mirror of
https://github.com/opencontainers/runc.git
synced 2025-12-24 11:50:58 +08:00
584afc6756
Go 1.23 tightens access to internal symbols, and even puts runc into
"hall of shame" for using an internal symbol (recently added by commit
da68c8e3). So, while not impossible, it becomes harder to access those
internal symbols, and it is a bad idea in general.
Since Go 1.23 includes https://go.dev/cl/588076, we can clean the
internal rlimit cache by setting the RLIMIT_NOFILE for ourselves,
essentially disabling the rlimit cache.
Once Go 1.22 is no longer supported, we will remove the go:linkname hack.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
28 lines
1022 B
Go
28 lines
1022 B
Go
//go:build !go1.23
|
|
|
|
// TODO: remove this file once go 1.22 is no longer supported.
|
|
|
|
package system
|
|
|
|
import (
|
|
"sync/atomic"
|
|
"syscall"
|
|
_ "unsafe" // Needed for go:linkname to work.
|
|
)
|
|
|
|
//go:linkname syscallOrigRlimitNofile syscall.origRlimitNofile
|
|
var syscallOrigRlimitNofile atomic.Pointer[syscall.Rlimit]
|
|
|
|
// ClearRlimitNofileCache clears go runtime's nofile rlimit cache.
|
|
// The argument is process RLIMIT_NOFILE values.
|
|
func ClearRlimitNofileCache(_ *syscall.Rlimit) {
|
|
// As reported in issue #4195, the new version of go runtime(since 1.19)
|
|
// will cache rlimit-nofile. Before executing execve, the rlimit-nofile
|
|
// of the process will be restored with the cache. In runc, this will
|
|
// cause the rlimit-nofile setting by the parent process for the container
|
|
// to become invalid. It can be solved by clearing this cache. But
|
|
// unfortunately, go stdlib doesn't provide such function, so we need to
|
|
// link to the private var `origRlimitNofile` in package syscall to hack.
|
|
syscallOrigRlimitNofile.Store(nil)
|
|
}
|