Commit 70b445b2 authored by Seth Hoenig's avatar Seth Hoenig
Browse files

deps: upgrade to runc v1.1.3

parent 7f9ff243
Showing with 43 additions and 31 deletions
+43 -31
```release-note:improvement
deps: Updated runc dependency to v1.1.3'
```
......@@ -78,9 +78,7 @@ func ConfigureBasicCgroups(config *lcc.Config) error {
if err = os.MkdirAll(path, 0755); err != nil {
return err
}
config.Cgroups.Paths = map[string]string{
subsystem: path,
}
config.Cgroups.Path = path
return nil
}
......
......@@ -299,16 +299,18 @@ func (c *cpusetManagerV1) signalReconcile() {
}
func (c *cpusetManagerV1) getCpuset(group string) (cpuset.CPUSet, error) {
man := fs.NewManager(
man, err := fs.NewManager(
&configs.Cgroup{
Path: filepath.Join(c.cgroupParent, group),
},
map[string]string{"cpuset": filepath.Join(c.cgroupParentPath, group)},
false,
)
if err != nil {
return cpuset.Empty, err
}
stats, err := man.GetStats()
if err != nil {
return cpuset.CPUSet{}, err
return cpuset.Empty, err
}
return cpuset.New(stats.CPUSetStats.CPUs...), nil
}
......@@ -332,7 +334,10 @@ func getCPUsFromCgroupV1(group string) ([]uint16, error) {
return nil, err
}
man := fs.NewManager(&configs.Cgroup{Path: group}, map[string]string{"cpuset": cgroupPath}, false)
man, err := fs.NewManager(&configs.Cgroup{Path: group}, map[string]string{"cpuset": cgroupPath})
if err != nil {
return nil, err
}
stats, err := man.GetStats()
if err != nil {
return nil, err
......
......@@ -31,10 +31,6 @@ const (
// in case for e.g. Nomad tasks should be further constrained by an externally
// configured systemd cgroup.
DefaultCgroupParentV2 = "nomad.slice"
// rootless is (for now) always false; Nomad clients require root, so we
// assume to not need to do the extra plumbing for rootless cgroups.
rootless = false
)
// nothing is used for treating a map like a set with no values
......@@ -145,7 +141,7 @@ func (c *cpusetManagerV2) CgroupPathFor(allocID, task string) CgroupPathGetter {
for {
path := c.pathOf(makeID(allocID, task))
mgr, err := fs2.NewManager(nil, path, rootless)
mgr, err := fs2.NewManager(nil, path)
if err != nil {
return "", err
}
......@@ -239,7 +235,7 @@ func (c *cpusetManagerV2) pathOf(id identity) string {
// We avoid removing a cgroup if it still contains a PID, as the cpuset manager
// may be initially empty on a Nomad client restart.
func (c *cpusetManagerV2) remove(path string) {
mgr, err := fs2.NewManager(nil, path, rootless)
mgr, err := fs2.NewManager(nil, path)
if err != nil {
c.logger.Warn("failed to create manager", "path", path, "err", err)
return
......@@ -267,7 +263,7 @@ func (c *cpusetManagerV2) write(id identity, set cpuset.CPUSet) {
path := c.pathOf(id)
// make a manager for the cgroup
m, err := fs2.NewManager(nil, path, rootless)
m, err := fs2.NewManager(nil, path)
if err != nil {
c.logger.Error("failed to manage cgroup", "path", path, "err", err)
}
......@@ -288,7 +284,7 @@ func (c *cpusetManagerV2) write(id identity, set cpuset.CPUSet) {
// ensureParentCgroup will create parent cgroup for the manager if it does not
// exist yet. No PIDs are added to any cgroup yet.
func (c *cpusetManagerV2) ensureParent() error {
mgr, err := fs2.NewManager(nil, c.parentAbs, rootless)
mgr, err := fs2.NewManager(nil, c.parentAbs)
if err != nil {
return err
}
......
......@@ -60,7 +60,7 @@ func (d *killer) v1(cgroup *configs.Cgroup) error {
}
// the actual path to our tasks freezer cgroup
path := cgroup.Paths[freezer]
path := cgroup.Path
d.logger.Trace("killing processes", "cgroup_path", path, "cgroup_version", "v1", "executor_pid", d.pid)
......@@ -109,7 +109,7 @@ func (d *killer) v2(cgroup *configs.Cgroup) error {
d.logger.Trace("killing processes", "cgroup_path", path, "cgroup_version", "v2", "executor_pid", d.pid, "existing_pids", existingPIDs)
mgr, err := fs2.NewManager(cgroup, "", rootless)
mgr, err := fs2.NewManager(cgroup, "")
if err != nil {
return fmt.Errorf("failed to create v2 cgroup manager: %w", err)
}
......@@ -117,7 +117,7 @@ func (d *killer) v2(cgroup *configs.Cgroup) error {
// move executor PID into the root init.scope so we can kill the task pids
// without killing the executor (which is the process running this code, doing
// the killing)
init, err := fs2.NewManager(nil, filepath.Join(CgroupRoot, "init.scope"), rootless)
init, err := fs2.NewManager(nil, filepath.Join(CgroupRoot, "init.scope"))
if err != nil {
return fmt.Errorf("failed to create v2 init cgroup manager: %w", err)
}
......
