diff --git a/go.mod b/go.mod index cc820f967b8e..cc2821c1d090 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 github.com/Microsoft/go-winio v0.6.1 github.com/Microsoft/hcsshim v0.12.0-rc.0 - github.com/container-orchestrated-devices/container-device-interface v0.6.0 + github.com/container-orchestrated-devices/container-device-interface v0.6.1 github.com/containerd/btrfs/v2 v2.0.0 github.com/containerd/cgroups/v3 v3.0.2 github.com/containerd/console v1.0.3 diff --git a/go.sum b/go.sum index 6212eb141f8c..c44d9779c7cf 100644 --- a/go.sum +++ b/go.sum @@ -181,8 +181,8 @@ github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:z github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/container-orchestrated-devices/container-device-interface v0.6.0 h1:aWwcz/Ep0Fd7ZuBjQGjU/jdPloM7ydhMW13h85jZNvk= -github.com/container-orchestrated-devices/container-device-interface v0.6.0/go.mod h1:OQlgtJtDrOxSQ1BWODC8OZK1tzi9W69wek+Jy17ndzo= +github.com/container-orchestrated-devices/container-device-interface v0.6.1 h1:mz77uJoP8im/4Zins+mPqt677ZMaflhoGaYrRAl5jvA= +github.com/container-orchestrated-devices/container-device-interface v0.6.1/go.mod h1:40T6oW59rFrL/ksiSs7q45GzjGlbvxnA4xaK6cyq+kA= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= diff --git a/integration/client/go.mod b/integration/client/go.mod index 6d9fa8ba1905..a6e8b9f74522 100644 --- a/integration/client/go.mod +++ b/integration/client/go.mod @@ -26,7 +26,7 @@ require ( github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/cilium/ebpf v0.9.1 // indirect - github.com/container-orchestrated-devices/container-device-interface v0.6.0 // indirect + github.com/container-orchestrated-devices/container-device-interface v0.6.1 // indirect github.com/containerd/console v1.0.3 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect diff --git a/integration/client/go.sum b/integration/client/go.sum index 86e2486cc61c..c845e3655a74 100644 --- a/integration/client/go.sum +++ b/integration/client/go.sum @@ -868,8 +868,8 @@ github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWH github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/container-orchestrated-devices/container-device-interface v0.6.0 h1:aWwcz/Ep0Fd7ZuBjQGjU/jdPloM7ydhMW13h85jZNvk= -github.com/container-orchestrated-devices/container-device-interface v0.6.0/go.mod h1:OQlgtJtDrOxSQ1BWODC8OZK1tzi9W69wek+Jy17ndzo= +github.com/container-orchestrated-devices/container-device-interface v0.6.1 h1:mz77uJoP8im/4Zins+mPqt677ZMaflhoGaYrRAl5jvA= +github.com/container-orchestrated-devices/container-device-interface v0.6.1/go.mod h1:40T6oW59rFrL/ksiSs7q45GzjGlbvxnA4xaK6cyq+kA= github.com/containerd/btrfs/v2 v2.0.0/go.mod h1:swkD/7j9HApWpzl8OHfrHNxppPd9l44DFZdF94BUj9k= github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= @@ -1468,7 +1468,6 @@ github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/ github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg= github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/cache.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/cache.go index cb495ebb364f..671a44a6fa8b 100644 --- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/cache.go +++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/cache.go @@ -49,7 +49,7 @@ type Cache struct { } // WithAutoRefresh returns an option to control automatic Cache refresh. -// By default auto-refresh is enabled, the list of Spec directories are +// By default, auto-refresh is enabled, the list of Spec directories are // monitored and the Cache is automatically refreshed whenever a change // is detected. This option can be used to disable this behavior when a // manually refreshed mode is preferable. @@ -203,7 +203,7 @@ func (c *Cache) refresh() error { // RefreshIfRequired triggers a refresh if necessary. func (c *Cache) refreshIfRequired(force bool) (bool, error) { // We need to refresh if - // - it's forced by an explicitly call to Refresh() in manual mode + // - it's forced by an explicit call to Refresh() in manual mode // - a missing Spec dir appears (added to watch) in auto-refresh mode if force || (c.autoRefresh && c.watch.update(c.dirErrors)) { return true, c.refresh() @@ -244,7 +244,7 @@ func (c *Cache) InjectDevices(ociSpec *oci.Spec, devices ...string) ([]string, e if unresolved != nil { return unresolved, fmt.Errorf("unresolvable CDI devices %s", - strings.Join(devices, ", ")) + strings.Join(unresolved, ", ")) } if err := edits.Apply(ociSpec); err != nil { diff --git a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits_unix.go b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits_unix.go index 11a4cfe8c11b..59977b2171ca 100644 --- a/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits_unix.go +++ b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits_unix.go @@ -20,11 +20,42 @@ package cdi import ( + "errors" "fmt" - runc "github.com/opencontainers/runc/libcontainer/devices" + "golang.org/x/sys/unix" ) +const ( + blockDevice = "b" + charDevice = "c" // or "u" + fifoDevice = "p" +) + +// deviceInfoFromPath takes the path to a device and returns its type, +// major and minor device numbers. +// +// It was adapted from https://github.com/opencontainers/runc/blob/v1.1.9/libcontainer/devices/device_unix.go#L30-L69 +func deviceInfoFromPath(path string) (devType string, major, minor int64, _ error) { + var stat unix.Stat_t + err := unix.Lstat(path, &stat) + if err != nil { + return "", 0, 0, err + } + switch stat.Mode & unix.S_IFMT { + case unix.S_IFBLK: + devType = blockDevice + case unix.S_IFCHR: + devType = charDevice + case unix.S_IFIFO: + devType = fifoDevice + default: + return "", 0, 0, errors.New("not a device node") + } + devNumber := uint64(stat.Rdev) //nolint:unconvert // Rdev is uint32 on e.g. MIPS. + return devType, int64(unix.Major(devNumber)), int64(unix.Minor(devNumber)), nil +} + // fillMissingInfo fills in missing mandatory attributes from the host device. func (d *DeviceNode) fillMissingInfo() error { if d.HostPath == "" { @@ -35,22 +66,22 @@ func (d *DeviceNode) fillMissingInfo() error { return nil } - hostDev, err := runc.DeviceFromPath(d.HostPath, "rwm") + deviceType, major, minor, err := deviceInfoFromPath(d.HostPath) if err != nil { return fmt.Errorf("failed to stat CDI host device %q: %w", d.HostPath, err) } if d.Type == "" { - d.Type = string(hostDev.Type) + d.Type = deviceType } else { - if d.Type != string(hostDev.Type) { + if d.Type != deviceType { return fmt.Errorf("CDI device (%q, %q), host type mismatch (%s, %s)", - d.Path, d.HostPath, d.Type, string(hostDev.Type)) + d.Path, d.HostPath, d.Type, deviceType) } } if d.Major == 0 && d.Type != "p" { - d.Major = hostDev.Major - d.Minor = hostDev.Minor + d.Major = major + d.Minor = minor } return nil diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go deleted file mode 100644 index c2c2b3bb7c0b..000000000000 --- a/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go +++ /dev/null @@ -1,174 +0,0 @@ -package devices - -import ( - "fmt" - "os" - "strconv" -) - -const ( - Wildcard = -1 -) - -type Device struct { - Rule - - // Path to the device. - Path string `json:"path"` - - // FileMode permission bits for the device. - FileMode os.FileMode `json:"file_mode"` - - // Uid of the device. - Uid uint32 `json:"uid"` - - // Gid of the device. - Gid uint32 `json:"gid"` -} - -// Permissions is a cgroupv1-style string to represent device access. It -// has to be a string for backward compatibility reasons, hence why it has -// methods to do set operations. -type Permissions string - -const ( - deviceRead uint = (1 << iota) - deviceWrite - deviceMknod -) - -func (p Permissions) toSet() uint { - var set uint - for _, perm := range p { - switch perm { - case 'r': - set |= deviceRead - case 'w': - set |= deviceWrite - case 'm': - set |= deviceMknod - } - } - return set -} - -func fromSet(set uint) Permissions { - var perm string - if set&deviceRead == deviceRead { - perm += "r" - } - if set&deviceWrite == deviceWrite { - perm += "w" - } - if set&deviceMknod == deviceMknod { - perm += "m" - } - return Permissions(perm) -} - -// Union returns the union of the two sets of Permissions. -func (p Permissions) Union(o Permissions) Permissions { - lhs := p.toSet() - rhs := o.toSet() - return fromSet(lhs | rhs) -} - -// Difference returns the set difference of the two sets of Permissions. -// In set notation, A.Difference(B) gives you A\B. -func (p Permissions) Difference(o Permissions) Permissions { - lhs := p.toSet() - rhs := o.toSet() - return fromSet(lhs &^ rhs) -} - -// Intersection computes the intersection of the two sets of Permissions. -func (p Permissions) Intersection(o Permissions) Permissions { - lhs := p.toSet() - rhs := o.toSet() - return fromSet(lhs & rhs) -} - -// IsEmpty returns whether the set of permissions in a Permissions is -// empty. -func (p Permissions) IsEmpty() bool { - return p == Permissions("") -} - -// IsValid returns whether the set of permissions is a subset of valid -// permissions (namely, {r,w,m}). -func (p Permissions) IsValid() bool { - return p == fromSet(p.toSet()) -} - -type Type rune - -const ( - WildcardDevice Type = 'a' - BlockDevice Type = 'b' - CharDevice Type = 'c' // or 'u' - FifoDevice Type = 'p' -) - -func (t Type) IsValid() bool { - switch t { - case WildcardDevice, BlockDevice, CharDevice, FifoDevice: - return true - default: - return false - } -} - -func (t Type) CanMknod() bool { - switch t { - case BlockDevice, CharDevice, FifoDevice: - return true - default: - return false - } -} - -func (t Type) CanCgroup() bool { - switch t { - case WildcardDevice, BlockDevice, CharDevice: - return true - default: - return false - } -} - -type Rule struct { - // Type of device ('c' for