merge #770 into opencontainers/runtime-tools

Sebastiaan van Stijn (1):
  gof(ump)t code

LGTMs: guiseppe cyphar

cgroups/cgroups.go

@@ -61,7 +61,7 @@ func FindCgroup() (Cgroup, error) {
 		} else if postSeparatorFields[0] == "cgroup2" {
 			cgroupv2 = true
 			continue
-			//TODO cgroupv2 unimplemented
+			// TODO cgroupv2 unimplemented
 		}
 	}
 

cmd/oci-runtime-tool/generate.go

@@ -1223,10 +1223,11 @@ var cgroupDeviceType = map[string]bool{
 	"b": true, // block device
 	"c": true, // character device
 }
+
 var cgroupDeviceAccess = map[string]bool{
-	"r": true, //read
-	"w": true, //write
-	"m": true, //mknod
+	"r": true, // read
+	"w": true, // write
+	"m": true, // mknod
 }
 
 // parseLinuxResourcesDeviceAccess parses the raw string passed with the --device-access-add flag
@@ -1448,12 +1449,12 @@ func parseEnv(env string) (string, string, error) {
 
 // parseEnvFile reads a file with environment variables enumerated by lines
 //
-// ``Environment variable names used by the utilities in the Shell and
+// “Environment variable names used by the utilities in the Shell and
 // Utilities volume of IEEE Std 1003.1-2001 consist solely of uppercase
 // letters, digits, and the '_' (underscore) from the characters defined in
 // Portable Character Set and do not begin with a digit. *But*, other
 // characters may be permitted by an implementation; applications shall
-// tolerate the presence of such names.''
+// tolerate the presence of such names.”
 // -- http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html
 //
 // As of #16585, it's up to application inside docker to validate or not
@@ -1495,7 +1496,6 @@ func parseEnvFile(filename string) ([]string, error) {
 			}
 
 			if len(data) > 1 {
-
 				// pass the value through, no trimming
 				lines = append(lines, fmt.Sprintf("%s=%s", variable, data[1]))
 			} else {

cmd/runtimetest/main.go

@@ -501,7 +501,7 @@ func testDirectoryWriteAccess(path string) (writable bool, err error) {
 }
 
 func testFileWriteAccess(path string) (readable bool, err error) {
-	err = os.WriteFile(path, []byte("a"), 0644)
+	err = os.WriteFile(path, []byte("a"), 0o644)
 	if err == nil {
 		return true, nil
 	}
@@ -1143,10 +1143,10 @@ func (c *complianceTester) validatePosixMounts(spec *rspec.Spec) error {
 	}
 
 	var mountErrs error
-	var configSys = make(map[int]int)
-	var consumedSys = make(map[int]bool)
+	configSys := make(map[int]int)
+	consumedSys := make(map[int]bool)
 	highestMatchedConfig := -1
-	var j = 0
+	j := 0
 	for i, configMount := range spec.Mounts {
 		if configMount.Type == "bind" || configMount.Type == "rbind" {
 			c.harness.Todo().Fail("we need an (r)bind spec to test against")

generate/generate.go

@@ -323,7 +323,7 @@ func createEnvCacheMap(env []string) map[string]int {
 //
 // Deprecated: Replace with:
 //
-//   Use generator.Config = config
+//	Use generator.Config = config
 func (g *Generator) SetSpec(config *rspec.Spec) {
 	g.Config = config
 }

generate/generate_test.go

@@ -38,7 +38,7 @@ func TestGenerateValid(t *testing.T) {
 
 		// Create our toy bundle.
 		rootfsPath := filepath.Join(bundle, "rootfs")
-		if err := os.Mkdir(rootfsPath, 0755); err != nil {
+		if err := os.Mkdir(rootfsPath, 0o755); err != nil {
 			t.Fatal(err)
 		}
 		configPath := filepath.Join(bundle, "config.json")

