Hello community, here is the log from the commit of package runc for openSUSE:Factory checked in at 2017-05-20 10:13:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/runc (Old) and /work/SRC/openSUSE:Factory/.runc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "runc" Sat May 20 10:13:19 2017 rev:12 rq:494718 version:0.1.1+gitr2947_9c2d8d1 Changes: -------- --- /work/SRC/openSUSE:Factory/runc/runc.changes 2017-04-17 10:26:23.213571574 +0200 +++ /work/SRC/openSUSE:Factory/.runc.new/runc.changes 2017-05-20 10:13:26.873709051 +0200 @@ -1,0 +2,33 @@ +Thu May 4 19:04:49 UTC 2017 - jmassaguer...@suse.com + +- fix the golang requirement to 1.7 to the subpackages + +------------------------------------------------------------------- +Tue May 2 15:49:41 UTC 2017 - jmassaguer...@suse.com + +- fix golang requirement to 1.7 + +------------------------------------------------------------------- +Fri Apr 28 16:16:00 UTC 2017 - jeng...@inai.de + +- Substitute %__-type macro indirections + +------------------------------------------------------------------- +Thu Apr 13 16:34:03 UTC 2017 - jmassaguer...@suse.com + +- update version to the one required by docker-17.04.0-ce (bsc#1034053) + remove ignore_cgroup2_mountpoint.patch . This is already included in + the upstream source code. + +------------------------------------------------------------------- +Wed Apr 12 09:55:28 UTC 2017 - jmassaguer...@suse.com + +- Make sure this is being built with go 1.7 + +------------------------------------------------------------------- +Tue Apr 11 15:37:36 UTC 2017 - jmassaguer...@suse.com + +- remove the go_arches macro because we are using go1.7 which + is available in all archs + +------------------------------------------------------------------- Old: ---- ignore_cgroup2_mountpoint.patch runc-git.2f7393a.tar.xz New: ---- runc-git.9c2d8d1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ runc.spec ++++++ --- /var/tmp/diff_new_pack.8jeepG/_old 2017-05-20 10:13:27.493621463 +0200 +++ /var/tmp/diff_new_pack.8jeepG/_new 2017-05-20 10:13:27.493621463 +0200 @@ -16,37 +16,19 @@ # -# Check if go_arches is defined in the project configuration -# Otherwise, define it here -# In order to define it in the project configuration, see -# -# https://en.opensuse.org/openSUSE:Build%20Service%20prjconf#Macros -# -# The Macros tag is the one that defines the go_arches variable to be used -# in the spec file. -# The "define" one is to help the specfile parser of the buildservice -# to see what packages are being built. You also want to define it here -# for keeping things consistent. - -%{!?go_arches: %global go_arches %ix86 x86_64 aarch64 ppc64le} - -%ifarch %go_arches %define go_tool go -%else -%define go_tool go-6 -%endif # MANUAL: Update the git_version and git_revision # FIX-OPENSUSE: This will be removed as soon as we move Docker's runC fork into # a separate package. This whole versioning mess is caused by # Docker vendoring non-releases of runC. -%define git_version 2f7393a +%define git_version 9c2d8d1 # How to get the git_revision # git clone ${url}.git runc-upstream # cd runc-upstream # git checkout $git_version # git_revision=r$(git rev-list HEAD | wc -l) -%define git_revision r2942 +%define git_revision r2947 %define version_unconverted %{git_version} Name: runc @@ -58,15 +40,11 @@ Url: https://github.com/opencontainers/runc Source: %{name}-git.%{git_version}.tar.xz Patch0: CVE-2016-9962.patch -Patch1: ignore_cgroup2_mountpoint.patch BuildRequires: fdupes -%ifarch %go_arches -BuildRequires: go >= 1.5 +# Make sure we require go 1.7 BuildRequires: go-go-md2man -%else -BuildRequires: gcc6-go >= 6.1 -%endif BuildRequires: libapparmor-devel +BuildRequires: golang(API) = 1.7 # Seccomp isn't supported on aarch64. %ifnarch aarch64 BuildRequires: libseccomp-devel @@ -83,13 +61,10 @@ %package test Summary: Test package for runc +# Make sure we require go 1.7 Group: System/Management -%ifarch %go_arches -Requires: go >= 1.5 +BuildRequires: golang(API) = 1.7 Requires: go-go-md2man -%else -Requires: gcc6-go >= 6.1 -%endif Requires: libapparmor-devel # Seccomp isn't supported on aarch64. %ifnarch aarch64 @@ -105,9 +80,6 @@ %prep %setup -q -n %{name}-git.