Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Merge pull request #1911 from theSuess/linter-fixes
Various cleanups to address linter issues
- Loading branch information
|
@@ -70,10 +70,7 @@ checkpointed.`, |
|
|
if err := setEmptyNsMask(context, options); err != nil { |
|
|
return err |
|
|
} |
|
|
if err := container.Checkpoint(options); err != nil { |
|
|
return err |
|
|
} |
|
|
return nil |
|
|
return container.Checkpoint(options) |
|
|
}, |
|
|
} |
|
|
|
|
|
|
@@ -80,9 +80,8 @@ status of "ubuntu01" as "stopped" the following will delete resources held for |
|
|
default: |
|
|
if force { |
|
|
return killContainer(container) |
|
|
} else { |
|
|
return fmt.Errorf("cannot delete container %s that is not stopped: %s\n", id, s) |
|
|
} |
|
|
return fmt.Errorf("cannot delete container %s that is not stopped: %s\n", id, s) |
|
|
} |
|
|
|
|
|
return nil |
|
|
|
@@ -51,10 +51,7 @@ signal to the init process of the "ubuntu01" container: |
|
|
if err != nil { |
|
|
return err |
|
|
} |
|
|
if err := container.Signal(signal, context.Bool("all")); err != nil { |
|
|
return err |
|
|
} |
|
|
return nil |
|
|
return container.Signal(signal, context.Bool("all")) |
|
|
}, |
|
|
} |
|
|
|
|
|
|
@@ -46,11 +46,7 @@ func (s *CpuGroup) ApplyDir(path string, cgroup *configs.Cgroup, pid int) error |
|
|
} |
|
|
// because we are not using d.join we need to place the pid into the procs file |
|
|
// unlike the other subsystems |
|
|
if err := cgroups.WriteCgroupProc(path, pid); err != nil { |
|
|
return err |
|
|
} |
|
|
|
|
|
return nil |
|
|
return cgroups.WriteCgroupProc(path, pid) |
|
|
} |
|
|
|
|
|
func (s *CpuGroup) SetRtSched(path string, cgroup *configs.Cgroup) error { |
|
@@ -83,11 +79,7 @@ func (s *CpuGroup) Set(path string, cgroup *configs.Cgroup) error { |
|
|
return err |
|
|
} |
|
|
} |
|
|
if err := s.SetRtSched(path, cgroup); err != nil { |
|
|
return err |
|
|
} |
|
|
|
|
|
return nil |
|
|
return s.SetRtSched(path, cgroup) |
|
|
} |
|
|
|
|
|
func (s *CpuGroup) Remove(d *cgroupData) error { |
|
|
|
@@ -84,11 +84,7 @@ func (s *CpusetGroup) ApplyDir(dir string, cgroup *configs.Cgroup, pid int) erro |
|
|
|
|
|
// because we are not using d.join we need to place the pid into the procs file |
|
|
// unlike the other subsystems |
|
|
if err := cgroups.WriteCgroupProc(dir, pid); err != nil { |
|
|
return err |
|
|
} |
|
|
|
|
|
return nil |
|
|
return cgroups.WriteCgroupProc(dir, pid) |
|
|
} |
|
|
|
|
|
func (s *CpusetGroup) getSubsystemSettings(parent string) (cpus []byte, mems []byte, err error) { |
|
|
|
@@ -400,10 +400,7 @@ func (c *linuxContainer) createExecFifo() error { |
|
|
return err |
|
|
} |
|
|
unix.Umask(oldMask) |
|
|
if err := os.Chown(fifoName, rootuid, rootgid); err != nil { |
|
|
return err |
|
|
} |
|
|
return nil |
|
|
return os.Chown(fifoName, rootuid, rootgid) |
|
|
} |
|
|
|
|
|
func (c *linuxContainer) deleteExecFifo() { |
|
|
|
@@ -220,11 +220,7 @@ func syncParentReady(pipe io.ReadWriter) error { |
|
|
} |
|
|
|
|
|
// Wait for parent to give the all-clear. |
|
|
if err := readSync(pipe, procRun); err != nil { |
|
|
return err |
|
|
} |
|
|
|
|
|
return nil |
|
|
return readSync(pipe, procRun) |
|
|
} |
|
|
|
|
|
// syncParentHooks sends to the given pipe a JSON payload which indicates that |
|
@@ -237,11 +233,7 @@ func syncParentHooks(pipe io.ReadWriter) error { |
|
|
} |
|
|
|
|
|
// Wait for parent to give the all-clear. |
|
|
if err := readSync(pipe, procResume); err != nil { |
|
|
return err |
|
|
} |
|
|
|
|
|
return nil |
|
|
return readSync(pipe, procResume) |
|
|
} |
|
|
|
|
|
// setupUser changes the groups, gid, and uid for the user inside the container |
|
|
|
@@ -1263,10 +1263,7 @@ func TestSTDIOPermissions(t *testing.T) { |
|
|
} |
|
|
|
|
|
func unmountOp(path string) error { |
|
|
if err := unix.Unmount(path, unix.MNT_DETACH); err != nil { |
|
|
return err |
|
|
} |
|
|
return nil |
|
|
return unix.Unmount(path, unix.MNT_DETACH) |
|
|
} |
|
|
|
|
|
// Launch container with rootfsPropagation in rslave mode. Also |
|
|
|
@@ -44,9 +44,5 @@ func ModKeyringPerm(ringId KeySerial, mask, setbits uint32) error { |
|
|
|
|
|
