mirror of
https://github.com/moby/moby.git
synced 2026-01-11 10:41:43 +00:00
2ce811e632
The userns package in libcontainer was integrated into the moby/sys/user
module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1].
The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.
[1]: 3778ae603c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
163 lines
5.5 KiB
YAML
163 lines
5.5 KiB
YAML
linters:
|
|
enable:
|
|
- depguard
|
|
- dupword # Checks for duplicate words in the source code.
|
|
- goimports
|
|
- gosec
|
|
- gosimple
|
|
- govet
|
|
- forbidigo
|
|
- importas
|
|
- ineffassign
|
|
- misspell
|
|
- revive
|
|
- staticcheck
|
|
- typecheck
|
|
- unconvert
|
|
- unused
|
|
|
|
disable:
|
|
- errcheck
|
|
|
|
run:
|
|
concurrency: 2
|
|
modules-download-mode: vendor
|
|
|
|
skip-dirs:
|
|
- docs
|
|
|
|
linters-settings:
|
|
dupword:
|
|
ignore:
|
|
- "true" # some tests use this as expected output
|
|
- "false" # some tests use this as expected output
|
|
- "root" # for tests using "ls" output with files owned by "root:root"
|
|
forbidigo:
|
|
forbid:
|
|
- pkg: ^sync/atomic$
|
|
p: ^atomic\.(Add|CompareAndSwap|Load|Store|Swap).
|
|
msg: Go 1.19 atomic types should be used instead.
|
|
analyze-types: true
|
|
importas:
|
|
# Do not allow unaliased imports of aliased packages.
|
|
no-unaliased: true
|
|
|
|
alias:
|
|
# Enforce alias to prevent it accidentally being used instead of our
|
|
# own errdefs package (or vice-versa).
|
|
- pkg: github.com/containerd/errdefs
|
|
alias: cerrdefs
|
|
- pkg: github.com/opencontainers/image-spec/specs-go/v1
|
|
alias: ocispec
|
|
|
|
govet:
|
|
check-shadowing: false
|
|
depguard:
|
|
rules:
|
|
main:
|
|
deny:
|
|
- pkg: io/ioutil
|
|
desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
|
|
- pkg: "github.com/stretchr/testify/assert"
|
|
desc: Use "gotest.tools/v3/assert" instead
|
|
- pkg: "github.com/stretchr/testify/require"
|
|
desc: Use "gotest.tools/v3/assert" instead
|
|
- pkg: "github.com/stretchr/testify/suite"
|
|
desc: Do not use
|
|
- pkg: "github.com/containerd/containerd/errdefs"
|
|
desc: The errdefs package has moved to a separate module, https://github.com/containerd/errdefs
|
|
- pkg: "github.com/containerd/containerd/log"
|
|
desc: The logs package has moved to a separate module, https://github.com/containerd/log
|
|
- pkg: "github.com/containerd/containerd/pkg/userns"
|
|
desc: Use github.com/moby/sys/user/userns instead.
|
|
- pkg: "github.com/opencontainers/runc/libcontainer/userns"
|
|
desc: Use github.com/moby/sys/user/userns instead.
|
|
revive:
|
|
rules:
|
|
# FIXME make sure all packages have a description. Currently, there's many packages without.
|
|
- name: package-comments
|
|
disabled: true
|
|
issues:
|
|
# The default exclusion rules are a bit too permissive, so copying the relevant ones below
|
|
exclude-use-default: false
|
|
|
|
exclude-rules:
|
|
# We prefer to use an "exclude-list" so that new "default" exclusions are not
|
|
# automatically inherited. We can decide whether or not to follow upstream
|
|
# defaults when updating golang-ci-lint versions.
|
|
# Unfortunately, this means we have to copy the whole exclusion pattern, as
|
|
# (unlike the "include" option), the "exclude" option does not take exclusion
|
|
# ID's.
|
|
#
|
|
# These exclusion patterns are copied from the default excluses at:
|
|
# https://github.com/golangci/golangci-lint/blob/v1.46.2/pkg/config/issues.go#L10-L104
|
|
|
|
# EXC0001
|
|
- text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked"
|
|
linters:
|
|
- errcheck
|
|
# EXC0006
|
|
- text: "Use of unsafe calls should be audited"
|
|
linters:
|
|
- gosec
|
|
# EXC0007
|
|
- text: "Subprocess launch(ed with variable|ing should be audited)"
|
|
linters:
|
|
- gosec
|
|
# EXC0008
|
|
# TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
|
|
- text: "(G104|G307)"
|
|
linters:
|
|
- gosec
|
|
# EXC0009
|
|
- text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
|
|
linters:
|
|
- gosec
|
|
# EXC0010
|
|
- text: "Potential file inclusion via variable"
|
|
linters:
|
|
- gosec
|
|
|
|
# Looks like the match in "EXC0007" above doesn't catch this one
|
|
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
|
|
- text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
|
|
linters:
|
|
- gosec
|
|
# Looks like the match in "EXC0009" above doesn't catch this one
|
|
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
|
|
- text: "G306: Expect WriteFile permissions to be 0600 or less"
|
|
linters:
|
|
- gosec
|
|
|
|
# Exclude some linters from running on tests files.
|
|
- path: _test\.go
|
|
linters:
|
|
- errcheck
|
|
- gosec
|
|
|
|
# Suppress golint complaining about generated types in api/types/
|
|
- text: "type name will be used as (container|volume)\\.(Container|Volume).* by other packages, and that stutters; consider calling this"
|
|
path: "api/types/(volume|container)/"
|
|
linters:
|
|
- revive
|
|
# FIXME temporarily suppress these (see https://github.com/gotestyourself/gotest.tools/issues/272)
|
|
- text: "SA1019: (assert|cmp|is)\\.ErrorType is deprecated"
|
|
linters:
|
|
- staticcheck
|
|
|
|
- text: "ineffectual assignment to ctx"
|
|
source: "ctx[, ].*=.*\\(ctx[,)]"
|
|
linters:
|
|
- ineffassign
|
|
|
|
- text: "SA4006: this value of `ctx` is never used"
|
|
source: "ctx[, ].*=.*\\(ctx[,)]"
|
|
linters:
|
|
- staticcheck
|
|
|
|
# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
|
|
max-issues-per-linter: 0
|
|
|
|
# Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
|
|
max-same-issues: 0
|