diff --git a/pkg/sysinfo/cgroup2_linux.go b/pkg/sysinfo/cgroup2_linux.go index 62b01f87d5..f4fdb10be8 100644 --- a/pkg/sysinfo/cgroup2_linux.go +++ b/pkg/sysinfo/cgroup2_linux.go @@ -13,7 +13,6 @@ import ( ) func newV2(quiet bool, options ...Opt) *SysInfo { - var warnings []string sysInfo := &SysInfo{ CgroupUnified: true, cg2GroupPath: "/", @@ -52,11 +51,10 @@ func newV2(quiet bool, options ...Opt) *SysInfo { } for _, o := range ops { - w := o(sysInfo) - warnings = append(warnings, w...) + o(sysInfo) } if !quiet { - for _, w := range warnings { + for _, w := range sysInfo.Warnings { logrus.Warn(w) } } @@ -81,11 +79,10 @@ func getSwapLimitV2() bool { return true } -func applyMemoryCgroupInfoV2(info *SysInfo) []string { - var warnings []string +func applyMemoryCgroupInfoV2(info *SysInfo) { if _, ok := info.cg2Controllers["memory"]; !ok { - warnings = append(warnings, "Unable to find memory controller") - return warnings + info.Warnings = append(info.Warnings, "Unable to find memory controller") + return } info.MemoryLimit = true @@ -95,26 +92,22 @@ func applyMemoryCgroupInfoV2(info *SysInfo) []string { info.MemorySwappiness = false info.KernelMemory = false info.KernelMemoryTCP = false - return warnings } -func applyCPUCgroupInfoV2(info *SysInfo) []string { - var warnings []string +func applyCPUCgroupInfoV2(info *SysInfo) { if _, ok := info.cg2Controllers["cpu"]; !ok { - warnings = append(warnings, "Unable to find cpu controller") - return warnings + info.Warnings = append(info.Warnings, "Unable to find cpu controller") + return } info.CPUShares = true info.CPUCfs = true info.CPURealtime = false - return warnings } -func applyIOCgroupInfoV2(info *SysInfo) []string { - var warnings []string +func applyIOCgroupInfoV2(info *SysInfo) { if _, ok := info.cg2Controllers["io"]; !ok { - warnings = append(warnings, "Unable to find io controller") - return warnings + info.Warnings = append(info.Warnings, "Unable to find io controller") + return } info.BlkioWeight = true @@ -123,42 +116,36 @@ func applyIOCgroupInfoV2(info *SysInfo) []string { info.BlkioWriteBpsDevice = true info.BlkioReadIOpsDevice = true info.BlkioWriteIOpsDevice = true - return warnings } -func applyCPUSetCgroupInfoV2(info *SysInfo) []string { - var warnings []string +func applyCPUSetCgroupInfoV2(info *SysInfo) { if _, ok := info.cg2Controllers["cpuset"]; !ok { - warnings = append(warnings, "Unable to find cpuset controller") - return warnings + info.Warnings = append(info.Warnings, "Unable to find cpuset controller") + return } info.Cpuset = true cpus, err := ioutil.ReadFile(path.Join("/sys/fs/cgroup", info.cg2GroupPath, "cpuset.cpus.effective")) if err != nil { - return warnings + return } info.Cpus = strings.TrimSpace(string(cpus)) mems, err := ioutil.ReadFile(path.Join("/sys/fs/cgroup", info.cg2GroupPath, "cpuset.mems.effective")) if err != nil { - return warnings + return } info.Mems = strings.TrimSpace(string(mems)) - return warnings } -func applyPIDSCgroupInfoV2(info *SysInfo) []string { - var warnings []string +func applyPIDSCgroupInfoV2(info *SysInfo) { if _, ok := info.cg2Controllers["pids"]; !ok { - warnings = append(warnings, "Unable to find pids controller") - return warnings + info.Warnings = append(info.Warnings, "Unable to find pids controller") + return } info.PidsLimit = true - return warnings } -func applyDevicesCgroupInfoV2(info *SysInfo) []string { +func applyDevicesCgroupInfoV2(info *SysInfo) { info.CgroupDevicesEnabled = !userns.RunningInUserNS() - return nil } diff --git a/pkg/sysinfo/sysinfo.go b/pkg/sysinfo/sysinfo.go index b095ce1e9f..ac8a417581 100644 --- a/pkg/sysinfo/sysinfo.go +++ b/pkg/sysinfo/sysinfo.go @@ -37,6 +37,13 @@ type SysInfo struct { // Whether the cgroup is in unified mode (v2). CgroupUnified bool + // Warnings contains a slice of warnings that occurred while collecting + // system information. These warnings are intended to be informational + // messages for the user, and can either be logged or returned to the + // client; they are not intended to be parsed / used for other purposes, + // and do not have a fixed format. + Warnings []string + // cgMounts is the list of cgroup v1 mount paths, indexed by subsystem, to // inspect availability of subsystems. cgMounts map[string]string diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go index bba0fd03a6..2065d6c3f7 100644 --- a/pkg/sysinfo/sysinfo_linux.go +++ b/pkg/sysinfo/sysinfo_linux.go @@ -28,7 +28,7 @@ func findCgroupMountpoints() (map[string]string, error) { return mps, nil } -type infoCollector func(info *SysInfo) (warnings []string) +type infoCollector func(info *SysInfo) // WithCgroup2GroupPath specifies the cgroup v2 group