devices: move libcontainer/devices to moby/sys#212
Open
devices: move libcontainer/devices to moby/sys#212
Conversation
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: John Howard <jhoward@microsoft.com>
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
getDevices() has been updated to skip `/dev/.lxc` and `/dev/.lxd-mounts`, which was breaking privileged Docker containers running on runC, inside of LXD managed Linux Containers Signed-off-by: Carlton-Semple <carlton.semple@ibm.com>
Signed-off-by: Carlton-Semple <carlton.semple@ibm.com>
FreeBSD does not support cgroups or namespaces, which the code suggested, and is not supported in runc anyway right now. So clean up the file naming to use `_linux` where appropriate. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Clean up unix vs linux usage
Since syscall is outdated and broken for some architectures, use x/sys/unix instead. There are still some dependencies on the syscall package that will remain in syscall for the forseeable future: Errno Signal SysProcAttr Additionally: - os still uses syscall, so it needs to be kept for anything returning *os.ProcessState, such as process.Wait. Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Refactor DeviceFromPath in order to get rid of package syscall and directly use the functions from x/sys/unix. This also allows to get rid of the conversion from the OS-independent file mode values (from the os package) to Linux specific values and instead let's us use the raw file mode value directly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
libcontainer: one more switch from syscall to x/sys/unix
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Before this change, some file type would be treated as char devices (e.g. symlinks). Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
The Major and Minor functions were added for Linux in golang/sys@85d1495 which is already vendored in. Use these functions instead of the local re-implementation. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
libcontainer: use Major/Minor from x/sys/unix
runc is not supported on FreeBSD, so remove all FreeBSD specific bits. As suggested by @crosbymichael in #1653 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
runc currently only support Linux platform, and since we dont intend to expose the support to other platform, removing all other platforms placeholder code. `libcontainer/configs` still being used in https://github.com/moby/moby/blob/master/daemon/daemon_windows.go so keeping it for now. After this, we probably should also rename files to drop linux suffices if possible. Signed-off-by: Daniel Dao <dqminh89@gmail.com>
It turns out that MIPS uses uint32 in the device number returned by stat(2), so explicitly wrap everything to make the compiler happy. I really wish that Go had C-like numeric type promotion. Signed-off-by: Aleksa Sarai <asarai@suse.de>
Closes: #2093 Signed-off-by: Erik Sipsma <sipsma@amazon.com>
Signed-off-by: sashayakovtseva <sasha@sylabs.io>
Making them the same type is simply confusing, but also means that you could accidentally use one in the wrong context. This eliminates that problem. This also includes a whole bunch of cleanups for the types within DeviceRule, so that they can be used more ergonomically. Signed-off-by: Aleksa Sarai <asarai@suse.de>
(mode&S_IFCHR == S_IFCHR) is the wrong way of checking the type of an inode because the S_IF* bits are actually not a bitmask and instead must be checked using S_IF*. This bug was neatly hidden behind a (major == 0) sanity-check but that was removed by [1]. In addition, add a test that makes sure that HostDevices() doesn't give rubbish results -- because we broke this and fixed this before[2]. [1]: e0224a6 ("configs: use different types for .Devices and .Resources.Devices") [2]: 058bfbb ("Handle non-devices correctly in DeviceFromPath") Fixes: 38d4b67 ("libcontainer: one more switch from syscall to x/sys/unix") Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Aleksa Sarai (1): devices: correctly check device types LGTMs: @AkihiroSuda @mrunalp Closes #2529
Move the Device-related types to libcontainer/devices, so that the package can be used in isolation. Aliases have been created in libcontainer/configs for backward compatibility. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
libcontainer: fix the file mode of the device
Allows importing this package on Windows (for the types) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was initially added by commit d78ee47154eee7 but later moved from libcontainer/configs to libcontainer/devices by commit ee96d80. Looks like since commit ee96d80 and also [1] there is no use for this, thus removing. [1] containers/buildah#2652 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Go 1.17 introduce this new (and better) way to specify build tags. For more info, see https://golang.org/design/draft-gobuild. As a way to seamlessly switch from old to new build tags, gofmt (and gopls) from go 1.17 adds the new tags along with the old ones. Later, when go < 1.17 is no longer supported, the old build tags can be removed. Now, as I started to use latest gopls (v0.7.1), it adds these tags while I edit. Rather than to randomly add new build tags, I guess it is better to do it once for all files. Mind that previous commits removed some tags that were useless, so this one only touches packages that can at least be built on non-linux. Brought to you by go1.17 fmt ./... Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
See https://golang.org/doc/go1.16#ioutil Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Require go 1.17 from now on, since go 1.16 is no longer supported. Drop go1.16 compatibility. NOTE we also have to install go 1.18 from Vagrantfile, because Fedora 35 comes with Go 1.16.x which can't be used. Note the changes to go.mod and vendor are due to https://go.dev/doc/go1.17#tools Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Removed pre-go1.17 build-tags with go fix;
go fix -mod=readonly ./...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
remove pre-go1.17 build-tags
Currently, libcontainer/devices contains two things: 1. Device-related configuration data structures and accompanying methods. Those are used by runc itself, mostly by libct/cgroups. 2. A few functions (HostDevices, DeviceFromPath, GetDevices). Those are not used by runc directly, but have some external users (cri-o, microsoft/hcsshim), and they also have a few forks (containerd/pkg/oci, podman/pkg/util). This commit moves (1) to a new separate package, config (under libcontainer/cgroups/devices), adding a backward-compatible aliases (marked as deprecated so we will be able to remove those later). Alas it's not possible to move this to libcontainer/cgroups directly because some IDs (Type, Rule, Permissions) are too generic, and renaming them (to DeviceType, DeviceRule, DevicePermissions) will break backward compatibility (mostly due to Rule being embedded into Device). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
libct/devices: move config to libct/cg/devices/config
This removes libcontainer/cgroups packages and starts
using those from github.com/opencontainers/cgroups repo.
