This commit enabled the errcheck linter and fixes an uncovered stat to
`os.DevNull`. Beside this, we disable go modules within the
`tests/tools/Makefile` to allow independent offline builds.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #1713
Approved by: vrothberg
We do not want to mount /dev/null over a masked path, if the path is
already /dev/null.
This prevents an containers running buildah from requiring additional privs
to mount on a /dev/null, when the target is already mounted.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1705
Approved by: TomSweeneyRedHat
errors.Wrap(err) and friends will return nil if err is nil, so make
setting the error conditional.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Closes: #1624
Approved by: TomSweeneyRedHat
make the stdin pipe not blocking, so that it won't hang if the other
end is not reading from it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1668
Approved by: rhatdan
Checks to see if the $HOME envvar has been set
and if not, trys to set it as best as possible.
Fixes: #1592
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1594
Approved by: rhatdan
Overlay mounts allow buildah bud and buildah from to
specify a directory on the disk that will be mounted
as an overlay into the container, where the overlay can be written to
but when the RUN or buildah run exits, the modified files will dissapear.
The basic idea is to be able to mount cache from the disk for things like yum/dnf/apt
to be able to be used and modified in the contianer on a run command, but to be
kept fresh for each RUN.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1560
Approved by: giuseppe
This will make vendoring in pkg/unshare easier into other
packages like skopeo.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1532
Approved by: TomSweeneyRedHat
When reading the last of the output from a child process, ignore an EIO,
since we already got the HUP indication.
Avoid double-logging errors in our I/O loop when using isolation other
than chroot (spotted by @afbjorklund).
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1273
Approved by: rhatdan
Move the setting of capabilites and the seccomp filter to after we've
set the supplemental groups list and set our primary GID.
Set capabilities after we set the seccomp filter, because we won't be
able to set a filter if we're dropping CAP_SYS_ADMIN. Set them as the
very last thing before dropping to the runtime UID. Leave CAP_SETUID in
if we're going to become an unprivileged user, so that we'll be allowed
to switch UIDs -- the capability will be dropped then anyway.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1069
Approved by: rhatdan
Correctly handle setting capabilities: the Clear() and Apply() methods
on the Capabilities interface take a bitmask of capability kinds, not
specific capability types.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1069
Approved by: rhatdan
When running with chroot isolation, only create a new user namespace
when we have mappings to set.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1069
Approved by: rhatdan
When ensuring that the target for a volume mount is present, be sure to
create any leading directories which are also not yet present.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #997
Approved by: rhatdan
When we're polling to handle stdio for a container, when we detect a HUP
on our stdin, read all that we can from stdin before closing it, instead
of reading only, at most, a single chunk of bytes.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #980
Approved by: rhatdan
Make the chroot() call before applying a seccomp filter, which might not
allow us to do it. Add more debugging messages.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #979
Approved by: rhatdan
In chroot isolation, when we attempt to mask a directory, use a
read-only bind mount of an empty directory instead of a read-only mount
of a fresh tmpfs with size=0, which is more likely to be be denied by
mandatory access controls.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #923
Approved by: rhatdan
The OOM score adjustment is an optional field in the runtime spec, so
only try to set it if it's set in the spec.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #906
Approved by: rhatdan
When using chroot isolation, if we're configured to raise any process
limits above their current values, do so in the grandparent process,
before it transfers execution to a child that it starts in a user
namespace, which won't have the privileges to do so.
The child can still lower resource limits and set limits to the values
that it inherited, so let it continue to do so.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #891
Approved by: rhatdan
Move the resource limits name map out of the setRlimits() function, and
use it to set up a reverse of the same map in init().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #891
Approved by: rhatdan
Add an IsolationChroot that trades flexibility and isolation for being
able to do what it does in a host environment that's already isolated to
the point where we're not allowed to set up some of that isolation,
producing a result that leans more toward chroot(1) than runc(1) does.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #836
Approved by: rhatdan
Sascha Grunert
Daniel J Walsh
Valentin Rothberg
Giuseppe Scrivano
TomSweeneyRedHat
Nalin Dahyabhai