diff --git a/.circleci/config.yml b/.circleci/config.yml index f76a2c2572..9862c5a998 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -107,7 +107,7 @@ commands: command: <<# parameters.sudo >>sudo <>apt-get -q update - run: name: Install dependencies - command: <<# parameters.sudo >>sudo <>apt-get -q install -y build-essential squashfs-tools libseccomp-dev libssl-dev uuid-dev cryptsetup-bin runc libglib2.0-dev squashfuse + command: <<# parameters.sudo >>sudo <>apt-get -q install -y build-essential squashfs-tools libseccomp-dev libssl-dev uuid-dev cryptsetup-bin crun libglib2.0-dev squashfuse - run: name: Install proot command: |- diff --git a/CHANGELOG.md b/CHANGELOG.md index 85e5490604..64e57e8f84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ - When the kernel supports unprivileged overlay mounts in a user namespace, the container will be constructed using an overlay instead of underlay layout. +- `crun` will be used as the low-level OCI runtime, when available, rather than + `runc`. `runc` will not support all rootless OCI runtime functionality used by + Singularity. ### Development / Testing diff --git a/cmd/internal/cli/actions.go b/cmd/internal/cli/actions.go index e9d0442419..5fc655cc7f 100644 --- a/cmd/internal/cli/actions.go +++ b/cmd/internal/cli/actions.go @@ -179,13 +179,21 @@ var ExecCmd = &cobra.Command{ Args: cobra.MinimumNArgs(2), PreRun: actionPreRun, Run: func(cmd *cobra.Command, args []string) { - a := append([]string{"/.singularity.d/actions/exec"}, args[1:]...) + // singularity exec [args...] + image := args[0] + containerCmd := "/.singularity.d/actions/exec" + containerArgs := args[1:] + // OCI runtime does not use an action script + if ociRuntime { + containerCmd = args[1] + containerArgs = args[2:] + } setVM(cmd) if vm { - execVM(cmd, args[0], a) + execVM(cmd, image, containerCmd, containerArgs) return } - if err := launchContainer(cmd, args[0], a, ""); err != nil { + if err := launchContainer(cmd, image, containerCmd, containerArgs, ""); err != nil { sylog.Fatalf("%s", err) } }, @@ -203,13 +211,21 @@ var ShellCmd = &cobra.Command{ Args: cobra.MinimumNArgs(1), PreRun: actionPreRun, Run: func(cmd *cobra.Command, args []string) { - a := []string{"/.singularity.d/actions/shell"} + // singularity shell + image := args[0] + containerCmd := "/.singularity.d/actions/shell" + containerArgs := []string{} + // OCI runtime does not use an action script + if ociRuntime { + // TODO - needs to have bash -> sh fallback logic implemented somewhere. + containerCmd = "/bin/sh" + } setVM(cmd) if vm { - execVM(cmd, args[0], a) + execVM(cmd, image, containerCmd, containerArgs) return } - if err := launchContainer(cmd, args[0], a, ""); err != nil { + if err := launchContainer(cmd, image, containerCmd, containerArgs, ""); err != nil { sylog.Fatalf("%s", err) } }, @@ -227,13 +243,20 @@ var RunCmd = &cobra.Command{ Args: cobra.MinimumNArgs(1), PreRun: actionPreRun, Run: func(cmd *cobra.Command, args []string) { - a := append([]string{"/.singularity.d/actions/run"}, args[1:]...) + // singularity run [args...] + image := args[0] + containerCmd := "/.singularity.d/actions/run" + containerArgs := args[1:] + // OCI runtime does not use an action script + if ociRuntime { + containerCmd = "" + } setVM(cmd) if vm { - execVM(cmd, args[0], a) + execVM(cmd, args[0], containerCmd, containerArgs) return } - if err := launchContainer(cmd, args[0], a, ""); err != nil { + if err := launchContainer(cmd, image, containerCmd, containerArgs, ""); err != nil { sylog.Fatalf("%s", err) } }, @@ -251,13 +274,15 @@ var TestCmd = &cobra.Command{ Args: cobra.MinimumNArgs(1), PreRun: actionPreRun, Run: func(cmd *cobra.Command, args []string) { - a := append([]string{"/.singularity.d/actions/test"}, args[1:]...) - setVM(cmd) + // singularity test [args...] + image := args[0] + containerCmd := "/.singularity.d/actions/test" + containerArgs := args[1:] if vm { - execVM(cmd, args[0], a) + execVM(cmd, image, containerCmd, containerArgs) return } - if err := launchContainer(cmd, args[0], a, ""); err != nil { + if err := launchContainer(cmd, image, containerCmd, containerArgs, ""); err != nil { sylog.Fatalf("%s", err) } }, @@ -268,7 +293,7 @@ var TestCmd = &cobra.Command{ Example: docs.RunTestExample, } -func launchContainer(cmd *cobra.Command, image string, args []string, instanceName string) error { +func launchContainer(cmd *cobra.Command, image string, containerCmd string, containerArgs []string, instanceName string) error { ns := launcher.Namespaces{ User: userNamespace, UTS: utsNamespace, @@ -350,5 +375,5 @@ func launchContainer(cmd *cobra.Command, image string, args []string, instanceNa } } - return l.Exec(cmd.Context(), image, args, instanceName) + return l.Exec(cmd.Context(), image, containerCmd, containerArgs, instanceName) } diff --git a/cmd/internal/cli/instance_start_linux.go b/cmd/internal/cli/instance_start_linux.go index 15be099a4a..d681ad21d5 100644 --- a/cmd/internal/cli/instance_start_linux.go +++ b/cmd/internal/cli/instance_start_linux.go @@ -39,14 +39,14 @@ var instanceStartCmd = &cobra.Command{ Run: func(cmd *cobra.Command, args []string) { image := args[0] name := args[1] - - a := append([]string{"/.singularity.d/actions/start"}, args[2:]...) + containerCmd := "/.singularity.d/actions/start" + containerArgs := args[2:] setVM(cmd) if vm { - execVM(cmd, image, a) + execVM(cmd, image, containerCmd, containerArgs) return } - if err := launchContainer(cmd, image, a, name); err != nil { + if err := launchContainer(cmd, image, containerCmd, containerArgs, name); err != nil { sylog.Fatalf("%s", err) } diff --git a/cmd/internal/cli/startvm.go b/cmd/internal/cli/startvm.go index 59e8299014..32b742e8cc 100644 --- a/cmd/internal/cli/startvm.go +++ b/cmd/internal/cli/startvm.go @@ -28,7 +28,7 @@ func getHypervisorArgs(sifImage, bzImage, initramfs, singAction, cliExtra string return args } -func execVM(cmd *cobra.Command, image string, args []string) { +func execVM(cmd *cobra.Command, image string, containerCmd string, containerArgs []string) { // SIF image we are running sifImage := image @@ -42,8 +42,8 @@ func execVM(cmd *cobra.Command, image string, args []string) { isInternal = true } else { // Get our "action" (run, exec, shell) based on the action script being called - singAction = filepath.Base(args[0]) - cliExtra = strings.Join(args[1:], " ") + singAction = filepath.Base(containerCmd) + cliExtra = strings.Join(containerArgs, " ") } if err := startVM(sifImage, singAction, cliExtra, isInternal); err != nil { diff --git a/e2e/actions/actions.go b/e2e/actions/actions.go index 88b58d478e..a525265eaf 100644 --- a/e2e/actions/actions.go +++ b/e2e/actions/actions.go @@ -2406,24 +2406,6 @@ func countSquashfuseMounts(t *testing.T) int { return count } -func (c actionTests) ociRuntime(t *testing.T) { - e2e.EnsureImage(t, c.env) - - for _, p := range []e2e.Profile{e2e.OCIUserProfile, e2e.OCIRootProfile} { - c.env.RunSingularity( - t, - e2e.AsSubtest(p.String()), - e2e.WithProfile(p), - e2e.WithCommand("exec"), - e2e.WithArgs(c.env.ImagePath, "/bin/true"), - e2e.ExpectExit( - 255, - e2e.ExpectError(e2e.ContainMatch, "not implemented"), - ), - ) - } -} - // E2ETests is the main func to trigger the test suite func E2ETests(env e2e.TestEnv) testhelper.Tests { c := actionTests{ @@ -2466,9 +2448,12 @@ func E2ETests(env e2e.TestEnv) testhelper.Tests { "umask": c.actionUmask, // test umask propagation "no-mount": c.actionNoMount, // test --no-mount "compat": c.actionCompat, // test --compat - "ociRuntime": c.ociRuntime, // test --oci (unimplemented) "invalidRemote": np(c.invalidRemote), // GHSA-5mv9-q7fq-9394 "SIFFUSE": np(c.actionSIFFUSE), // test --sif-fuse "NoSIFFUSE": np(c.actionNoSIFFUSE), // test absence of squashfs and CleanupHost() + // + // OCI Runtime Mode + // + "ociRun": c.actionOciRun, // singularity run --oci } } diff --git a/e2e/actions/oci.go b/e2e/actions/oci.go new file mode 100644 index 0000000000..0fc2b9adb9 --- /dev/null +++ b/e2e/actions/oci.go @@ -0,0 +1,78 @@ +// Copyright (c) 2022, Sylabs Inc. All rights reserved. +// This software is licensed under a 3-clause BSD license. Please consult the +// LICENSE.md file distributed with the sources