go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove traces option for ref leak mode

This commit is contained in:
praveensastry 2019-08-06 11:57:50 +10:00
parent 607be0585f
commit 8d89c0d92b
3 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
runsc/boot/config.go
View File

@ -116,12 +116,10 @@ func MakeWatchdogAction(s string) (watchdog.Action, error) {
// MakeRefsLeakMode converts type from string // MakeRefsLeakMode converts type from string
func MakeRefsLeakMode(s string) (refs.LeakMode, error) { func MakeRefsLeakMode(s string) (refs.LeakMode, error) {
switch strings.ToLower(s) { switch strings.ToLower(s) {
case "nocheck": case "disabled":
return refs.NoLeakChecking, nil return refs.NoLeakChecking, nil
case "warning": case "warning":
return refs.LeaksLogWarning, nil return refs.LeaksLogWarning, nil
case "traces":
return refs.LeaksLogTraces, nil
default: default:
return 0, fmt.Errorf("invalid refs leakmode %q", s) return 0, fmt.Errorf("invalid refs leakmode %q", s)
} }
@ -245,7 +243,7 @@ func (c *Config) ToFlags() []string {
"--num-network-channels=" + strconv.Itoa(c.NumNetworkChannels), "--num-network-channels=" + strconv.Itoa(c.NumNetworkChannels),
"--rootless=" + strconv.FormatBool(c.Rootless), "--rootless=" + strconv.FormatBool(c.Rootless),
"--alsologtostderr=" + strconv.FormatBool(c.AlsoLogToStderr), "--alsologtostderr=" + strconv.FormatBool(c.AlsoLogToStderr),
"--refs-leak-mode=" + c.ReferenceLeakMode.String(), "--ref-leak-mode=" + c.ReferenceLeakMode.String(),
} }
if c.TestOnlyAllowRunAsCurrentUserWithoutChroot { if c.TestOnlyAllowRunAsCurrentUserWithoutChroot {
// Only include if set since it is never to be used by users. // Only include if set since it is never to be used by users.

6
runsc/boot/loader.go
View File

@ -181,6 +181,9 @@ type Args struct {
// New initializes a new kernel loader configured by spec. // New initializes a new kernel loader configured by spec.
// New also handles setting up a kernel for restoring a container. // New also handles setting up a kernel for restoring a container.
func New(args Args) (*Loader, error) { func New(args Args) (*Loader, error) {
// Sets the reference leak check mode
refs.SetLeakMode(args.Conf.ReferenceLeakMode)
// We initialize the rand package now to make sure /dev/urandom is pre-opened // We initialize the rand package now to make sure /dev/urandom is pre-opened
// on kernels that do not support getrandom(2). // on kernels that do not support getrandom(2).
if err := rand.Init(); err != nil { if err := rand.Init(); err != nil {
@ -191,9 +194,6 @@ func New(args Args) (*Loader, error) {
return nil, fmt.Errorf("setting up memory usage: %v", err) return nil, fmt.Errorf("setting up memory usage: %v", err)
} }
// Sets the refs leak check mode
refs.SetLeakMode(args.Conf.ReferenceLeakMode)
// Create kernel and platform. // Create kernel and platform.
p, err := createPlatform(args.Conf, args.Device) p, err := createPlatform(args.Conf, args.Device)
if err != nil { if err != nil {

2
runsc/main.go
View File

@ -73,7 +73,7 @@ var (
netRaw = flag.Bool("net-raw", false, "enable raw sockets. When false, raw sockets are disabled by removing CAP_NET_RAW from containers (`runsc exec` will still be able to utilize raw sockets). Raw sockets allow malicious containers to craft packets and potentially attack the network.") netRaw = flag.Bool("net-raw", false, "enable raw sockets. When false, raw sockets are disabled by removing CAP_NET_RAW from containers (`runsc exec` will still be able to utilize raw sockets). Raw sockets allow malicious containers to craft packets and potentially attack the network.")
numNetworkChannels = flag.Int("num-network-channels", 1, "number of underlying channels(FDs) to use for network link endpoints.") numNetworkChannels = flag.Int("num-network-channels", 1, "number of underlying channels(FDs) to use for network link endpoints.")
rootless = flag.Bool("rootless", false, "it allows the sandbox to be started with a user that is not root. Sandbox and Gofer processes may run with same privileges as current user.") rootless = flag.Bool("rootless", false, "it allows the sandbox to be started with a user that is not root. Sandbox and Gofer processes may run with same privileges as current user.")
referenceLeakMode = flag.String("refs-leak-mode", "nocheck", "sets reference leak check mode: nocheck (default), warning, traces.") referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), warning.")
// Test flags, not to be used outside tests, ever. // Test flags, not to be used outside tests, ever.
testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.") testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")