From e483fa96586a67ee425317dbfee0cacb5a9b21b7 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Wed, 26 Feb 2020 09:45:00 -0500 Subject: [PATCH 1/2] update containerd, docker/distribution and mindprince/gonvml --- go.mod | 6 +- go.sum | 6 ++ .../distribution/reference/normalize.go | 29 ++++++ .../distribution/reference/reference.go | 2 +- .../registry/api/errcode/errors.go | 6 +- vendor/github.com/mindprince/gonvml/Makefile | 3 + .../github.com/mindprince/gonvml/bindings.go | 95 ++++++++++++++++++- vendor/modules.txt | 6 +- 8 files changed, 142 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 576797f8..85e60697 100644 --- a/go.mod +++ b/go.mod @@ -17,13 +17,13 @@ require ( github.com/blang/semver v3.1.0+incompatible github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b // indirect github.com/containerd/cgroups v0.0.0-20200108155730-918ed86e29cc // indirect - github.com/containerd/containerd v1.3.2 + github.com/containerd/containerd v1.3.3 github.com/containerd/continuity v0.0.0-20200107194136-26c1120b8d41 // indirect github.com/containerd/fifo v0.0.0-20191213151349-ff969a566b00 // indirect github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c // indirect github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd github.com/cyphar/filepath-securejoin v0.2.2-0.20170720062807-ae69057f2299 // indirect - github.com/docker/distribution v2.7.1+incompatible // indirect + github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible // indirect github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 github.com/docker/go-connections v0.3.0 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect @@ -53,7 +53,7 @@ require ( github.com/mattn/go-shellwords v1.0.4-0.20180201004752-39dbbfa24bbc // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mesos/mesos-go v0.0.7-0.20180413204204-29de6ff97b48 - github.com/mindprince/gonvml v0.0.0-20171110221305-fee913ce8fb2 + github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible github.com/mrunalp/fileutils v0.0.0-20160930181131-4ee1cc9a8058 // indirect github.com/onsi/ginkgo v1.10.3 // indirect diff --git a/go.sum b/go.sum index cfe68637..6f009492 100644 --- a/go.sum +++ b/go.sum @@ -48,6 +48,8 @@ github.com/containerd/containerd v1.0.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMX github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA= github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.3.3 h1:LoIzb5y9x5l8VKAlyrbusNPXqBY0+kviRloxFUMFwKc= +github.com/containerd/containerd v1.3.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20200107194136-26c1120b8d41 h1:kIFnQBO7rQ0XkMe6xEwbybYHBEaWmh/f++laI6Emt7M= github.com/containerd/continuity v0.0.0-20200107194136-26c1120b8d41/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY= @@ -74,6 +76,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/distribution v2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible h1:357nGVUC8gSpeSc2Axup8HfrfTLLUfWfCsCUhiQSKIg= github.com/docker/distribution v2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible h1:dvc1KSkIYTVjZgHf/CTC2diTYC8PzhaA5sFISRfNVrE= +github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 h1:w3NnFcKR5241cfmQU5ZZAsf0xcpId6mWOupTvJlUX2U= @@ -182,6 +186,8 @@ github.com/mesos/mesos-go v0.0.7-0.20180413204204-29de6ff97b48 h1:YIHidb4LpHLt+c github.com/mesos/mesos-go v0.0.7-0.20180413204204-29de6ff97b48/go.mod h1:kPYCMQ9gsOXVAle1OsoY4I1+9kPu8GHkf88aV59fDr4= github.com/mindprince/gonvml v0.0.0-20171110221305-fee913ce8fb2 h1:v3dy+FJr7gS7nLgYG7YjX/pmUWuFdudcpnoRNHt2heo= github.com/mindprince/gonvml v0.0.0-20171110221305-fee913ce8fb2/go.mod h1:2eu9pRWp8mo84xCg6KswZ+USQHjwgRhNp06sozOdsTY= +github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989 h1:PS1dLCGtD8bb9RPKJrc8bS7qHL6JnW1CZvwzH9dPoUs= +github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989/go.mod h1:2eu9pRWp8mo84xCg6KswZ+USQHjwgRhNp06sozOdsTY= github.com/mistifyio/go-zfs v2.1.2-0.20170901132433-166dd29edf05+incompatible h1:AqI6iSRQ93q8L+B0awSpC5abFebb1adJpMIjBToRyEs= github.com/mistifyio/go-zfs v2.1.2-0.20170901132433-166dd29edf05+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible h1:aKW/4cBs+yK6gpqU3K/oIwk9Q/XICqd3zOX/UFuvqmk= diff --git a/vendor/github.com/docker/distribution/reference/normalize.go b/vendor/github.com/docker/distribution/reference/normalize.go index 2d71fc5e..b3dfb7a6 100644 --- a/vendor/github.com/docker/distribution/reference/normalize.go +++ b/vendor/github.com/docker/distribution/reference/normalize.go @@ -56,6 +56,35 @@ func ParseNormalizedNamed(s string) (Named, error) { return named, nil } +// ParseDockerRef normalizes the image reference following the docker convention. This is added +// mainly for backward compatibility. +// The reference returned can only be either tagged or digested. For reference contains both tag +// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@ +// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as +// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa. +func ParseDockerRef(ref string) (Named, error) { + named, err := ParseNormalizedNamed(ref) + if err != nil { + return nil, err + } + if _, ok := named.(NamedTagged); ok { + if canonical, ok := named.(Canonical); ok { + // The reference is both tagged and digested, only + // return digested. + newNamed, err := WithName(canonical.Name()) + if err != nil { + return nil, err + } + newCanonical, err := WithDigest(newNamed, canonical.Digest()) + if err != nil { + return nil, err + } + return newCanonical, nil + } + } + return TagNameOnly(named), nil +} + // splitDockerDomain splits a repository name to domain and remotename string. // If no valid domain is found, the default domain is used. Repository name // needs to be already validated before. diff --git a/vendor/github.com/docker/distribution/reference/reference.go b/vendor/github.com/docker/distribution/reference/reference.go index 2f66cca8..8c0c23b2 100644 --- a/vendor/github.com/docker/distribution/reference/reference.go +++ b/vendor/github.com/docker/distribution/reference/reference.go @@ -205,7 +205,7 @@ func Parse(s string) (Reference, error) { var repo repository nameMatch := anchoredNameRegexp.FindStringSubmatch(matches[1]) - if nameMatch != nil && len(nameMatch) == 3 { + if len(nameMatch) == 3 { repo.domain = nameMatch[1] repo.path = nameMatch[2] } else { diff --git a/vendor/github.com/docker/distribution/registry/api/errcode/errors.go b/vendor/github.com/docker/distribution/registry/api/errcode/errors.go index 6d9bb4b6..4c35b879 100644 --- a/vendor/github.com/docker/distribution/registry/api/errcode/errors.go +++ b/vendor/github.com/docker/distribution/registry/api/errcode/errors.go @@ -207,11 +207,11 @@ func (errs Errors) MarshalJSON() ([]byte, error) { for _, daErr := range errs { var err Error - switch daErr.(type) { + switch daErr := daErr.(type) { case ErrorCode: - err = daErr.(ErrorCode).WithDetail(nil) + err = daErr.WithDetail(nil) case Error: - err = daErr.(Error) + err = daErr default: err = ErrorCodeUnknown.WithDetail(daErr) diff --git a/vendor/github.com/mindprince/gonvml/Makefile b/vendor/github.com/mindprince/gonvml/Makefile index b329e964..65314b34 100644 --- a/vendor/github.com/mindprince/gonvml/Makefile +++ b/vendor/github.com/mindprince/gonvml/Makefile @@ -18,3 +18,6 @@ PKG=github.com/mindprince/gonvml build: docker run -v $(shell pwd):/go/src/$(PKG) --workdir=/go/src/$(PKG) golang:1.8 go build cmd/example/example.go +.PHONY: presubmit +presubmit: + ./.travis.gofmt.sh diff --git a/vendor/github.com/mindprince/gonvml/bindings.go b/vendor/github.com/mindprince/gonvml/bindings.go index ae1711d8..abefe83e 100644 --- a/vendor/github.com/mindprince/gonvml/bindings.go +++ b/vendor/github.com/mindprince/gonvml/bindings.go @@ -111,6 +111,38 @@ nvmlReturn_t nvmlDeviceGetPowerUsage(nvmlDevice_t device, unsigned int *power) { return nvmlDeviceGetPowerUsageFunc(device, power); } +nvmlReturn_t (*nvmlDeviceGetTemperatureFunc)(nvmlDevice_t device, nvmlTemperatureSensors_t sensorType, unsigned int *temp); +nvmlReturn_t nvmlDeviceGetTemperature(nvmlDevice_t device, nvmlTemperatureSensors_t sensorType, unsigned int *temp) { + if (nvmlDeviceGetTemperatureFunc == NULL) { + return NVML_ERROR_FUNCTION_NOT_FOUND; + } + return nvmlDeviceGetTemperatureFunc(device, sensorType, temp); +} + +nvmlReturn_t (*nvmlDeviceGetFanSpeedFunc)(nvmlDevice_t device, unsigned int *speed); +nvmlReturn_t nvmlDeviceGetFanSpeed(nvmlDevice_t device, unsigned int *speed) { + if (nvmlDeviceGetFanSpeedFunc == NULL) { + return NVML_ERROR_FUNCTION_NOT_FOUND; + } + return nvmlDeviceGetFanSpeedFunc(device, speed); +} + +nvmlReturn_t (*nvmlDeviceGetEncoderUtilizationFunc)(nvmlDevice_t device, unsigned int* utilization, unsigned int* samplingPeriodUs); +nvmlReturn_t nvmlDeviceGetEncoderUtilization(nvmlDevice_t device, unsigned int* utilization, unsigned int* samplingPeriodUs) { + if (nvmlDeviceGetEncoderUtilizationFunc == NULL) { + return NVML_ERROR_FUNCTION_NOT_FOUND; + } + return nvmlDeviceGetEncoderUtilizationFunc(device, utilization, samplingPeriodUs); +} + +nvmlReturn_t (*nvmlDeviceGetDecoderUtilizationFunc)(nvmlDevice_t device, unsigned int* utilization, unsigned int* samplingPeriodUs); +nvmlReturn_t nvmlDeviceGetDecoderUtilization(nvmlDevice_t device, unsigned int* utilization, unsigned int* samplingPeriodUs) { + if (nvmlDeviceGetDecoderUtilizationFunc == NULL) { + return NVML_ERROR_FUNCTION_NOT_FOUND; + } + return nvmlDeviceGetDecoderUtilizationFunc(device, utilization, samplingPeriodUs); +} + nvmlReturn_t (*nvmlDeviceGetSamplesFunc)(nvmlDevice_t device, nvmlSamplingType_t type, unsigned long long lastSeenTimeStamp, nvmlValueType_t *sampleValType, unsigned int *sampleCount, nvmlSample_t *samples); // Loads the "libnvidia-ml.so.1" shared library. @@ -169,10 +201,26 @@ nvmlReturn_t nvmlInit_dl(void) { if (nvmlDeviceGetPowerUsageFunc == NULL) { return NVML_ERROR_FUNCTION_NOT_FOUND; } + nvmlDeviceGetTemperatureFunc = dlsym(nvmlHandle, "nvmlDeviceGetTemperature"); + if (nvmlDeviceGetTemperatureFunc == NULL) { + return NVML_ERROR_FUNCTION_NOT_FOUND; + } + nvmlDeviceGetFanSpeedFunc = dlsym(nvmlHandle, "nvmlDeviceGetFanSpeed"); + if (nvmlDeviceGetFanSpeedFunc == NULL) { + return NVML_ERROR_FUNCTION_NOT_FOUND; + } nvmlDeviceGetSamplesFunc = dlsym(nvmlHandle, "nvmlDeviceGetSamples"); if (nvmlDeviceGetSamplesFunc == NULL) { return NVML_ERROR_FUNCTION_NOT_FOUND; } + nvmlDeviceGetEncoderUtilizationFunc = dlsym(nvmlHandle, "nvmlDeviceGetEncoderUtilization"); + if (nvmlDeviceGetEncoderUtilizationFunc == NULL) { + return NVML_ERROR_FUNCTION_NOT_FOUND; + } + nvmlDeviceGetDecoderUtilizationFunc = dlsym(nvmlHandle, "nvmlDeviceGetDecoderUtilization"); + if (nvmlDeviceGetDecoderUtilizationFunc == NULL) { + return NVML_ERROR_FUNCTION_NOT_FOUND; + } nvmlReturn_t result = nvmlInitFunc(); if (result != NVML_SUCCESS) { dlclose(nvmlHandle); @@ -384,7 +432,7 @@ func (d Device) MemoryInfo() (uint64, uint64, error) { // UtilizationRates returns the percent of time over the past sample period during which: // utilization.gpu: one or more kernels were executing on the GPU. -// utilizatoin.memory: global (device) memory was being read or written. +// utilization.memory: global (device) memory was being read or written. func (d Device) UtilizationRates() (uint, uint, error) { if C.nvmlHandle == nil { return 0, 0, errLibraryNotLoaded @@ -429,3 +477,48 @@ func (d Device) AverageGPUUtilization(since time.Duration) (uint, error) { r := C.nvmlDeviceGetAverageUsage(d.dev, C.NVML_GPU_UTILIZATION_SAMPLES, lastTs, &n) return uint(n), errorString(r) } + +// Temperature returns the temperature for this GPU in Celsius. +func (d Device) Temperature() (uint, error) { + if C.nvmlHandle == nil { + return 0, errLibraryNotLoaded + } + var n C.uint + r := C.nvmlDeviceGetTemperature(d.dev, C.NVML_TEMPERATURE_GPU, &n) + return uint(n), errorString(r) +} + +// FanSpeed returns the temperature for this GPU in the percentage of its full +// speed, with 100 being the maximum. +func (d Device) FanSpeed() (uint, error) { + if C.nvmlHandle == nil { + return 0, errLibraryNotLoaded + } + var n C.uint + r := C.nvmlDeviceGetFanSpeed(d.dev, &n) + return uint(n), errorString(r) +} + +// EncoderUtilization returns the percent of time over the last sample period during which the GPU video encoder was being used. +// The sampling period is variable and is returned in the second return argument in microseconds. +func (d Device) EncoderUtilization() (uint, uint, error) { + if C.nvmlHandle == nil { + return 0, 0, errLibraryNotLoaded + } + var n C.uint + var sp C.uint + r := C.nvmlDeviceGetEncoderUtilization(d.dev, &n, &sp) + return uint(n), uint(sp), errorString(r) +} + +// DecoderUtilization returns the percent of time over