generate/seccomp/parse_action.go

@@ -23,8 +23,10 @@ type SyscallOpts struct {
 func ParseSyscallFlag(args SyscallOpts, config *rspec.LinuxSeccomp) error {
 	var arguments []string
 	if args.Index != "" && args.Value != "" && args.ValueTwo != "" && args.Operator != "" {
-		arguments = []string{args.Action, args.Syscall, args.Index, args.Value,
-			args.ValueTwo, args.Operator}
+		arguments = []string{
+			args.Action, args.Syscall, args.Index, args.Value,
+			args.ValueTwo, args.Operator,
+		}
 	} else {
 		arguments = []string{args.Action, args.Syscall}
 	}

generate/seccomp/seccomp_default.go

@@ -32,7 +32,6 @@ func arches() []rspec.Arch {
 
 // DefaultProfile defines the whitelist for the default seccomp profile.
 func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
-
 	syscalls := []rspec.LinuxSyscall{
 		{
 			Names: []string{
@@ -535,7 +534,6 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 				},
 			},
 		}...)
-
 	}
 
 	arch := runtime.GOARCH

specerror/bundle.go

@@ -16,11 +16,9 @@ const (
 	ArtifactsInSingleDir
 )
 
-var (
-	containerFormatRef = func(version string) (reference string, err error) {
-		return fmt.Sprintf(referenceTemplate, version, "bundle.md#container-format"), nil
-	}
-)
+var containerFormatRef = func(version string) (reference string, err error) {
+	return fmt.Sprintf(referenceTemplate, version, "bundle.md#container-format"), nil
+}
 
 func init() {
 	register(ConfigInRootBundleDir, rfc2119.Must, containerFormatRef)

specerror/runtime-linux.go

@@ -12,11 +12,9 @@ const (
 	DefaultRuntimeLinuxSymlinks Code = 0xf001 + iota
 )
 
-var (
-	devSymbolicLinksRef = func(version string) (reference string, err error) {
-		return fmt.Sprintf(referenceTemplate, version, "runtime-linux.md#dev-symbolic-links"), nil
-	}
-)
+var devSymbolicLinksRef = func(version string) (reference string, err error) {
+	return fmt.Sprintf(referenceTemplate, version, "runtime-linux.md#dev-symbolic-links"), nil
+}
 
 func init() {
 	register(DefaultRuntimeLinuxSymlinks, rfc2119.Must, devSymbolicLinksRef)

validate/validate.go

@@ -298,7 +298,7 @@ func (v *Validator) checkEventHooks(hookType string, hooks []rspec.Hook, hostSpe
 			if err != nil {
 				errs = multierror.Append(errs, fmt.Errorf("cannot find %s hook: %v", hookType, hook.Path))
 			}
-			if fi.Mode()&0111 == 0 {
+			if fi.Mode()&0o111 == 0 {
 				errs = multierror.Append(errs, fmt.Errorf("the %s hook %v: is not executable", hookType, hook.Path))
 			}
 		}
@@ -358,7 +358,7 @@ func (v *Validator) CheckProcess() (errs error) {
 				errs = multierror.Append(errs, err)
 			} else {
 				m := fileinfo.Mode()
-				if m.IsDir() || m&0111 == 0 {
+				if m.IsDir() || m&0o111 == 0 {
 					errs = multierror.Append(errs, fmt.Errorf("arg %q is not executable", process.Args[0]))
 				}
 			}

validate/validate_linux.go

@@ -49,7 +49,7 @@ func (v *Validator) CheckLinux() (errs error) {
 		return
 	}
 
-	var nsTypeList = map[rspec.LinuxNamespaceType]struct {
+	nsTypeList := map[rspec.LinuxNamespaceType]struct {
 		num      int
 		newExist bool
 	}{

validate/validate_test.go

@@ -271,7 +271,7 @@ func TestCheckRoot(t *testing.T) {
 	rootfsDir := "rootfs/rootfs"
 	rootfsNonDir := "rootfsfile"
 	rootfsNonExists := "rootfsnil"
-	if err := os.MkdirAll(filepath.Join(tmpBundle, rootfsDir), 0700); err != nil {
+	if err := os.MkdirAll(filepath.Join(tmpBundle, rootfsDir), 0o700); err != nil {
 		t.Fatalf("Failed to create a rootfs directory in 'CheckRoot'")
 	}
 	if _, err := os.Create(filepath.Join(tmpBundle, rootfsNonDir)); err != nil {

