From c4c5f4d92a13aa5357002fe5ddf116433ec4e9a7 Mon Sep 17 00:00:00 2001 From: Tiwei Bie Date: Fri, 9 Jul 2021 10:02:39 +0800 Subject: runsc: check the error when preparing tree for pivot_root Signed-off-by: Tiwei Bie --- runsc/cmd/gofer.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'runsc/cmd/gofer.go') diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go index 570df407c..181bae3e2 100644 --- a/runsc/cmd/gofer.go +++ b/runsc/cmd/gofer.go @@ -284,8 +284,12 @@ func setupRootFS(spec *specs.Spec, conf *config.Config) error { } // Prepare tree structure for pivot_root(2). - os.Mkdir("/proc/proc", 0755) - os.Mkdir("/proc/root", 0755) + if err := os.Mkdir("/proc/proc", 0755); err != nil { + Fatalf("error creating /proc/proc: %v", err) + } + if err := os.Mkdir("/proc/root", 0755); err != nil { + Fatalf("error creating /proc/root: %v", err) + } // This cannot use SafeMount because there's no available procfs. But we // know that /proc is an empty tmpfs mount, so this is safe. if err := unix.Mount("runsc-proc", "/proc/proc", "proc", flags|unix.MS_RDONLY, ""); err != nil { -- cgit v1.2.3 From c7ac581049cf623067ff143b76ca20401077ab5f Mon Sep 17 00:00:00 2001 From: Tiwei Bie Date: Wed, 7 Jul 2021 16:39:48 +0800 Subject: runsc: fix the local timezone support in logs This patch fixes the local timezone support in logs by creating etc/localtime in the rootfs of sandbox process and gofer process based on the current /etc/localtime on host. Before this patch, the timestamps in sandbox and gofer logs will fallback to UTC timezone after execving "/proc/self/exe" which may not be very convenient for users to analyse the logs: I0708 15:37:43.825100 1 chroot.go:69] Setting up sandbox chroot in "/tmp" I0708 15:37:43.825189 1 chroot.go:31] Mounting "proc" at "/tmp/proc" ...... I0708 15:37:43.850926 1 cmd.go:73] Execve "/proc/self/exe" again, bye! I0708 07:37:43.856719 1 main.go:218] *************************** I0708 07:37:43.856751 1 main.go:219] Args: [runsc-sandbox --root=/run/...] I0708 07:37:43.856785 1 main.go:220] Version release-20210628.0-27-g02fec8dba5a6 I0708 07:37:43.856795 1 main.go:221] GOOS: linux I0708 07:37:43.856803 1 main.go:222] GOARCH: amd64 ...... Fixes #1984 Signed-off-by: Tiwei Bie --- runsc/cmd/chroot.go | 25 +++++++++++++++++++++++++ runsc/cmd/gofer.go | 6 ++++++ 2 files changed, 31 insertions(+) (limited to 'runsc/cmd/gofer.go') diff --git a/runsc/cmd/chroot.go b/runsc/cmd/chroot.go index 791a50135..c6507a75b 100644 --- a/runsc/cmd/chroot.go +++ b/runsc/cmd/chroot.go @@ -59,6 +59,23 @@ func pivotRoot(root string) error { return nil } +func copyFile(dst, src string) error { + in, err := os.Open(src) + if err != nil { + return err + } + defer in.Close() + + out, err := os.Create(dst) + if err != nil { + return err + } + defer out.Close() + + _, err = out.ReadFrom(in) + return err +} + // setUpChroot creates an empty directory with runsc mounted at /runsc and proc // mounted at /proc. func setUpChroot(pidns bool) error { @@ -78,6 +95,14 @@ func setUpChroot(pidns bool) error { return fmt.Errorf("error mounting tmpfs in choot: %v", err) } + if err := os.Mkdir(filepath.Join(chroot, "etc"), 0755); err != nil { + return fmt.Errorf("error creating /etc in chroot: %v", err) + } + + if err := copyFile(filepath.Join(chroot, "etc/localtime"), "/etc/localtime"); err != nil { + log.Warningf("Failed to copy /etc/localtime: %v. UTC timezone will be used.", err) + } + if pidns { flags := uint32(unix.MS_NOSUID | unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_RDONLY) if err := mountInChroot(chroot, "proc", "/proc", "proc", flags); err != nil { diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go index 181bae3e2..c2922bf13 100644 --- a/runsc/cmd/gofer.go +++ b/runsc/cmd/gofer.go @@ -290,11 +290,17 @@ func setupRootFS(spec *specs.Spec, conf *config.Config) error { if err := os.Mkdir("/proc/root", 0755); err != nil { Fatalf("error creating /proc/root: %v", err) } + if err := os.Mkdir("/proc/etc", 0755); err != nil { + Fatalf("error creating /proc/etc: %v", err) + } // This cannot use SafeMount because there's no available procfs. But we // know that /proc is an empty tmpfs mount, so this is safe. if err := unix.Mount("runsc-proc", "/proc/proc", "proc", flags|unix.MS_RDONLY, ""); err != nil { Fatalf("error mounting proc: %v", err) } + if err := copyFile("/proc/etc/localtime", "/etc/localtime"); err != nil { + log.Warningf("Failed to copy /etc/localtime: %v. UTC timezone will be used.", err) + } root = "/proc/root" procPath = "/proc/proc" } -- cgit v1.2.3