From 96762a28c70f381545856e908b34920df17b6524 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 26 Jul 2024 23:03:41 +0200 Subject: [PATCH] libcontainerd/supervisor: remove remnants of adjusting oom-score In docker versions before v24.0, the dockerd daemon allowed adjusting its own oom-score; in that case we would forward the configuration to containerd (when running as child process) for it to do the same. This feature was deprecated in 5a922dc162bbe0a03450165da4e6aceca55073d4, and removed in fb96b94ed00aa4f200dc03642bc46d4289eb6860, but some fields were left behind in the supervisor package. This patch removes the oomScore field and adjustOOMScore method from the remove type. Signed-off-by: Sebastiaan van Stijn --- libcontainerd/supervisor/remote_daemon.go | 20 --- .../sys/filesys_deprecated_windows.go | 51 ------ .../containerd/containerd/sys/filesys_unix.go | 26 --- .../containerd/sys/filesys_windows.go | 151 ------------------ .../containerd/containerd/sys/oom_linux.go | 82 ---------- .../containerd/sys/oom_unsupported.go | 48 ------ .../containerd/containerd/sys/socket_unix.go | 80 ---------- .../containerd/sys/socket_windows.go | 30 ---- vendor/modules.txt | 1 - 9 files changed, 489 deletions(-) delete mode 100644 vendor/github.com/containerd/containerd/sys/filesys_deprecated_windows.go delete mode 100644 vendor/github.com/containerd/containerd/sys/filesys_unix.go delete mode 100644 vendor/github.com/containerd/containerd/sys/filesys_windows.go delete mode 100644 vendor/github.com/containerd/containerd/sys/oom_linux.go delete mode 100644 vendor/github.com/containerd/containerd/sys/oom_unsupported.go delete mode 100644 vendor/github.com/containerd/containerd/sys/socket_unix.go delete mode 100644 vendor/github.com/containerd/containerd/sys/socket_windows.go diff --git a/libcontainerd/supervisor/remote_daemon.go b/libcontainerd/supervisor/remote_daemon.go index d743a379e8..1f3e03327f 100644 --- a/libcontainerd/supervisor/remote_daemon.go +++ b/libcontainerd/supervisor/remote_daemon.go @@ -12,7 +12,6 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/defaults" "github.com/containerd/containerd/services/server/config" - "github.com/containerd/containerd/sys" "github.com/containerd/log" "github.com/docker/docker/pkg/pidfile" "github.com/docker/docker/pkg/process" @@ -51,9 +50,6 @@ type remote struct { stateDir string - // oomScore adjusts the OOM score for the containerd process. - oomScore int - // logLevel overrides the containerd logging-level through the --log-level // command-line option. logLevel string @@ -209,10 +205,6 @@ func (r *remote) startContainerd() error { r.daemonPid = cmd.Process.Pid - if err := r.adjustOOMScore(); err != nil { - r.logger.WithError(err).Warn("failed to adjust OOM score") - } - if err := pidfile.Write(r.pidFile, r.daemonPid); err != nil { _ = process.Kill(r.daemonPid) return errors.Wrap(err, "libcontainerd: failed to save daemon pid to disk") @@ -223,18 +215,6 @@ func (r *remote) startContainerd() error { return nil } -func (r *remote) adjustOOMScore() error { - if r.oomScore == 0 || r.daemonPid <= 1 { - // no score configured, or daemonPid contains an invalid PID (we don't - // expect containerd to be running as PID 1 :)). - return nil - } - if err := sys.SetOOMScore(r.daemonPid, r.oomScore); err != nil { - return errors.Wrap(err, "failed to adjust OOM score for containerd process") - } - return nil -} - func (r *remote) monitorDaemon(ctx context.Context) { var ( transientFailureCount = 0 diff --git a/vendor/github.com/containerd/containerd/sys/filesys_deprecated_windows.go b/vendor/github.com/containerd/containerd/sys/filesys_deprecated_windows.go deleted file mode 100644 index a59edabeb6..0000000000 --- a/vendor/github.com/containerd/containerd/sys/filesys_deprecated_windows.go +++ /dev/null @@ -1,51 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package sys - -import ( - "os" - - "github.com/moby/sys/sequential" -) - -// CreateSequential is deprecated. -// -// Deprecated: use