diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2020-06-16 10:50:29 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-06-16 10:52:17 -0700 |
| commit | bae1475603b03a38726da743430c761fb36ee338 (patch) | |
| tree | 280f7e329473e4e035e3301f73785bf307044203 /runsc/specutils | |
| parent | 810748f5c9c72f713d81d14bcc89a8eb4ca49eb6 (diff) | |
Print spec as json when --debug is enabled
The previous format skipped many important structs that
are pointers, especially for cgroups. Change to print
as json, removing parts of the spec that are not relevant.
Also removed debug message from gofer that can be very
noisy when directories are large.
PiperOrigin-RevId: 316713267
Diffstat (limited to 'runsc/specutils')
| -rw-r--r-- | runsc/specutils/BUILD | 1 | ||||
| -rw-r--r-- | runsc/specutils/specutils.go | 40 |
2 files changed, 27 insertions, 14 deletions
diff --git a/runsc/specutils/BUILD b/runsc/specutils/BUILD index 4ccd77f63..62d4f5113 100644 --- a/runsc/specutils/BUILD +++ b/runsc/specutils/BUILD @@ -17,6 +17,7 @@ go_library( "//pkg/log", "//pkg/sentry/kernel/auth", "@com_github_cenkalti_backoff//:go_default_library", + "@com_github_mohae_deepcopy//:go_default_library", "@com_github_opencontainers_runtime-spec//specs-go:go_default_library", "@com_github_syndtr_gocapability//capability:go_default_library", "@org_golang_x_sys//unix:go_default_library", diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go index f1fa573c5..5015c3a84 100644 --- a/runsc/specutils/specutils.go +++ b/runsc/specutils/specutils.go @@ -29,6 +29,7 @@ import ( "time" "github.com/cenkalti/backoff" + "github.com/mohae/deepcopy" specs "github.com/opencontainers/runtime-spec/specs-go" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/bits" @@ -44,20 +45,31 @@ var ExePath = "/proc/self/exe" var Version = specs.Version // LogSpec logs the spec in a human-friendly way. -func LogSpec(spec *specs.Spec) { - log.Debugf("Spec: %+v", spec) - log.Debugf("Spec.Hooks: %+v", spec.Hooks) - log.Debugf("Spec.Linux: %+v", spec.Linux) - if spec.Linux != nil && spec.Linux.Resources != nil { - res := spec.Linux.Resources - log.Debugf("Spec.Linux.Resources.Memory: %+v", res.Memory) - log.Debugf("Spec.Linux.Resources.CPU: %+v", res.CPU) - log.Debugf("Spec.Linux.Resources.BlockIO: %+v", res.BlockIO) - log.Debugf("Spec.Linux.Resources.Network: %+v", res.Network) - } - log.Debugf("Spec.Process: %+v", spec.Process) - log.Debugf("Spec.Root: %+v", spec.Root) - log.Debugf("Spec.Mounts: %+v", spec.Mounts) +func LogSpec(orig *specs.Spec) { + if !log.IsLogging(log.Debug) { + return + } + + // Strip down parts of the spec that are not interesting. + spec := deepcopy.Copy(orig).(*specs.Spec) + if spec.Process != nil { + spec.Process.Capabilities = nil + } + if spec.Linux != nil { + spec.Linux.Seccomp = nil + spec.Linux.MaskedPaths = nil + spec.Linux.ReadonlyPaths = nil + if spec.Linux.Resources != nil { + spec.Linux.Resources.Devices = nil + } + } + + out, err := json.MarshalIndent(spec, "", " ") + if err != nil { + log.Debugf("Failed to marshal spec: %v", err) + return + } + log.Debugf("Spec:\n%s", out) } // ValidateSpec validates that the spec is compatible with runsc. |