perm := (uint32(perm64) & mask) | setbits |
|
|
|
|
|
if err := unix.KeyctlSetperm(int(ringId), perm); err != nil { |
|
|
return err |
|
|
} |
|
|
|
|
|
return nil |
|
|
return unix.KeyctlSetperm(int(ringId), perm) |
|
|
} |
|
@@ -828,10 +828,7 @@ func remount(m *configs.Mount, rootfs string) error { |
|
|
if !strings.HasPrefix(dest, rootfs) { |
|
|
dest = filepath.Join(rootfs, dest) |
|
|
} |
|
|
if err := unix.Mount(m.Source, dest, m.Device, uintptr(m.Flags|unix.MS_REMOUNT), ""); err != nil { |
|
|
return err |
|
|
} |
|
|
return nil |
|
|
return unix.Mount(m.Source, dest, m.Device, uintptr(m.Flags|unix.MS_REMOUNT), "") |
|
|
} |
|
|
|
|
|
// Do the mount operation followed by additional mounts required to take care |
|
|
|
@@ -55,7 +55,7 @@ func (l *linuxStandardInit) Init() error { |
|
|
// If keyrings aren't supported then it is likely we are on an |
|
|
// older kernel (or inside an LXC container). While we could bail, |
|
|
// the security feature we are using here is best-effort (it only |
|
|
// really provides marignal protection since VFS credentials are |
|
|
// really provides marginal protection since VFS credentials are |
|
|
// the only significant protection of keyrings). |
|
|
// |
|
|
// TODO(cyphar): Log this so people know what's going on, once we |
|
|
|
@@ -41,10 +41,7 @@ type syncT struct { |
|
|
// writeSync is used to write to a synchronisation pipe. An error is returned |
|
|
// if there was a problem writing the payload. |
|
|
func writeSync(pipe io.Writer, sync syncType) error { |
|
|
if err := utils.WriteJSON(pipe, syncT{sync}); err != nil { |
|
|
return err |
|
|
} |
|
|
return nil |
|
|
return utils.WriteJSON(pipe, syncT{sync}) |
|
|
} |
|
|
|
|
|
// readSync is used to read from a synchronisation pipe. An error is returned |
|
|
|
@@ -37,8 +37,8 @@ func newNotifySocket(context *cli.Context, notifySocketHost string, id string) * |
|
|
return notifySocket |
|
|
} |
|
|
|
|
|
func (ns *notifySocket) Close() error { |
|
|
return ns.socket.Close() |
|
|
func (s *notifySocket) Close() error { |
|
|
return s.socket.Close() |
|
|
} |
|
|
|
|
|
// If systemd is supporting sd_notify protocol, this function will add support |
|
@@ -66,16 +66,16 @@ func (s *notifySocket) setupSocket() error { |
|
|
|
|
|
// pid1 must be set only with -d, as it is used to set the new process as the main process |
|
|
// for the service in systemd |
|
|
func (notifySocket *notifySocket) run(pid1 int) { |
|
|
func (s *notifySocket) run(pid1 int) { |
|
|
buf := make([]byte, 512) |
|
|
notifySocketHostAddr := net.UnixAddr{Name: notifySocket.host, Net: "unixgram"} |
|
|
notifySocketHostAddr := net.UnixAddr{Name: s.host, Net: "unixgram"} |
|
|
client, err := net.DialUnix("unixgram", nil, ¬ifySocketHostAddr) |
|
|
if err != nil { |
|
|
logrus.Error(err) |
|
|
return |
|
|
} |
|
|
for { |
|
|
r, err := notifySocket.socket.Read(buf) |
|
|
r, err := s.socket.Read(buf) |
|
|
if err != nil { |
|
|
break |
|
|
} |
|
|
|
@@ -32,11 +32,7 @@ Use runc list to identiy instances of containers and their current status.`, |
|
|
if err != nil { |
|
|
return err |
|
|
} |
|
|
if err := container.Pause(); err != nil { |
|
|
return err |
|
|
} |
|
|
|
|
|
return nil |
|
|
return container.Pause() |
|
|
}, |
|
|
} |
|
|
|
|
@@ -65,10 +61,6 @@ Use runc list to identiy instances of containers and their current status.`, |
|
|
if err != nil { |
|
|
return err |
|
|
} |
|
|
if err := container.Resume(); err != nil { |
|
|
return err |
|
|
} |
|
|
|
|
|
return nil |
|
|
return container.Resume() |
|
|
}, |
|
|
} |
|
@@ -69,9 +69,8 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach |
|
|
if detach { |
|
|
h.notifySocket.run(pid1) |
|
|
return 0, nil |
|
|
} else { |
|
|
go h.notifySocket.run(0) |
|
|
} |
|
|
go h.notifySocket.run(0) |
|
|
} |
|
|
|
|
|
// Perform the initial tty resize. Always ignore errors resizing because |
|
|
|
@@ -111,10 +111,7 @@ created by an unprivileged user. |
|
|
if err != nil { |
|
|
return err |
|
|
} |
|
|
if err := ioutil.WriteFile(specConfig, data, 0666); err != nil { |
|
|
return err |
|
|
} |
|
|
return nil |
|
|
return ioutil.WriteFile(specConfig, data, 0666) |
|
|
}, |
|
|
} |
|
|
|
|
|