switch sycall for x/sys/unix

It's necessary to keep syscall for the following types: - Signal - Errno - ProcSysAttr Otherwise, since sys has replaced syscall, is being updated, and doesn't require a new version of go to be released to get fixes, we should switch. Fixes opencontainers/issues/1364 Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
clnperez · Mar 23, 2017 · 500c7d4 · 500c7d4
1 parent ef9a4b3
commit 500c7d4
Show file tree

Hide file tree

Showing 233 changed files with 122,268 additions and 426 deletions.
diff --git a/checkpoint.go b/checkpoint.go
@@ -6,11 +6,12 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
-	"syscall"
 
 	"github.com/opencontainers/runc/libcontainer"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/urfave/cli"
+
+	"golang.org/x/sys/unix"
 )
 
 var checkpointCommand = cli.Command{
@@ -108,7 +109,7 @@ func setManageCgroupsMode(context *cli.Context, options *libcontainer.CriuOpts)
 }
 
 var namespaceMapping = map[specs.LinuxNamespaceType]int{
-	specs.NetworkNamespace: syscall.CLONE_NEWNET,
+	specs.NetworkNamespace: unix.CLONE_NEWNET,
 }
 
 func setEmptyNsMask(context *cli.Context, options *libcontainer.CriuOpts) error {

diff --git a/delete.go b/delete.go
@@ -6,15 +6,17 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"syscall"
+	"syscall" // only for Signal
 	"time"
 
 	"github.com/opencontainers/runc/libcontainer"
 	"github.com/urfave/cli"
+
+	"golang.org/x/sys/unix"
 )
 
 func killContainer(container libcontainer.Container) error {
-	_ = container.Signal(syscall.SIGKILL, false)
+	_ = container.Signal(unix.SIGKILL, false)
 	for i := 0; i < 100; i++ {
 		time.Sleep(100 * time.Millisecond)
 		if err := container.Signal(syscall.Signal(0), false); err != nil {