char, 'b' for block). If set to 'a', this rule - // acts as a wildcard and all fields other than Allow are ignored. - Type Type `json:"type"` - - // Major is the device's major number. - Major int64 `json:"major"` - - // Minor is the device's minor number. - Minor int64 `json:"minor"` - - // Permissions is the set of permissions that this rule applies to (in the - // cgroupv1 format -- any combination of "rwm"). - Permissions Permissions `json:"permissions"` - - // Allow specifies whether this rule is allowed. - Allow bool `json:"allow"` -} - -func (d *Rule) CgroupString() string { - var ( - major = strconv.FormatInt(d.Major, 10) - minor = strconv.FormatInt(d.Minor, 10) - ) - if d.Major == Wildcard { - major = "*" - } - if d.Minor == Wildcard { - minor = "*" - } - return fmt.Sprintf("%c %s:%s %s", d.Type, major, minor, d.Permissions) -} - -func (d *Rule) Mkdev() (uint64, error) { - return mkDev(d) -} diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go deleted file mode 100644 index 7d8e9fc31044..000000000000 --- a/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go +++ /dev/null @@ -1,120 +0,0 @@ -//go:build !windows -// +build !windows - -package devices - -import ( - "errors" - "os" - "path/filepath" - - "golang.org/x/sys/unix" -) - -// ErrNotADevice denotes that a file is not a valid linux device. -var ErrNotADevice = errors.New("not a device node") - -// Testing dependencies -var ( - unixLstat = unix.Lstat - osReadDir = os.ReadDir -) - -func mkDev(d *Rule) (uint64, error) { - if d.Major == Wildcard || d.Minor == Wildcard { - return 0, errors.New("cannot mkdev() device with wildcards") - } - return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil -} - -// DeviceFromPath takes the path to a device and its cgroup_permissions (which -// cannot be easily queried) to look up the information about a linux device -// and returns that information as a Device struct. -func DeviceFromPath(path, permissions string) (*Device, error) { - var stat unix.Stat_t - err := unixLstat(path, &stat) - if err != nil { - return nil, err - } - - var ( - devType Type - mode = stat.Mode - devNumber = uint64(stat.Rdev) //nolint:unconvert // Rdev is uint32 on e.g. MIPS. - major = unix.Major(devNumber) - minor = unix.Minor(devNumber) - ) - switch mode & unix.S_IFMT { - case unix.S_IFBLK: - devType = BlockDevice - case unix.S_IFCHR: - devType = CharDevice - case unix.S_IFIFO: - devType = FifoDevice - default: - return nil, ErrNotADevice - } - return &Device{ - Rule: Rule{ - Type: devType, - Major: int64(major), - Minor: int64(minor), - Permissions: Permissions(permissions), - }, - Path: path, - FileMode: os.FileMode(mode &^ unix.S_IFMT), - Uid: stat.Uid, - Gid: stat.Gid, - }, nil -} - -// HostDevices returns all devices that can be found under /dev directory. -func HostDevices() ([]*Device, error) { - return GetDevices("/dev") -} - -// GetDevices recursively traverses a directory specified by path -// and returns all devices found there. -func GetDevices(path string) ([]*Device, error) { - files, err := osReadDir(path) - if err != nil { - return nil, err - } - var out []*Device - for _, f := range files { - switch { - case f.IsDir(): - switch f.Name() { - // ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825 - // ".udev" added to address https://github.com/opencontainers/runc/issues/2093 - case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev": - continue - default: - sub, err := GetDevices(filepath.Join(path, f.Name())) - if err != nil { - return nil, err - } - - out = append(out, sub...) - continue - } - case f.Name() == "console": - continue - } - device, err := DeviceFromPath(filepath.Join(path, f.Name()), "rwm") - if err != nil { - if errors.Is(err, ErrNotADevice) { - continue - } - if os.IsNotExist(err) { - continue - } - return nil, err - } - if device.Type == FifoDevice { - continue - } - out = append(out, device) - } - return out, nil -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 1338e83d3c21..9746f82ae7c3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -81,7 +81,7 @@ github.com/cilium/ebpf/internal github.com/cilium/ebpf/internal/sys github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link -# github.com/container-orchestrated-devices/container-device-interface v0.6.0 +# github.com/container-orchestrated-devices/container-device-interface v0.6.1 ## explicit; go 1.17 github.com/container-orchestrated-devices/container-device-interface/internal/multierror github.com/container-orchestrated-devices/container-device-interface/internal/validation @@ -342,7 +342,6 @@ github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 # github.com/opencontainers/runc v1.1.9 ## explicit; go 1.17 -github.com/opencontainers/runc/libcontainer/devices github.com/opencontainers/runc/libcontainer/user # github.com/opencontainers/runtime-spec v1.1.0 ## explicit