Skip to content

Instantly share code, notes, and snippets.

View tiborvass's full-sized avatar

Tibor Vass tiborvass

156 followers · 3 following
  • Docker
View GitHub Profile
@tiborvass
tiborvass / csignal.go
Created April 10, 2021 23:20
go run csignal.go & sleep 1; kill -USR1 %%
package main
/*
#include <stdio.h>
#include <signal.h>
#include <stdlib.h>
#include <unistd.h>
extern double asin(double);
extern double acos(double);
@tiborvass
tiborvass / README.md
Last active April 1, 2021 20:38
Syscall interruption analysis in Docker

Since Go 1.14, changes in the Go runtime made it more likely for some syscalls to be interrupted by SIGURG despite Go's signal handler being set up with SA_RESTART. In those cases the syscalls return EINTR. In Go 1.15, the standard library packages other than syscall were fixed by adding a retry loop if EINTR is returned (e.g., os.File.Write). However, direct syscalls still may have the issue.

The goal of this document is to allow Docker to upgrade its binaries' Go version past 1.13 with confidence without blindly adding retry loops to every syscall. Throughout this analysis we are assuming SA_RESTART and Linux, as the risk of weird behaviors is on the daemon side.

There are two main tasks:

  1. Mark syscalls as EINTR-safe or EINTR-unsafe or EINTR-maybe
  2. Once that is done, we can look at the callsites of the EINTR-maybe syscalls to vet whether they truly are EINTR-safe or EINTR-unsafe.

1. Syscall vetting

@tiborvass
tiborvass / gist:b5691fb4c1faf4b387a5c1e4306cd829
Last active December 19, 2020 23:30
Workaround Docker Desktop for Windows 3.0.0
wsl.exe -d docker-desktop
nsenter -a -t $(pgrep lifecycle-server) find /var/lib/docker/containers -name config.v2.json -exec sed -i'' -E 's/"Running":true(,.*"Restarting":true)/"Running":false\1/' {} \;
@tiborvass
tiborvass / 2020-10-14-golang-syscalls.txt
Last active November 20, 2020 16:11
Retrieve list of blocking Linux syscall functions (apart from [Raw]Syscall*) callable from Go (skips syscalls marked as sysnb, also accounts for golang.org/x/sys/unix), along with their corresponding syscall constant number
Accept4 SYS_ACCEPT
Accept4 SYS_ACCEPT4
Accept SYS_ACCEPT
Access SYS_FACCESSAT
Acct SYS_ACCT
AddKey SYS_ADD_KEY
Adjtimex SYS_ADJTIMEX
AttachLsf SYS_SETSOCKOPT
Bind SYS_BIND
BindToDevice SYS_SETSOCKOPT
@tiborvass
tiborvass / docker-syscalls.txt
Last active October 16, 2020 01:27
List of blocking Linux syscalls used in Docker
# list-syscalls.sh ~/docker ~/containerd ~/cli ~/runc ~/go/src/github.com/docker/libnetwork ~/go/src/github.com/rootless-containers/rootlesskit
procCreateVirtualDisk.Addr()
procOpenVirtualDisk.Addr()
SYS_ACCEPT
SYS_ADD_KEY
SYS_BIND
SYS_CHDIR
SYS_CHROOT
SYS_CLOCK_GETTIME
SYS_CLONE
@tiborvass
tiborvass / unix.c
Created April 14, 2020 05:24
Pass fds over unix socket
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
static
@tiborvass
tiborvass / s3etag.sh
Created January 31, 2020 00:49 — forked from emersonf/s3etag.sh
A Bash script to compute ETag values for S3 multipart uploads on OS X.
#!/bin/bash
if [ $# -ne 2 ]; then
echo "Usage: $0 file partSizeInMb";
exit 0;
fi
file=$1
if [ ! -f "$file" ]; then
@tiborvass
tiborvass / demo.go
Last active January 17, 2020 16:04
Script to show fake demos with monkey typing: go run demo.go path/to/textfile [number_of_steps_to_skip]
package main
import (
"bufio"
"fmt"
"io"
"log"
"math/rand"
"os"
"os/exec"
@tiborvass
tiborvass / dockerfile-1.0.0-experimental.tar.gz.base64
Created July 18, 2019 17:53
This file has been truncated, but you can view the full file.
@tiborvass
tiborvass / create-user.sh
Last active May 15, 2019 06:33
#!/bin/bash
useradd -s /bin/bash -m unprivileged
cp -rf ~/.ssh ~unprivileged/
chown -R unprivileged:unprivileged ~unprivileged/.ssh/