diff options
Diffstat (limited to 'runsc/container')
-rw-r--r-- | runsc/container/BUILD | 1 | ||||
-rw-r--r-- | runsc/container/console_test.go | 15 | ||||
-rw-r--r-- | runsc/container/container.go | 35 | ||||
-rw-r--r-- | runsc/container/container_test.go | 38 | ||||
-rw-r--r-- | runsc/container/multi_container_test.go | 34 | ||||
-rw-r--r-- | runsc/container/state_file.go | 4 |
6 files changed, 64 insertions, 63 deletions
diff --git a/runsc/container/BUILD b/runsc/container/BUILD index 8793c8916..3620dc8c3 100644 --- a/runsc/container/BUILD +++ b/runsc/container/BUILD @@ -30,6 +30,7 @@ go_library( "@com_github_cenkalti_backoff//:go_default_library", "@com_github_gofrs_flock//:go_default_library", "@com_github_opencontainers_runtime_spec//specs-go:go_default_library", + "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/runsc/container/console_test.go b/runsc/container/console_test.go index 7a3d5a523..79b056fce 100644 --- a/runsc/container/console_test.go +++ b/runsc/container/console_test.go @@ -21,7 +21,6 @@ import ( "math/rand" "os" "path/filepath" - "syscall" "testing" "time" @@ -320,7 +319,7 @@ func TestJobControlSignalExec(t *testing.T) { // Send a SIGTERM to the foreground process for the exec PID. Note that // although we pass in the PID of "bash", it should actually terminate // "sleep", since that is the foreground process. - if err := c.Sandbox.SignalProcess(c.ID, pid, syscall.SIGTERM, true /* fgProcess */); err != nil { + if err := c.Sandbox.SignalProcess(c.ID, pid, unix.SIGTERM, true /* fgProcess */); err != nil { t.Fatalf("error signaling container: %v", err) } @@ -340,7 +339,7 @@ func TestJobControlSignalExec(t *testing.T) { // Send a SIGKILL to the foreground process again. This time "bash" // should be killed. We use SIGKILL instead of SIGTERM or SIGINT // because bash ignores those. - if err := c.Sandbox.SignalProcess(c.ID, pid, syscall.SIGKILL, true /* fgProcess */); err != nil { + if err := c.Sandbox.SignalProcess(c.ID, pid, unix.SIGKILL, true /* fgProcess */); err != nil { t.Fatalf("error signaling container: %v", err) } expectedPL = expectedPL[:1] @@ -356,7 +355,7 @@ func TestJobControlSignalExec(t *testing.T) { if !ws.Signaled() { t.Error("ws.Signaled() got false, want true") } - if got, want := ws.Signal(), syscall.SIGKILL; got != want { + if got, want := ws.Signal(), unix.SIGKILL; got != want { t.Errorf("ws.Signal() got %v, want %v", got, want) } } @@ -423,7 +422,7 @@ func TestJobControlSignalRootContainer(t *testing.T) { // very early, otherwise it might exit before we have a chance to call // Wait. var ( - ws syscall.WaitStatus + ws unix.WaitStatus wg sync.WaitGroup ) wg.Add(1) @@ -459,7 +458,7 @@ func TestJobControlSignalRootContainer(t *testing.T) { // Send a SIGTERM to the foreground process. We pass PID=0, indicating // that the root process should be killed. However, by setting // fgProcess=true, the signal should actually be sent to sleep. - if err := c.Sandbox.SignalProcess(c.ID, 0 /* PID */, syscall.SIGTERM, true /* fgProcess */); err != nil { + if err := c.Sandbox.SignalProcess(c.ID, 0 /* PID */, unix.SIGTERM, true /* fgProcess */); err != nil { t.Fatalf("error signaling container: %v", err) } @@ -479,7 +478,7 @@ func TestJobControlSignalRootContainer(t *testing.T) { // Send a SIGKILL to the foreground process again. This time "bash" // should be killed. We use SIGKILL instead of SIGTERM or SIGINT // because bash ignores those. - if err := c.Sandbox.SignalProcess(c.ID, 0 /* PID */, syscall.SIGKILL, true /* fgProcess */); err != nil { + if err := c.Sandbox.SignalProcess(c.ID, 0 /* PID */, unix.SIGKILL, true /* fgProcess */); err != nil { t.Fatalf("error signaling container: %v", err) } @@ -488,7 +487,7 @@ func