Add glide.yaml and vendor deps

2016-12-03 22:43:32 -08:00 · 2016-12-03 22:43:32 -08:00 · 5b3d5e81bd
commit 5b3d5e81bd
parent db918f12ad
18880 changed files with 5166045 additions and 1 deletions
--- a/vendor/github.com/opencontainers/runc/libcontainer/integration/checkpoint_test.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/integration/checkpoint_test.go
@ -0,0 +1,204 @@
+package integration
+
+import (
+	"bufio"
+	"bytes"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"testing"
+
+	"github.com/opencontainers/runc/libcontainer"
+	"github.com/opencontainers/runc/libcontainer/configs"
+)
+
+func showFile(t *testing.T, fname string) error {
+	t.Logf("=== %s ===\n", fname)
+
+	f, err := os.Open(fname)
+	if err != nil {
+		t.Log(err)
+		return err
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		t.Log(scanner.Text())
+	}
+
+	if err := scanner.Err(); err != nil {
+		return err
+	}
+
+	t.Logf("=== END ===\n")
+
+	return nil
+}
+
+func TestCheckpoint(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+	root, err := newTestRoot()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(root)
+
+	rootfs, err := newRootfs()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer remove(rootfs)
+
+	config := newTemplateConfig(rootfs)
+
+	config.Mounts = append(config.Mounts, &configs.Mount{
+		Destination: "/sys/fs/cgroup",
+		Device:      "cgroup",
+		Flags:       defaultMountFlags | syscall.MS_RDONLY,
+	})
+
+	factory, err := libcontainer.New(root, libcontainer.Cgroupfs)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	container, err := factory.Create("test", config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer container.Destroy()
+
+	stdinR, stdinW, err := os.Pipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var stdout bytes.Buffer
+
+	pconfig := libcontainer.Process{
+		Cwd:    "/",
+		Args:   []string{"cat"},
+		Env:    standardEnvironment,
+		Stdin:  stdinR,
+		Stdout: &stdout,
+	}
+
+	err = container.Run(&pconfig)
+	stdinR.Close()
+	defer stdinW.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	pid, err := pconfig.Pid()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	process, err := os.FindProcess(pid)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	imagesDir, err := ioutil.TempDir("", "criu")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(imagesDir)
+
+	checkpointOpts := &libcontainer.CriuOpts{
+		ImagesDirectory: imagesDir,
+		WorkDirectory:   imagesDir,
+	}
+	dumpLog := filepath.Join(checkpointOpts.WorkDirectory, "dump.log")
+	restoreLog := filepath.Join(checkpointOpts.WorkDirectory, "restore.log")
+
+	if err := container.Checkpoint(checkpointOpts); err != nil {
+		showFile(t, dumpLog)
+		t.Fatal(err)
+	}
+
+	state, err := container.Status()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if state != libcontainer.Running {
+		t.Fatal("Unexpected state checkpoint: ", state)
+	}
+
+	stdinW.Close()
+	_, err = process.Wait()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// reload the container
+	container, err = factory.Load("test")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	restoreStdinR, restoreStdinW, err := os.Pipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	restoreProcessConfig := &libcontainer.Process{
+		Cwd:    "/",
+		Stdin:  restoreStdinR,
+		Stdout: &stdout,
+	}
+
+	err = container.Restore(restoreProcessConfig, checkpointOpts)
+	restoreStdinR.Close()
+	defer restoreStdinW.Close()
+	if err != nil {
+		showFile(t, restoreLog)
+		t.Fatal(err)
+	}
+
+	state, err = container.Status()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if state != libcontainer.Running {
+		t.Fatal("Unexpected restore state: ", state)
+	}
+
+	pid, err = restoreProcessConfig.Pid()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	process, err = os.FindProcess(pid)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = restoreStdinW.WriteString("Hello!")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	restoreStdinW.Close()