%{git_version} %patch0 -p1 -%if 0%{?suse_version} > 1320 -%patch1 -p1 -%endif %build # Do not use symlinks. If you want to run the unit tests for this package at @@ -132,11 +104,8 @@ %go_tool build "$BUILDFLAGS" -tags "$BUILDTAGS" -x -o %{name}-%{version} github.com/opencontainers/%{name} # Build man pages, this can only be done on arches where we can build go-md2man. -%ifarch %go_arches man/md2man-all.sh -%endif -%ifarch %go_arches %check export GOPATH=$HOME/go/src/github.com/opencontainers/runc/Godeps/_workspace:$GOPATH cd $HOME/go/src/github.com/opencontainers/runc @@ -148,10 +117,9 @@ | grep -v 'github.com/opencontainers/runc/libcontainer/user$' \ | grep -v 'github.com/opencontainers/runc/libcontainer/xattr$') go test -timeout 3m -tags "$BUILDTAGS" -v $PKG_LIST -%endif %install -%{__install} -D -m755 %{name}-%{version} %{buildroot}%{_sbindir}/%{name} +install -D -m755 %{name}-%{version} %{buildroot}%{_sbindir}/%{name} install -d -m755 %{buildroot}/usr/src/runc/ cp -avr $HOME/go/src/github.com/opencontainers/runc/* %{buildroot}/usr/src/runc/ @@ -159,10 +127,8 @@ install -d -m755 %{buildroot}/%{_bindir} ln -s /usr/sbin/runc %{buildroot}/%{_bindir}/docker-runc -%ifarch %go_arches -%{__install} -d -m755 %{buildroot}%{_mandir}/man8 -%{__install} -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8 -%endif +install -d -m755 %{buildroot}%{_mandir}/man8 +install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8 %fdupes %{buildroot}/%{_prefix} @@ -174,9 +140,7 @@ %{_sbindir}/%{name} %{_bindir}/docker-runc -%ifarch %go_arches %{_mandir}/man8/runc*.8.gz -%endif %files test %defattr(-,root,root) ++++++ _service ++++++ --- /var/tmp/diff_new_pack.8jeepG/_old 2017-05-20 10:13:27.533615812 +0200 +++ /var/tmp/diff_new_pack.8jeepG/_new 2017-05-20 10:13:27.533615812 +0200 @@ -8,7 +8,7 @@ <param name="scm">git</param> <param name="filename">runc</param> <param name="versionformat">git.%h</param> - <param name="revision">2f7393a47307a16f8cee44a37b262e8b81021e3e</param> + <param name="revision">9c2d8d184e5da67c95d601382adf14862e4f2228</param> <param name="exclude">.git</param> </service> <service name="recompress" mode="disabled"> ++++++ runc-git.2f7393a.tar.xz -> runc-git.9c2d8d1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-git.2f7393a/libcontainer/cgroups/systemd/apply_systemd.go new/runc-git.9c2d8d1/libcontainer/cgroups/systemd/apply_systemd.go --- old/runc-git.2f7393a/libcontainer/cgroups/systemd/apply_systemd.go 2017-01-11 02:42:53.000000000 +0100 +++ new/runc-git.9c2d8d1/libcontainer/cgroups/systemd/apply_systemd.go 2017-03-10 17:11:33.000000000 +0100 @@ -269,6 +269,13 @@ newProp("CPUShares", uint64(c.Resources.CpuShares))) } + // cpu.cfs_quota_us and cpu.cfs_period_us are controlled by systemd. + if c.Resources.CpuQuota != 0 && c.Resources.CpuPeriod != 0 { + cpuQuotaPerSecUSec := c.Resources.CpuQuota * 1000000 / c.Resources.CpuPeriod + properties = append(properties, + newProp("CPUQuotaPerSecUSec", uint64(cpuQuotaPerSecUSec))) + } + if c.Resources.BlkioWeight != 0 { properties = append(properties, newProp("BlockIOWeight", uint64(c.Resources.BlkioWeight))) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-git.2f7393a/libcontainer/cgroups/utils.go new/runc-git.9c2d8d1/libcontainer/cgroups/utils.go --- old/runc-git.2f7393a/libcontainer/cgroups/utils.go 2017-01-11 02:42:53.000000000 +0100 +++ new/runc-git.9c2d8d1/libcontainer/cgroups/utils.go 2017-03-10 17:11:33.000000000 +0100 @@ -149,7 +149,7 @@ if sepIdx == -1 { return nil, fmt.Errorf("invalid mountinfo format") } - if txt[sepIdx+3:sepIdx+9] != "cgroup" { + if txt[sepIdx+3:sepIdx+10] == "cgroup2" || txt[sepIdx+3:sepIdx+9] != "cgroup" { continue } fields := strings.Split(txt, " ") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-git.2f7393a/libcontainer/cgroups/utils_test.go new/runc-git.9c2d8d1/libcontainer/cgroups/utils_test.go --- old/runc-git.2f7393a/libcontainer/cgroups/utils_test.go 2017-01-11 02:42:53.000000000 +0100 +++ new/runc-git.9c2d8d1/libcontainer/cgroups/utils_test.go 2017-03-10 17:11:33.000000000 +0100 @@ -93,6 +93,34 @@ 136 117 0:12 /1 /dev/console rw,nosuid,noexec,relatime - devpts none rw,gid=5,mode=620,ptmxmode=000 84 115 0:40 / /tmp rw,relatime - tmpfs none rw` +const cgroup2Mountinfo = `18 64 0:18 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel +19 64 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw +20 64 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=8171204k,nr_inodes=2042801,mode=755 +21 18 0:19 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw +22 20 0:20 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel +23 20 0:21 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000 +24 64 0:22 / /run rw,nosuid,nodev shared:24 - tmpfs tmpfs rw,seclabel,mode=755 +25 18 0:23 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755 +26 25 0:24 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup2 cgroup rw +27 18 0:25 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw,seclabel +28 18 0:26 / /sys/firmware/efi/efivars