Browse code

vendor: github.com/opencontainers/cgroups v0.0.2

- Mark some fields with `omitempty` JSON attribute.
- Modernize code by using new Go features.
- systemd: write rounded CPU quota to cgroupfs.

full diff: https://github.com/opencontainers/cgroups/compare/v0.0.1...v0.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Sebastiaan van Stijn authored on 2025/05/26 18:30:39
Showing 11 changed files
... ...
@@ -81,7 +81,7 @@ require (
81 81
 	github.com/moby/sys/userns v0.1.0
82 82
 	github.com/moby/term v0.5.2
83 83
 	github.com/morikuni/aec v1.0.0
84
-	github.com/opencontainers/cgroups v0.0.1
84
+	github.com/opencontainers/cgroups v0.0.2
85 85
 	github.com/opencontainers/go-digest v1.0.0
86 86
 	github.com/opencontainers/image-spec v1.1.1
87 87
 	github.com/opencontainers/runtime-spec v1.2.1
... ...
@@ -441,8 +441,8 @@ github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C
441 441
 github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y=
442 442
 github.com/onsi/gomega v1.36.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
443 443
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
444
-github.com/opencontainers/cgroups v0.0.1 h1:MXjMkkFpKv6kpuirUa4USFBas573sSAY082B4CiHEVA=
445
-github.com/opencontainers/cgroups v0.0.1/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs=
444
+github.com/opencontainers/cgroups v0.0.2 h1:A+mAPPMfgKNCEZUUtibESFx06uvhAmvo8sSz3Abwk7o=
445
+github.com/opencontainers/cgroups v0.0.2/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs=
446 446
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
447 447
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
448 448
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
449 449
new file mode 100644
... ...
@@ -0,0 +1,21 @@
0
+# This is golangci-lint config file which is used to check NEW code in
1
+# github PRs only (see lint-extra in .github/workflows/validate.yml).
2
+#
3
+# For the default linter config, see .golangci.yml. This config should
4
+# only enable additional linters and/or linter settings not enabled
5
+# in the default config.
6
+version: "2"
7
+
8
+linters:
9
+  default: none
10
+  enable:
11
+    - godot
12
+    - revive
13
+    - staticcheck
14
+  settings:
15
+    staticcheck:
16
+      checks:
17
+        - all
18
+        - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression.
19
+  exclusions:
20
+    generated: strict
0 21
new file mode 100644
... ...
@@ -0,0 +1,31 @@
0
+# For documentation, see https://golangci-lint.run/usage/configuration/
1
+version: "2"
2
+
3
+formatters:
4
+  enable:
5
+    - gofumpt
6
+  exclusions:
7
+    generated: strict
8
+
9
+linters:
10
+  enable:
11
+    - errorlint
12
+    - nolintlint
13
+    - unconvert
14
+    - unparam
15
+  settings:
16
+    govet:
17
+      enable:
18
+        - nilness
19
+    staticcheck:
20
+      checks:
21
+        - all
22
+        - -ST1000 # https://staticcheck.dev/docs/checks/#ST1000 Incorrect or missing package comment.
23
+        - -ST1003 # https://staticcheck.dev/docs/checks/#ST1003 Poorly chosen identifier.
24
+        - -ST1005 # https://staticcheck.dev/docs/checks/#ST1005 Incorrectly formatted error string.
25
+        - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression.
26
+  exclusions:
27
+    generated: strict
28
+    presets:
29
+      - comments
30
+      - std-error-handling
... ...
@@ -23,7 +23,7 @@ However, specification releases have special restrictions in the [OCI charter][c
23 23
 * They are the target of backwards compatibility (ยง7.g), and
24 24
 * They are subject to the OFWa patent grant (ยง8.d and e).
25 25
 
26
-To avoid unfortunate side effects (onerous backwards compatibity requirements or Member resignations), the following additional procedures apply to specification releases:
26
+To avoid unfortunate side effects (onerous backwards compatibility requirements or Member resignations), the following additional procedures apply to specification releases:
27 27
 
28 28
 ### Planning a release
29 29
 
... ...
@@ -23,16 +23,16 @@ type Cgroup struct {
23 23
 
24 24
 	// Path specifies the path to cgroups that are created and/or joined by the container.
25 25
 	// The path is assumed to be relative to the host system cgroup mountpoint.
26
-	Path string `json:"path"`
26
+	Path string `json:"path,omitempty"`
27 27
 
