merge branch 'pr-1478'

LGTMs: @cyphar @crosbymichael Closes #1478
opencontainers · Jun 7, 2017 · ea35825 · ea35825
2 parents 3723495 + 553016d
commit ea35825
Show file tree

Hide file tree

Showing 14 changed files with 107 additions and 76 deletions.
diff --git a/exec.go b/exec.go
@@ -208,5 +208,5 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) {
 		}
 		p.User.UID = uint32(uid)
 	}
-	return &p, nil
+	return p, nil
 }
diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go
@@ -11,6 +11,8 @@ import (
 	"github.com/opencontainers/runc/libcontainer/seccomp"
 	"github.com/opencontainers/runc/libcontainer/system"
 	"github.com/opencontainers/selinux/go-selinux/label"
+
+	"golang.org/x/sys/unix"
 )
 
 // linuxSetnsInit performs the container's initialization for running a new process
@@ -41,7 +43,7 @@ func (l *linuxSetnsInit) Init() error {
 		}
 	}
 	if l.config.NoNewPrivileges {
-		if err := system.Prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil {
+		if err := unix.Prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil {
 			return err
 		}
 	}

diff --git a/libcontainer/specconv/example.go b/libcontainer/specconv/example.go
@@ -23,7 +23,7 @@ func Example() *specs.Spec {
 			Path:     "rootfs",
 			Readonly: true,
 		},
-		Process: specs.Process{
+		Process: &specs.Process{
 			Terminal: true,
 			User:     specs.User{},
 			Args: []string{

diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
@@ -230,8 +230,8 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 		config.ProcessLabel = spec.Process.SelinuxLabel
 	}
 	config.Sysctl = spec.Linux.Sysctl
-	if spec.Linux.Resources != nil && spec.Linux.Resources.OOMScoreAdj != nil {
-		config.OomScoreAdj = *spec.Linux.Resources.OOMScoreAdj
+	if spec.Process != nil && spec.Process.OOMScoreAdj != nil {
+		config.OomScoreAdj = *spec.Process.OOMScoreAdj
 	}
 	if spec.Process.Capabilities != nil {
 		config.Capabilities = &configs.Capabilities{

diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go
@@ -128,7 +128,7 @@ func (l *linuxStandardInit) Init() error {
 		return err
 	}
 	if l.config.NoNewPrivileges {
-		if err := system.Prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil {
+		if err := unix.Prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil {
 			return err
 		}
 	}

diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go
@@ -133,13 +133,5 @@ func RunningInUserNS() bool {
 
 // SetSubreaper sets the value i as the subreaper setting for the calling process
 func SetSubreaper(i int) error {
-	return Prctl(PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0)
-}
-
-func Prctl(option int, arg2, arg3, arg4, arg5 uintptr) (err error) {
-	_, _, e1 := unix.Syscall6(unix.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
+	return unix.Prctl(PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0)
 }
diff --git a/spec.go b/spec.go
@@ -134,7 +134,7 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) {
 	if err = validatePlatform(&spec.Platform); err != nil {
 		return nil, err
 	}
-	return spec, validateProcessSpec(&spec.Process)
+	return spec, validateProcessSpec(spec.Process)
 }
 
 func createLibContainerRlimit(rlimit specs.LinuxRlimit) (configs.Rlimit, error) {

diff --git a/tests/integration/update.bats b/tests/integration/update.bats
@@ -31,7 +31,7 @@ function setup() {
         "cpus": "0"
     },
     "blockio": {
-        "blkioWeight": 1000
+        "weight": 1000
     },
     "pids": {
         "limit": 20
@@ -184,7 +184,7 @@ function check_cgroup_value() {
     "cpus": "0"
   },
   "blockIO": {
-    "blkioWeight": 1000
+    "weight": 1000
   },
   "pids": {
     "limit": 20
@@ -235,7 +235,7 @@ EOF
     "cpus": "0"
   },
   "blockIO": {
-    "blkioWeight": 1000
+    "weight": 1000
   },
   "pids": {
     "limit": 20

diff --git a/update.go b/update.go
@@ -47,7 +47,7 @@ The accepted format is as follow (unchanged values can be omitted):
     "mems": ""
   },
   "blockIO": {
-    "blkioWeight": 0
+    "weight": 0
   }
 }
 

diff --git a/utils_linux.go b/utils_linux.go
@@ -392,5 +392,5 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp
 		action:          action,
 		criuOpts:        criuOpts,
 	}
-	return r.run(&spec.Process)
+	return r.run(spec.Process)
 }
diff --git a/vendor.conf b/vendor.conf
@@ -1,7 +1,7 @@
 # OCI runtime-spec. When updating this, make sure you use a version tag rather
 # than a commit ID so it's much more obvious what version of the spec we are
 # using.
-github.com/opencontainers/runtime-spec v1.0.0-rc5
+github.com/opencontainers/runtime-spec 239c4e44f2a612ed85f6db9c66247aa33f437e91
 # Core libcontainer functionality.
 github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
 github.com/opencontainers/selinux v1.0.0-rc1

diff --git a/vendor/github.com/opencontainers/runtime-spec/README.md b/vendor/github.com/opencontainers/runtime-spec/README.md