TestJobControlSignalRootContainer(t *testing.T) { if !ws.Signaled() { t.Error("ws.Signaled() got false, want true") } - if got, want := ws.Signal(), syscall.SIGKILL; got != want { + if got, want := ws.Signal(), unix.SIGKILL; got != want { t.Errorf("ws.Signal() got %v, want %v", got, want) } } diff --git a/runsc/container/container.go b/runsc/container/container.go index 40812efb8..f9d83c118 100644 --- a/runsc/container/container.go +++ b/runsc/container/container.go @@ -30,6 +30,7 @@ import ( "github.com/cenkalti/backoff" specs "github.com/opencontainers/runtime-spec/specs-go" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/cleanup" "gvisor.dev/gvisor/pkg/log" @@ -244,7 +245,7 @@ func New(conf *config.Config, args Args) (*Container, error) { // If there is cgroup config, install it before creating sandbox process. if err := cg.Install(args.Spec.Linux.Resources); err != nil { switch { - case errors.Is(err, syscall.EACCES) && conf.Rootless: + case errors.Is(err, unix.EACCES) && conf.Rootless: log.Warningf("Skipping cgroup configuration in rootless mode: %v", err) cg = nil default: @@ -447,7 +448,7 @@ func (c *Container) Restore(spec *specs.Spec, conf *config.Config, restoreFile s } // Run is a helper that calls Create + Start + Wait. -func Run(conf *config.Config, args Args) (syscall.WaitStatus, error) { +func Run(conf *config.Config, args Args) (unix.WaitStatus, error) { log.Debugf("Run container, cid: %s, rootDir: %q", args.ID, conf.RootDir) c, err := New(conf, args) if err != nil { @@ -517,7 +518,7 @@ func (c *Container) SandboxPid() int { // Wait waits for the container to exit, and returns its WaitStatus. // Call to wait on a stopped container is needed to retrieve the exit status // and wait returns immediately. -func (c *Container) Wait() (syscall.WaitStatus, error) { +func (c *Container) Wait() (unix.WaitStatus, error) { log.Debugf("Wait on container, cid: %s", c.ID) ws, err := c.Sandbox.Wait(c.ID) if err == nil { @@ -529,7 +530,7 @@ func (c *Container) Wait() (syscall.WaitStatus, error) { // WaitRootPID waits for process 'pid' in the sandbox's PID namespace and // returns its WaitStatus. -func (c *Container) WaitRootPID(pid int32) (syscall.WaitStatus, error) { +func (c *Container) WaitRootPID(pid int32) (unix.WaitStatus, error) { log.Debugf("Wait on process %d in sandbox, cid: %s", pid, c.Sandbox.ID) if !c.IsSandboxRunning() { return 0, fmt.Errorf("sandbox is not running") @@ -539,7 +540,7 @@ func (c *Container) WaitRootPID(pid int32) (syscall.WaitStatus, error) { // WaitPID waits for process 'pid' in the container's PID namespace and returns // its WaitStatus. -func (c *Container) WaitPID(pid int32) (syscall.WaitStatus, error) { +func (c *Container) WaitPID(pid int32) (unix.WaitStatus, error) { log.Debugf("Wait on process %d in container, cid: %s", pid, c.ID) if !c.IsSandboxRunning() { return 0, fmt.Errorf("sandbox is not running") @@ -551,7 +552,7 @@ func (c *Container) WaitPID(pid int32) (syscall.WaitStatus, error) { // is SIGKILL, then waits for all processes to exit before returning. // SignalContainer returns an error if the container is already stopped. // TODO(b/113680494): Distinguish different error types. -func (c *Container) SignalContainer(sig syscall.Signal, all bool) error { +func (c *Container) SignalContainer(sig unix.Signal, all bool) error { log.Debugf("Signal container, cid: %s, signal: %v (%d)", c.ID, sig, sig) // Signaling container in Stopped state is allowed. When all=false, // an error will be returned anyway; when all=true, this allows @@ -568,7 +569,7 @@ func (c *Container) SignalContainer(sig syscall.Signal, all bool) error { } // SignalProcess sends sig to a specific process in the container. -func (c *Container) SignalProcess(sig syscall.Signal, pid int32) error { +func (c *Container) SignalProcess(sig unix.Signal, pid int32) error { log.Debugf("Signal process %d in container, cid: %s, signal: %v (%d)", pid, c.ID, sig, sig) if err := c.requireStatus("signal a process inside", Running); err != nil { return err @@ -586,7 +587,7 @@ func (c *Container) ForwardSignals(pid int32, fgProcess bool) func() { log.Debugf("Forwarding all signals to container, cid: %s, PIDPID: %d, fgProcess: %t", c.ID, pid, fgProcess) stop := sighandling.StartSignalForwarding(func(sig linux.Signal) { log.Debugf("Forwarding signal %d to container, cid: %s, PID: %d, fgProcess: %t", sig, c.ID, pid, fgProcess) - if err := c.Sandbox.SignalProcess(c.ID, pid, syscall.Signal(sig), fgProcess); err != nil { + if err := c.Sandbox.SignalProcess(c.ID, pid, unix.Signal(sig), fgProcess); err != nil { log.Warningf("error forwarding signal %d to container %q: %v", sig, c.ID, err) } }) @@ -768,9 +769,9 @@ func (c *Container) stop() error { // Try killing gofer if it does not exit with container. if c.GoferPid != 0 { log.Debugf("Killing gofer for container, cid: %s, PID: %d", c.ID, c.GoferPid) - if err := syscall.Kill(c.GoferPid, syscall.SIGKILL); err != nil { + if err := unix.Kill(c.GoferPid, unix.SIGKILL); err != nil { // The gofer may already be stopped, log the error. - log.Warningf("Error sending signal %d to gofer %d: %v", syscall.SIGKILL, c.GoferPid, err) + log.Warningf("Error sending signal %d to gofer %d: %v", unix.SIGKILL, c.GoferPid, err) } } @@ -793,7 +794,7 @@ func (c *Container) waitForStopped() error { b := backoff.WithContext(backoff.NewConstantBackOff(100*time.Millisecond), ctx) op := func() error { if c.IsSandboxRunning() { - if err := c.SignalContainer(syscall.Signal(0), false); err == nil { + if err := c.SignalContainer(unix.Signal(0), false); err == nil { return fmt.Errorf("container is still running") } } @@ -803,7 +804,7 @@ func (c *Container) waitForStopped() error { if c.goferIsChild { // The gofer process is a child of the current process, // so we can wait it and collect its zombie. - wpid, err := syscall.Wait4(int(c.GoferPid), nil, syscall.WNOHANG, nil) + wpid, err := unix.Wait4(int(c.GoferPid), nil, unix.WNOHANG, nil) if err != nil { return fmt.Errorf("error waiting the gofer process: %v", err) } @@ -811,7 +812,7 @@ func (c *Container) waitForStopped() error { return fmt.Errorf("gofer is still running") } - } else if err := syscall.Kill(c.GoferPid, 0); err == nil { + } else if err := unix.Kill(c.GoferPid, 0); err == nil { return fmt.Errorf("gofer is still running") } c.GoferPid = 0 @@ -892,7 +893,7 @@ func (c *Container) createGoferProcess(spec *specs.Spec, conf *config.Config, bu sandEnds := make([]*os.File, 0, mountCount) for i := 0; i < mountCount; i++ { - fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM|syscall.SOCK_CLOEXEC, 0) + fds, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, nil, err } @@ -914,8 +915,8 @@ func (c *Container) createGoferProcess(spec *specs.Spec, conf *config.Config, bu if attached { // The gofer is attached to the lifetime of this process, so it // should synchronously die when this process dies. - cmd.SysProcAttr = &syscall.SysProcAttr{ - Pdeathsig: syscall.SIGKILL, + cmd.SysProcAttr = &unix.SysProcAttr{ + Pdeathsig: unix.SIGKILL, } } @@ -1113,7 +1114,7 @@ func setOOMScoreAdj(pid int, scoreAdj int) error { } defer f.Close() if _, err := f.WriteString(strconv.Itoa(scoreAdj)); err != nil { - if errors.Is(err, syscall.ESRCH) { + if errors.Is(err, unix.ESRCH) { log.Warningf("Process (%d) exited while setting oom_score_adj", pid) return nil } diff --git a/runsc/container/container_test.go b/runsc/container/container_test.go index 862d9444d..a15de02c7 100644 --- a/runsc/container/container_test.go +++ b/runsc/container/container_test.go @@ -27,12 +27,12 @@ import ( "reflect" "strconv" "strings" - "syscall" "testing" "time" "github.com/cenkalti/backoff" specs "github.com/opencontainers/runtime-spec/specs-go" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" "gvisor.dev/gvisor/pkg/bits" "gvisor.dev/gvisor/pkg/log" @@ -103,7 +103,7 @@ func waitForProcessCount(cont *Container, want int) error { func blockUntilWaitable(pid int) error { _, _, err := specutils.RetryEintr(func() (uintptr, uintptr, error) { var err error - _, _, err1 := syscall.Syscall6(syscall.SYS_WAITID, 1, uintptr(pid), 0, syscall.WEXITED|syscall.WNOWAIT, 0, 0) + _, _, err1 := unix.Syscall6(unix.SYS_WAITID, 1, uintptr(pid), 0, unix.WEXITED|unix.WNOWAIT, 0, 0) if err1 != 0 { err = err1 } @@ -468,7 +468,7 @@ func TestLifecycle(t *testing.T) { if err != nil { ch <- err } - if got, want := ws.Signal(), syscall.SIGTERM; got != want { + if got, want := ws.Signal(), unix.SIGTERM; got != want { ch <- fmt.Errorf("got signal %v, want %v", got, want) } ch <- nil @@ -479,8 +479,8 @@ func TestLifecycle(t *testing.T) { time.Sleep(time.Second) // Send the container a SIGTERM which will cause it to stop. - if err := c.SignalContainer(syscall.SIGTERM, false); err != nil { - t.Fatalf("error sending signal %v to container: %v", syscall.SIGTERM, err) + if err := c.SignalContainer(unix.SIGTERM, false); err != nil { + t.Fatalf("error sending signal %v to container: %v", unix.SIGTERM, err) } // Wait for it to die. @@ -815,11 +815,11 @@ func TestExec(t *testing.T) { t.Run("nonexist", func(t *testing.T) { // b/179114837 found by Syzkaller that causes nil pointer panic when // trying to dec-ref an unix socket FD. - fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) + fds, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_STREAM, 0) if err != nil { t.Fatal(err) } - defer syscall.Close(fds[0]) + defer unix.Close(fds[0]) _, err = cont.executeSync(&control.ExecArgs{ Argv: []string{"/nonexist"}, @@ -956,7 +956,7 @@ func TestKillPid(t *testing.T) { pid = int32(p.PID) } } - if err := cont.SignalProcess(syscall.SIGKILL, pid); err != nil { + if err := cont.SignalProcess(unix.SIGKILL, pid); err != nil { t.Fatalf("failed to signal process %d: %v", pid, err) } @@ -1615,7 +1615,7 @@ func TestReadonlyRoot(t *testing.T) { if err != nil { t.Fatalf("touch file in ro mount: %v", err) } - if !ws.Exited() || syscall.Errno(ws.ExitStatus()) != syscall.EPERM { + if !ws.Exited() || unix.Errno(ws.ExitStatus()) != unix.EPERM { t.Fatalf("wrong waitStatus: %v", ws) } }) @@ -1674,7 +1674,7 @@ func TestReadonlyMount(t *testing.T) { if err != nil { t.Fatalf("touch file in ro mount: %v", err) } - if !ws.Exited() || syscall.Errno(ws.ExitStatus()) != syscall.EPERM { + if !ws.Exited() || unix.Errno(ws.ExitStatus()) != unix.EPERM { t.Fatalf("wrong WaitStatus: %v", ws) } }) @@ -1750,8 +1750,8 @@ func TestUIDMap(t *testing.T) { if !ws.Exited() || ws.ExitStatus() != 0 { t.Fatalf("container failed, waitStatus: %v", ws) } - st := syscall.Stat_t{} - if err := syscall.Stat(testFile, &st); err != nil { + st := unix.Stat_t{} + if err := unix.Stat(testFile, &st); err != nil { t.Fatalf("error stat /testfile: %v", err) } @@ -1880,7 +1880,7 @@ func doGoferExitTest(t *testing.T, vfs2 bool) { } err = blockUntilWaitable(c.GoferPid) - if err != nil && err != syscall.ECHILD { + if err != nil && err != unix.ECHILD { t.Errorf("error waiting for gofer to exit: %v", err) } } @@ -1929,7 +1929,7 @@ func TestUserLog(t *testing.T) { } // sched_rr_get_interval - not implemented in gvisor. - num := strconv.Itoa(syscall.SYS_SCHED_RR_GET_INTERVAL) + num := strconv.Itoa(unix.SYS_SCHED_RR_GET_INTERVAL) spec := testutil.NewSpecWithArgs(app, "syscall", "--syscall="+num) conf := testutil.TestConfig(t) _, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf) @@ -2159,10 +2159,10 @@ func TestMountPropagation(t *testing.T) { f.Close() // Setup src as a shared mount. - if err := syscall.Mount(src, src, "bind", syscall.MS_BIND, ""); err != nil { + if err := unix.Mount(src, src, "bind", unix.MS_BIND, ""); err != nil { t.Fatalf("mount(%q, %q, MS_BIND): %v", dir, srcMnt, err) } - if err := syscall.Mount("", src, "", syscall.MS_SHARED, ""); err != nil { + if err := unix.Mount("", src, "", unix.MS_SHARED, ""); err != nil { t.Fatalf("mount(%q, MS_SHARED): %v", srcMnt, err) } @@ -2209,7 +2209,7 @@ func TestMountPropagation(t *testing.T) { // After the container is started, mount dir inside source and check what // happens to both destinations. - if err := syscall.Mount(dir, srcMnt, "bind", syscall.MS_BIND, ""); err != nil { + if err := unix.Mount(dir, srcMnt, "bind", unix.MS_BIND, ""); err != nil { t.Fatalf("mount(%q, %q, MS_BIND): %v", dir, srcMnt, err) } @@ -2449,7 +2449,7 @@ func TestCreateWithCorruptedStateFile(t *testing.T) { } } -func execute(cont *Container, name string, arg ...string) (syscall.WaitStatus, error) { +func execute(cont *Container, name string, arg ...string) (unix.WaitStatus, error) { args := &control.ExecArgs{ Filename: name, Argv: append([]string{name}, arg...), @@ -2483,7 +2483,7 @@ func executeCombinedOutput(cont *Container, name string, arg ...string) ([]byte, } // executeSync synchronously executes a new process. -func (c *Container) executeSync(args *control.ExecArgs) (syscall.WaitStatus, error) { +func (c *Container) executeSync(args *control.ExecArgs) (unix.WaitStatus, error) { pid, err := c.Execute(args) if err != nil { return 0, fmt.Errorf("error executing: %v", err) diff --git a/runsc/container/multi_container_test.go b/runsc/container/multi_container_test.go index b434cdb23..0f0a223ce 100644 --- a/runsc/container/multi_container_test.go +++ b/runsc/container/multi_container_test.go @@ -22,11 +22,11 @@ import ( "path" "path/filepath" "strings" - "syscall" "testing" "time" specs "github.com/opencontainers/runtime-spec/specs-go" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/cleanup" "gvisor.dev/gvisor/pkg/sentry/control" "gvisor.dev/gvisor/pkg/sentry/kernel" @@ -403,7 +403,7 @@ func TestMultiPIDNSKill(t *testing.T) { t.Logf("Container %q procs: %s", c.ID, procListToString(procs)) pidToKill := procs[processes-1].PID t.Logf("PID to kill: %d", pidToKill) - if err := c.SignalProcess(syscall.SIGKILL, int32(pidToKill)); err != nil { + if err := c.SignalProcess(unix.SIGKILL, int32(pidToKill)); err != nil { t.Errorf("container.SignalProcess: %v", err) } // Wait for the process to get killed. @@ -432,7 +432,7 @@ func TestMultiPIDNSKill(t *testing.T) { pidToKill = procs[len(procs)-1].PID t.Logf("PID that should not be killed: %d", pidToKill) - err = c.SignalProcess(syscall.SIGKILL, int32(pidToKill)) + err = c.SignalProcess(unix.SIGKILL, int32(pidToKill)) if err == nil { t.Fatalf("killing another container's process should fail") } @@ -640,7 +640,7 @@ func TestMultiContainerSignal(t *testing.T) { } // Kill process 2. - if err := containers[1].SignalContainer(syscall.SIGKILL, false); err != nil { + if err := containers[1].SignalContainer(unix.SIGKILL, false); err != nil { t.Errorf("failed to kill process 2: %v", err) } @@ -660,10 +660,10 @@ func TestMultiContainerSignal(t *testing.T) { t.Errorf("failed to destroy container: %v", err) } _, _, err = specutils.RetryEintr(func() (uintptr, uintptr, error) { - cpid, err := syscall.Wait4(goferPid, nil, 0, nil) + cpid, err := unix.Wait4(goferPid, nil, 0, nil) return uintptr(cpid), 0, err }) - if err != syscall.ECHILD { + if err != unix.ECHILD { t.Errorf("error waiting for gofer to exit: %v", err) } // Make sure process 1 is still running. @@ -673,28 +673,28 @@ func TestMultiContainerSignal(t *testing.T) { // Now that process 2 is gone, ensure we get an error trying to // signal it again. - if err := containers[1].SignalContainer(syscall.SIGKILL, false); err == nil { + if err := containers[1].SignalContainer(unix.SIGKILL, false); err == nil { t.Errorf("container %q shouldn't exist, but we were able to signal it", containers[1].ID) } // Kill process 1. - if err := containers[0].SignalContainer(syscall.SIGKILL, false); err != nil { + if err := containers[0].SignalContainer(unix.SIGKILL, false); err != nil { t.Errorf("failed to kill process 1: %v", err) } // Ensure that container's gofer and sandbox process are no more. err = blockUntilWaitable(containers[0].GoferPid) - if err != nil && err != syscall.ECHILD { + if err != nil && err != unix.ECHILD { t.Errorf("error waiting for gofer to exit: %v", err) } err = blockUntilWaitable(containers[0].Sandbox.Pid) - if err != nil && err != syscall.ECHILD { + if err != nil && err != unix.ECHILD { t.Errorf("error waiting for sandbox to exit: %v", err) } // The sentry should be gone, so signaling should yield an error. - if err := containers[0].SignalContainer(syscall.SIGKILL, false); err == nil { + if err := containers[0].SignalContainer(unix.SIGKILL, false); err == nil { t.Errorf("sandbox %q shouldn't exist, but we were able to signal it", containers[0].Sandbox.ID) } @@ -893,7 +893,7 @@ func TestMultiContainerKillAll(t *testing.T) { if tc.killContainer { // First kill the init process to make the container be stopped with // processes still running inside. - containers[1].SignalContainer(syscall.SIGKILL, false) + containers[1].SignalContainer(unix.SIGKILL, false) op := func() error { c, err := Load(conf.RootDir, FullID{ContainerID: ids[1]}, LoadOpts{}) if err != nil { @@ -914,7 +914,7 @@ func TestMultiContainerKillAll(t *testing.T) { t.Fatalf("failed to load child container %q: %v", c.ID, err) } // Kill'Em All - if err := c.SignalContainer(syscall.SIGKILL, true); err != nil { + if err := c.SignalContainer(unix.SIGKILL, true); err != nil { t.Fatalf("failed to send SIGKILL to container %q: %v", c.ID, err) } @@ -1640,8 +1640,8 @@ func TestMultiContainerGoferKilled(t *testing.T) { } // Kill container's gofer. - if err := syscall.Kill(c.GoferPid, syscall.SIGKILL); err != nil { - t.Fatalf("syscall.Kill(%d, SIGKILL)=%v", c.GoferPid, err) + if err := unix.Kill(c.GoferPid, unix.SIGKILL); err != nil { + t.Fatalf("unix.Kill(%d, SIGKILL)=%v", c.GoferPid, err) } // Wait until container stops. @@ -1672,8 +1672,8 @@ func TestMultiContainerGoferKilled(t *testing.T) { // Kill root container's gofer to bring entire sandbox down. c = containers[0] - if err := syscall.Kill(c.GoferPid, syscall.SIGKILL); err != nil { - t.Fatalf("syscall.Kill(%d, SIGKILL)=%v", c.GoferPid, err) + if err := unix.Kill(c.GoferPid, unix.SIGKILL); err != nil { + t.Fatalf("unix.Kill(%d, SIGKILL)=%v", c.GoferPid, err) } // Wait until sandbox stops. waitForProcessList will loop until sandbox exits diff --git a/runsc/container/state_file.go b/runsc/container/state_file.go index c46322ba4..4ed73eb84 100644 --- a/runsc/container/state_file.go +++ b/runsc/container/state_file.go @@ -22,9 +22,9 @@ import ( "path/filepath" "regexp" "strings" - "syscall" "github.com/gofrs/flock" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/sync" ) @@ -89,7 +89,7 @@ func Load(rootDir string, id FullID, opts LoadOpts) (*Container, error) { c.changeStatus(Stopped) } case Running: - if err := c.SignalContainer(syscall.Signal(0), false); err != nil { + if err := c.SignalContainer(unix.Signal(0), false); err != nil { c.changeStatus(Stopped) } } |