of this project regarding your +// rights to use or distribute this software. + +package actions + +import ( + "os" + "testing" + + "github.com/pkg/errors" + "github.com/sylabs/singularity/e2e/internal/e2e" + "github.com/sylabs/singularity/internal/pkg/test/tool/require" +) + +func (c actionTests) ociBundle(t *testing.T) (string, func()) { + require.Seccomp(t) + require.Filesystem(t, "overlay") + + bundleDir, err := os.MkdirTemp(c.env.TestDir, "bundle-") + if err != nil { + err = errors.Wrapf(err, "creating temporary bundle directory at %q", c.env.TestDir) + t.Fatalf("failed to create bundle directory: %+v", err) + } + c.env.RunSingularity( + t, + e2e.WithProfile(e2e.RootProfile), + e2e.WithCommand("oci mount"), + e2e.WithArgs(c.env.ImagePath, bundleDir), + e2e.ExpectExit(0), + ) + + cleanup := func() { + c.env.RunSingularity( + t, + e2e.WithProfile(e2e.RootProfile), + e2e.WithCommand("oci umount"), + e2e.WithArgs(bundleDir), + e2e.ExpectExit(0), + ) + os.RemoveAll(bundleDir) + } + + return bundleDir, cleanup +} + +func (c actionTests) actionOciRun(t *testing.T) { + e2e.EnsureImage(t, c.env) + + bundle, cleanup := c.ociBundle(t) + defer cleanup() + + tests := []struct { + name string + argv []string + exit int + }{ + { + name: "NoCommand", + argv: []string{bundle}, + exit: 0, + }, + } + + for _, tt := range tests { + c.env.RunSingularity( + t, + e2e.AsSubtest(tt.name), + e2e.WithProfile(e2e.OCIRootProfile), + e2e.WithCommand("run"), + // While we don't support args we are entering a /bin/sh interactively, so we need to exit. + e2e.ConsoleRun(e2e.ConsoleSendLine("exit")), + e2e.WithArgs(tt.argv...), + e2e.ExpectExit(tt.exit), + ) + } +} diff --git a/internal/pkg/runtime/launcher/launcher.go b/internal/pkg/runtime/launcher/launcher.go index 55643cee8b..ef2b273541 100644 --- a/internal/pkg/runtime/launcher/launcher.go +++ b/internal/pkg/runtime/launcher/launcher.go @@ -25,5 +25,5 @@ type Launcher interface { // the container#s initial process. If instanceName is specified, the // container must be launched as a background instance, otherwist it must // run interactively, attached to the console. - Exec(ctx context.Context, image string, args []string, instanceName string) error + Exec(ctx context.Context, image string, cmd string, args []string, instanceName string) error } diff --git a/internal/pkg/runtime/launcher/native/launcher_linux.go b/internal/pkg/runtime/launcher/native/launcher_linux.go index d28069a53c..e790fcc03f 100644 --- a/internal/pkg/runtime/launcher/native/launcher_linux.go +++ b/internal/pkg/runtime/launcher/native/launcher_linux.go @@ -93,9 +93,12 @@ func NewLauncher(opts ...launcher.Option) (*Launcher, error) { // This includes interactive containers, instances, and joining an existing instance. // //nolint:maintidx -func (l *Launcher) Exec(ctx context.Context, image string, args []string, instanceName string) error { +func (l *Launcher) Exec(ctx context.Context, image string, cmd string, args []string, instanceName string) error { var err error + // Native runtime expects command to execute as arg[0] + args = append([]string{cmd}, args...) + // Set arguments to pass to contained process. l.generator.SetProcessArgs(args) diff --git a/internal/pkg/runtime/launcher/oci/launcher_linux.go b/internal/pkg/runtime/launcher/oci/launcher_linux.go index 5705642239..7d4e1b7243 100644 --- a/internal/pkg/runtime/launcher/oci/launcher_linux.go +++ b/internal/pkg/runtime/launcher/oci/launcher_linux.go @@ -14,6 +14,7 @@ import ( "fmt" "strings" + "github.com/google/uuid" "github.com/sylabs/singularity/internal/pkg/buildcfg" "github.com/sylabs/singularity/internal/pkg/runtime/launcher" ) @@ -232,7 +233,23 @@ func checkOpts(lo launcher.Options) error { return nil } -// Exec is not yet implemented. -func (l *Launcher) Exec(ctx context.Context, image string, args []string, instanceName string) error { - return ErrNotImplemented +// Exec will interactively execute a container via the runc low-level runtime. +func (l *Launcher) Exec(ctx context.Context, image string, cmd string, args []string, instanceName string) error { + if