Skip to content

fix fd leaks and detect them as comprehensively as possible #5026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AkihiroSuda merged 5 commits into from
Nov 25, 2025
Merged

fix fd leaks and detect them as comprehensively as possible #5026

AkihiroSuda merged 5 commits into from
Nov 25, 2025

Conversation

@lifubang
Copy link
Member

@lifubang lifubang commented Nov 19, 2025
edited
Loading

Fix: #5021
Fix: #5007
Close: #5022
Close: #5024
Close: #5015

Without deferring the closure of this file descriptor, starting a container with a very large number of devices can hit the RLIMIT_NOFILE limit.

@lifubang lifubang force-pushed the ci-detect-fdleak-try-best branch 4 times, most recently from 3cb900b to f906fd3 Compare November 19, 2025 08:15
This was referenced Nov 19, 2025
Merged
Merged
@lifubang lifubang force-pushed the ci-detect-fdleak-try-best branch 2 times, most recently from c3ecaea to 9b8549e Compare November 20, 2025 01:29
@lifubang lifubang removed the area/ci label Nov 20, 2025
@lifubang lifubang changed the title ci: detect file descriptor leaks as comprehensively as possible detect file descriptor leaks as comprehensively as possible Nov 20, 2025
@lifubang lifubang mentioned this pull request Nov 20, 2025
Closed
cyphar
cyphar reviewed Nov 20, 2025
View reviewed changes
@cyphar cyphar added this to the 1.4.0 milestone Nov 20, 2025
@cyphar cyphar mentioned this pull request Nov 20, 2025
Closed
@cyphar cyphar added backport/1.2-todo A PR in main branch which needs to be backported to release-1.2 backport/1.3-todo A PR in main branch which needs to be backported to release-1.3 backport/1.4-todo A PR in main branch which needs to backported to release-1.4 labels Nov 20, 2025
@cyphar cyphar mentioned this pull request Nov 20, 2025
Closed
13 tasks
@lifubang lifubang force-pushed the ci-detect-fdleak-try-best branch from 9b8549e to 4c4376a Compare November 20, 2025 04:36
@lifubang lifubang mentioned this pull request Nov 20, 2025
Closed
@lifubang lifubang force-pushed the ci-detect-fdleak-try-best branch from 4c4376a to 0127cc6 Compare November 20, 2025 04:40
@lifubang lifubang mentioned this pull request Nov 20, 2025
Merged
@lifubang lifubang added backport/1.2-done A PR in main branch which has been backported to release-1.2 backport/1.3-done A PR in main branch which has been backported to release-1.3 backport/1.4-done A PR in main branch which has been backported to release-1.4 and removed backport/1.2-todo A PR in main branch which needs to be backported to release-1.2 backport/1.3-todo A PR in main branch which needs to be backported to release-1.3 backport/1.4-todo A PR in main branch which needs to backported to release-1.4 labels Nov 20, 2025
@cyphar cyphar mentioned this pull request Nov 20, 2025
Closed
@cyphar cyphar changed the title detect file descriptor leaks as comprehensively as possible fix fd leaks and detect them as comprehensively as possible Nov 20, 2025
@lifubang lifubang force-pushed the ci-detect-fdleak-try-best branch from 67f15f8 to d870650 Compare November 20, 2025 11:43
@lifubang
Copy link
Member Author

lifubang commented Nov 25, 2025

@opencontainers/runc-maintainers PTAL -- I’d like to propose cutting releases for v1.2.9, v1.3.4, and v1.4.0 this week. Please let me know if there are any concerns or blockers.

@cyphar
Copy link
Member

cyphar commented Nov 25, 2025

Yeah this is the only blocker left for those releases, it'd be nice to get it done this week...

AkihiroSuda
AkihiroSuda reviewed Nov 25, 2025
View reviewed changes
go.mod
github.com/containerd/console v1.0.5
github.com/coreos/go-systemd/v22 v22.6.0
github.com/cyphar/filepath-securejoin v0.6.0
github.com/cyphar/filepath-securejoin v0.6.1
Copy link
Member

@AkihiroSuda AkihiroSuda Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be bumped up by dependabot?

Copy link
Member Author

@lifubang lifubang Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I closed the Dependabot bump PR because we need these two PRs to fix #5021.

@AkihiroSuda AkihiroSuda merged commit 475473d into opencontainers:main Nov 25, 2025
37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cyphar cyphar cyphar approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@rata rata Awaiting requested review from rata

@thaJeztah thaJeztah Awaiting requested review from thaJeztah

@kolyshkin kolyshkin Awaiting requested review from kolyshkin

Assignees

No one assigned

Labels

backport/1.2-done A PR in main branch which has been backported to release-1.2 backport/1.3-done A PR in main branch which has been backported to release-1.3 backport/1.4-done A PR in main branch which has been backported to release-1.4

Projects

None yet

Milestone

1.4.0

3 participants

@lifubang @cyphar @AkihiroSuda