Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libc/int/userns: add build tag to C file #4616

Merged
merged 1 commit into from
Feb 7, 2025
Merged

libc/int/userns: add build tag to C file #4616

merged 1 commit into from
Feb 7, 2025

Conversation

kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Feb 5, 2025
edited
Loading

This fixes k3s cross-compilation on Windows, broken by commit 1912d59 ("*: actually support joining a userns with a new container").

[@kolyshkin: commit message]

Fixes: 1912d59

As far as I can see, this is first mentioned in k3s-io/k3s#9332 a year ago but was never reported to runc 😞

Indeed, Go recognizes //go:build in C files, and also matches GOOS and GOARCH in file names even for .c files.

Also, I don't know how to reproduce it here (GOOS=windows CGO_ENABLED=1 go build ./libcontainer/... gives too many errors).

@brandond @kolyshkin
libc/int/userns: add build tag to C file
ccb589b 
This fixes k3s cross-compilation on Windows, broken by commit
1912d59 ("*: actually support joining a userns with a new
container").

[@kolyshkin: commit message]

Fixes: 1912d59
Signed-off-by: Brad Davidson <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin kolyshkin added the backport/1.2-todo A PR in main branch which needs to be backported to release-1.2 label Feb 5, 2025
@kolyshkin kolyshkin marked this pull request as ready for review February 6, 2025 00:03
@kolyshkin
Copy link
Contributor Author

@brandond PTAL. Sorry if you have reported the issue before but we missed it. Also, if you can suggest a way to test this, that'd be great.

@brandond
Copy link
Contributor

brandond commented Feb 6, 2025
edited
Loading

I think the underlying issue is that runc isn't normally used on windows. On windows you use runhcs instead. However, K3s links in some of the runc libcontainer library code on windows, so we do need build tags on stuff that only works on linux.

I did ping @cyphar internally a while back but I haven't followed up.

@kolyshkin kolyshkin requested review from rata and cyphar February 6, 2025 01:07
rata
rata approved these changes Feb 6, 2025
View reviewed changes
Copy link
Member

@rata rata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

It seems surprising only this is needed, for sure we don't have this in nsexec.c and friends. I guess this depends on the includes the project is using and just this is what they miss right now?

@kolyshkin
Copy link
Contributor Author

LGTM.

It seems surprising only this is needed, for sure we don't have this in nsexec.c and friends. I guess this depends on the includes the project is using and just this is what they miss right now?

Yes, I think this depends on which runc/libcontainer packages are being imported (directly or indirectly).

In case of libcontainer/nsenter, we only import it from the main package and libcontainer/integration, so it can't be imported indirectly (unless someone imports libcontainer/integration, and of course no one does it).

In this case, userns is being imported by libcontainer, so anyone who's using it for non-linux is affected.

I'm still trying to figure out how to create a test case for this though :(

@AkihiroSuda AkihiroSuda merged commit e6c4c9c into opencontainers:main Feb 7, 2025
40 checks passed
AkihiroSuda
AkihiroSuda reviewed Feb 7, 2025
View reviewed changes
libcontainer/internal/userns/userns_maps_linux.c
@@ -1,3 +1,5 @@
//go:build linux
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need both of the comment line and the file name suffix?

Copy link
Contributor

@brandond brandond Feb 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

idk but that seems to be the convention in Kubernetes at least.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a tad redundant but I guess OK to have just in case.

@kolyshkin kolyshkin mentioned this pull request Feb 7, 2025
Merged
@kolyshkin
Copy link
Contributor Author

1.2 backport: #4619

@kolyshkin kolyshkin added backport/1.2-done A PR in main branch which has been backported to release-1.2 and removed backport/1.2-todo A PR in main branch which needs to be backported to release-1.2 labels Feb 7, 2025
kolyshkin added a commit to kolyshkin/k3s that referenced this pull request Feb 7, 2025
@kolyshkin
[test/DNM] go.mod: try stock runc version
c40b0e8 
This is to see how windows compile is broken
(see opencontainers/runc#4616).

Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin kolyshkin mentioned this pull request Feb 7, 2025
Closed
@kolyshkin
Copy link
Contributor Author

Ended up finding out it's not needed for a variety of reasons (see k3s-io/k3s#11722 (comment) for details).

Won't hurt either, so let's consider this change a NOP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandond brandond brandond left review comments

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@rata rata rata approved these changes

@xximwon xximwon xximwon approved these changes

@cyphar cyphar Awaiting requested review from cyphar

Assignees
No one assigned
Labels
backport/1.2-done A PR in main branch which has been backported to release-1.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kolyshkin @brandond @rata @AkihiroSuda @xximwon