Skip to content

Commit

Permalink
Add runc_nocr build tag
Browse files Browse the repository at this point in the history
This allows to make a 17% smaller runc binary by not compiling in
checkpoint/restore support.

It turns out that google.golang.org/protobuf package, used by go-criu,
is quite big, and go linker can't drop unused stuff if reflection is
used anywhere in the code.

Currently there's no alternative to using protobuf in go-criu, and since
not all users use c/r, let's provide them an option for a smaller
binary.

For the reference, here's top10 biggest vendored packages, as reported
by gsa[1]:

$ gsa runc | grep vendor | head
│ 8.59%   │ google.golang.org/protobuf                  │ 1.3 MB │ vendor    │
│ 5.76%   │ github.com/opencontainers/runc              │ 865 kB │ vendor    │
│ 4.05%   │ github.com/cilium/ebpf                      │ 608 kB │ vendor    │
│ 2.86%   │ github.com/godbus/dbus/v5                   │ 429 kB │ vendor    │
│ 1.25%   │ github.com/urfave/cli                       │ 188 kB │ vendor    │
│ 0.90%   │ github.com/vishvananda/netlink              │ 135 kB │ vendor    │
│ 0.59%   │ github.com/sirupsen/logrus                  │ 89 kB  │ vendor    │
│ 0.56%   │ github.com/checkpoint-restore/go-criu/v6    │ 84 kB  │ vendor    │
│ 0.51%   │ golang.org/x/sys                            │ 76 kB  │ vendor    │
│ 0.47%   │ github.com/seccomp/libseccomp-golang        │ 71 kB  │ vendor    │

And here is a total binary size saving when `runc_nocr` is used.

For non-stripped binaries:

$ gsa runc-cr runc-nocr | tail -3
│ -17.04% │ runc-cr                                  │ 15 MB    │ 12 MB    │ -2.6 MB │
│         │ runc-nocr                                │          │          │         │
└─────────┴──────────────────────────────────────────┴──────────┴──────────┴─────────┘

And for stripped binaries:

│ -17.01% │ runc-cr-stripped                         │ 11 MB    │ 8.8 MB   │ -1.8 MB │
│         │ runc-nocr-stripped                       │          │          │         │
└─────────┴──────────────────────────────────────────┴──────────┴──────────┴─────────┘

[1]: https://github.com/Zxilly/go-size-analyzer

Signed-off-by: Kir Kolyshkin <[email protected]>
  • Loading branch information
kolyshkin committed Dec 6, 2024
1 parent 09888dc commit 1da2c5b
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/validate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ jobs:
go-version: "${{ env.GO_VERSION }}"
- name: compile with no build tags
run: make BUILDTAGS=""
- name: compile with runc_nocr build tag
run: make EXTRA_BUILDTAGS="runc_nocr"

codespell:
runs-on: ubuntu-24.04
Expand Down
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,17 @@ e.g. to disable seccomp:
make BUILDTAGS=""
```

To add some more build tags to the default set, use the `EXTRA_BUILDTAGS`
make variable, e.g. to disable checkpoint/restore:

```bash
make EXTRA_BUILDTAGS="runc_nocr"
```

| Build Tag | Feature | Enabled by Default | Dependencies |
|---------------|---------------------------------------|--------------------|---------------------|
| `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` |
| `runc_nocr` | Disables runc checkpoint/restore. | no | `criu` |

The following build tags were used earlier, but are now obsoleted:
- **runc_nodmz** (since runc v1.2.1 runc dmz binary is dropped)
Expand Down
2 changes: 2 additions & 0 deletions libcontainer/criu_linux.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
//go:build !runc_nocr

package libcontainer

import (
Expand Down

0 comments on commit 1da2c5b

Please sign in to comment.