github.com/moby/sys/sequential.Create -func CreateSequential(name string) (*os.File, error) { - return sequential.Create(name) -} - -// OpenSequential is deprecated. -// -// Deprecated: use github.com/moby/sys/sequential.Open -func OpenSequential(name string) (*os.File, error) { - return sequential.Open(name) -} - -// OpenFileSequential is deprecated. -// -// Deprecated: use github.com/moby/sys/sequential.OpenFile -func OpenFileSequential(name string, flag int, perm os.FileMode) (*os.File, error) { - return sequential.OpenFile(name, flag, perm) -} - -// TempFileSequential is deprecated. -// -// Deprecated: use github.com/moby/sys/sequential.CreateTemp -func TempFileSequential(dir, prefix string) (f *os.File, err error) { - return sequential.CreateTemp(dir, prefix) -} diff --git a/vendor/github.com/containerd/containerd/sys/filesys_unix.go b/vendor/github.com/containerd/containerd/sys/filesys_unix.go deleted file mode 100644 index 333e85ceb4..0000000000 --- a/vendor/github.com/containerd/containerd/sys/filesys_unix.go +++ /dev/null @@ -1,26 +0,0 @@ -//go:build !windows - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package sys - -import "os" - -// MkdirAllWithACL is a wrapper for os.MkdirAll on Unix systems. -func MkdirAllWithACL(path string, perm os.FileMode) error { - return os.MkdirAll(path, perm) -} diff --git a/vendor/github.com/containerd/containerd/sys/filesys_windows.go b/vendor/github.com/containerd/containerd/sys/filesys_windows.go deleted file mode 100644 index 67fc4048c1..0000000000 --- a/vendor/github.com/containerd/containerd/sys/filesys_windows.go +++ /dev/null @@ -1,151 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package sys - -import ( - "os" - "regexp" - "syscall" - "unsafe" - - "golang.org/x/sys/windows" -) - -// SddlAdministratorsLocalSystem is local administrators plus NT AUTHORITY\System. -const SddlAdministratorsLocalSystem = "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)" - -// volumePath is a regular expression to check if a path is a Windows -// volume path (e.g., "\\?\Volume{4c1b02c1-d990-11dc-99ae-806e6f6e6963}" -// or "\\?\Volume{4c1b02c1-d990-11dc-99ae-806e6f6e6963}\"). -var volumePath = regexp.MustCompile(`^\\\\\?\\Volume{[a-z0-9-]+}\\?$`) - -// MkdirAllWithACL is a custom version of os.MkdirAll modified for use on Windows -// so that it is both volume path aware, and to create a directory -// an appropriate SDDL defined ACL for Builtin Administrators and Local System. -func MkdirAllWithACL(path string, _ os.FileMode) error { - sa, err := makeSecurityAttributes(SddlAdministratorsLocalSystem) - if err != nil { - return &os.PathError{Op: "mkdirall", Path: path, Err: err} - } - return mkdirall(path, sa) -} - -// MkdirAll is a custom version of os.MkdirAll that is volume path aware for -// Windows. It can be used as a drop-in replacement for os.MkdirAll. -func MkdirAll(path string, _ os.FileMode) error { - return mkdirall(path, nil) -} - -// mkdirall is a custom version of os.MkdirAll modified for use on Windows -// so that it is both volume path aware, and can create a directory with -// a DACL. -func mkdirall(path string, perm *windows.SecurityAttributes) error { - if volumePath.MatchString(path) { - return nil - } - - // The rest of this method is largely copied from os.MkdirAll and should be kept - // as-is to ensure compatibility. - - // Fast path: if we can tell whether path is a directory or file, stop with success or error. - dir, err := os.Stat(path) - if err == nil { - if dir.IsDir() { - return nil - } - return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR} - } - - // Slow path: make sure parent exists and then call Mkdir for path. - i := len(path) - for i > 0 && os.IsPathSeparator(path[i-1]) { // Skip trailing path separator. - i-- - } - - j := i - for j > 0 && !os.IsPathSeparator(path[j-1]) { // Scan backward over element. - j-- - } - - if j > 1 { - // Create parent. - err = mkdirall(fixRootDirectory(path[:j-1]), perm) - if err != nil { - return err - } - } - - // Parent