validation/delete/delete.go

@@ -5,12 +5,12 @@ import (
 	"os"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/mndrix/tap-go"
 	rspecs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/opencontainers/runtime-tools/specerror"
 	"github.com/opencontainers/runtime-tools/validation/util"
-	"github.com/google/uuid"
 )
 
 func main() {

validation/delete_only_create_resources/delete_only_create_resources.go

@@ -22,7 +22,7 @@ func main() {
 	// Create a cgroup
 	cgPath := "/sys/fs/cgroup"
 	testPath := filepath.Join(cgPath, "pids", "cgrouptest")
-	os.Mkdir(testPath, 0755)
+	os.Mkdir(testPath, 0o755)
 	defer os.RemoveAll(testPath)
 
 	bundleDir, err := util.PrepareBundle()
@@ -61,7 +61,7 @@ func main() {
 		util.Fatal(err)
 	}
 	// Add the container to the cgroup
-	err = os.WriteFile(filepath.Join(testPath, "tasks"), []byte(strconv.Itoa(state.Pid)), 0644)
+	err = os.WriteFile(filepath.Join(testPath, "tasks"), []byte(strconv.Itoa(state.Pid)), 0o644)
 	if err != nil {
 		util.Fatal(err)
 	}

validation/delete_resources/delete_resources.go

@@ -6,13 +6,13 @@ import (
 	"path/filepath"
 	"time"
 
+	"github.com/google/uuid"
 	tap "github.com/mndrix/tap-go"
 	"github.com/mrunalp/fileutils"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/cgroups"
 	"github.com/opencontainers/runtime-tools/specerror"
 	"github.com/opencontainers/runtime-tools/validation/util"
-	"github.com/google/uuid"
 )
 
 func main() {

validation/kill/kill.go

@@ -5,12 +5,12 @@ import (
 	"os"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/mndrix/tap-go"
 	rspecs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/opencontainers/runtime-tools/specerror"
 	"github.com/opencontainers/runtime-tools/validation/util"
-	"github.com/google/uuid"
 )
 
 func main() {
@@ -71,7 +71,7 @@ func main() {
 				err = r.Kill("KILL")
 				util.WaitingForStatus(*r, util.LifecycleStatusStopped, time.Second*10, time.Second*1)
 				if err != nil {
-					//Be sure to not leave the container around
+					// Be sure to not leave the container around
 					r.Delete()
 				}
 				return err

validation/kill_no_effect/kill_no_effect.go

@@ -6,11 +6,11 @@ import (
 	"reflect"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/mndrix/tap-go"
 	rspecs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/specerror"
 	"github.com/opencontainers/runtime-tools/validation/util"
-	"github.com/google/uuid"
 )
 
 func main() {

validation/killsig/killsig.go

@@ -6,11 +6,11 @@ import (
 	"path/filepath"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/mndrix/tap-go"
 	rspecs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/specerror"
 	"github.com/opencontainers/runtime-tools/validation/util"
-	"github.com/google/uuid"
 )
 
 var signals = []string{

validation/linux_cgroups_hugetlb/linux_cgroups_hugetlb.go

@@ -16,7 +16,6 @@ func testHugetlbCgroups() error {
 	defer t.AutoPlan()
 
 	pageSizes, err := cgroups.GetHugePageSize()
-
 	if err != nil {
 		t.Fail(fmt.Sprintf("error when getting hugepage sizes: %+v", err))
 	}

validation/linux_cgroups_relative_hugetlb/linux_cgroups_relative_hugetlb.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+
 	"github.com/mndrix/tap-go"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/cgroups"
@@ -14,7 +15,6 @@ func main() {
 	defer t.AutoPlan()
 
 	pageSizes, err := cgroups.GetHugePageSize()
-
 	if err != nil {
 		t.Fail(fmt.Sprintf("error when getting hugepage sizes: %+v", err))
 	}

