The userns package in libcontainer was integrated into the moby/sys/user
module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1].
The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.
[1]: 3778ae603c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package is only used by the daemon, so move it to the internal
rootless package instead.
Note that technically this could be in daemon/internal, but as there's
already an existing internal/rootless package (which needs to be in the
top-level internal package because it's also used by /plugin), I'm moving
it there.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The only external consumer are the `graphdriver` and `graphdriver/shim`
packages in github.com/docker/go-plugins-helpers, which depended on
[ContainerFS][1], which was removed in 9ce2b30b81.
graphdriver-plugins were deprecated in 6da604aa6a,
and support for them removed in 555dac5e14,
so removing this should not be an issue.
Ideally this package would've been moved inside `daemon/internal`, but it's used
by the `daemon` (cleanupContainer), `plugin` package, and by `graphdrivers`,
so needs to be in the top-level `internal/` package.
[1]: 6eecb7beb6/graphdriver/api.go (L218)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Improve some GoDoc to use docs links
- Change the Windows stub to an actual wrapper function, as we don't
want it to be updateable, and it currently shows as "variable" on
pkg.go.dev, which is confusing.
- Remove "import" comments in preparation of moving this package
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
createTarFile accepts a opts (TarOptions) argument to specify whether
userns is enabled; whe should consider always detecting locally, but
at least make sure we're consistently working with the same value within
this function.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was discarding EPERM errors if it detected that userns was
enabled; move such checks to the caller-site, so that they can decide
how to handle the error (which, in case of userns may be to log and ignore).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Since 838047a1f5, the overlayWhiteoutConverter
is supported with userns enabled, so we no longer need this check.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Looks like the way it picks up #nosec comments changed, causing the
linter error to re-appear;
pkg/archive/archive_linux.go:57:17: G305: File traversal when extracting zip/tar archive (gosec)
Name: filepath.Join(hdr.Name, WhiteoutOpaqueDir),
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This const was exported because it was in use by pkg/symlink. This
dependency was removed in a48c6e3005,
after which this const was only used internally.
This patch deprecates the const and introduces a non-exported const
to use.
There are no known external consumers of this const, so we may skip
deprecating it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
TestChangesDirsEmpty and TestChangesDirsMutated fail on Windows V19H1 (1903)
and up, possibly due to changes in the kernel:
=== FAIL: github.com/docker/docker/pkg/archive TestChangesDirsEmpty (0.21s)
changes_test.go:261: Reported changes for identical dirs: [{\dirSymlink C}]
=== FAIL: github.com/docker/docker/pkg/archive TestChangesDirsMutated (0.14s)
changes_test.go:391: unexpected change "C \\dirSymlink" "\\dirnew"
commit 8f4b3b0ad4 added a version-dependent
skip for those tests, but as we no longer run CI on versions before V19H1,
we can remove the kernel-version check, and skip it on Windows unconditionally.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While using iota can be convenient, it can also make it harder to grasp
what value is assigned. Use of iota also makes changing values implicit;
changing the order of these consts implicitly means their value changes.
This can be problematic, as some of these consts are a plain `int` and
while golang is strong-typed, it does allow plain `int` values to be
used for such values.
For example, `archive.Tar` accepts a `Compression` as second argument,
but allows a plain int to be passed, so both of these are equivalent;
archive.Tar(contextDir, archive.Uncompressed)
archive.Tar(contextDir, 0)
This patch removes the use of `iota`, and instead explicitly setting a
value for each to prevent accidental changes in their value, which can
be hard to discover.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[pkg/system.Lgetxattr] is only implemented on Linux, and always produces
an ErrNotSupportedPlatform on other platforms.
This patch removes the call to this function, but intentionally leaves
it commented-out as a reminder to include this code if this would ever
be refactored and implemented on other platforms.
[pkg/system.Lgetxattr]: d1273b2b4a/pkg/system/xattrs_unsupported.go (L1-L8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were added in baacae8345, but are
currently only used in tests inside pkg/archive. There are no external
users of this function, so we should deprecated them.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit d59758450b changed this function to
be a wrapper for `filepath.ToSlash`. It was used in the CLI for the classic
builder, but is no longer used in our codebase.
However, there may still be some consumers that copied the CLI code for the
classic builder that didn't synchronise their implementation yet, so let's
deprecate this function to give them a warning that they should no longer
use this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
gosec uses a non-standard format for "automated" comments to suppress
false positives (such comments should not have a leading space, but
are not allowed to start with a non-alphabetical character). However,
current versions of gosec do allow a leading space.
This patch reformats the comments to prevent them from being changed
by IDEs when reformating code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
gosec uses a non-standard format for "automated" comments to suppress
false positives (such comments should not have a leading space, but
are not allowed to start with a non-alphabetical character). However,
current versions of gosec do allow a leading space.
This patch reformats the comments to prevent them from being changed
by IDEs when reformating code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package was originally added in 46833ee1c3
for use in the devicemapper graphdriver. The devicemapper graphdriver was
deprecated and has been removed. The only remaining consumer is an integration
test.
Deprecate the package and mark it for removal in the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This value was originally added in 46833ee1c3,
at which time golang.org/x/sys/unix didn't have utilities for this syscall.
A later patch switched the implementation to use the golang/x/sys/unix
implementation in 2841b05b71, but kept the
local variable.
golang.org/x/sys now has a const for this, so let's use it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function is no longer used, and has no external users. Deprecated
the function and mark if for removal for the next release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function is only used for the legacy v1 image format.
Deprecate the function, and make image/v1 self-contained.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Touch-up some GoDoc in the package, and remove "import" comments.
This package is used in BuildKit, and could be a potential candidate
for moving to a separate module. The "import" comments are ignored when
used in go module mode so have little benefit. Let's remove them.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package is used in BuildKit, and could be a potential candidate
for moving to a separate module. While it's not too problematic to have
this dependency, the tests only used basic assertions from gotest.tools,
which could be easily re-implemented without the dependency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Windows, Darwin, and FreeBSD implementations were identical, other
than their GoDoc to be different. Unify them so that we don't have to
maintain separate GoDoc for each.
It's worth noting that FreeBSD also supports Pdeathsig, so could be
using the same implementation as Linux. However, we don't test/maintain
the FreeBSD implementation, and it would require updating to GoDoc to
be more specific about the use of `/proc/self/exe`, so keeping the
status quo for now.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This combines the implementations of the Self function, to allow having
a single GoDoc to document the behavior. The naiveSelf function is kept,
because it's used in unit-tests.
There is a minor change in behavior, as this patch removes the stub for
unsupported platforms (non-linux, windows, freebsd or darwin), which will
now use `os.Args[0]`. The stub was added in 21537b818d
to fix compilation of https://github.com/ethereum/go-ethereum on OpenBSD,
which had docker/docker as dependency. It looks like that repository no
longer has this dependency, and as this was only to make the code
compilable, is unlikely to be a problem.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