diff --git a/libcontainer/README.md b/libcontainer/README.md
@@ -56,7 +56,7 @@ Once you have an instance of the factory created we can create a configuration
 struct describing how the container is to be created. A sample would look similar to this:
 
 ```go
-defaultMountFlags := syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
+defaultMountFlags := unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV
 config := &configs.Config{
 	Rootfs: "/your/path/to/rootfs",
 	Capabilities: []string{
@@ -112,14 +112,14 @@ config := &configs.Config{
 			Source:      "tmpfs",
 			Destination: "/dev",
 			Device:      "tmpfs",
-			Flags:       syscall.MS_NOSUID | syscall.MS_STRICTATIME,
+			Flags:       unix.MS_NOSUID | unix.MS_STRICTATIME,
 			Data:        "mode=755",
 		},
 		{
 			Source:      "devpts",
 			Destination: "/dev/pts",
 			Device:      "devpts",
-			Flags:       syscall.MS_NOSUID | syscall.MS_NOEXEC,
+			Flags:       unix.MS_NOSUID | unix.MS_NOEXEC,
 			Data:        "newinstance,ptmxmode=0666,mode=0620,gid=5",
 		},
 		{
@@ -139,7 +139,7 @@ config := &configs.Config{
 			Source:      "sysfs",
 			Destination: "/sys",
 			Device:      "sysfs",
-			Flags:       defaultMountFlags | syscall.MS_RDONLY,
+			Flags:       defaultMountFlags | unix.MS_RDONLY,
 		},
 	},
 	UidMappings: []configs.IDMap{
@@ -165,7 +165,7 @@ config := &configs.Config{
 	},
 	Rlimits: []configs.Rlimit{
 		{
-			Type: syscall.RLIMIT_NOFILE,
+			Type: unix.RLIMIT_NOFILE,
 			Hard: uint64(1025),
 			Soft: uint64(1025),
 		},

diff --git a/libcontainer/compat_1.5_linux.go b/libcontainer/compat_1.5_linux.go
diff --git a/libcontainer/configs/namespaces_syscall.go b/libcontainer/configs/namespaces_syscall.go
@@ -2,19 +2,19 @@
 
 package configs
 
-import "syscall"
+import "golang.org/x/sys/unix"
 
 func (n *Namespace) Syscall() int {
 	return namespaceInfo[n.Type]
 }
 
 var namespaceInfo = map[NamespaceType]int{
-	NEWNET:  syscall.CLONE_NEWNET,
-	NEWNS:   syscall.CLONE_NEWNS,
-	NEWUSER: syscall.CLONE_NEWUSER,
-	NEWIPC:  syscall.CLONE_NEWIPC,
-	NEWUTS:  syscall.CLONE_NEWUTS,
-	NEWPID:  syscall.CLONE_NEWPID,
+	NEWNET:  unix.CLONE_NEWNET,
+	NEWNS:   unix.CLONE_NEWNS,
+	NEWUSER: unix.CLONE_NEWUSER,
+	NEWIPC:  unix.CLONE_NEWIPC,
+	NEWUTS:  unix.CLONE_NEWUTS,
+	NEWPID:  unix.CLONE_NEWPID,
 }
 
 // CloneFlags parses the container's Namespaces options to set the correct

diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go
@@ -3,8 +3,9 @@ package libcontainer
 import (
 	"fmt"
 	"os"
-	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 func ConsoleFromFile(f *os.File) Console {
@@ -16,7 +17,7 @@ func ConsoleFromFile(f *os.File) Console {
 // newConsole returns an initialized console that can be used within a container by copying bytes
 // from the master side to the slave that is attached as the tty for the container's init process.
 func newConsole() (Console, error) {
-	master, err := os.OpenFile("/dev/ptmx", syscall.O_RDWR|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0)
+	master, err := os.OpenFile("/dev/ptmx", unix.O_RDWR|unix.O_NOCTTY|unix.O_CLOEXEC, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -68,28 +69,28 @@ func (c *linuxConsole) Close() error {
 // mount initializes the console inside the rootfs mounting with the specified mount label
 // and applying the correct ownership of the console.
 func (c *linuxConsole) mount() error {
-	oldMask := syscall.Umask(0000)
-	defer syscall.Umask(oldMask)
+	oldMask := unix.Umask(0000)
+	defer unix.Umask(oldMask)
 	f, err := os.Create("/dev/console")
 	if err != nil && !os.IsExist(err) {
 		return err
 	}
 	if f != nil {
 		f.Close()
 	}
-	return syscall.Mount(c.slavePath, "/dev/console", "bind", syscall.MS_BIND, "")
+	return unix.Mount(c.slavePath, "/dev/console", "bind", unix.MS_BIND, "")
 }
 
 // dupStdio opens the slavePath for the console and dups the fds to the current
 // processes stdio, fd 0,1,2.
