Skip to content

Commit

Permalink
Merge pull request #346 from thaJeztah/migrate_userns
Browse files Browse the repository at this point in the history
deprecate RunningInUserNS(), migrate to github.com/moby/sys/userns
  • Loading branch information
estesp authored Aug 29, 2024
2 parents 0c03de4 + 6f4af8b commit 190de3b
Showing 7 changed files with 14 additions and 33 deletions.
4 changes: 2 additions & 2 deletions cgroup1/subsystem.go
Original file line number Diff line number Diff line change
@@ -20,8 +20,8 @@ import (
"fmt"
"os"

"github.com/containerd/cgroups/v3"
v1 "github.com/containerd/cgroups/v3/cgroup1/stats"
"github.com/moby/sys/userns"
specs "github.com/opencontainers/runtime-spec/specs-go"
)

@@ -60,7 +60,7 @@ func Subsystems() []Name {
Blkio,
Rdma,
}
if !cgroups.RunningInUserNS() {
if !userns.RunningInUserNS() {
n = append(n, Devices)
}
if _, err := os.Stat("/sys/kernel/mm/hugepages"); err == nil {
3 changes: 2 additions & 1 deletion cgroup1/utils.go
Original file line number Diff line number Diff line change
@@ -28,6 +28,7 @@ import (

"github.com/containerd/cgroups/v3"
units "github.com/docker/go-units"
"github.com/moby/sys/userns"
specs "github.com/opencontainers/runtime-spec/specs-go"
)

@@ -53,7 +54,7 @@ func defaults(root string) ([]Subsystem, error) {
}
// only add the devices cgroup if we are not in a user namespace
// because modifications are not allowed
if !cgroups.RunningInUserNS() {
if !userns.RunningInUserNS() {
s = append(s, NewDevices(root))
}
// add the hugetlb cgroup if error wasn't due to missing hugetlb
1 change: 1 addition & 0 deletions cmd/go.mod
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@ require (
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect
github.com/godbus/dbus/v5 v5.0.4 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/opencontainers/runtime-spec v1.0.2 // indirect
github.com/russross/blackfriday/v2 v2.0.1 // indirect
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
2 changes: 2 additions & 0 deletions cmd/go.sum
Original file line number Diff line number Diff line change
@@ -20,6 +20,8 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0=
github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
@@ -8,6 +8,7 @@ require (
github.com/coreos/go-systemd/v22 v22.3.2
github.com/docker/go-units v0.5.0
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/userns v0.1.0
github.com/opencontainers/runtime-spec v1.0.2
github.com/stretchr/testify v1.8.4
go.uber.org/goleak v1.1.12
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -22,6 +22,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0=
github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
34 changes: 4 additions & 30 deletions utils.go
Original file line number Diff line number Diff line change
@@ -25,12 +25,11 @@ import (
"strings"
"sync"

"github.com/moby/sys/userns"
"golang.org/x/sys/unix"
)

var (
nsOnce sync.Once
inUserNS bool
checkMode sync.Once
cgMode CGMode
)
@@ -77,35 +76,10 @@ func Mode() CGMode {

// RunningInUserNS detects whether we are currently running in a user namespace.
// Copied from github.com/lxc/lxd/shared/util.go
//
// Deprecated: use [userns.RunningInUserNS].
func RunningInUserNS() bool {
nsOnce.Do(func() {
file, err := os.Open("/proc/self/uid_map")
if err != nil {
// This kernel-provided file only exists if user namespaces are supported
return
}
defer file.Close()

buf := bufio.NewReader(file)
l, _, err := buf.ReadLine()
if err != nil {
return
}

line := string(l)
var a, b, c int64
fmt.Sscanf(line, "%d %d %d", &a, &b, &c)

/*
* We assume we are in the initial user namespace if we have a full
* range - 4294967295 uids starting at uid 0.
*/
if a == 0 && b == 0 && c == 4294967295 {
return
}
inUserNS = true
})
return inUserNS
return userns.RunningInUserNS()
}

// ParseCgroupFileUnified returns legacy subsystem paths as the first value,

0 comments on commit 190de3b

Please sign in to comment.