+	s, err := process.Wait()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !s.Success() {
+		t.Fatal(s.String(), pid)
+	}
+
+	output := string(stdout.Bytes())
+	if !strings.Contains(output, "Hello!") {
+		t.Fatal("Did not restore the pipe correctly:", output)
+	}
+}
--- a/vendor/github.com/opencontainers/runc/libcontainer/integration/doc.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/integration/doc.go
@ -0,0 +1,2 @@
+// integration is used for integration testing of libcontainer
+package integration
--- a/vendor/github.com/opencontainers/runc/libcontainer/integration/exec_test.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/integration/exec_test.go
--- a/vendor/github.com/opencontainers/runc/libcontainer/integration/execin_test.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/integration/execin_test.go
--- a/vendor/github.com/opencontainers/runc/libcontainer/integration/init_test.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/integration/init_test.go
@ -0,0 +1,60 @@
+package integration
+
+import (
+	"os"
+	"runtime"
+	"testing"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/opencontainers/runc/libcontainer"
+	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
+	_ "github.com/opencontainers/runc/libcontainer/nsenter"
+)
+
+// init runs the libcontainer initialization code because of the busybox style needs
+// to work around the go runtime and the issues with forking
+func init() {
+	if len(os.Args) < 2 || os.Args[1] != "init" {
+		return
+	}
+	runtime.GOMAXPROCS(1)
+	runtime.LockOSThread()
+	factory, err := libcontainer.New("")
+	if err != nil {
+		logrus.Fatalf("unable to initialize for container: %s", err)
+	}
+	if err := factory.StartInitialization(); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+var (
+	factory        libcontainer.Factory
+	systemdFactory libcontainer.Factory
+)
+
+func TestMain(m *testing.M) {
+	var (
+		err error
+		ret int
+	)
+
+	logrus.SetOutput(os.Stderr)
+	logrus.SetLevel(logrus.InfoLevel)
+
+	factory, err = libcontainer.New("/run/libctTests", libcontainer.Cgroupfs)
+	if err != nil {
+		logrus.Error(err)
+		os.Exit(1)
+	}
+	if systemd.UseSystemd() {
+		systemdFactory, err = libcontainer.New("/run/libctTests", libcontainer.SystemdCgroups)
+		if err != nil {
+			logrus.Error(err)
+			os.Exit(1)
+		}
+	}
+
+	ret = m.Run()
+	os.Exit(ret)
+}
--- a/vendor/github.com/opencontainers/runc/libcontainer/integration/seccomp_test.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/integration/seccomp_test.go
@ -0,0 +1,219 @@
+// +build linux,cgo,seccomp
+
+package integration
+
+import (
+	"strings"
+	"syscall"
+	"testing"
+
+	"github.com/opencontainers/runc/libcontainer"
+	"github.com/opencontainers/runc/libcontainer/configs"
+	libseccomp "github.com/seccomp/libseccomp-golang"
+)
+
+func TestSeccompDenyGetcwd(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
+	rootfs, err := newRootfs()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer remove(rootfs)
+
+	config := newTemplateConfig(rootfs)
+	config.Seccomp = &configs.Seccomp{
+		DefaultAction: configs.Allow,
+		Syscalls: []*configs.Syscall{
+			{
+				Name:   "getcwd",
+				Action: configs.Errno,
+			},
+		},
+	}
+
+	container, err := newContainer(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer container.Destroy()
+
+	buffers := newStdBuffers()
+	pwd := &libcontainer.Process{
+		Cwd:    "/",
+		Args:   []string{"pwd"},
+		Env:    standardEnvironment,
+		Stdin:  buffers.Stdin,
+		Stdout: buffers.Stdout,
+		Stderr: buffers.Stderr,
+	}
+
+	err = container.Run(pwd)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ps, err := pwd.Wait()
+	if err == nil {
+		t.Fatal("Expecting error (negative return code); instead exited cleanly!")
+	}
+
+	var exitCode int
+	status := ps.Sys().(syscall.WaitStatus)
+	if status.Exited() {
+		exitCode = status.ExitStatus()
+	} else if status.Signaled() {
+		exitCode = -int(status.Signal())
+	} else {
+		t.Fatalf("Unrecognized exit reason!")