 func (c *linuxConsole) dupStdio() error {
-	slave, err := c.open(syscall.O_RDWR)
+	slave, err := c.open(unix.O_RDWR)
 	if err != nil {
 		return err
 	}
 	fd := int(slave.Fd())
 	for _, i := range []int{0, 1, 2} {
-		if err := syscall.Dup3(fd, i, 0); err != nil {
+		if err := unix.Dup3(fd, i, 0); err != nil {
 			return err
 		}
 	}
@@ -98,7 +99,7 @@ func (c *linuxConsole) dupStdio() error {
 
 // open is a clone of os.OpenFile without the O_CLOEXEC used to open the pty slave.
 func (c *linuxConsole) open(flag int) (*os.File, error) {
-	r, e := syscall.Open(c.slavePath, flag, 0)
+	r, e := unix.Open(c.slavePath, flag, 0)
 	if e != nil {
 		return nil, &os.PathError{
 			Op:   "open",
@@ -110,7 +111,7 @@ func (c *linuxConsole) open(flag int) (*os.File, error) {
 }
 
 func ioctl(fd uintptr, flag, data uintptr) error {
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, flag, data); err != 0 {
+	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, flag, data); err != 0 {
 		return err
 	}
 	return nil
@@ -120,13 +121,13 @@ func ioctl(fd uintptr, flag, data uintptr) error {
 // unlockpt should be called before opening the slave side of a pty.
 func unlockpt(f *os.File) error {
 	var u int32
-	return ioctl(f.Fd(), syscall.TIOCSPTLCK, uintptr(unsafe.Pointer(&u)))
+	return ioctl(f.Fd(), unix.TIOCSPTLCK, uintptr(unsafe.Pointer(&u)))
 }
 
 // ptsname retrieves the name of the first available pts for the given master.
 func ptsname(f *os.File) (string, error) {
 	var n int32
-	if err := ioctl(f.Fd(), syscall.TIOCGPTN, uintptr(unsafe.Pointer(&n))); err != nil {
+	if err := ioctl(f.Fd(), unix.TIOCGPTN, uintptr(unsafe.Pointer(&n))); err != nil {
 		return "", err
 	}
 	return fmt.Sprintf("/dev/pts/%d", n), nil
@@ -139,16 +140,16 @@ func ptsname(f *os.File) (string, error) {
 // also relay that funky line discipline.
 func saneTerminal(terminal *os.File) error {
 	// Go doesn't have a wrapper for any of the termios ioctls.
-	var termios syscall.Termios
+	var termios unix.Termios
 
-	if err := ioctl(terminal.Fd(), syscall.TCGETS, uintptr(unsafe.Pointer(&termios))); err != nil {
+	if err := ioctl(terminal.Fd(), unix.TCGETS, uintptr(unsafe.Pointer(&termios))); err != nil {
 		return fmt.Errorf("ioctl(tty, tcgets): %s", err.Error())
 	}
 
 	// Set -onlcr so we don't have to deal with \r.
-	termios.Oflag &^= syscall.ONLCR
+	termios.Oflag &^= unix.ONLCR
 
-	if err := ioctl(terminal.Fd(), syscall.TCSETS, uintptr(unsafe.Pointer(&termios))); err != nil {
+	if err := ioctl(terminal.Fd(), unix.TCSETS, uintptr(unsafe.Pointer(&termios))); err != nil {
 		return fmt.Errorf("ioctl(tty, tcsets): %s", err.Error())
 	}
 

diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
@@ -14,7 +14,7 @@ import (
 	"reflect"
 	"strings"
 	"sync"
-	"syscall"
+	"syscall" // only for Signal & SysProcAttr
 	"time"
 
 	"github.com/Sirupsen/logrus"
@@ -26,6 +26,8 @@ import (
 	"github.com/opencontainers/runc/libcontainer/utils"
 	"github.com/syndtr/gocapability/capability"
 	"github.com/vishvananda/netlink/nl"
+
+	"golang.org/x/sys/unix"
 )
 
 const stdioFdCount = 3
@@ -317,12 +319,12 @@ func (c *linuxContainer) createExecFifo() error {
 	if _, err := os.Stat(fifoName); err == nil {
 		return fmt.Errorf("exec fifo %s already exists", fifoName)
 	}
-	oldMask := syscall.Umask(0000)
-	if err := syscall.Mkfifo(fifoName, 0622); err != nil {
-		syscall.Umask(oldMask)
+	oldMask := unix.Umask(0000)
+	if err := unix.Mkfifo(fifoName, 0622); err != nil {
+		unix.Umask(oldMask)
 		return err
 	}
-	syscall.Umask(oldMask)
+	unix.Umask(oldMask)
 	if err := os.Chown(fifoName, rootuid, rootgid); err != nil {
 		return err
 	}
@@ -829,11 +831,11 @@ func (c *linuxContainer) Restore(process *Process, criuOpts *CriuOpts) error {
 	if err != nil {
 		return err
 	}
-	err = syscall.Mount(c.config.Rootfs, root, "", syscall.MS_BIND|syscall.MS_REC, "")
+	err = unix.Mount(c.config.Rootfs, root, "", unix.MS_BIND|unix.MS_REC, "")