......@@ -15,6 +15,10 @@ import (
"github.com/opencontainers/runc/libcontainer/configs"
)
const (
freezerSubsystem = "freezer"
)
type containment struct {
lock sync.RWMutex
cgroup *configs.Cgroup
......@@ -36,7 +40,7 @@ func (c *containment) Apply(pid int) error {
// for v2 use manager to create and enter the cgroup
if cgutil.UseV2 {
mgr, err := fs2.NewManager(c.cgroup, "", false)
mgr, err := fs2.NewManager(c.cgroup, "")
if err != nil {
return fmt.Errorf("failed to create v2 cgroup manager for containment: %w", err)
}
......@@ -55,7 +59,7 @@ func (c *containment) Apply(pid int) error {
}
// for v1 a random cgroup was created already; just enter it
if err := cgroups.EnterPid(c.cgroup.Paths, pid); err != nil {
if err := cgroups.EnterPid(map[string]string{freezerSubsystem: c.cgroup.Path}, pid); err != nil {
return fmt.Errorf("failed to add pid to v1 cgroup: %w", err)
}
......@@ -89,7 +93,7 @@ func (c *containment) GetPIDs() PIDs {
if cgutil.UseV2 {
path = filepath.Join(cgutil.CgroupRoot, c.cgroup.Path)
} else {
path = c.cgroup.Paths["freezer"]
path = c.cgroup.Path
}
// find the pids in the cgroup under containment
......
......@@ -98,7 +98,6 @@ func (l *LibcontainerExecutor) Launch(command *ExecCommand) (*ProcessState, erro
// create a new factory which will store the container state in the allocDir
factory, err := libcontainer.New(
path.Join(command.TaskDir, "../alloc/container"),
libcontainer.Cgroupfs,
// note that os.Args[0] refers to the executor shim typically
// and first args arguments is ignored now due
// until https://github.com/opencontainers/runc/pull/1888 is merged
......
......@@ -122,7 +122,7 @@ func (e *UniversalExecutor) configureResourceContainer(pid int) error {
"error", err)
return nil
}
path := cfg.Cgroups.Paths["freezer"]
path := cfg.Cgroups.Path
e.logger.Trace("cgroup created, now need to apply", "path", path)
e.containment = resources.Contain(e.logger, cfg.Cgroups)
return e.containment.Apply(pid)
......
......@@ -100,7 +100,7 @@ require (
github.com/moby/sys/mount v0.3.0
github.com/moby/sys/mountinfo v0.6.0
github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
github.com/opencontainers/runc v1.0.3
github.com/opencontainers/runc v1.1.3
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
github.com/posener/complete v1.2.3
github.com/prometheus/client_golang v1.12.0
......@@ -160,7 +160,6 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
github.com/bgentry/speakeasy v0.1.0 // indirect
github.com/bits-and-blooms/bitset v1.2.0 // indirect
github.com/bmatcuk/doublestar v1.1.5 // indirect
github.com/boltdb/bolt v1.3.1 // indirect
github.com/brianvoe/gofakeit/v6 v6.16.0
......@@ -246,7 +245,7 @@ require (
github.com/prometheus/procfs v0.7.3 // indirect
github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 // indirect
github.com/rogpeppe/go-internal v1.6.1 // indirect
github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921 // indirect
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d // indirect
github.com/stretchr/objx v0.4.0 // indirect
......
......@@ -181,7 +181,6 @@ github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ
github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
github.com/bits-and-blooms/bitset v1.2.0 h1:Kn4yilvwNtMACtf1eYDlG8H77R07mZSPbMjLyS07ChA=
github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
......@@ -224,6 +223,7 @@ github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLI
github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
github.com/cilium/ebpf v0.8.1 h1:bLSSEbBLqGPXxls55pGr5qWZaTqcmfDJHhou7t254ao=
github.com/cilium/ebpf v0.8.1/go.mod h1:f5zLIM0FSNuAkSyLAN7X+Hy6yznlF1mNiWUMfxMtrgk=
github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY=
......@@ -514,6 +514,7 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
......@@ -1060,8 +1061,8 @@ github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h
github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
github.com/opencontainers/runc v1.0.3 h1:1hbqejyQWCJBvtKAfdO0b1FmaEf2z/bxnjqbARass5k=
github.com/opencontainers/runc v1.0.3/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w=
github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
......@@ -1170,8 +1171,8 @@ github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZ
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921 h1:58EBmR2dMNL2n/FnbQewK3D14nXr0V9CObDSvMJLq+Y=
github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 h1:RpforrEYXWkmGwJHIGnLZ3tTWStkjVVstwzNGqxX2Ds=
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/shirou/gopsutil v0.0.0-20181107111621-48177ef5f880/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
......@@ -1588,6 +1589,7 @@ golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e h1:w36l2Uw3dRan1K3TyXriXvY+6T56GNmlKGcqiQUJDfM=
golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
......
......@@ -9,6 +9,12 @@ import (
"strings"
)
// Empty represents an empty CPUSet.
// Always use .Equals to compare with this value.
//
// Do not modify this value.
var Empty = New()
// CPUSet is a set like object that provides methods helpful when working with cpus with systems
// such as the Linux cpuset cgroup subsystem. A CPUSet is immutable and can be safely accessed concurrently.
type CPUSet struct {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment