runc libcontainer/userns: simplify, and separate from "user" package.

libcontainer/userns: simplify, and separate from "user" package.

Open thaJeztah opened this issue 3 years ago • 10 comments

follow-up to https://github.com/opencontainers/runc/pull/2850 ~(only last commit is new)~ merged

This makes libcontainer/userns self-dependent, largely returning to the original implementation from lxc. The uiMapInUserNS is kept as a separate function for unit-testing and fuzzing.

Mar 22 '21 14:03 thaJeztah

centos7 failure is a flake; filed https://github.com/opencontainers/runc/issues/2907

CI restarted.

Apr 14 '21 00:04 kolyshkin

Looks like it passed this time ✅

Apr 14 '21 13:04 thaJeztah

Ok, rebase fixed that; all ✅ again 😅

Apr 14 '21 20:04 thaJeztah

LGTM overall, left a single nit about ignoring error from Sscanf (not super important)

Apr 21 '21 22:04 kolyshkin

@kolyshkin updated per your suggestions, PTAL

Jun 05 '21 13:06 thaJeztah

rebased to get a fresh run of CI

Jun 25 '21 14:06 thaJeztah

@thaJeztah this needs another rebase because of a recent regression

Jun 28 '21 21:06 kolyshkin

👍 rebased to trigger CI again

Jun 29 '21 07:06 thaJeztah

rebased again; @kolyshkin @AkihiroSuda PTAL

Dec 02 '21 09:12 thaJeztah

@kolyshkin @AkihiroSuda PTAL

Jan 19 '22 12:01 thaJeztah

@kolyshkin @lifubang good to go?

Sep 04 '23 13:09 thaJeztah

@thaJeztah Maybe we have discussed before, but maybe we can consider moving this to https://github.com/moby/sys ?

Nov 30 '23 13:11 AkihiroSuda

@AkihiroSuda hm.. good one, not sure if we discussed that option. I know containerd has similar code (could've been a fork of this package?)

But now that containerd already depends on moby/sys/user, perhaps it would make sense to move it; if we do, we should probably check if containerd has fixes/changes that we want to integrate (and vice-versa).

Nov 30 '23 13:11 thaJeztah

runc runc copied to clipboard

libcontainer/userns: simplify, and separate from "user" package.

runc
runc copied to clipboard