall.TimespecToNsec(ts[1])),
}
if _, _, err := unix.Syscall(unix.SYS_LUTIMES, uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), 0); err != 0 && err != unix.ENOSYS {
err := unix.UtimesNanoAt(unix.AT_FDCWD, path, uts, unix.AT_SYMLINK_NOFOLLOW)
if err != nil && err != unix.ENOSYS {
return err
}
......
......@@ -6,28 +6,19 @@ import "golang.org/x/sys/unix"
// and associated with the given path in the file system.
// It will returns a nil slice and nil error if the xattr is not set.
func Lgetxattr(path string, attr string) ([]byte, error) {
// Start with a 128 length byte array
dest := make([]byte, 128)
sz, errno := unix.Lgetxattr(path, attr, dest)
switch {
case errno == unix.ENODATA:
if errno == unix.ENODATA {
return nil, nil
case errno == unix.ERANGE:
// 128 byte array might just not be good enough. A dummy buffer is used
// to get the real size of the xattrs on disk
sz, errno = unix.Lgetxattr(path, attr, []byte{})
if errno != nil {
return nil, errno
}
}
if errno == unix.ERANGE {
dest = make([]byte, sz)
sz, errno = unix.Lgetxattr(path, attr, dest)
if errno != nil {
return nil, errno
}
case errno != nil:
}
if errno != nil {
return nil, errno
}
return dest[:sz], nil
}
......
......@@ -134,10 +134,10 @@
{"path":"github.com/docker/docker/errdefs","checksumSHA1":"q4R77xtScr+W3m77Otw6kr34ktg=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/oci/caps","checksumSHA1":"xUqupdS1MfBMyhwTDQGjxOq/Bug=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/opts","checksumSHA1":"dFf9rWD7Ous9YKO0udunqNZEaXw=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/archive","checksumSHA1":"2310gDrMXePCvbuLLe2zhlwSPa0=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/archive","checksumSHA1":"T/7vOtFlIEhq2Z25ZUKVn3t0/QM=","revision":"d1d5f6476656c6aad457e2a91d3436e66b6f2251","revisionTime":"2019-11-21T16:57:22Z"},
{"path":"github.com/docker/docker/pkg/fileutils","checksumSHA1":"eMoRb/diYeuYLojU7ChN5DaETHc=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/homedir","checksumSHA1":"CvnZ3L6NW0w2xjBZ1eadE9WElyg=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/idtools","checksumSHA1":"hh2fjllcaPQdZPg/umg7zVo4BiM=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/idtools","checksumSHA1":"AQMgxP9+ialZokho+fwCquvQmUA=","revision":"d1d5f6476656c6aad457e2a91d3436e66b6f2251","revisionTime":"2019-11-21T16:57:22Z"},
{"path":"github.com/docker/docker/pkg/ioutils","checksumSHA1":"Ybq78CnAoQWVBk+lkh3zykmcSjs=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/jsonmessage","checksumSHA1":"xX1+9qXSGHg3P/SllPGeAAhlBcE=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/longpath","checksumSHA1":"EXiIm2xIL7Ds+YsQUx8Z3eUYPtI=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
......@@ -145,7 +145,7 @@
{"path":"github.com/docker/docker/pkg/pools","checksumSHA1":"dj8atalGWftfM9vdzCsh9YF1Seg=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/stdcopy","checksumSHA1":"w0waeTRJ1sFygI0dZXH6l9E1c60=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/stringid","checksumSHA1":"THVhMDu12TT7TpGJkazOSxQhmRs=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/system","checksumSHA1":"pxRcmuJMrKTcpxDc+xzSVBx3VtM=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/system","checksumSHA1":"BvC+33jlys4749eHrtObKcoIY08=","revision":"d1d5f6476656c6aad457e2a91d3436e66b6f2251","revisionTime":"2019-11-21T16:57:22Z"},
{"path":"github.com/docker/docker/pkg/tarsum","checksumSHA1":"I6mTgOFa7NeZpYw2S5342eenRLY=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/term","checksumSHA1":"GFsDxJkQz407/2nUBmWuafG+uF8=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
{"path":"github.com/docker/docker/pkg/term/windows","checksumSHA1":"TeOtxuBbbZtp6wDK/t4DdaGGSC0=","revision":"b47e74255811b2ead92b22254174c27ae9d6c9f4","revisionTime":"2020-05-28T18:23:17Z","version":"v19.03.10","versionExact":"v19.03.10"},
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment