cmd/containerd-shim: require unix socket credentials by stevvooe · Pull Request #1849 · containerd/containerd

stevvooe · 2017-12-01T01:16:16Z

Signed-off-by: Stephen J Day [email protected]

crosbymichael · 2017-12-01T01:21:11Z

LGTM

mlaventure

LGTM, looks like staticcheck is confused by go tip though, let's restart it to see if it was a fluke

stevvooe · 2017-12-01T01:40:07Z

@mlaventure There is a problem with the darwin build. It gets folded into "unix", but doesn't implement unix.Ucred, unix.GetsockoptUcred and unix.SO_PEERCRED. Pushing a fix to exclude these from the "darwin shim", which isn't really supported, but we build anyways.

Fixing now.

AkihiroSuda · 2017-12-01T02:11:23Z

user.Current segfaults when statically build, due to a glibc issue that won't be fixed: moby/moby#29478

So I suggest using getuid syscall.

mlaventure · 2017-12-01T02:15:30Z

Oh, that's a nasty one 😱

AkihiroSuda · 2017-12-01T02:46:09Z

p.s. As described in golang/go#13470 (comment), the segfault issue does not happen when only single goroutine is running.
So the issue might not be critical for our shim, but we should not rely on the number of goroutines, I think.

stevvooe · 2017-12-01T02:46:44Z

user.Current segfaults when statically build, due to a glibc issue that won't be fixed

Seems to run just fine. What version is affected? I am running glibc 2.24 locally but it seems 2.21 is affected.

Tried the example in golang/go#13470. The compiler seems to complain:

$ gcc -static -pthread -o cboom f.c
/tmp/ccZURPLs.o: In function `thread':
f.c:(.text+0x53): warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

While that is a warning and not a compile error is insane. How can this be called statically linked if it requires the shared library? Madness.

stevvooe · 2017-12-01T04:30:09Z

Filed containerd/ttrpc#13.

Signed-off-by: Stephen J Day <[email protected]>

stevvooe · 2017-12-01T04:36:24Z

Updated, PTAL.

AkihiroSuda · 2017-12-01T04:41:10Z

opened containerd/ttrpc#14

codecov-io · 2017-12-01T04:43:58Z

Codecov Report

Merging #1849 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1849   +/-   ##
=======================================
  Coverage   49.13%   49.13%           
=======================================
  Files          86       86           
  Lines        8245     8245           
=======================================
  Hits         4051     4051           
  Misses       3524     3524           
  Partials      670      670

Flag	Coverage Δ
#linux	`52.53% <ø> (ø)`	⬆️
#windows	`44.25% <ø> (ø)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update efe9e28...2d966df. Read the comment docs.

stevvooe · 2017-12-01T05:10:48Z

Filed golang/go#22953

stevvooe added this to the 1.0.0 milestone Dec 1, 2017

mlaventure approved these changes Dec 1, 2017

View reviewed changes

stevvooe force-pushed the unix-socket-credentials branch from 6cb98c0 to ce48514 Compare December 1, 2017 01:40

cmd/containerd-shim: require unix socket credentials

2d966df

Signed-off-by: Stephen J Day <[email protected]>

stevvooe force-pushed the unix-socket-credentials branch from ce48514 to 2d966df Compare December 1, 2017 04:34

AkihiroSuda approved these changes Dec 1, 2017

View reviewed changes

AkihiroSuda merged commit c9c36d4 into containerd:master Dec 1, 2017

stevvooe deleted the unix-socket-credentials branch December 1, 2017 05:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cmd/containerd-shim: require unix socket credentials#1849

cmd/containerd-shim: require unix socket credentials#1849
AkihiroSuda merged 1 commit intocontainerd:masterfrom
stevvooe:unix-socket-credentials

stevvooe commented Dec 1, 2017

Uh oh!

crosbymichael commented Dec 1, 2017

Uh oh!

mlaventure left a comment

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

AkihiroSuda commented Dec 1, 2017

Uh oh!

mlaventure commented Dec 1, 2017

Uh oh!

AkihiroSuda commented Dec 1, 2017

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

AkihiroSuda commented Dec 1, 2017

Uh oh!

codecov-io commented Dec 1, 2017

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

stevvooe commented Dec 1, 2017

Uh oh!

crosbymichael commented Dec 1, 2017

Uh oh!

mlaventure left a comment

Choose a reason for hiding this comment

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

AkihiroSuda commented Dec 1, 2017

Uh oh!

mlaventure commented Dec 1, 2017

Uh oh!

AkihiroSuda commented Dec 1, 2017

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

AkihiroSuda commented Dec 1, 2017

Uh oh!

codecov-io commented Dec 1, 2017

Codecov Report

Uh oh!

stevvooe commented Dec 1, 2017

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants