diff --git a/go.mod b/go.mod index 2df1815496..346482f8c7 100644 --- a/go.mod +++ b/go.mod @@ -10,10 +10,10 @@ require ( github.com/blang/semver/v4 v4.0.0 github.com/buger/goterm v1.0.4 github.com/checkpoint-restore/checkpointctl v1.2.1 - github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c + github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containernetworking/plugins v1.5.1 github.com/containers/buildah v1.37.0 - github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd + github.com/containers/common v0.60.1-0.20240911102244-e2c949db8a59 github.com/containers/conmon v2.0.20+incompatible github.com/containers/gvisor-tap-vsock v0.7.5 github.com/containers/image/v5 v5.32.1-0.20240806084436-e3e9287ca8e6 diff --git a/go.sum b/go.sum index 9229414029..0dd8d2af2e 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/checkpointctl v1.2.1 h1:aYFl2CEk95bPLDvNDgif4ZLx3pjCZMJm6td+A0X1+xs= github.com/checkpoint-restore/checkpointctl v1.2.1/go.mod h1:8oF+AtNUFJAI13ETcbB3clnjiwvviX0QzVBhYzQ8yBA= -github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c h1:/LNWuEZICKO96wvlLRam53lp7inbzwR1zE/YuoUUV/k= -github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c/go.mod h1:FTB8VSlcpwignNNaAXXzNlKBIf+DcZw8urnXKCkpeB4= +github.com/checkpoint-restore/go-criu/v7 v7.2.0 h1:qGiWA4App1gGlEfIJ68WR9jbezV9J7yZdjzglezcqKo= +github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo= github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY= github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk= github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0= @@ -81,8 +81,8 @@ github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+ github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM= github.com/containers/buildah v1.37.0 h1:jvHwu1vIwIqnHyOSg9eef9Apdpry+5oWLrm43gdf8Rk= github.com/containers/buildah v1.37.0/go.mod h1:MKd79tkluMf6vtH06SedhBQK5OB7E0pFVIuiTTw3dJk= -github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd h1:eUzsKokkxMAxqBwCD1agfKf6lIZEQ/ayPru7Tb/oW9Y= -github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd/go.mod h1:f/n9w0F2lW52S3ppXjQlSVazsyNdilFZ80AyrFl4zn4= +github.com/containers/common v0.60.1-0.20240911102244-e2c949db8a59 h1:X9km1EYMFpx80DZEy32/vKuadtYCJ/KJZuLamVbJX98= +github.com/containers/common v0.60.1-0.20240911102244-e2c949db8a59/go.mod h1:I+AnVQDPUP6E9tWFOx1PngtVP6U6OIA4dcNGqFqjoQU= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/gvisor-tap-vsock v0.7.5 h1:bTy4u3DOmmUPwurL6me2rsgfypAFDhyeJleUcQmBR/E= diff --git a/vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml b/vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml index 694f6adf88..a0d20be214 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml @@ -16,3 +16,7 @@ linters: linters-settings: exhaustive: default-signifies-exhaustive: true + gosec: + excludes: + # https://github.com/securego/gosec/issues/1185 + - G115 diff --git a/vendor/github.com/checkpoint-restore/go-criu/v7/README.md b/vendor/github.com/checkpoint-restore/go-criu/v7/README.md index 832c3949aa..14a08eb7c0 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v7/README.md +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/README.md @@ -62,7 +62,8 @@ The following table shows the relation between go-criu and criu versions: | Major version | Latest release | CRIU version | | -------------- | -------------- | ------------ | -| v7             | 7.1.0         | 3.18         | +| v7             | 7.2.0         | 3.19         | +| v7             | 7.0.0         | 3.18         | | v6             | 6.3.0         | 3.17         | | v5             | 5.3.0         | 3.16         | | v5             | 5.0.0         | 3.15         | diff --git a/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go b/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go index 717685789b..d94edc4b38 100644 --- a/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go +++ b/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go @@ -95,7 +95,8 @@ func init() { func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool) ([]controller, error) { if cgroup2 { controllers := []controller{} - controllersFile := cgroupRoot + "/cgroup.controllers" + controllersFile := filepath.Join(cgroupRoot, "cgroup.controllers") + // rootless cgroupv2: check available controllers for current user, systemd or servicescope will inherit if unshare.IsRootless() { userSlice, err := getCgroupPathForCurrentProcess() @@ -104,7 +105,7 @@ func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool) } // userSlice already contains '/' so not adding here basePath := cgroupRoot + userSlice - controllersFile = basePath + "/cgroup.controllers" + controllersFile = filepath.Join(basePath, "cgroup.controllers") } controllersFileBytes, err := os.ReadFile(controllersFile) if err != nil { @@ -597,7 +598,7 @@ func createCgroupv2Path(path string) (deferredError error) { if !strings.HasPrefix(path, cgroupRoot+"/") { return fmt.Errorf("invalid cgroup path %s", path) } - content, err := os.ReadFile(cgroupRoot + "/cgroup.controllers") + content, err := os.ReadFile(filepath.Join(cgroupRoot, "cgroup.controllers")) if err != nil { return err } @@ -625,8 +626,43 @@ func createCgroupv2Path(path string) (deferredError error) { // We enable the controllers for all the path components except the last one. It is not allowed to add // PIDs if there are already enabled controllers. if i < len(elements[3:])-1 { - if err := os.WriteFile(filepath.Join(current, "cgroup.subtree_control"), res, 0o755); err != nil { - return err + subtreeControl := filepath.Join(current, "cgroup.subtree_control") + if err := os.WriteFile(subtreeControl, res, 0o755); err != nil { + // The kernel returns ENOENT either if the file itself is missing, or a controller + if errors.Is(err, os.ErrNotExist) { + if err2 := fileutils.Exists(subtreeControl); err2 != nil { + // If the file itself is missing, return the original error. + return err + } + repeatAttempts := 1000 + for repeatAttempts > 0 { + // store the controllers that failed to be enabled, so we can retry them + newCtrs := [][]byte{} + for _, ctr := range ctrs { + // Try to enable each controller individually, at least we can give a better error message if any fails. + if err := os.WriteFile(subtreeControl, []byte(fmt.Sprintf("+%s\n", ctr)), 0o755); err != nil { + // The kernel can return EBUSY when a process was moved to a sub-cgroup + // and the controllers are enabled in its parent cgroup. Retry a few times when + // it happens. + if errors.Is(err, unix.EBUSY) { + newCtrs = append(newCtrs, ctr) + } else { + return fmt.Errorf("enabling controller %s: %w", ctr, err) + } + } + } + if len(newCtrs) == 0 { + err = nil + break + } + ctrs = newCtrs + repeatAttempts-- + time.Sleep(time.Millisecond) + } + if err != nil { + return err + } + } } } } diff --git a/vendor/modules.txt b/vendor/modules.txt index 43f98ccedf..85c5e1caca 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -89,7 +89,7 @@ github.com/bytedance/sonic/utf8 # github.com/checkpoint-restore/checkpointctl v1.2.1 ## explicit; go 1.21 github.com/checkpoint-restore/checkpointctl/lib -# github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c +# github.com/checkpoint-restore/go-criu/v7 v7.2.0 ## explicit; go 1.20 github.com/checkpoint-restore/go-criu/v7 github.com/checkpoint-restore/go-criu/v7/rpc @@ -171,7 +171,7 @@ github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/pkg/volumes github.com/containers/buildah/util -# github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd +# github.com/containers/common v0.60.1-0.20240911102244-e2c949db8a59 ## explicit; go 1.22.0 github.com/containers/common/internal github.com/containers/common/internal/attributedstring