diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 80fb4b2e6dd..7444381b817 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -217,8 +217,6 @@ jobs: # NOTE the execution environment lacks a terminal, needed for # some integration tests. So we use `ssh -tt` command to fake a terminal. - - uses: lima-vm/lima-actions/ssh@v1 - - name: "Run unit tests" run: ssh -tt lima-default sudo -i make -C /tmp/runc localunittest diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index faa7f1f8b25..e62bed7e708 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -41,10 +41,10 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v7 with: - version: v2.1 - # Extra linters, only checking new code from a pull request. + version: v2.5 + # Extra linters, only checking new code from a pull request to main. - name: lint-extra - if: github.event_name == 'pull_request' + if: github.event_name == 'pull_request' && github.base_ref == 'main' run: | golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 diff --git a/libcontainer/exeseal/cloned_binary_linux.go b/libcontainer/exeseal/cloned_binary_linux.go index 3bafc96a613..459b60d68aa 100644 --- a/libcontainer/exeseal/cloned_binary_linux.go +++ b/libcontainer/exeseal/cloned_binary_linux.go @@ -125,7 +125,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er // First, try an executable memfd (supported since Linux 3.17). file, sealFn, err = Memfd(comment) if err == nil { - return + return file, sealFn, err } logrus.Debugf("memfd cloned binary failed, falling back to O_TMPFILE: %v", err) @@ -154,7 +154,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er file.Close() continue } - return + return file, sealFn, err } logrus.Debugf("O_TMPFILE cloned binary failed, falling back to mktemp(): %v", err) // Finally, try a classic unlinked temporary file. @@ -168,7 +168,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er file.Close() continue } - return + return file, sealFn, err } return nil, nil, fmt.Errorf("could not create sealable file for cloned binary: %w", err) } diff --git a/libcontainer/integration/utils_test.go b/libcontainer/integration/utils_test.go index 9b4121bc5d6..091f96dda2b 100644 --- a/libcontainer/integration/utils_test.go +++ b/libcontainer/integration/utils_test.go @@ -209,7 +209,7 @@ func runContainer(t testing.TB, config *configs.Config, args ...string) (buffers } else { return buffers, -1, err } - return + return buffers, exitCode, err } // runContainerOk is a wrapper for runContainer, simplifying its use for cases diff --git a/libcontainer/internal/userns/usernsfd_linux.go b/libcontainer/internal/userns/usernsfd_linux.go index 2eb64cf76ca..00b5cd0a212 100644 --- a/libcontainer/internal/userns/usernsfd_linux.go +++ b/libcontainer/internal/userns/usernsfd_linux.go @@ -34,7 +34,7 @@ func (m Mapping) toSys() (uids, gids []syscall.SysProcIDMap) { Size: int(gid.Size), }) } - return + return uids, gids } // id returns a unique identifier for this mapping, agnostic of the order of diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 683b5e62425..9d4b5dcef55 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -236,7 +236,7 @@ func syscallMode(i fs.FileMode) (o uint32) { o |= unix.S_ISVTX } // No mapping for Go's ModeTemporary (plan9 only). - return + return o } // mountFd creates a "mount source fd" (either through open_tree(2) or just diff --git a/libcontainer/nsenter/nsenter_test.go b/libcontainer/nsenter/nsenter_test.go index c0b4e9b47e4..123448bc253 100644 --- a/libcontainer/nsenter/nsenter_test.go +++ b/libcontainer/nsenter/nsenter_test.go @@ -199,7 +199,7 @@ func newPipe(t *testing.T) (parent *os.File, child *os.File) { parent.Close() child.Close() }) - return + return parent, child } func reapChildren(t *testing.T, parent *os.File) { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index e57ce80eb6e..0eb25b2cf14 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1158,7 +1158,7 @@ func msMoveRoot(rootfs string) error { strings.HasPrefix(info.Mountpoint, rootfs) { skip = true } - return + return skip, stop }) if err != nil { return err diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 86de3137855..14c03f27796 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -665,7 +665,7 @@ func filterFlags(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (flags } } - return + return flags, noNewPrivs, err } func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err error) { @@ -695,7 +695,7 @@ func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err erro } runtime.KeepAlive(filter) runtime.KeepAlive(fprog) - return + return fd, err } // PatchAndLoad takes a seccomp configuration and a libseccomp filter which has diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 23003e17713..17a7d8043e0 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -111,5 +111,5 @@ func Annotations(labels []string) (bundle string, userAnnotations map[string]str userAnnotations[name] = value } } - return + return bundle, userAnnotations }