validation/linux_masked_paths/linux_masked_paths.go

@@ -35,7 +35,7 @@ func checkMaskedPaths(t *tap.T) error {
 	g.AddAnnotation("TestName", "check masked paths")
 	err = util.RuntimeInsideValidate(g, t, func(path string) error {
 		testDir := filepath.Join(path, maskedDirSub)
-		err = os.MkdirAll(testDir, 0777)
+		err = os.MkdirAll(testDir, 0o777)
 		if err != nil {
 			return err
 		}
@@ -49,17 +49,17 @@ func checkMaskedPaths(t *tap.T) error {
 		// runtimetest cannot check the readability of empty files, so
 		// write something.
 		testSubSubFile := filepath.Join(path, maskedFileSubSub)
-		if err := os.WriteFile(testSubSubFile, []byte("secrets"), 0777); err != nil {
+		if err := os.WriteFile(testSubSubFile, []byte("secrets"), 0o777); err != nil {
 			return err
 		}
 
 		testSubFile := filepath.Join(path, maskedFileSub)
-		if err := os.WriteFile(testSubFile, []byte("secrets"), 0777); err != nil {
+		if err := os.WriteFile(testSubFile, []byte("secrets"), 0o777); err != nil {
 			return err
 		}
 
 		testFile := filepath.Join(path, maskedFile)
-		return os.WriteFile(testFile, []byte("secrets"), 0777)
+		return os.WriteFile(testFile, []byte("secrets"), 0o777)
 	})
 	return err
 }
@@ -169,9 +169,9 @@ func main() {
 	// test creation of different type of devices, i.e. block device,
 	// character device, and FIFO.
 	modes := []uint32{
-		unix.S_IFBLK | 0666,
-		unix.S_IFCHR | 0666,
-		unix.S_IFIFO | 0666,
+		unix.S_IFBLK | 0o666,
+		unix.S_IFCHR | 0o666,
+		unix.S_IFIFO | 0o666,
 	}
 
 	for _, m := range modes {

validation/linux_readonly_paths/linux_readonly_paths.go

@@ -35,7 +35,7 @@ func checkReadonlyPaths(t *tap.T) error {
 	g.AddAnnotation("TestName", "check read-only paths")
 	err = util.RuntimeInsideValidate(g, t, func(path string) error {
 		testDir := filepath.Join(path, readonlyDirSub)
-		err = os.MkdirAll(testDir, 0777)
+		err = os.MkdirAll(testDir, 0o777)
 		if err != nil {
 			return err
 		}
@@ -49,17 +49,17 @@ func checkReadonlyPaths(t *tap.T) error {
 		// runtimetest cannot check the readability of empty files, so
 		// write something.
 		testSubSubFile := filepath.Join(path, readonlyFileSubSub)
-		if err := os.WriteFile(testSubSubFile, []byte("immutable"), 0777); err != nil {
+		if err := os.WriteFile(testSubSubFile, []byte("immutable"), 0o777); err != nil {
 			return err
 		}
 
 		testSubFile := filepath.Join(path, readonlyFileSub)
-		if err := os.WriteFile(testSubFile, []byte("immutable"), 0777); err != nil {
+		if err := os.WriteFile(testSubFile, []byte("immutable"), 0o777); err != nil {
 			return err
 		}
 
 		testFile := filepath.Join(path, readonlyFile)
-		return os.WriteFile(testFile, []byte("immutable"), 0777)
+		return os.WriteFile(testFile, []byte("immutable"), 0o777)
 	})
 	return err
 }
@@ -169,9 +169,9 @@ func main() {
 	// test creation of different type of devices, i.e. block device,
 	// character device, and FIFO.
 	modes := []uint32{
-		unix.S_IFBLK | 0666,
-		unix.S_IFCHR | 0666,
-		unix.S_IFIFO | 0666,
+		unix.S_IFBLK | 0o666,
+		unix.S_IFCHR | 0o666,
+		unix.S_IFIFO | 0o666,
 	}
 
 	for _, m := range modes {

validation/linux_seccomp/linux_seccomp.go

@@ -25,5 +25,4 @@ func main() {
 	if err != nil {
 		t.Fail(err.Error())
 	}
-
 }