rw,nosuid,nodev,noexec,relatime shared:21 - efivarfs efivarfs rw +29 25 0:27 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,cpu,cpuacct +30 25 0:28 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,memory +31 25 0:29 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,net_cls,net_prio +32 25 0:30 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,blkio +33 25 0:31 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event +34 25 0:32 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,hugetlb +35 25 0:33 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,freezer +36 25 0:34 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,cpuset +37 25 0:35 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,devices +38 25 0:36 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,pids +61 18 0:37 / /sys/kernel/config rw,relatime shared:22 - configfs configfs rw +64 0 253:0 / / rw,relatime shared:1 - ext4 /dev/mapper/fedora_dhcp--16--129-root rw,seclabel,data=ordered +39 18 0:17 / /sys/fs/selinux rw,relatime shared:23 - selinuxfs selinuxfs rw +40 20 0:16 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel +41 20 0:39 / /dev/hugepages rw,relatime shared:26 - hugetlbfs hugetlbfs rw,seclabel +` + func TestGetCgroupMounts(t *testing.T) { type testData struct { mountInfo string @@ -245,3 +273,30 @@ } } + +func TestIgnoreCgroup2Mount(t *testing.T) { + subsystems := map[string]bool{ + "cpuset": true, + "cpu": true, + "cpuacct": true, + "memory": true, + "devices": true, + "freezer": true, + "net_cls": true, + "blkio": true, + "perf_event": true, + "pids": true, + "name=systemd": true, + } + + mi := bytes.NewBufferString(cgroup2Mountinfo) + cgMounts, err := getCgroupMountsHelper(subsystems, mi, false) + if err != nil { + t.Fatal(err) + } + for _, m := range cgMounts { + if m.Mountpoint == "/sys/fs/cgroup/systemd" { + t.Errorf("parsed a cgroup2 mount at /sys/fs/cgroup/systemd instead of ignoring it") + } + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-git.2f7393a/libcontainer/label/label_selinux.go new/runc-git.9c2d8d1/libcontainer/label/label_selinux.go --- old/runc-git.2f7393a/libcontainer/label/label_selinux.go 2017-01-11 02:42:53.000000000 +0100 +++ new/runc-git.9c2d8d1/libcontainer/label/label_selinux.go 2017-03-10 17:11:33.000000000 +0100 @@ -33,19 +33,15 @@ pcon := selinux.NewContext(processLabel) mcon := selinux.NewContext(mountLabel) for _, opt := range options { - val := strings.SplitN(opt, "=", 2) - if val[0] != "label" { - continue - } - if len(val) < 2 { - return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt) - } - if val[1] == "disable" { + if opt == "disable" { return "", "", nil } - con := strings.SplitN(val[1], ":", 2) - if len(con) < 2 || !validOptions[con[0]] { - return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type'", con[0]) + if i := strings.Index(opt, ":"); i == -1 { + return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt) + } + con := strings.SplitN(opt, ":", 2) + if !validOptions[con[0]] { + return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type'", con[0]) } pcon[con[0]] = con[1] @@ -146,7 +142,7 @@ fileLabel = c.Get() } if err := selinux.Chcon(path, fileLabel, true); err != nil { - return fmt.Errorf("SELinux relabeling of %s is not allowed: %q", path, err) + return err } return nil } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-git.2f7393a/libcontainer/label/label_selinux_test.go new/runc-git.9c2d8d1/libcontainer/label/label_selinux_test.go --- old/runc-git.2f7393a/libcontainer/label/label_selinux_test.go 2017-01-11 02:42:53.000000000 +0100 +++ new/runc-git.9c2d8d1/libcontainer/label/label_selinux_test.go 2017-03-10 17:11:33.000000000 +0100 @@ -18,7 +18,7 @@ t.Log("InitLabels Failed") t.Fatal(err) } - testDisabled := []string{"label=disable"} + testDisabled := []string{"disable"} roMountLabel := GetROMountLabel() if roMountLabel == "" { t.Errorf("GetROMountLabel Failed") @@ -32,7 +32,7 @@ t.Log("InitLabels Disabled Failed") t.FailNow() } - testUser := []string{"label=user:user_u", "label=role:user_r", "label=type:user_t", "label=level:s0:c1,c15"} + testUser := []string{"user:user_u", "role:user_r", "type:user_t", "level:s0:c1,c15"} plabel, mlabel, err = InitLabels(testUser) if err != nil { t.Log("InitLabels User Failed") @@ -44,7 +44,7 @@ t.Fatal(err) } - testBadData := []string{"label=user", "label=role:user_r", "label=type:user_t", "label=level:s0:c1,c15"} + testBadData := []string{"user", "role:user_r", "type:user_t", "level:s0:c1,c15"} if _, _, err = InitLabels(testBadData); err == nil { t.Log("InitLabels Bad Failed") t.Fatal(err)