devices: move libcontainer/devices to moby/sys#212
Merged
Conversation
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: John Howard <jhoward@microsoft.com>
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
getDevices() has been updated to skip `/dev/.lxc` and `/dev/.lxd-mounts`, which was breaking privileged Docker containers running on runC, inside of LXD managed Linux Containers Signed-off-by: Carlton-Semple <carlton.semple@ibm.com>
Signed-off-by: Carlton-Semple <carlton.semple@ibm.com>
FreeBSD does not support cgroups or namespaces, which the code suggested, and is not supported in runc anyway right now. So clean up the file naming to use `_linux` where appropriate. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Clean up unix vs linux usage
Since syscall is outdated and broken for some architectures, use x/sys/unix instead. There are still some dependencies on the syscall package that will remain in syscall for the forseeable future: Errno Signal SysProcAttr Additionally: - os still uses syscall, so it needs to be kept for anything returning *os.ProcessState, such as process.Wait. Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Refactor DeviceFromPath in order to get rid of package syscall and directly use the functions from x/sys/unix. This also allows to get rid of the conversion from the OS-independent file mode values (from the os package) to Linux specific values and instead let's us use the raw file mode value directly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
libcontainer: one more switch from syscall to x/sys/unix
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Before this change, some file type would be treated as char devices (e.g. symlinks). Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
The Major and Minor functions were added for Linux in golang/sys@85d1495 which is already vendored in. Use these functions instead of the local re-implementation. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
libcontainer: use Major/Minor from x/sys/unix
runc is not supported on FreeBSD, so remove all FreeBSD specific bits. As suggested by @crosbymichael in #1653 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
runc currently only support Linux platform, and since we dont intend to expose the support to other platform, removing all other platforms placeholder code. `libcontainer/configs` still being used in https://github.com/moby/moby/blob/master/daemon/daemon_windows.go so keeping it for now. After this, we probably should also rename files to drop linux suffices if possible. Signed-off-by: Daniel Dao <dqminh89@gmail.com>
It turns out that MIPS uses uint32 in the device number returned by stat(2), so explicitly wrap everything to make the compiler happy. I really wish that Go had C-like numeric type promotion. Signed-off-by: Aleksa Sarai <asarai@suse.de>
Closes: #2093 Signed-off-by: Erik Sipsma <sipsma@amazon.com>
Signed-off-by: sashayakovtseva <sasha@sylabs.io>
Making them the same type is simply confusing, but also means that you could accidentally use one in the wrong context. This eliminates that problem. This also includes a whole bunch of cleanups for the types within DeviceRule, so that they can be used more ergonomically. Signed-off-by: Aleksa Sarai <asarai@suse.de>
(mode&S_IFCHR == S_IFCHR) is the wrong way of checking the type of an inode because the S_IF* bits are actually not a bitmask and instead must be checked using S_IF*. This bug was neatly hidden behind a (major == 0) sanity-check but that was removed by [1]. In addition, add a test that makes sure that HostDevices() doesn't give rubbish results -- because we broke this and fixed this before[2]. [1]: e0224a6 ("configs: use different types for .Devices and .Resources.Devices") [2]: 058bfbb ("Handle non-devices correctly in DeviceFromPath") Fixes: 38d4b67 ("libcontainer: one more switch from syscall to x/sys/unix") Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Aleksa Sarai (1): devices: correctly check device types LGTMs: @AkihiroSuda @mrunalp Closes #2529
Move the Device-related types to libcontainer/devices, so that the package can be used in isolation. Aliases have been created in libcontainer/configs for backward compatibility. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
libcontainer: fix the file mode of the device
Allows importing this package on Windows (for the types) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was initially added by commit d78ee47154eee7 but later moved from libcontainer/configs to libcontainer/devices by commit ee96d80. Looks like since commit ee96d80 and also [1] there is no use for this, thus removing. [1] containers/buildah#2652 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
cyphar
force-pushed
the
devices
branch
2 times, most recently
from
4a33056 to
eec528d
Compare
This was referenced Mar 4, 2026
kolyshkin
reviewed
Mar 4, 2026
kolyshkin
reviewed
Mar 4, 2026
cyphar
force-pushed
the
devices
branch
3 times, most recently
from
788f7a8 to
83e8cc9
Compare
The original file did not have a license header, but given that the code comes from a different project it seems prudent to at least mention which contributors the code came from. The detailed commit history (and thus authorship) is maintained in the subtree-merge. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
These are old APIs from runc that we should not export at all. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
macOS appears to have major-0 devices in /dev, so we should only error this test out on Linux (where that is not the case). Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This is migrated from runc's libcontainer/devices, as this package has only ever really been used outside of runc to generate device configurations, so it makes more sense for it to live in github.com/moby/sys. With regards to the go.mod used, github.com/opencontainers/cgroups requires Go 1.24, but aside from that all of these requirements are as minimal as possible. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Collaborator
|
@thaJeztah PTAL 🙏🏻 |
1 similar comment
Collaborator
|
@thaJeztah PTAL 🙏🏻 |
Member
|
WELP #toomanynotifications sorry! Let me have a peek 🤗 |
thaJeztah
approved these changes
Apr 1, 2026
Member
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
looks like a clean move
LGTM, thanks!
Member
|
@kolyshkin want to do the honours of tagging ? Not sure what version to start with but v0.1.0 probably would do the trick? |
Collaborator
Done: |
kolyshkin
added a commit
to kolyshkin/buildah
that referenced
this pull request
Apr 23, 2026
The github.com/opencontainers/runc/libcontainer/devices package was _mostly_ moved to github.com/opencontainers/cgroups/devices/config (see e.g. commit commit 9ac03e6). The rest of runc/libcontainer/devices now lives in moby/sys/devices (see moby/sys#212). The package is deprecated since runc v1.5 and will be removed from runc v1.6. Let's switch now to not worry later. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
added a commit
to kolyshkin/buildah
that referenced
this pull request
Apr 23, 2026
The github.com/opencontainers/runc/libcontainer/devices package was _mostly_ moved to github.com/opencontainers/cgroups/devices/config (see e.g. commit commit 9ac03e6). The rest of runc/libcontainer/devices now lives in moby/sys/devices (see moby/sys#212). The package is deprecated since runc v1.5 and will be removed from runc v1.6. Let's switch now to not worry later. PS vendor/github.com/opencontainers/runc/libcontainer/devices is not removed because it is still being used by common/pkg/parse. This is addressed by containers/container-libs#781 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
added a commit
to kolyshkin/container-libs
that referenced
this pull request
Apr 23, 2026
The github.com/opencontainers/runc/libcontainer/devices package was _mostly_ moved to github.com/opencontainers/cgroups/devices/config for runc v1.3. The rest of runc/libcontainer/devices now lives in moby/sys/devices (see moby/sys#212). The package is deprecated since runc v1.5 and will be removed from runc v1.6. Let's switch now to not worry later. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is migrated from runc's libcontainer/devices, as this package has
only ever really been used outside of runc to generate device
configurations, so it makes more sense for it to live in
github.com/moby/sys.
With regards to the go.mod used, github.com/opencontainers/cgroups
requires Go 1.24, but aside from that all of these requirements are as
minimal as possible.
This merge was generated with
git filter-repo --path-glob="libcontainer/devices/*" --path-rename=libcontainer/devices:devices. This does lose some of the pre-2015 history (opencontainers/runc@8f97d39 movedlibcontainerinto a subdirectory which means that thelibcontainer/devicesglob is missing commits before then) but this should be sufficient...Fixes #181