+	}
+
+	if exitCode == 0 {
+		t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)
+	}
+
+	expected := "pwd: getcwd: Operation not permitted"
+	actual := strings.Trim(buffers.Stderr.String(), "\n")
+	if actual != expected {
+		t.Fatalf("Expected output %s but got %s\n", expected, actual)
+	}
+}
+
+func TestSeccompPermitWriteConditional(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
+	rootfs, err := newRootfs()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer remove(rootfs)
+
+	config := newTemplateConfig(rootfs)
+	config.Seccomp = &configs.Seccomp{
+		DefaultAction: configs.Allow,
+		Syscalls: []*configs.Syscall{
+			{
+				Name:   "write",
+				Action: configs.Errno,
+				Args: []*configs.Arg{
+					{
+						Index: 0,
+						Value: 2,
+						Op:    configs.EqualTo,
+					},
+				},
+			},
+		},
+	}
+
+	container, err := newContainer(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer container.Destroy()
+
+	buffers := newStdBuffers()
+	dmesg := &libcontainer.Process{
+		Cwd:    "/",
+		Args:   []string{"busybox", "ls", "/"},
+		Env:    standardEnvironment,
+		Stdin:  buffers.Stdin,
+		Stdout: buffers.Stdout,
+		Stderr: buffers.Stderr,
+	}
+
+	err = container.Run(dmesg)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := dmesg.Wait(); err != nil {
+		t.Fatalf("%s: %s", err, buffers.Stderr)
+	}
+}
+
+func TestSeccompDenyWriteConditional(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
+	// Only test if library version is v2.2.1 or higher
+	// Conditional filtering will always error in v2.2.0 and lower
+	major, minor, micro := libseccomp.GetLibraryVersion()
+	if (major == 2 && minor < 2) || (major == 2 && minor == 2 && micro < 1) {
+		return
+	}
+
+	rootfs, err := newRootfs()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer remove(rootfs)
+
+	config := newTemplateConfig(rootfs)
+	config.Seccomp = &configs.Seccomp{
+		DefaultAction: configs.Allow,
+		Syscalls: []*configs.Syscall{
+			{
+				Name:   "write",
+				Action: configs.Errno,
+				Args: []*configs.Arg{
+					{
+						Index: 0,
+						Value: 2,
+						Op:    configs.EqualTo,
+					},
+				},
+			},
+		},
+	}
+
+	container, err := newContainer(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer container.Destroy()
+
+	buffers := newStdBuffers()
+	dmesg := &libcontainer.Process{
+		Cwd:    "/",
+		Args:   []string{"busybox", "ls", "does_not_exist"},
+		Env:    standardEnvironment,
+		Stdin:  buffers.Stdin,
+		Stdout: buffers.Stdout,
+		Stderr: buffers.Stderr,
+	}
+
+	err = container.Run(dmesg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ps, err := dmesg.Wait()
+	if err == nil {
+		t.Fatal("Expecting negative return, instead got 0!")
+	}
+
+	var exitCode int
+	status := ps.Sys().(syscall.WaitStatus)
+	if status.Exited() {
+		exitCode = status.ExitStatus()
+	} else if status.Signaled() {
+		exitCode = -int(status.Signal())
+	} else {
+		t.Fatalf("Unrecognized exit reason!")
