From 30b530ca949c97728600461edb0df2eca0e13c40 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 29 Jun 2024 19:26:09 +0200 Subject: [PATCH] libct/userns: split userns detection from internal userns code Commit 4316df8b53cce2933d7f0f3cf4bf87da67459835 isolated RunningInUserNS to a separate package to make it easier to consume without bringing in additional dependencies, and with the potential to move it separate in a similar fashion as libcontainer/user was moved to a separate module in commit ca32014adbc5bcdd1ec5862672c35c7d4cbd849d. While RunningInUserNS is fairly trivial to implement, it (or variants of this utility) is used in many codebases, and moving to a separate module could consolidate those implementations, as well as making it easier to consume without large dependency trees (when being a package as part of a larger code base). Commit 1912d5988bbb379189ea9ceb2e03945738c513dc and follow-ups introduced cgo code into the userns package, and code introduced in those commits are not intended for external use, therefore complicating the potential of moving the userns package separate. This commit moves the new code to a separate package; some of this code was included in v1.1.11 and up, but I could not find external consumers of `GetUserNamespaceMappings` and `IsSameMapping`. The `Mapping` and `Handles` types (added in ba0b5e26989f39d0bdadeeff38182902df781df6) only exist in main and in non-stable releases (v1.2.0-rc.x), so don't need an alias / deprecation. Signed-off-by: Sebastiaan van Stijn --- libcontainer/integration/exec_test.go | 4 ++-- libcontainer/{ => internal}/userns/userns_maps.c | 0 libcontainer/{ => internal}/userns/userns_maps_linux.go | 0 libcontainer/{ => internal}/userns/usernsfd_linux.go | 0 libcontainer/{ => internal}/userns/usernsfd_linux_test.go | 0 libcontainer/mount_linux.go | 2 +- libcontainer/process_linux.go | 2 +- libcontainer/specconv/spec_linux.go | 2 +- 8 files changed, 5 insertions(+), 5 deletions(-) rename libcontainer/{ => internal}/userns/userns_maps.c (100%) rename libcontainer/{ => internal}/userns/userns_maps_linux.go (100%) rename libcontainer/{ => internal}/userns/usernsfd_linux.go (100%) rename libcontainer/{ => internal}/userns/usernsfd_linux_test.go (100%) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 5a289ba7cb5..e8a2dc53c80 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -18,7 +18,7 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" @@ -724,7 +724,7 @@ func TestContainerState(t *testing.T) { {Type: configs.NEWNS}, {Type: configs.NEWUTS}, // host for IPC - //{Type: configs.NEWIPC}, + // {Type: configs.NEWIPC}, {Type: configs.NEWPID}, {Type: configs.NEWNET}, }) diff --git a/libcontainer/userns/userns_maps.c b/libcontainer/internal/userns/userns_maps.c similarity index 100% rename from libcontainer/userns/userns_maps.c rename to libcontainer/internal/userns/userns_maps.c diff --git a/libcontainer/userns/userns_maps_linux.go b/libcontainer/internal/userns/userns_maps_linux.go similarity index 100% rename from libcontainer/userns/userns_maps_linux.go rename to libcontainer/internal/userns/userns_maps_linux.go diff --git a/libcontainer/userns/usernsfd_linux.go b/libcontainer/internal/userns/usernsfd_linux.go similarity index 100% rename from libcontainer/userns/usernsfd_linux.go rename to libcontainer/internal/userns/usernsfd_linux.go diff --git a/libcontainer/userns/usernsfd_linux_test.go b/libcontainer/internal/userns/usernsfd_linux_test.go similarity index 100% rename from libcontainer/userns/usernsfd_linux_test.go rename to libcontainer/internal/userns/usernsfd_linux_test.go diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index f9b1adf51db..f2eaa937ee6 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -11,7 +11,7 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 3c3e797661a..9a2473f716e 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -23,9 +23,9 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" + "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/logs" "github.com/opencontainers/runc/libcontainer/system" - "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 5a09f74b1e3..ae08a827c1f 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -17,8 +17,8 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" + "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/seccomp" - "github.com/opencontainers/runc/libcontainer/userns" libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus"