summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
Diffstat (limited to 'runsc')
-rw-r--r--runsc/boot/controller.go4
-rw-r--r--runsc/boot/fs.go6
-rw-r--r--runsc/boot/loader.go2
-rw-r--r--runsc/cmd/checkpoint.go2
-rw-r--r--runsc/container/container.go2
-rw-r--r--runsc/container/container_test.go4
-rw-r--r--runsc/sandbox/sandbox.go6
-rw-r--r--runsc/specutils/specutils.go4
8 files changed, 15 insertions, 15 deletions
diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go
index 2488981f9..712c50ee9 100644
--- a/runsc/boot/controller.go
+++ b/runsc/boot/controller.go
@@ -231,7 +231,7 @@ func (cm *containerManager) Start(args *StartArgs, _ *struct{}) error {
}
// Prevent CIDs containing ".." from confusing the sentry when creating
// /containers/<cid> directory.
- // TODO: Once we have multiple independent roots, this
+ // TODO(b/129293409): Once we have multiple independent roots, this
// check won't be necessary.
if path.Clean(args.CID) != args.CID {
return fmt.Errorf("container ID shouldn't contain directory traversals such as \"..\": %q", args.CID)
@@ -352,7 +352,7 @@ func (cm *containerManager) Restore(o *RestoreOpts, _ *struct{}) error {
return fmt.Errorf("creating network: %v", err)
}
if eps, ok := networkStack.(*epsocket.Stack); ok {
- stack.StackFromEnv = eps.Stack // FIXME
+ stack.StackFromEnv = eps.Stack // FIXME(b/36201077)
}
info, err := o.FilePayload.Files[0].Stat()
if err != nil {
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index 761142d98..07061b9b3 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -274,7 +274,7 @@ func getMountNameAndOptions(conf *Config, m specs.Mount, fds *fdDispenser) (stri
useOverlay = conf.Overlay && !mountFlags(m.Options).ReadOnly
default:
- // TODO: Support all the mount types and make this a
+ // TODO(nlacasse): Support all the mount types and make this a
// fatal error. Most applications will "just work" without
// them, so this is a warning for now.
// we do not support.
@@ -425,7 +425,7 @@ func addRestoreMount(conf *Config, renv *fs.RestoreEnvironment, m specs.Mount, f
if err != nil {
return err
}
- // TODO: Fix this when we support all the mount types and
+ // TODO(nlacasse): Fix this when we support all the mount types and
// make this a fatal error.
if fsName == "" {
return nil
@@ -475,7 +475,7 @@ func createRestoreEnvironment(spec *specs.Spec, conf *Config, fds *fdDispenser)
}
}
- // TODO: handle '/tmp' properly (see mountTmp()).
+ // TODO(b/67958150): handle '/tmp' properly (see mountTmp()).
if !tmpMounted {
tmpMount := specs.Mount{
Type: tmpfs,
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 48ecb2626..75ec19c32 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -577,7 +577,7 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config
// sentry currently supports only 1 mount namespace, which is tied to a
// single user namespace. Thus we must run in the same user namespace
// to access mounts.
- // TODO: Create a new mount namespace for the container.
+ // TODO(b/63601033): Create a new mount namespace for the container.
creds := auth.NewUserCredentials(
auth.KUID(spec.Process.User.UID),
auth.KGID(spec.Process.User.GID),
diff --git a/runsc/cmd/checkpoint.go b/runsc/cmd/checkpoint.go
index d8f748aa0..f722df055 100644
--- a/runsc/cmd/checkpoint.go
+++ b/runsc/cmd/checkpoint.go
@@ -105,7 +105,7 @@ func (c *Checkpoint) Execute(_ context.Context, f *flag.FlagSet, args ...interfa
return subcommands.ExitSuccess
}
- // TODO: Make it possible to restore into same container.
+ // TODO(b/110843694): Make it possible to restore into same container.
// For now, we can fake it by destroying the container and making a
// new container with the same ID. This hack does not work with docker
// which uses the container pid to ensure that the restore-container is
diff --git a/runsc/container/container.go b/runsc/container/container.go
index 1bed1a97e..a30c217f7 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -529,7 +529,7 @@ func (c *Container) WaitPID(pid int32, clearStatus bool) (syscall.WaitStatus, er
// SignalContainer sends the signal to the container. If all is true and signal
// is SIGKILL, then waits for all processes to exit before returning.
// SignalContainer returns an error if the container is already stopped.
-// TODO: Distinguish different error types.
+// TODO(b/113680494): Distinguish different error types.
func (c *Container) SignalContainer(sig syscall.Signal, all bool) error {
log.Debugf("Signal container %q: %v", c.ID, sig)
// Signaling container in Stopped state is allowed. When all=false,
diff --git a/runsc/container/container_test.go b/runsc/container/container_test.go
index 9fe584aa3..603c4d929 100644
--- a/runsc/container/container_test.go
+++ b/runsc/container/container_test.go
@@ -242,10 +242,10 @@ func configs(opts ...configOption) []*boot.Config {
case overlay:
c.Overlay = true
case kvm:
- // TODO: KVM tests are flaky. Disable until fixed.
+ // TODO(b/112165693): KVM tests are flaky. Disable until fixed.
continue
- // TODO: KVM doesn't work with --race.
+ // TODO(b/68787993): KVM doesn't work with --race.
if testutil.RaceEnabled {
continue
}
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index 92495c69e..48a0dafe2 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -267,7 +267,7 @@ func (s *Sandbox) Event(cid string) (*boot.Event, error) {
defer conn.Close()
var e boot.Event
- // TODO: Pass in the container id (cid) here. The sandbox
+ // TODO(b/129292330): Pass in the container id (cid) here. The sandbox
// should return events only for that container.
if err := conn.Call(boot.ContainerEvent, nil, &e); err != nil {
return nil, fmt.Errorf("retrieving event data from sandbox: %v", err)
@@ -457,7 +457,7 @@ func (s *Sandbox) createSandboxProcess(spec *specs.Spec, conf *boot.Config, bund
}
if conf.Platform == boot.PlatformPtrace {
- // TODO: Also set a new PID namespace so that we limit
+ // TODO(b/75837838): Also set a new PID namespace so that we limit
// access to other host processes.
log.Infof("Sandbox will be started in the current PID namespace")
} else {
@@ -520,7 +520,7 @@ func (s *Sandbox) createSandboxProcess(spec *specs.Spec, conf *boot.Config, bund
// root for itself, so it has to have the CAP_SYS_ADMIN
// capability.
//
- // FIXME: The current implementations of
+ // FIXME(b/122554829): The current implementations of
// os/exec doesn't allow to set ambient capabilities if
// a process is started in a new user namespace. As a
// workaround, we start the sandbox process with the 0
diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go
index 32f81b8d4..ac85bec71 100644
--- a/runsc/specutils/specutils.go
+++ b/runsc/specutils/specutils.go
@@ -90,7 +90,7 @@ func ValidateSpec(spec *specs.Spec) error {
log.Warningf("AppArmor profile %q is being ignored", spec.Process.ApparmorProfile)
}
- // TODO: Apply seccomp to application inside sandbox.
+ // TODO(b/72226747): Apply seccomp to application inside sandbox.
if spec.Linux != nil && spec.Linux.Seccomp != nil {
log.Warningf("Seccomp spec is being ignored")
}
@@ -220,7 +220,7 @@ func Capabilities(enableRaw bool, specCaps *specs.LinuxCapabilities) (*auth.Task
if caps.PermittedCaps, err = capsFromNames(specCaps.Permitted, skipSet); err != nil {
return nil, err
}
- // TODO: Support ambient capabilities.
+ // TODO(nlacasse): Support ambient capabilities.
}
return &caps, nil
}