28
-	// ScopePrefix describes prefix for the scope name
29
-	ScopePrefix string `json:"scope_prefix"`
28
+	// ScopePrefix describes prefix for the scope name.
29
+	ScopePrefix string `json:"scope_prefix,omitempty"`
30 30
 
31
-	// Resources contains various cgroups settings to apply
32
-	*Resources
31
+	// Resources contains various cgroups settings to apply.
32
+	*Resources `json:"Resources,omitempty"`
33 33
 
34 34
 	// Systemd tells if systemd should be used to manage cgroups.
35
-	Systemd bool
35
+	Systemd bool `json:"Systemd,omitempty"`
36 36
 
37 37
 	// SystemdProps are any additional properties for systemd,
38 38
 	// derived from org.systemd.property.xxx annotations.
... ...
@@ -40,7 +40,7 @@ type Cgroup struct {
40 40
 	SystemdProps []systemdDbus.Property `json:"-"`
41 41
 
42 42
 	// Rootless tells if rootless cgroups should be used.
43
-	Rootless bool
43
+	Rootless bool `json:"Rootless,omitempty"`
44 44
 
45 45
 	// The host UID that should own the cgroup, or nil to accept
46 46
 	// the default ownership.  This should only be set when the
... ...
@@ -52,96 +52,96 @@ type Cgroup struct {
52 52
 
53 53
 type Resources struct {
54 54
 	// Devices is the set of access rules for devices in the container.
55
-	Devices []*devices.Rule `json:"devices"`
55
+	Devices []*devices.Rule `json:"devices,omitempty"`
56 56
 
57
-	// Memory limit (in bytes)
58
-	Memory int64 `json:"memory"`
57
+	// Memory limit (in bytes).
58
+	Memory int64 `json:"memory,omitempty"`
59 59
 
60
-	// Memory reservation or soft_limit (in bytes)
61
-	MemoryReservation int64 `json:"memory_reservation"`
60
+	// Memory reservation or soft_limit (in bytes).
61
+	MemoryReservation int64 `json:"memory_reservation,omitempty"`
62 62
 
63
-	// Total memory usage (memory + swap); set `-1` to enable unlimited swap
64
-	MemorySwap int64 `json:"memory_swap"`
63
+	// Total memory usage (memory+swap); use -1 for unlimited swap.
64
+	MemorySwap int64 `json:"memory_swap,omitempty"`
65 65
 
66
-	// CPU shares (relative weight vs. other containers)
67
-	CpuShares uint64 `json:"cpu_shares"`
66
+	// CPU shares (relative weight vs. other containers).
67
+	CpuShares uint64 `json:"cpu_shares,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuShares should be CPUShares".
68 68
 
69 69
 	// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
70
-	CpuQuota int64 `json:"cpu_quota"`
70
+	CpuQuota int64 `json:"cpu_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota".
71 71
 
72 72
 	// CPU hardcap burst limit (in usecs). Allowed accumulated cpu time additionally for burst in a given period.
73
-	CpuBurst *uint64 `json:"cpu_burst"` //nolint:revive
73
+	CpuBurst *uint64 `json:"cpu_burst,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuBurst should be CPUBurst".
74 74
 
75 75
 	// CPU period to be used for hardcapping (in usecs). 0 to use system default.
76
-	CpuPeriod uint64 `json:"cpu_period"`
76
+	CpuPeriod uint64 `json:"cpu_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuPeriod should be CPUPeriod".
77 77
 
78 78
 	// How many time CPU will use in realtime scheduling (in usecs).
79
-	CpuRtRuntime int64 `json:"cpu_rt_quota"`
79
+	CpuRtRuntime int64 `json:"cpu_rt_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuRtRuntime should be CPURtRuntime".
80 80
 
81 81
 	// CPU period to be used for realtime scheduling (in usecs).
82
-	CpuRtPeriod uint64 `json:"cpu_rt_period"`
82
+	CpuRtPeriod uint64 `json:"cpu_rt_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota".
83 83
 
84
-	// CPU to use
85
-	CpusetCpus string `json:"cpuset_cpus"`
84
+	// Cpuset CPUs to use.
85
+	CpusetCpus string `json:"cpuset_cpus,omitempty"`
86 86
 
87
-	// MEM to use
88
-	CpusetMems string `json:"cpuset_mems"`
87
+	// Cpuset memory nodes to use.
88
+	CpusetMems string `json:"cpuset_mems,omitempty"`
89 89
 
