integrate libcontainer/userns into moby/sys/user #140

Moving these utilities to a separate package, so that consumers of this package don't have to pull in the whole "system" package. Looking at uses of these utilities (outside of runc itself); `RunningInUserNS()` is used by [various external consumers][1], so adding a "Deprecated" alias for this. [1]: https://grep.app/search?current=2&q=.RunningInUserNS Signed-off-by: Sebastiaan van Stijn <[email protected]>

For files that end with _linux.go or _linux_test.go, there is no need to specify linux build tag, as it is assumed from the file name. In addition, rename libcontainer/notify_linux_v2.go -> libcontainer/notify_v2_linux.go for the file name to make sense. Signed-off-by: Kir Kolyshkin <[email protected]>

Go 1.17 introduce this new (and better) way to specify build tags. For more info, see https://golang.org/design/draft-gobuild. As a way to seamlessly switch from old to new build tags, gofmt (and gopls) from go 1.17 adds the new tags along with the old ones. Later, when go < 1.17 is no longer supported, the old build tags can be removed. Now, as I started to use latest gopls (v0.7.1), it adds these tags while I edit. Rather than to randomly add new build tags, I guess it is better to do it once for all files. Mind that previous commits removed some tags that were useless, so this one only touches packages that can at least be built on non-linux. Brought to you by go1.17 fmt ./... Signed-off-by: Kir Kolyshkin <[email protected]>

This makes libcontainer/userns self-dependent, largely returning to the original implementation from lxc. The `uiMapInUserNS` is kept as a separate function for unit-testing and fuzzing. Signed-off-by: Sebastiaan van Stijn <[email protected]>

Removed pre-go1.17 build-tags with go fix; go fix -mod=readonly ./... Signed-off-by: Sebastiaan van Stijn <[email protected]>

This was a poor decision on my side; ab29593 moved this utility to a separate package, and split the exported function from the implementation (and stubs). Out of convenience, I used an alias for the latter part, but there's two downsides to that; - `RunningInUserNS` being an exported var means that (technically) it can be replaced by other code; perhaps that's a "feature", but not one we intended it to be used for. - `RunningInUserNS` being implemented through a var / alias means it's also documented as such on [pkg.go.dev], which is confusing. This patch changes it to a regular function, acting as a wrapper for the underlying implementations. While at it, also slightly touching up the GoDoc to describe its functionality / behavior. [pkg.go.dev]: https://pkg.go.dev/github.com/opencontainers/[email protected]/libcontainer/userns#RunningInUserNS Signed-off-by: Sebastiaan van Stijn <[email protected]>

The fuzzer for this only runs on Linux; rename the file to be Linux-only so that we don't have to stub out the uidMapInUserNS function. Signed-off-by: Sebastiaan van Stijn <[email protected]>

Now that we dropped support for go < 1.21, we can use this; moving the sync.once out of the runningInUserNS() implementation would also allow for it to be more easily tested if we'd decide to. Signed-off-by: Sebastiaan van Stijn <[email protected]>

Signed-off-by: Sebastiaan van Stijn <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

integrate libcontainer/userns into moby/sys/user #140

integrate libcontainer/userns into moby/sys/user #140

Commits on Jul 24, 2024