the last sample period during which the GPU video decoder was being used. +// The sampling period is variable and is returned in the second return argument in microseconds. +func (d Device) DecoderUtilization() (uint, uint, error) { + if C.nvmlHandle == nil { + return 0, 0, errLibraryNotLoaded + } + var n C.uint + var sp C.uint + r := C.nvmlDeviceGetDecoderUtilization(d.dev, &n, &sp) + return uint(n), uint(sp), errorString(r) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 980644da..7cc88cd9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -45,7 +45,7 @@ github.com/blang/semver github.com/checkpoint-restore/go-criu/rpc # github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1 github.com/containerd/console -# github.com/containerd/containerd v1.3.2 +# github.com/containerd/containerd v1.3.3 github.com/containerd/containerd/api/services/containers/v1 github.com/containerd/containerd/api/services/tasks/v1 github.com/containerd/containerd/api/services/version/v1 @@ -65,7 +65,7 @@ github.com/coreos/go-systemd/dbus github.com/cyphar/filepath-securejoin # github.com/davecgh/go-spew v1.1.1 github.com/davecgh/go-spew/spew -# github.com/docker/distribution v2.7.1+incompatible +# github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible github.com/docker/distribution/digestset github.com/docker/distribution/reference github.com/docker/distribution/registry/api/errcode @@ -159,7 +159,7 @@ github.com/mesos/mesos-go/api/v1/lib/httpcli github.com/mesos/mesos-go/api/v1/lib/httpcli/apierrors github.com/mesos/mesos-go/api/v1/lib/recordio github.com/mesos/mesos-go/api/v1/lib/roles -# github.com/mindprince/gonvml v0.0.0-20171110221305-fee913ce8fb2 +# github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989 github.com/mindprince/gonvml # github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible github.com/mistifyio/go-zfs From 043bcb03a4c37c16f38b5aa27287fd92445e8d78 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Wed, 26 Feb 2020 09:51:54 -0500 Subject: [PATCH 2/2] update opencontainers/selinux to 1.3.2 --- go.mod | 2 +- go.sum | 3 + .../mindprince/gonvml/.travis.gofmt.sh | 7 + .../github.com/mindprince/gonvml/.travis.yml | 9 ++ .../mindprince/gonvml/bindings_nocgo.go | 115 +++++++++++++++ .../selinux/go-selinux/selinux_linux.go | 135 +++++++++++------- .../selinux/go-selinux/xattrs.go | 72 ++-------- vendor/modules.txt | 2 +- 8 files changed, 231 insertions(+), 114 deletions(-) create mode 100644 vendor/github.com/mindprince/gonvml/.travis.gofmt.sh create mode 100644 vendor/github.com/mindprince/gonvml/.travis.yml create mode 100644 vendor/github.com/mindprince/gonvml/bindings_nocgo.go diff --git a/go.mod b/go.mod index 85e60697..7a0bdd91 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/opencontainers/image-spec v1.0.1 // indirect github.com/opencontainers/runc v1.0.0-rc8.0.20190906011214-a6606a7ae9d9 github.com/opencontainers/runtime-spec v1.0.1 - github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52 // indirect + github.com/opencontainers/selinux v1.3.2 // indirect github.com/pborman/uuid v0.0.0-20150824212802-cccd189d45f7 // indirect github.com/pkg/errors v0.8.1 github.com/pquerna/ffjson v0.0.0-20171002144729-d49c2bc1aa13 // indirect diff --git a/go.sum b/go.sum index 6f009492..2dfe6d75 100644 --- a/go.sum +++ b/go.sum @@ -219,6 +219,8 @@ github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52 h1:B8hYj3NxHmjsC3T+tnlZ1UhInqUgnyF1zlGPmzNg2Qk= github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= +github.com/opencontainers/selinux v1.3.2 h1:DR4lL9SYVjgcTZKEZIncvDU06fKSc/eygjmNGOA3E1s= +github.com/opencontainers/selinux v1.3.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= github.com/pborman/uuid v0.0.0-20150824212802-cccd189d45f7 h1:7Nb5cK6zZrR39niF9np62PLldWkL0R0XJGDbmsRQ96E= github.com/pborman/uuid v0.0.0-20150824212802-cccd189d45f7/go.mod h1:VyrYX9gd7irzKovcSS6BIIEwPRkP2Wm2m9ufcdFSJ34= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -326,6 +328,7 @@ golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191112214154-59a1497f0cea/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191210023423-ac6580df4449 h1:gSbV7h1NRL2G1xTg/owz62CST1oJBmxy4QpMMregXVQ= golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200107162124-548cf772de50 h1:YvQ10rzcqWXLlJZ3XCUoO25savxmscf4+SC+ZqiCHhA= diff --git a/vendor/github.com/mindprince/gonvml/.travis.gofmt.sh b/vendor/github.com/mindprince/gonvml/.travis.gofmt.sh new file mode 100644 index 00000000..646934bb --- /dev/null +++ b/vendor/github.com/mindprince/gonvml/.travis.gofmt.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ -n "$(gofmt -s -l .)" ]; then + echo "Go code is not properly formatted:" + gofmt -s -d -e . + exit 1 +fi diff --git a/vendor/github.com/mindprince/gonvml/.travis.yml b/vendor/github.com/mindprince/gonvml/.travis.yml new file mode 100644 index 00000000..d45dc3c9 --- /dev/null +++ b/vendor/github.com/mindprince/gonvml/.travis.yml @@ -0,0 +1,9 @@ +language: go + +go: + - "1.8" + - "1.9" + - "1.10" + +script: + - make presubmit diff --git a/vendor/github.com/mindprince/gonvml/bindings_nocgo.go b/vendor/github.com/mindprince/gonvml/bindings_nocgo.go new file mode 100644 index 00000000..ddbec565 --- /dev/null +++ b/vendor/github.com/mindprince/gonvml/bindings_nocgo.go @@ -0,0 +1,115 @@ +// +build !cgo + +package gonvml + +import ( + "errors" + "time" +) + +var errNoCgo = errors.New("this binary is built without CGO, NVML is disabled") + +// Initialize initializes NVML. +// Call this before calling any other methods. +func Initialize() error { + return errNoCgo +} + +// Shutdown shuts down NVML. +// Call this once NVML is no longer being used. +func Shutdown() error { + return errNoCgo +} + +// SystemDriverVersion returns the the driver version on the system. +func SystemDriverVersion() (string, error) { + return "", errNoCgo +} + +// DeviceCount returns the number of nvidia devices on the system. +func DeviceCount() (uint, error) { + return 0, errNoCgo +} + +// Device is the handle for the device. +// This handle is obtained by calling DeviceHandleByIndex(). +type Device struct { +} + +// DeviceHandleByIndex returns the device handle for a particular index. +// The indices range from 0 to DeviceCount()-1. The order in which NVML +// enumerates devices has no guarantees of consistency between reboots. +func DeviceHandleByIndex(idx uint) (Device, error) { + return Device{}, errNoCgo +} + +// MinorNumber returns the minor number for the device. +// The minor number for the device is such that the Nvidia device node +// file for each GPU will have the form /dev/nvidia[minor number]. +func (d Device) MinorNumber() (uint, error) { + return 0, errNoCgo +} + +// UUID returns the globally unique immutable UUID associated with this device. +func (d Device) UUID() (string, error) { + return "", errNoCgo +} + +// Name returns the product name of the device. +func (d Device) Name() (string, error) { + return "", errNoCgo +} + +// MemoryInfo returns the total and used memory (in bytes) of the device. +func (d Device) MemoryInfo() (uint64, uint64, error) { + return 0, 0, errNoCgo +} + +// UtilizationRates returns the percent of time over the past sample period during which: +// utilization.gpu: one or more kernels were executing on the GPU. +// utilizatoin.memory: global (device) memory was being read or written. +func (d Device) UtilizationRates() (uint, uint, error) { + return 0, 0, errNoCgo +} + +// PowerUsage returns the power usage for this GPU and its associated circuitry +// in milliwatts. The reading is accurate to within +/- 5% of current power draw. +func (d Device) PowerUsage() (uint, error) { + return 0, errNoCgo +} + +// AveragePowerUsage returns the power usage for this GPU and its associated circuitry +// in milliwatts averaged over the samples collected in the last `since` duration. +func (d Device) AveragePowerUsage(since time.Duration) (uint, error) { + return 0, errNoCgo +} + +// AverageGPUUtilization returns the utilization.gpu metric (percent of time +// one of more kernels were executing on the GPU) averaged over the samples +// collected in the last `since` duration. +func (d Device) AverageGPUUtilization(since time.Duration) (uint, error) { + return 0, errNoCgo +} + +// Temperature returns the temperature for this GPU in Celsius. +func (d Device) Temperature() (uint, error) { + return 0, errNoCgo +} + +// FanSpeed returns the temperature for this GPU in the percentage of its full +// speed, with 100 being the maximum. +func (d Device) FanSpeed() (uint, error) { + return 0, errNoCgo +} + +// EncoderUtilization returns the percent of time over the last sample period during which the GPU video encoder was being used. +// The sampling period is variable and is returned in the second return argument in microseconds. +func (d Device) EncoderUtilization() (uint, uint, error) { + return 0, 0, errNoCgo +} + +// DecoderUtilization returns the percent of time over the last sample period during which the GPU video decoder was being used. +// The sampling period is variable and is returned in the second return argument in microseconds. +func (d Device) DecoderUtilization() (uint, uint, error) { + return 0, 0, errNoCgo +} diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index 8cdf1b05..0e97a077 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -7,11 +7,11 @@ import ( "bytes" "crypto/rand" "encoding/binary" - "errors" "fmt" "io" "io/ioutil" "os" + "path" "path/filepath" "regexp" "strconv" @@ -19,6 +19,7 @@ import ( "sync" "syscall" + "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -37,15 +38,14 @@ const ( selinuxTag = "SELINUX" xattrNameSelinux = "security.selinux" stRdOnly = 0x01 - selinuxfsMagic = 0xf97cff8c ) type selinuxState struct { - enabledSet bool - enabled bool - selinuxfsSet bool - selinuxfs string - mcsList map[string]bool + enabledSet bool + enabled bool + selinuxfsOnce sync.Once + selinuxfs string + mcsList map[string]bool sync.Mutex } @@ -62,6 +62,10 @@ var ( state = selinuxState{ mcsList: make(map[string]bool), } + + // for attrPath() + attrPathOnce sync.Once + haveThreadSelf bool ) // Context is a representation of the SELinux label broken into 4 parts @@ -98,14 +102,6 @@ func SetDisabled() { state.setEnable(false) } -func (s *selinuxState) setSELinuxfs(selinuxfs string) string { - s.Lock() - defer s.Unlock() - s.selinuxfsSet = true - s.selinuxfs = selinuxfs - return s.selinuxfs -} - func verifySELinuxfsMount(mnt string) bool { var buf syscall.Statfs_t for { @@ -118,7 +114,8 @@ func verifySELinuxfsMount(mnt string) bool { } return false } - if uint32(buf.Type) != uint32(selinuxfsMagic) { + + if buf.Type != unix.SELINUX_MAGIC { return false } if (buf.Flags & stRdOnly) != 0 { @@ -166,33 +163,29 @@ func findSELinuxfs() string { // if there is one, or an empty string in case of EOF or error. func findSELinuxfsMount(s *bufio.Scanner) string { for s.Scan() { - txt := s.Text() + txt := s.Bytes() // The first field after - is fs type. // Safe as spaces in mountpoints are encoded as \040 - if !strings.Contains(txt, " - selinuxfs ") { + if !bytes.Contains(txt, []byte(" - selinuxfs ")) { continue } const mPos = 5 // mount point is 5th field - fields := strings.SplitN(txt, " ", mPos+1) + fields := bytes.SplitN(txt, []byte(" "), mPos+1) if len(fields) < mPos+1 { continue } - return fields[mPos-1] + return string(fields[mPos-1]) } return "" } func (s *selinuxState) getSELinuxfs() string { - s.Lock() - selinuxfs := s.selinuxfs - selinuxfsSet := s.selinuxfsSet - s.Unlock() - if selinuxfsSet { - return selinuxfs - } + s.selinuxfsOnce.Do(func() { + s.selinuxfs = findSELinuxfs() + }) - return s.setSELinuxfs(findSELinuxfs()) + return s.selinuxfs } // getSelinuxMountPoint returns the path to the mountpoint of an selinuxfs @@ -254,10 +247,17 @@ func getSELinuxPolicyRoot() string { return filepath.Join(selinuxDir, readConfig(selinuxTypeTag)) } -func isProcHandle(fh *os.File) (bool, error) { +func isProcHandle(fh *os.File) error { var buf unix.Statfs_t err := unix.Fstatfs(int(fh.Fd()), &buf) - return buf.Type == unix.PROC_SUPER_MAGIC, err + if err != nil { + return fmt.Errorf("statfs(%q) failed: %v", fh.Name(), err) + } + if buf.Type != unix.PROC_SUPER_MAGIC { + return fmt.Errorf("file %q is not on procfs", fh.Name()) + } + + return nil } func readCon(fpath string) (string, error) { @@ -271,10 +271,8 @@ func readCon(fpath string) (string, error) { } defer in.Close() - if ok, err := isProcHandle(in); err != nil { + if err := isProcHandle(in); err != nil { return "", err - } else if !ok { - return "", fmt.Errorf("%s not on procfs", fpath) } var retval string @@ -289,7 +287,10 @@ func SetFileLabel(fpath string, label string) error { if fpath == "" { return ErrEmptyPath } - return lsetxattr(fpath, xattrNameSelinux, []byte(label), 0) + if err := lsetxattr(fpath, xattrNameSelinux, []byte(label), 0); err != nil { + return errors.Wrapf(err, "failed to set file label on %s", fpath) + } + return nil } // FileLabel returns the SELinux label for this path or returns an error. @@ -314,7 +315,7 @@ SetFSCreateLabel tells kernel the label to create all file system objects created by this task. Setting label="" to return to default. */ func SetFSCreateLabel(label string) error { - return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid()), label) + return writeAttr("fscreate", label) } /* @@ -322,12 +323,12 @@ FSCreateLabel returns the default label the kernel which the kernel is using for file system objects created by this task. "" indicates default. */ func FSCreateLabel() (string, error) { - return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid())) + return readAttr("fscreate") } // CurrentLabel returns the SELinux label of the current process thread, or an error. func CurrentLabel() (string, error) { - return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", syscall.Gettid())) + return readAttr("current") } // PidLabel returns the SELinux label of the given pid, or an error. @@ -340,10 +341,10 @@ ExecLabel returns the SELinux label that the kernel will use for any programs that are executed by the current process thread, or an error. */ func ExecLabel() (string, error) { - return readCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid())) + return readAttr("exec") } -func writeCon(fpath string, val string) error { +func writeCon(fpath, val string) error { if fpath == "" { return ErrEmptyPath } @@ -359,10 +360,8 @@ func writeCon(fpath string, val string) error { } defer out.Close() - if ok, err := isProcHandle(out); err != nil { + if err := isProcHandle(out); err != nil { return err - } else if !ok { - return fmt.Errorf("%s not on procfs", fpath) } if val != "" { @@ -370,7 +369,36 @@ func writeCon(fpath string, val string) error { } else { _, err = out.Write(nil) } - return err + if err != nil { + return errors.Wrapf(err, "failed to set %s on procfs", fpath) + } + return nil +} + +func attrPath(attr string) string { + // Linux >= 3.17 provides this + const threadSelfPrefix = "/proc/thread-self/attr" + + attrPathOnce.Do(func() { + st, err := os.Stat(threadSelfPrefix) + if err == nil && st.Mode().IsDir() { + haveThreadSelf = true + } + }) + + if haveThreadSelf { + return path.Join(threadSelfPrefix, attr) + } + + return path.Join("/proc/self/task/", strconv.Itoa(syscall.Gettid()), "/attr/", attr) +} + +func readAttr(attr string) (string, error) { + return readCon(attrPath(attr)) +} + +func writeAttr(attr, val string) error { + return writeCon(attrPath(attr), val) } /* @@ -409,7 +437,7 @@ SetExecLabel sets the SELinux label that the kernel will use for any programs that are executed by the current process thread, or an error. */ func SetExecLabel(label string) error { - return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), label) + return writeAttr("exec", label) } /* @@ -417,18 +445,18 @@ SetTaskLabel sets the SELinux label for the current thread, or an error. This requires the dyntransition permission. */ func SetTaskLabel(label string) error { - return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/current", syscall.Gettid()), label) + return writeAttr("current", label) } // SetSocketLabel takes a process label and tells the kernel to assign the // label to the next socket that gets created func SetSocketLabel(label string) error { - return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/sockcreate", syscall.Gettid()), label) + return writeAttr("sockcreate", label) } // SocketLabel retrieves the current socket label setting func SocketLabel() (string, error) { - return readCon(fmt.Sprintf("/proc/self/task/%d/attr/sockcreate", syscall.Gettid())) + return readAttr("sockcreate") } // PeerLabel retrieves the label of the client on the other side of a socket @@ -443,7 +471,7 @@ func SetKeyLabel(label string) error { if os.IsNotExist(err) { return nil } - if label == "" && os.IsPermission(err) && !GetEnabled() { + if label == "" && os.IsPermission(err) { return nil } return err @@ -499,19 +527,18 @@ func ReserveLabel(label string) { } func selinuxEnforcePath() string { - return fmt.Sprintf("%s/enforce", getSelinuxMountPoint()) + return path.Join(getSelinuxMountPoint(), "enforce") } // EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled func EnforceMode() int { var enforce int - enforceS, err := readCon(selinuxEnforcePath()) + enforceB, err := ioutil.ReadFile(selinuxEnforcePath()) if err != nil { return -1 } - - enforce, err = strconv.Atoi(string(enforceS)) + enforce, err = strconv.Atoi(string(enforceB)) if err != nil { return -1 } @@ -523,7 +550,7 @@ SetEnforceMode sets the current SELinux mode Enforcing, Permissive. Disabled is not valid, since this needs to be set at boot time. */ func SetEnforceMode(mode int) error { - return writeCon(selinuxEnforcePath(), fmt.Sprintf("%d", mode)) + return ioutil.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0644) } /* @@ -705,7 +732,7 @@ exit: // SecurityCheckContext validates that the SELinux label is understood by the kernel func SecurityCheckContext(val string) error { - return writeCon(fmt.Sprintf("%s/context", getSelinuxMountPoint()), val) + return ioutil.WriteFile(path.Join(getSelinuxMountPoint(), "context"), []byte(val), 0644) } /* diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go index 67a9d8ee..4e711a9f 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go @@ -3,76 +3,32 @@ package selinux import ( - "syscall" - "unsafe" + "golang.org/x/sys/unix" ) -var _zero uintptr - // Returns a []byte slice if the xattr is set and nil otherwise // Requires path and its attribute as arguments func lgetxattr(path string, attr string) ([]byte, error) { - var sz int - pathBytes, err := syscall.BytePtrFromString(path) - if err != nil { - return nil, err - } - attrBytes, err := syscall.BytePtrFromString(attr) - if err != nil { - return nil, err - } - // Start with a 128 length byte array - sz = 128 - dest := make([]byte, sz) - destBytes := unsafe.Pointer(&dest[0]) - _sz, _, errno := syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0) + dest := make([]byte, 128) + sz, errno := unix.Lgetxattr(path, attr, dest) + if errno == unix.ERANGE { + // Buffer too small, get the real size first + sz, errno = unix.Lgetxattr(path, attr, []byte{}) + if errno != nil { + return nil, errno + } - switch { - case errno == syscall.ENODATA: - return nil, errno - case errno == syscall.ENOTSUP: - return nil, errno - case errno == syscall.ERANGE: - // 128 byte array might just not be good enough, - // A dummy buffer is used ``uintptr(0)`` to get real size - // of the xattrs on disk - _sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(unsafe.Pointer(nil)), uintptr(0), 0, 0) - sz = int(_sz) - if sz < 0 { - return nil, errno - } dest = make([]byte, sz) - destBytes := unsafe.Pointer(&dest[0]) - _sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0) - if errno != 0 { - return nil, errno - } - case errno != 0: + sz, errno = unix.Lgetxattr(path, attr, dest) + } + if errno != nil { return nil, errno } - sz = int(_sz) + return dest[:sz], nil } func lsetxattr(path string, attr string, data []byte, flags int) error { - pathBytes, err := syscall.BytePtrFromString(path) - if err != nil { - return err - } - attrBytes, err := syscall.BytePtrFromString(attr) - if err != nil { - return err - } - var dataBytes unsafe.Pointer - if len(data) > 0 { - dataBytes = unsafe.Pointer(&data[0]) - } else { - dataBytes = unsafe.Pointer(&_zero) - } - _, _, errno := syscall.Syscall6(syscall.SYS_LSETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(dataBytes), uintptr(len(data)), uintptr(flags), 0) - if errno != 0 { - return errno - } - return nil + return unix.Lsetxattr(path, attr, data, flags) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 7cc88cd9..446432dd 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -189,7 +189,7 @@ github.com/opencontainers/runc/libcontainer/user github.com/opencontainers/runc/libcontainer/utils # github.com/opencontainers/runtime-spec v1.0.1 github.com/opencontainers/runtime-spec/specs-go -# github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52 +# github.com/opencontainers/selinux v1.3.2 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label # github.com/pkg/errors v0.8.1