now exists; invoke Mkdir and use its result. - err = mkdirWithACL(path, perm) - if err != nil { - // Handle arguments like "foo/." by - // double-checking that directory doesn't exist. - dir, err1 := os.Lstat(path) - if err1 == nil && dir.IsDir() { - return nil - } - return err - } - return nil -} - -// mkdirWithACL creates a new directory. If there is an error, it will be of -// type *PathError. . -// -// This is a modified and combined version of os.Mkdir and windows.Mkdir -// in golang to cater for creating a directory am ACL permitting full -// access, with inheritance, to any subfolder/file for Built-in Administrators -// and Local System. -func mkdirWithACL(name string, sa *windows.SecurityAttributes) error { - if sa == nil { - return os.Mkdir(name, 0) - } - - namep, err := windows.UTF16PtrFromString(name) - if err != nil { - return &os.PathError{Op: "mkdir", Path: name, Err: err} - } - - err = windows.CreateDirectory(namep, sa) - if err != nil { - return &os.PathError{Op: "mkdir", Path: name, Err: err} - } - return nil -} - -// fixRootDirectory fixes a reference to a drive's root directory to -// have the required trailing slash. -func fixRootDirectory(p string) string { - if len(p) == len(`\\?\c:`) { - if os.IsPathSeparator(p[0]) && os.IsPathSeparator(p[1]) && p[2] == '?' && os.IsPathSeparator(p[3]) && p[5] == ':' { - return p + `\` - } - } - return p -} - -func makeSecurityAttributes(sddl string) (*windows.SecurityAttributes, error) { - var sa windows.SecurityAttributes - sa.Length = uint32(unsafe.Sizeof(sa)) - sa.InheritHandle = 1 - var err error - sa.SecurityDescriptor, err = windows.SecurityDescriptorFromString(sddl) - if err != nil { - return nil, err - } - return &sa, nil -} diff --git a/vendor/github.com/containerd/containerd/sys/oom_linux.go b/vendor/github.com/containerd/containerd/sys/oom_linux.go deleted file mode 100644 index bb2a3eafb4..0000000000 --- a/vendor/github.com/containerd/containerd/sys/oom_linux.go +++ /dev/null @@ -1,82 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package sys - -import ( - "fmt" - "os" - "strconv" - "strings" - - "github.com/containerd/containerd/pkg/userns" - "golang.org/x/sys/unix" -) - -const ( - // OOMScoreAdjMin is from OOM_SCORE_ADJ_MIN https://github.com/torvalds/linux/blob/v5.10/include/uapi/linux/oom.h#L9 - OOMScoreAdjMin = -1000 - // OOMScoreAdjMax is from OOM_SCORE_ADJ_MAX https://github.com/torvalds/linux/blob/v5.10/include/uapi/linux/oom.h#L10 - OOMScoreAdjMax = 1000 -) - -// AdjustOOMScore sets the oom score for the provided pid. If the provided score -// is out of range (-1000 - 1000), it is clipped to the min/max value. -func AdjustOOMScore(pid, score int) error { - if score > OOMScoreAdjMax { - score = OOMScoreAdjMax - } else if score < OOMScoreAdjMin { - score = OOMScoreAdjMin - } - return SetOOMScore(pid, score) -} - -// SetOOMScore sets the oom score for the provided pid -func SetOOMScore(pid, score int) error { - if score > OOMScoreAdjMax || score < OOMScoreAdjMin { - return fmt.Errorf("value out of range (%d): OOM score must be between %d and %d", score, OOMScoreAdjMin, OOMScoreAdjMax) - } - path := fmt.Sprintf("/proc/%d/oom_score_adj", pid) - f, err := os.OpenFile(path, os.O_WRONLY, 0) - if err != nil { - return err - } - defer f.Close() - if _, err = f.WriteString(strconv.Itoa(score)); err != nil { - if os.IsPermission(err) && (!runningPrivileged() || userns.RunningInUserNS()) { - return nil - } - return err - } - return nil -} - -// GetOOMScoreAdj gets the oom score for a process. It returns 0 (zero) if either -// no oom score is set, or a sore is set to 0. -func GetOOMScoreAdj(pid int) (int, error) { - path := fmt.Sprintf("/proc/%d/oom_score_adj", pid) - data, err := os.ReadFile(path) - if err != nil { - return 0, err - } - return strconv.Atoi(strings.TrimSpace(string(data))) -} - -// runningPrivileged returns true if the effective user ID of the -// calling process is 0 -func runningPrivileged() bool { - return unix.Geteuid() == 0 -} diff --git a/vendor/github.com/containerd/containerd/sys/oom_unsupported.go b/vendor/github.com/containerd/containerd/sys/oom_unsupported.go deleted file mode 100644 index f579774663..0000000000 --- a/vendor/github.com/containerd/containerd/sys/oom_unsupported.go +++ /dev/null @@ -1,48 +0,0 @@ -//go:build !linux - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package sys - -const ( - // OOMScoreMaxKillable is not implemented on non Linux - OOMScoreMaxKillable = 0 - // OOMScoreAdjMax is not implemented on non Linux - OOMScoreAdjMax = 0 -) - -// AdjustOOMScore sets the oom score for the provided pid. If the provided score -// is out of range (-1000 - 1000), it is clipped to the min/max value. -// -// Not implemented on Windows -func AdjustOOMScore(pid, score int) error { - return nil -} - -// SetOOMScore sets the oom score for the process -// -// Not implemented on Windows -func SetOOMScore(pid, score int) error { - return nil -} - -// GetOOMScoreAdj gets the oom score for a process -// -// Not implemented on Windows -func GetOOMScoreAdj(pid int) (int, error) { - return 0, nil -} diff --git a/vendor/github.com/containerd/containerd/sys/socket_unix.go b/vendor/github.com/containerd/containerd/sys/socket_unix.go deleted file mode 100644 index 5ecbeddc91..0000000000 --- a/vendor/github.com/containerd/containerd/sys/socket_unix.go +++ /dev/null @@ -1,80 +0,0 @@ -//go:build !windows - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package sys - -import ( - "fmt" - "net" - "os" - "path/filepath" - - "golang.org/x/sys/unix" -) - -// CreateUnixSocket creates a unix socket and returns the listener -func CreateUnixSocket(path string) (net.Listener, error) { - // BSDs have a 104 limit - if len(path) > 104 { - return nil, fmt.Errorf("%q: unix socket path too long (> 104)", path) - } - if err := os.MkdirAll(filepath.Dir(path), 0660); err != nil { - return nil, err - } - if err := unix.Unlink(path); err != nil && !os.IsNotExist(err) { - return nil, err - } - return net.Listen("unix", path) -} - -// GetLocalListener returns a listener out of a unix socket. -func GetLocalListener(path string, uid, gid int) (net.Listener, error) { - // Ensure parent directory is created - if err := mkdirAs(filepath.Dir(path), uid, gid); err != nil { - return nil, err - } - - l, err := CreateUnixSocket(path) - if err != nil { - return l, err - } - - if err := os.Chmod(path, 0660); err != nil { - l.Close() - return nil, err - } - - if err := os.Chown(path, uid, gid); err != nil { - l.Close() - return nil, err - } - - return l, nil -} - -func mkdirAs(path string, uid, gid int) error { - if _, err := os.Stat(path); !os.IsNotExist(err) { - return err - } - - if err := os.MkdirAll(path, 0770); err != nil { - return err - } - - return os.Chown(path, uid, gid) -} diff --git a/vendor/github.com/containerd/containerd/sys/socket_windows.go b/vendor/github.com/containerd/containerd/sys/socket_windows.go deleted file mode 100644 index 1ae12bc511..0000000000 --- a/vendor/github.com/containerd/containerd/sys/socket_windows.go +++ /dev/null @@ -1,30 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package sys - -import ( - "net" - - "github.com/Microsoft/go-winio" -) - -// GetLocalListener returns a Listernet out of a named pipe. -// `path` must be of the form of `\\.\pipe\` -// (see https://msdn.microsoft.com/en-us/library/windows/desktop/aa365150) -func GetLocalListener(path string, uid, gid int) (net.Listener, error) { - return winio.ListenPipe(path, nil) -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 2393e252e4..ab3aa3fdfe 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -332,7 +332,6 @@ github.com/containerd/containerd/services/warning github.com/containerd/containerd/snapshots github.com/containerd/containerd/snapshots/overlay/overlayutils github.com/containerd/containerd/snapshots/proxy -github.com/containerd/containerd/sys github.com/containerd/containerd/tracing github.com/containerd/containerd/version # github.com/containerd/containerd/api v1.7.19