[1.0] libct/user: fix parsing long /etc/group lines#3079
Merged
mrunalp merged 3 commits intoopencontainers:release-1.0from Jul 9, 2021
Merged
[1.0] libct/user: fix parsing long /etc/group lines#3079mrunalp merged 3 commits intoopencontainers:release-1.0from
mrunalp merged 3 commits intoopencontainers:release-1.0from
Conversation
Every []byte to string conversion results in a new allocation. Avoid some by using []byte more. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> (cherry picked from commit 120e3a7) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Same as in other places (other parsers here, as well as golang os/user parser and glibc parser all tolerate extra space at BOL and EOL). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> (cherry picked from commit 226dfab) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Lines in /etc/group longer than 64 characters breaks the current implementation of group parser. This is caused by bufio.Scanner buffer limit. Fix by re-using the fix for a similar problem in golang os/user, namely https://go-review.googlesource.com/c/go/+/283601. Add some tests. Co-authored-by: Andrey Bokhanko <andreybokhanko@gmail.com> Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> (cherry picked from commit 24d5daf) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Closed
AkihiroSuda
approved these changes
Jul 9, 2021
mrunalp
approved these changes
Jul 9, 2021
|
Thanks! Is there someone we can ask on the Docker side to get this backport fix incorporated? |
Member
|
The next runc bump in Docker should pull this in, since they update the binary and vendor dependencies at the same time. I'm surprised there isn't a test PR for 1.0.1 for Docker already, Akihiro usually sets those up when I make the release branch. If there isn't one on Monday, I'll cook it up. |
Member
|
Sorry for delay, opened moby/moby#42654 |
breakings
added a commit
to breakings/packages
that referenced
this pull request
Aug 8, 2021
This is the first stable release in the 1.0 branch, fixing a few medium
and high priority issues with runc 1.0.0, including a few that affect
Kubernetes' usage of libcontainer.
Bugfixes:
- Fixed occasional runc exec/run failure ("interrupted system call") on an
Azure volume. ([#3074](opencontainers/runc#3074))
- Fixed "unable to find groups ... token too long" error with /etc/group
containing lines longer than 64K characters. ([#3079](opencontainers/runc#3079))
- cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes). ([#3085](opencontainers/runc#3085))
- cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely. ([#3087](opencontainers/runc#3087))
- cgroup/systemd/v2: don't freeze cgroup on Set. ([#3092](opencontainers/runc#3092))
- cgroup/systemd/v1: avoid unnecessary freeze on Set. ([#3093](opencontainers/runc#3093))
This was referenced Nov 30, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a backport of #3062 to 1.0 branch. Clean cherry-pick, no issues. Original description follows.
Lines in /etc/group longer than 64 characters breaks the current
implementation of group parser. This is caused by bufio.Scanner
buffer limit.
Fix by re-using the fix for a similar problem in golang os/user,
namely https://go-review.googlesource.com/c/go/+/283601
(fixing a similar bug in golang os/user, golang/go#43636).
Add some tests.
Fixes: #3036
Reported-by: @erict-square
Co-authored-by: @andreybokhanko
Signed-off-by: Kir Kolyshkin kolyshkin@gmail.com
Proposed changelog entry