 	if err != nil {
 		return err
 	}
-	defer syscall.Unmount(root, syscall.MNT_DETACH)
+	defer unix.Unmount(root, unix.MNT_DETACH)
 	t := criurpc.CriuReqType_RESTORE
 	req := &criurpc.CriuReq{
 		Type: &t,
@@ -882,7 +884,7 @@ func (c *linuxContainer) Restore(process *Process, criuOpts *CriuOpts) error {
 		c.addCriuRestoreMount(req, m)
 	}
 
-	if criuOpts.EmptyNs&syscall.CLONE_NEWNET == 0 {
+	if criuOpts.EmptyNs&unix.CLONE_NEWNET == 0 {
 		c.restoreNetwork(req, criuOpts)
 	}
 
@@ -940,7 +942,7 @@ func (c *linuxContainer) criuApplyCgroups(pid int, req *criurpc.CriuReq) error {
 }
 
 func (c *linuxContainer) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuOpts, applyCgroups bool) error {
-	fds, err := syscall.Socketpair(syscall.AF_LOCAL, syscall.SOCK_SEQPACKET|syscall.SOCK_CLOEXEC, 0)
+	fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0)
 	if err != nil {
 		return err
 	}
@@ -1261,8 +1263,8 @@ func (c *linuxContainer) runType() (Status, error) {
 	}
 	pid := c.initProcess.pid()
 	// return Running if the init process is alive
-	if err := syscall.Kill(pid, 0); err != nil {
-		if err == syscall.ESRCH {
+	if err := unix.Kill(pid, 0); err != nil {
+		if err == unix.ESRCH {
 			// It means the process does not exist anymore, could happen when the
 			// process exited just when we call the function, we should not return
 			// error in this case.

diff --git a/libcontainer/devices/devices_unix.go b/libcontainer/devices/devices_unix.go
@@ -8,9 +8,10 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"syscall"
 
 	"github.com/opencontainers/runc/libcontainer/configs"
+
+	"golang.org/x/sys/unix"
 )
 
 var (
@@ -38,13 +39,13 @@ func DeviceFromPath(path, permissions string) (*configs.Device, error) {
 	case mode&os.ModeDevice == 0:
 		return nil, ErrNotADevice
 	case mode&os.ModeCharDevice != 0:
-		fileModePermissionBits |= syscall.S_IFCHR
+		fileModePermissionBits |= unix.S_IFCHR
 		devType = 'c'
 	default:
-		fileModePermissionBits |= syscall.S_IFBLK
+		fileModePermissionBits |= unix.S_IFBLK
 		devType = 'b'
 	}
-	stat_t, ok := fileInfo.Sys().(*syscall.Stat_t)
+	stat_t, ok := fileInfo.Sys().(*unix.Stat_t)
 	if !ok {
 		return nil, fmt.Errorf("cannot determine the device number for device %s", path)
 	}

diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go
@@ -10,7 +10,6 @@ import (
 	"regexp"
 	"runtime/debug"
 	"strconv"
-	"syscall"
 
 	"github.com/docker/docker/pkg/mount"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
@@ -19,6 +18,8 @@ import (
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/configs/validate"
 	"github.com/opencontainers/runc/libcontainer/utils"
+
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -80,7 +81,7 @@ func TmpfsRoot(l *LinuxFactory) error {
 		return err
 	}
 	if !mounted {
-		if err := syscall.Mount("tmpfs", l.Root, "tmpfs", 0, ""); err != nil {
+		if err := unix.Mount("tmpfs", l.Root, "tmpfs", 0, ""); err != nil {
 			return err
 		}
 	}
@@ -284,7 +285,7 @@ func (l *LinuxFactory) StartInitialization() (err error) {
 		return err
 	}
 
-	// If Init succeeds, syscall.Exec will not return, hence none of the defers will be called.
+	// If Init succeeds, unix.Exec will not return, hence none of the defers will be called.
 	return i.Init()
 }
 

diff --git a/libcontainer/factory_linux_test.go b/libcontainer/factory_linux_test.go
@@ -7,12 +7,13 @@ import (
 	"os"
 	"path/filepath"
 	"reflect"
-	"syscall"
 	"testing"
 
 	"github.com/docker/docker/pkg/mount"
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/utils"
+
+	"golang.org/x/sys/unix"
 )
 
 func newTestRoot() (string, error) {
@@ -99,7 +100,7 @@ func TestFactoryNewTmpfs(t *testing.T) {
 	if !found {
 		t.Fatalf("Factory Root is not listed in mounts list")
 	}
-	defer syscall.Unmount(root, syscall.MNT_DETACH)
+	defer unix.Unmount(root, unix.MNT_DETACH)
 }
 
 func TestFactoryLoadNotExists(t *testing.T) {