90
-	// cgroup SCHED_IDLE
90
+	// Cgroup's SCHED_IDLE value.
91 91
 	CPUIdle *int64 `json:"cpu_idle,omitempty"`
92 92
 
93 93
 	// Process limit; set <= `0' to disable limit.
94
-	PidsLimit int64 `json:"pids_limit"`
94
+	PidsLimit int64 `json:"pids_limit,omitempty"`
95 95
 
96 96
 	// Specifies per cgroup weight, range is from 10 to 1000.
97
-	BlkioWeight uint16 `json:"blkio_weight"`
97
+	BlkioWeight uint16 `json:"blkio_weight,omitempty"`
98 98
 
99
-	// Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only
100
-	BlkioLeafWeight uint16 `json:"blkio_leaf_weight"`
99
+	// Tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only.
100
+	BlkioLeafWeight uint16 `json:"blkio_leaf_weight,omitempty"`
101 101
 
102 102
 	// Weight per cgroup per device, can override BlkioWeight.
103
-	BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device"`
103
+	BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device,omitempty"`
104 104
 
105 105
 	// IO read rate limit per cgroup per device, bytes per second.
106
-	BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device"`
106
+	BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device,omitempty"`
107 107
 
108 108
 	// IO write rate limit per cgroup per device, bytes per second.
109
-	BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device"`
109
+	BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device,omitempty"`
110 110
 
111 111
 	// IO read rate limit per cgroup per device, IO per second.
112
-	BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device"`
112
+	BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device,omitempty"`
113 113
 
114 114
 	// IO write rate limit per cgroup per device, IO per second.
115
-	BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device"`
115
+	BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device,omitempty"`
116 116
 
117
-	// set the freeze value for the process
118
-	Freezer FreezerState `json:"freezer"`
117
+	// Freeze value for the process.
118
+	Freezer FreezerState `json:"freezer,omitempty"`
119 119
 
120
-	// Hugetlb limit (in bytes)
121
-	HugetlbLimit []*HugepageLimit `json:"hugetlb_limit"`
120
+	// Hugetlb limit (in bytes).
121
+	HugetlbLimit []*HugepageLimit `json:"hugetlb_limit,omitempty"`
122 122
 
123
-	// Whether to disable OOM Killer
124
-	OomKillDisable bool `json:"oom_kill_disable"`
123
+	// Whether to disable OOM killer.
124
+	OomKillDisable bool `json:"oom_kill_disable,omitempty"`
125 125
 
126
-	// Tuning swappiness behaviour per cgroup
127
-	MemorySwappiness *uint64 `json:"memory_swappiness"`
126
+	// Tuning swappiness behaviour per cgroup.
127
+	MemorySwappiness *uint64 `json:"memory_swappiness,omitempty"`
128 128
 
129
-	// Set priority of network traffic for container
130
-	NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap"`
129
+	// Set priority of network traffic for container.
130
+	NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap,omitempty"`
131 131
 
132
-	// Set class identifier for container's network packets
133
-	NetClsClassid uint32 `json:"net_cls_classid_u"`
132
+	// Set class identifier for container's network packets.
133
+	NetClsClassid uint32 `json:"net_cls_classid_u,omitempty"`
134 134
 
135
-	// Rdma resource restriction configuration
136
-	Rdma map[string]LinuxRdma `json:"rdma"`
135
+	// Rdma resource restriction configuration.
136
+	Rdma map[string]LinuxRdma `json:"rdma,omitempty"`
137 137
 
138 138
 	// Used on cgroups v2:
139 139
 
140 140
 	// CpuWeight sets a proportional bandwidth limit.
141
-	CpuWeight uint64 `json:"cpu_weight"`
141
+	CpuWeight uint64 `json:"cpu_weight,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuWeight should be CPUWeight".
142 142
 
143 143
 	// Unified is cgroupv2-only key-value map.
144
-	Unified map[string]string `json:"unified"`
144
+	Unified map[string]string `json:"unified,omitempty"`
145 145
 
146 146
 	// SkipDevices allows to skip configuring device permissions.
147 147
 	// Used by e.g. kubelet while creating a parent cgroup (kubepods)
... ...
@@ -165,5 +165,5 @@ type Resources struct {
165 165
 	// MemoryCheckBeforeUpdate is a flag for cgroup v2 managers to check
166 166
 	// if the new memory limits (Memory and MemorySwap) being set are lower
167 167
 	// than the current memory usage, and reject if so.
168
-	MemoryCheckBeforeUpdate bool `json:"memory_check_before_update"`
168
+	MemoryCheckBeforeUpdate bool `json:"memory_check_before_update,omitempty"`
169 169
 }
... ...
@@ -20,10 +20,10 @@ type Device struct {
20 20
 	FileMode os.FileMode `json:"file_mode"`
21 21
 