Mostly generated by:
git rm -f libcontainer/cgroups
find . -type f -name "*.go" -exec sed -i \
's|github.com/opencontainers/runc/libcontainer/cgroups|github.com/opencontainers/cgroups|g' \
{} +
go get github.com/opencontainers/cgroups@v0.0.1
make vendor
gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kir Kolyshkin (1): Switch to opencontainers/cgroups LGTMs: lifubang cyphar
This silences all of the "should have a package comment" lint warnings from golangci-lint. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Aleksa Sarai (1): lint/revive: add package doc comments LGTMs: lifubang kolyshkin
Signed-off-by: Curd Becker <me@curd-becker.de>
Aleksa Sarai (5): lint/revive: add package doc comments Revert "libct/devices: change devices.Type to be a string" devices: correctly check device types configs: use different types for .Devices and .Resources.Devices libcontainer: devices: fix mips builds Carlton-Semple (2): Added comment linking to LXD issue 2825 Update devices_unix.go for LXD Christy Perez (1): Move libcontainer to x/sys/unix Curd Becker (1): Replace os.Is* error checking functions with their errors.Is counterpart Daniel Dao (1): remove placeholder for non-linux platforms Erik Sipsma (1): Skip searching /dev/.udev for device nodes. Kir Kolyshkin (9): Switch to opencontainers/cgroups libct/devices: move config to libct/cg/devices/config Drop go 1.16 Remove io/ioutil use *: add go-1.17+ go:build tags ci: enable unconvert linter, fix its warnings *: use errors.As and errors.Is Use gofumpt to format code libcontainer/devices/device_windows.go: rm Iceber Gu (1): libcontainer: fix the file mode of the device John Howard (1): Windows: Tidy libcontainer\devices Justin Cormack (1): Clean up unix vs linux usage Kenfe-Mickael Laventure (2): Handle non-devices correctly in DeviceFromPath Fix condition to detect device type in DeviceFromPath Michael Crosby (2): Update import paths for new repository Move libcontainer into subdirectory Mrunal Patel (1): Don't add device to list if it doesn't exist anymore Sasha Yakovtseva (1): Make get devices function public Sebastiaan van Stijn (6): remove pre-go1.17 build-tags libct/devices: change devices.Type to be a string libcontainer/devices: fix godoc (golint) Fix build-tags in libcontainer/devices libcontainer/devices: remove "Device" prefix from types libcontainer: isolate libcontainer/devices Tobias Klauser (3): libcontainer: drop FreeBSD support libcontainer: use Major/Minor from x/sys/unix libcontainer: one more switch from syscall to x/sys/unix Yuanhong Peng (1): Fix typo. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
cyphar
force-pushed
the
devices
branch
2 times, most recently
from
4a33056 to
eec528d
Compare
This was referenced Mar 4, 2026
kolyshkin
reviewed
Mar 4, 2026
kolyshkin
reviewed
Mar 4, 2026
cyphar
force-pushed
the
devices
branch
3 times, most recently
from
788f7a8 to
83e8cc9
Compare
The original file did not have a license header, but given that the code comes from a different project it seems prudent to at least mention which contributors the code came from. The detailed commit history (and thus authorship) is maintained in the subtree-merge. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
These are old APIs from runc that we should not export at all. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
macOS appears to have major-0 devices in /dev, so we should only error this test out on Linux (where that is not the case). Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This is migrated from runc's libcontainer/devices, as this package has only ever really been used outside of runc to generate device configurations, so it makes more sense for it to live in github.com/moby/sys. With regards to the go.mod used, github.com/opencontainers/cgroups requires Go 1.24, but aside from that all of these requirements are as minimal as possible. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is migrated from runc's libcontainer/devices, as this package has
only ever really been used outside of runc to generate device
configurations, so it makes more sense for it to live in
github.com/moby/sys.
With regards to the go.mod used, github.com/opencontainers/cgroups
requires Go 1.24, but aside from that all of these requirements are as
minimal as possible.
This merge was generated with
git filter-repo --path-glob="libcontainer/devices/*" --path-rename=libcontainer/devices:devices. This does lose some of the pre-2015 history (opencontainers/runc@8f97d39 movedlibcontainerinto a subdirectory which means that thelibcontainer/devicesglob is missing commits before then) but this should be sufficient...Fixes #181