instanceName != "" { + return fmt.Errorf("%w: instanceName", ErrNotImplemented) + } + + if cmd != "" { + return fmt.Errorf("%w: cmd %v", ErrNotImplemented, cmd) + } + + if len(args) > 0 { + return fmt.Errorf("%w: args %v", ErrNotImplemented, args) + } + + id, err := uuid.NewRandom() + if err != nil { + return fmt.Errorf("while generating container id: %w", err) + } + return Run(ctx, id.String(), image, "") } diff --git a/internal/pkg/runtime/launcher/oci/launcher_linux_test.go b/internal/pkg/runtime/launcher/oci/launcher_linux_test.go index d1a502073b..5181841b09 100644 --- a/internal/pkg/runtime/launcher/oci/launcher_linux_test.go +++ b/internal/pkg/runtime/launcher/oci/launcher_linux_test.go @@ -6,7 +6,6 @@ package oci import ( - "context" "reflect" "testing" @@ -54,14 +53,3 @@ func TestNewLauncher(t *testing.T) { }) } } - -func TestExec(t *testing.T) { - l, err := NewLauncher([]launcher.Option{}...) - if err != nil { - t.Errorf("Couldn't initialize launcher: %s", err) - } - - if err := l.Exec(context.Background(), "", []string{}, ""); err != ErrNotImplemented { - t.Errorf("Expected %v, got %v", ErrNotImplemented, err) - } -} diff --git a/internal/pkg/runtime/launcher/oci/oci_conmon_linux.go b/internal/pkg/runtime/launcher/oci/oci_conmon_linux.go index 710f3fae11..0bb10b724c 100644 --- a/internal/pkg/runtime/launcher/oci/oci_conmon_linux.go +++ b/internal/pkg/runtime/launcher/oci/oci_conmon_linux.go @@ -39,7 +39,7 @@ func Create(containerID, bundlePath string) error { if err != nil { return err } - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } @@ -92,12 +92,12 @@ func Create(containerID, bundlePath string) error { "--cid", containerID, "--name", containerID, "--cuuid", containerUUID.String(), - "--runtime", runc, + "--runtime", runtimeBin, "--conmon-pidfile", path.Join(sd, conmonPidFile), "--container-pidfile", path.Join(sd, containerPidFile), "--log-path", path.Join(sd, containerLogFile), "--runtime-arg", "--root", - "--runtime-arg", runcStateDir, + "--runtime-arg", runtimeStateDir(), "--runtime-arg", "--log", "--runtime-arg", path.Join(sd, runcLogFile), "--full-attach", diff --git a/internal/pkg/runtime/launcher/oci/oci_linux.go b/internal/pkg/runtime/launcher/oci/oci_linux.go index 1c81ad62cc..8b5f90f45f 100644 --- a/internal/pkg/runtime/launcher/oci/oci_linux.go +++ b/internal/pkg/runtime/launcher/oci/oci_linux.go @@ -16,15 +16,15 @@ import ( "time" securejoin "github.com/cyphar/filepath-securejoin" + "github.com/sylabs/singularity/internal/pkg/util/bin" "github.com/sylabs/singularity/internal/pkg/util/fs" "github.com/sylabs/singularity/internal/pkg/util/user" "github.com/sylabs/singularity/pkg/syfs" + "github.com/sylabs/singularity/pkg/sylog" "github.com/sylabs/singularity/pkg/util/fs/lock" ) const ( - // Absolute path for the runc state - runcStateDir = "/run/singularity-oci" // Relative path inside ~/.singularity for conmon and singularity state ociPath = "oci" // State directory files @@ -40,6 +40,26 @@ const ( createTimeout = 30 * time.Second ) +// runtime returns path to the OCI runtime - crun (preferred), or runc. +func runtime() (path string, err error) { + path, err = bin.FindBin("crun") + if err == nil { + return + } + sylog.Debugf("While finding crun: %s", err) + sylog.Warningf("crun not found. Will attempt to use runc, but not all functionality is supported.") + return bin.FindBin("runc") +} + +// runtimeStateDir returns path to use for crun/runc's state handling. +func runtimeStateDir() string { + uid := os.Getuid() + if uid == 0 { + return "/run/singularity-oci" + } + return fmt.Sprintf("/run/user/%d/singularity-oci", uid) +} + // stateDir returns the path to container state handled by conmon/singularity // (as opposed to runc's state in RuncStateDir) func stateDir(containerID string) (string, error) { diff --git a/internal/pkg/runtime/launcher/oci/oci_runc_linux.go b/internal/pkg/runtime/launcher/oci/oci_runc_linux.go index 492607ecb9..63cf9ccb77 100644 --- a/internal/pkg/runtime/launcher/oci/oci_runc_linux.go +++ b/internal/pkg/runtime/launcher/oci/oci_runc_linux.go @@ -21,21 +21,21 @@ import ( // Delete deletes container resources func Delete(ctx context.Context, containerID string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "delete", containerID, } - cmd := exec.Command(runc, runcArgs...) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) err = cmd.Run() if err != nil { return fmt.Errorf("while calling runc delete: %w", err) @@ -63,88 +63,88 @@ func Delete(ctx context.Context, containerID string) error { // Exec executes a command in a container func Exec(containerID string, cmdArgs []string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "exec", containerID, } - runcArgs = append(runcArgs, cmdArgs...) - cmd := exec.Command(runc, runcArgs...) + runtimeArgs = append(runtimeArgs, cmdArgs...) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) return cmd.Run() } // Kill kills container process func Kill(containerID string, killSignal string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "kill", containerID, killSignal, } - cmd := exec.Command(runc, runcArgs...) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) return cmd.Run() } // Pause pauses processes in a container func Pause(containerID string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "pause", containerID, } - cmd := exec.Command(runc, runcArgs...) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) return cmd.Run() } // Resume pauses processes in a container func Resume(containerID string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "resume", containerID, } - cmd := exec.Command(runc, runcArgs...) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) return cmd.Run() } // Run runs a container (equivalent to create/start/delete) func Run(ctx context.Context, containerID, bundlePath, pidFile string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } @@ -157,80 +157,80 @@ func Run(ctx context.Context, containerID, bundlePath, pidFile string) error { return fmt.Errorf("failed to change directory to %s: %s", absBundle, err) } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "run", "-b", absBundle, } if pidFile != "" { - runcArgs = append(runcArgs, "--pid-file="+pidFile) + runtimeArgs = append(runtimeArgs, "--pid-file="+pidFile) } - runcArgs = append(runcArgs, containerID) - cmd := exec.Command(runc, runcArgs...) + runtimeArgs = append(runtimeArgs, containerID) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) return cmd.Run() } // Start starts a previously created container func Start(containerID string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := bin.FindBin("crun") if err != nil { return err } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "start", containerID, } - cmd := exec.Command(runc, runcArgs...) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) return cmd.Run() } // State queries container state func State(containerID string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "state", containerID, } - cmd := exec.Command(runc, runcArgs...) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) return cmd.Run() } // Update updates container cgroups resources func Update(containerID, cgFile string) error { - runc, err := bin.FindBin("runc") + runtimeBin, err := runtime() if err != nil { return err } - runcArgs := []string{ - "--root", runcStateDir, + runtimeArgs := []string{ + "--root", runtimeStateDir(), "update", "-r", cgFile, containerID, } - cmd := exec.Command(runc, runcArgs...) + cmd := exec.Command(runtimeBin, runtimeArgs...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Stdin = os.Stdout - sylog.Debugf("Calling runc with args %v", runcArgs) + sylog.Debugf("Calling %s with args %v", runtimeBin, runtimeArgs) return cmd.Run() } diff --git a/internal/pkg/util/bin/bin.go b/internal/pkg/util/bin/bin.go index 668b605fb3..7958d8e6e5 100644 --- a/internal/pkg/util/bin/bin.go +++ b/internal/pkg/util/bin/bin.go @@ -36,7 +36,7 @@ func FindBin(name string) (path string, err error) { case "newuidmap", "newgidmap": return findOnPath(name) // distro provided OCI runtime - case "runc": + case "crun", "runc": return findOnPath(name) // our, or distro provided conmon case "conmon":