22 22
 	// Uid of the device.
23
-	Uid uint32 `json:"uid"`
23
+	Uid uint32 `json:"uid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Uid should be UID".
24 24
 
25 25
 	// Gid of the device.
26
-	Gid uint32 `json:"gid"`
26
+	Gid uint32 `json:"gid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Gid should be GID".
27 27
 }
28 28
 
29 29
 // Permissions is a cgroupv1-style string to represent device access. It
... ...
@@ -9,6 +9,14 @@ type ThrottlingData struct {
9 9
 	ThrottledTime uint64 `json:"throttled_time,omitempty"`
10 10
 }
11 11
 
12
+type BurstData struct {
13
+	// Number of periods bandwidth burst occurs
14
+	BurstsPeriods uint64 `json:"bursts_periods,omitempty"`
15
+	// Cumulative wall-time that any cpus has used above quota in respective periods
16
+	// Units: nanoseconds.
17
+	BurstTime uint64 `json:"burst_time,omitempty"`
18
+}
19
+
12 20
 // CpuUsage denotes the usage of a CPU.
13 21
 // All CPU stats are aggregate since container inception.
14 22
 type CpuUsage struct {
... ...
@@ -48,6 +56,7 @@ type CpuStats struct {
48 48
 	CpuUsage       CpuUsage       `json:"cpu_usage,omitempty"`
49 49
 	ThrottlingData ThrottlingData `json:"throttling_data,omitempty"`
50 50
 	PSI            *PSIStats      `json:"psi,omitempty"`
51
+	BurstData      BurstData      `json:"burst_data,omitempty"`
51 52
 }
52 53
 
53 54
 type CPUSetStats struct {
... ...
@@ -231,7 +231,7 @@ func rmdir(path string, retry bool) error {
231 231
 
232 232
 again:
233 233
 	err := unix.Rmdir(path)
234
-	switch err { // nolint:errorlint // unix errors are bare
234
+	switch err {
235 235
 	case nil, unix.ENOENT:
236 236
 		return nil
237 237
 	case unix.EINTR:
... ...
@@ -395,7 +395,7 @@ func WriteCgroupProc(dir string, pid int) error {
395 395
 	}
396 396
 	defer file.Close()
397 397
 
398
-	for i := 0; i < 5; i++ {
398
+	for range 5 {
399 399
 		_, err = file.WriteString(strconv.Itoa(pid))
400 400
 		if err == nil {
401 401
 			return nil
... ...
@@ -5,6 +5,7 @@ import (
5 5
 	"fmt"
6 6
 	"os"
7 7
 	"path/filepath"
8
+	"slices"
8 9
 	"strings"
9 10
 	"sync"
10 11
 	"syscall"
... ...
@@ -144,10 +145,8 @@ func FindCgroupMountpointAndRoot(cgroupPath, subsystem string) (string, string,
144 144
 func findCgroupMountpointAndRootFromMI(mounts []*mountinfo.Info, cgroupPath, subsystem string) (string, string, error) {
145 145
 	for _, mi := range mounts {
146 146
 		if strings.HasPrefix(mi.Mountpoint, cgroupPath) {
147
-			for _, opt := range strings.Split(mi.VFSOptions, ",") {
148
-				if opt == subsystem {
149
-					return mi.Mountpoint, mi.Root, nil
150
-				}
147
+			if slices.Contains(strings.Split(mi.VFSOptions, ","), subsystem) {
148
+				return mi.Mountpoint, mi.Root, nil
151 149
 			}
152 150
 		}
153 151
 	}
... ...
@@ -1060,7 +1060,7 @@ github.com/morikuni/aec
1060 1060
 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
1061 1061
 ## explicit
1062 1062
 github.com/munnerz/goautoneg
1063
-# github.com/opencontainers/cgroups v0.0.1
1063
+# github.com/opencontainers/cgroups v0.0.2
1064 1064
 ## explicit; go 1.23.0
1065 1065
 github.com/opencontainers/cgroups
1066 1066
 github.com/opencontainers/cgroups/devices/config