Remove traces option for ref leak mode
This commit is contained in:
parent
607be0585f
commit
8d89c0d92b
|
@ -116,12 +116,10 @@ func MakeWatchdogAction(s string) (watchdog.Action, error) {
|
|||
// MakeRefsLeakMode converts type from string
|
||||
func MakeRefsLeakMode(s string) (refs.LeakMode, error) {
|
||||
switch strings.ToLower(s) {
|
||||
case "nocheck":
|
||||
case "disabled":
|
||||
return refs.NoLeakChecking, nil
|
||||
case "warning":
|
||||
return refs.LeaksLogWarning, nil
|
||||
case "traces":
|
||||
return refs.LeaksLogTraces, nil
|
||||
default:
|
||||
return 0, fmt.Errorf("invalid refs leakmode %q", s)
|
||||
}
|
||||
|
@ -245,7 +243,7 @@ func (c *Config) ToFlags() []string {
|
|||
"--num-network-channels=" + strconv.Itoa(c.NumNetworkChannels),
|
||||
"--rootless=" + strconv.FormatBool(c.Rootless),
|
||||
"--alsologtostderr=" + strconv.FormatBool(c.AlsoLogToStderr),
|
||||
"--refs-leak-mode=" + c.ReferenceLeakMode.String(),
|
||||
"--ref-leak-mode=" + c.ReferenceLeakMode.String(),
|
||||
}
|
||||
if c.TestOnlyAllowRunAsCurrentUserWithoutChroot {
|
||||
// Only include if set since it is never to be used by users.
|
||||
|
|
|
@ -181,6 +181,9 @@ type Args struct {
|
|||
// New initializes a new kernel loader configured by spec.
|
||||
// New also handles setting up a kernel for restoring a container.
|
||||
func New(args Args) (*Loader, error) {
|
||||
// Sets the reference leak check mode
|
||||
refs.SetLeakMode(args.Conf.ReferenceLeakMode)
|
||||
|
||||
// We initialize the rand package now to make sure /dev/urandom is pre-opened
|
||||
// on kernels that do not support getrandom(2).
|
||||
if err := rand.Init(); err != nil {
|
||||
|
@ -191,9 +194,6 @@ func New(args Args) (*Loader, error) {
|
|||
return nil, fmt.Errorf("setting up memory usage: %v", err)
|
||||
}
|
||||
|
||||
// Sets the refs leak check mode
|
||||
refs.SetLeakMode(args.Conf.ReferenceLeakMode)
|
||||
|
||||
// Create kernel and platform.
|
||||
p, err := createPlatform(args.Conf, args.Device)
|
||||
if err != nil {
|
||||
|
|
|
@ -73,7 +73,7 @@ var (
|
|||
netRaw = flag.Bool("net-raw", false, "enable raw sockets. When false, raw sockets are disabled by removing CAP_NET_RAW from containers (`runsc exec` will still be able to utilize raw sockets). Raw sockets allow malicious containers to craft packets and potentially attack the network.")
|
||||
numNetworkChannels = flag.Int("num-network-channels", 1, "number of underlying channels(FDs) to use for network link endpoints.")
|
||||
rootless = flag.Bool("rootless", false, "it allows the sandbox to be started with a user that is not root. Sandbox and Gofer processes may run with same privileges as current user.")
|
||||
referenceLeakMode = flag.String("refs-leak-mode", "nocheck", "sets reference leak check mode: nocheck (default), warning, traces.")
|
||||
referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), warning.")
|
||||
|
||||
// Test flags, not to be used outside tests, ever.
|
||||
testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")
|
||||
|
|
Loading…
Reference in New Issue