+	}
+
+	if exitCode == 0 {
+		t.Fatalf("Busybox should fail with negative exit code, instead got %d!", exitCode)
+	}
+
+	// We're denying write to stderr, so we expect an empty buffer
+	expected := ""
+	actual := strings.Trim(buffers.Stderr.String(), "\n")
+	if actual != expected {
+		t.Fatalf("Expected output %s but got %s\n", expected, actual)
+	}
+}
--- a/vendor/github.com/opencontainers/runc/libcontainer/integration/template_test.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/integration/template_test.go
@ -0,0 +1,125 @@
+package integration
+
+import (
+	"syscall"
+
+	"github.com/opencontainers/runc/libcontainer/configs"
+)
+
+var standardEnvironment = []string{
+	"HOME=/root",
+	"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+	"HOSTNAME=integration",
+	"TERM=xterm",
+}
+
+const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
+
+// newTemplateConfig returns a base template for running a container
+//
+// it uses a network strategy of just setting a loopback interface
+// and the default setup for devices
+func newTemplateConfig(rootfs string) *configs.Config {
+	allowAllDevices := false
+	return &configs.Config{
+		Rootfs: rootfs,
+		Capabilities: []string{
+			"CAP_CHOWN",
+			"CAP_DAC_OVERRIDE",
+			"CAP_FSETID",
+			"CAP_FOWNER",
+			"CAP_MKNOD",
+			"CAP_NET_RAW",
+			"CAP_SETGID",
+			"CAP_SETUID",
+			"CAP_SETFCAP",
+			"CAP_SETPCAP",
+			"CAP_NET_BIND_SERVICE",
+			"CAP_SYS_CHROOT",
+			"CAP_KILL",
+			"CAP_AUDIT_WRITE",
+		},
+		Namespaces: configs.Namespaces([]configs.Namespace{
+			{Type: configs.NEWNS},
+			{Type: configs.NEWUTS},
+			{Type: configs.NEWIPC},
+			{Type: configs.NEWPID},
+			{Type: configs.NEWNET},
+		}),
+		Cgroups: &configs.Cgroup{
+			Path: "integration/test",
+			Resources: &configs.Resources{
+				MemorySwappiness: nil,
+				AllowAllDevices:  &allowAllDevices,
+				AllowedDevices:   configs.DefaultAllowedDevices,
+			},
+		},
+		MaskPaths: []string{
+			"/proc/kcore",
+			"/sys/firmware",
+		},
+		ReadonlyPaths: []string{
+			"/proc/sys", "/proc/sysrq-trigger", "/proc/irq", "/proc/bus",
+		},
+		Devices:  configs.DefaultAutoCreatedDevices,
+		Hostname: "integration",
+		Mounts: []*configs.Mount{
+			{
+				Source:      "proc",
+				Destination: "/proc",
+				Device:      "proc",
+				Flags:       defaultMountFlags,
+			},
+			{
+				Source:      "tmpfs",
+				Destination: "/dev",
+				Device:      "tmpfs",
+				Flags:       syscall.MS_NOSUID | syscall.MS_STRICTATIME,
+				Data:        "mode=755",
+			},
+			{
+				Source:      "devpts",
+				Destination: "/dev/pts",
+				Device:      "devpts",
+				Flags:       syscall.MS_NOSUID | syscall.MS_NOEXEC,
+				Data:        "newinstance,ptmxmode=0666,mode=0620,gid=5",
+			},
+			{
+				Device:      "tmpfs",
+				Source:      "shm",
+				Destination: "/dev/shm",
+				Data:        "mode=1777,size=65536k",
+				Flags:       defaultMountFlags,
+			},
+			/*
+				            CI is broken on the debian based kernels with this
+							{
+								Source:      "mqueue",
+								Destination: "/dev/mqueue",
+								Device:      "mqueue",
+								Flags:       defaultMountFlags,
+							},
+			*/
+			{
+				Source:      "sysfs",
+				Destination: "/sys",
+				Device:      "sysfs",
+				Flags:       defaultMountFlags | syscall.MS_RDONLY,
+			},
+		},
+		Networks: []*configs.Network{
+			{
+				Type:    "loopback",
+				Address: "127.0.0.1/0",
+				Gateway: "localhost",
+			},
+		},
+		Rlimits: []configs.Rlimit{
+			{
+				Type: syscall.RLIMIT_NOFILE,
+				Hard: uint64(1025),
+				Soft: uint64(1025),
+			},
+		},
+	}
+}
--- a/vendor/github.com/opencontainers/runc/libcontainer/integration/utils_test.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/integration/utils_test.go
@ -0,0 +1,159 @@
+package integration
+
+import (
+	"bytes"
+	"crypto/md5"
+	"encoding/hex"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"syscall"
+	"testing"
+	"time"
+
+	"github.com/opencontainers/runc/libcontainer"
+	"github.com/opencontainers/runc/libcontainer/configs"
+)
+
+func newStdBuffers() *stdBuffers {
+	return &stdBuffers{
+		Stdin:  bytes.NewBuffer(nil),
+		Stdout: bytes.NewBuffer(nil),
+		Stderr: bytes.NewBuffer(nil),
+	}
+}
+
+type stdBuffers struct {
+	Stdin  *bytes.Buffer
+	Stdout *bytes.Buffer
+	Stderr *bytes.Buffer
+}
+
+func (b *stdBuffers) String() string {
+	s := []string{}
+	if b.Stderr != nil {
+		s = append(s, b.Stderr.String())
+	}
+	if b.Stdout != nil {
+		s = append(s, b.Stdout.String())
+	}
+	return strings.Join(s, "|")
+}
+
+// ok fails the test if an err is not nil.
+func ok(t testing.TB, err error) {
+	if err != nil {
+		_, file, line, _ := runtime.Caller(1)
+		t.Fatalf("%s:%d: unexpected error: %s\n\n", filepath.Base(file), line, err.Error())
+	}
+}
+
+func waitProcess(p *libcontainer.Process, t *testing.T) {
+	_, file, line, _ := runtime.Caller(1)
+	status, err := p.Wait()
+
+	if err != nil {
+		t.Fatalf("%s:%d: unexpected error: %s\n\n", filepath.Base(file), line, err.Error())
+	}
+
+	if !status.Success() {
+		t.Fatalf("%s:%d: unexpected status: %s\n\n", filepath.Base(file), line, status.String())
+	}
+}
+
+func newTestRoot() (string, error) {
+	dir, err := ioutil.TempDir("", "libcontainer")
+	if err != nil {
+		return "", err
+	}
+	if err := os.MkdirAll(dir, 0700); err != nil {
+		return "", err
+	}
+	return dir, nil
+}
+
+// newRootfs creates a new tmp directory and copies the busybox root filesystem
+func newRootfs() (string, error) {
+	dir, err := ioutil.TempDir("", "")
+	if err != nil {
+		return "", err
+	}
+	if err := os.MkdirAll(dir, 0700); err != nil {
+		return "", err
+	}
+	if err := copyBusybox(dir); err != nil {
+		return "", err
+	}
+	return dir, nil
+}
+
+func remove(dir string) {
+	os.RemoveAll(dir)
+}
+
+// copyBusybox copies the rootfs for a busybox container created for the test image
+// into the new directory for the specific test
+func copyBusybox(dest string) error {
+	out, err := exec.Command("sh", "-c", fmt.Sprintf("cp -R /busybox/* %s/", dest)).CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("copy error %q: %q", err, out)
+	}
+	return nil
+}
+
+func newContainer(config *configs.Config) (libcontainer.Container, error) {
+	h := md5.New()
+	h.Write([]byte(time.Now().String()))
+	return newContainerWithName(hex.EncodeToString(h.Sum(nil)), config)
+}
+
+func newContainerWithName(name string, config *configs.Config) (libcontainer.Container, error) {
+	f := factory
+	if config.Cgroups != nil && config.Cgroups.Parent == "system.slice" {
+		f = systemdFactory
+	}
+	return f.Create(name, config)
+}
+
+// runContainer runs the container with the specific config and arguments
+//
+// buffers are returned containing the STDOUT and STDERR output for the run
+// along with the exit code and any go error
+func runContainer(config *configs.Config, console string, args ...string) (buffers *stdBuffers, exitCode int, err error) {
+	container, err := newContainer(config)
+	if err != nil {
+		return nil, -1, err
+	}
+	defer container.Destroy()
+	buffers = newStdBuffers()
+	process := &libcontainer.Process{
+		Cwd:    "/",
+		Args:   args,
+		Env:    standardEnvironment,
+		Stdin:  buffers.Stdin,
+		Stdout: buffers.Stdout,
+		Stderr: buffers.Stderr,
+	}
+
+	err = container.Run(process)
+	if err != nil {
+		return buffers, -1, err
+	}
+	ps, err := process.Wait()
+	if err != nil {
+		return buffers, -1, err
+	}
+	status := ps.Sys().(syscall.WaitStatus)
+	if status.Exited() {
+		exitCode = status.ExitStatus()
+	} else if status.Signaled() {
+		exitCode = -int(status.Signal())
+	} else {
+		return buffers, -1, err
+	}
+	return
+}