path to inspect availability // of the controllers. @@ -45,7 +45,7 @@ func WithCgroup2GroupPath(g string) Opt { } // New returns a new SysInfo, using the filesystem to detect which features -// the kernel supports. If `quiet` is `false` warnings are printed in logs +// the kernel supports. If `quiet` is `false` info.Warnings are printed in logs // whenever an error occurs or misconfigurations are present. func New(quiet bool, options ...Opt) *SysInfo { if cdcgroups.Mode() == cdcgroups.Unified { @@ -56,9 +56,8 @@ func New(quiet bool, options ...Opt) *SysInfo { func newV1(quiet bool) *SysInfo { var ( - err error - warnings []string - sysInfo = &SysInfo{} + err error + sysInfo = &SysInfo{} ) ops := []infoCollector{ @@ -83,11 +82,10 @@ func newV1(quiet bool) *SysInfo { } for _, o := range ops { - w := o(sysInfo) - warnings = append(warnings, w...) + o(sysInfo) } if !quiet { - for _, w := range warnings { + for _, w := range sysInfo.Warnings { logrus.Warn(w) } } @@ -95,118 +93,108 @@ func newV1(quiet bool) *SysInfo { } // applyMemoryCgroupInfo adds the memory cgroup controller information to the info. -func applyMemoryCgroupInfo(info *SysInfo) []string { - var warnings []string +func applyMemoryCgroupInfo(info *SysInfo) { mountPoint, ok := info.cgMounts["memory"] if !ok { - warnings = append(warnings, "Your kernel does not support cgroup memory limit") - return warnings + info.Warnings = append(info.Warnings, "Your kernel does not support cgroup memory limit") + return } info.MemoryLimit = ok info.SwapLimit = cgroupEnabled(mountPoint, "memory.memsw.limit_in_bytes") if !info.SwapLimit { - warnings = append(warnings, "Your kernel does not support swap memory limit") + info.Warnings = append(info.Warnings, "Your kernel does not support swap memory limit") } info.MemoryReservation = cgroupEnabled(mountPoint, "memory.soft_limit_in_bytes") if !info.MemoryReservation { - warnings = append(warnings, "Your kernel does not support memory reservation") + info.Warnings = append(info.Warnings, "Your kernel does not support memory reservation") } info.OomKillDisable = cgroupEnabled(mountPoint, "memory.oom_control") if !info.OomKillDisable { - warnings = append(warnings, "Your kernel does not support oom control") + info.Warnings = append(info.Warnings, "Your kernel does not support oom control") } info.MemorySwappiness = cgroupEnabled(mountPoint, "memory.swappiness") if !info.MemorySwappiness { - warnings = append(warnings, "Your kernel does not support memory swappiness") + info.Warnings = append(info.Warnings, "Your kernel does not support memory swappiness") } info.KernelMemory = cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes") if !info.KernelMemory { - warnings = append(warnings, "Your kernel does not support kernel memory limit") + info.Warnings = append(info.Warnings, "Your kernel does not support kernel memory limit") } info.KernelMemoryTCP = cgroupEnabled(mountPoint, "memory.kmem.tcp.limit_in_bytes") if !info.KernelMemoryTCP { - warnings = append(warnings, "Your kernel does not support kernel memory TCP limit") + info.Warnings = append(info.Warnings, "Your kernel does not support kernel memory TCP limit") } - - return warnings } // applyCPUCgroupInfo adds the cpu cgroup controller information to the info. -func applyCPUCgroupInfo(info *SysInfo) []string { - var warnings []string +func applyCPUCgroupInfo(info *SysInfo) { mountPoint, ok := info.cgMounts["cpu"] if !ok { - warnings = append(warnings, "Unable to find cpu cgroup in mounts") - return warnings + info.Warnings = append(info.Warnings, "Unable to find cpu cgroup in mounts") + return } info.CPUShares = cgroupEnabled(mountPoint, "cpu.shares") if !info.CPUShares { - warnings = append(warnings, "Your kernel does not support CPU shares") + info.Warnings = append(info.Warnings, "Your kernel does not support CPU shares") } info.CPUCfs = cgroupEnabled(mountPoint, "cpu.cfs_quota_us") if !info.CPUCfs { - warnings = append(warnings, "Your kernel does not support CPU CFS scheduler") + info.Warnings = append(info.Warnings, "Your kernel does not support CPU CFS scheduler") } info.CPURealtime = cgroupEnabled(mountPoint, "cpu.rt_period_us") if !info.CPURealtime { - warnings = append(warnings, "Your kernel does not support CPU realtime scheduler") + info.Warnings = append(info.Warnings, "Your kernel does not support CPU realtime scheduler") } - - return warnings } // applyBlkioCgroupInfo adds the blkio cgroup controller information to the info. -func applyBlkioCgroupInfo(info *SysInfo) []string { - var warnings []string +func applyBlkioCgroupInfo(info *SysInfo) { mountPoint, ok := info.cgMounts["blkio"] if !ok { - warnings = append(warnings, "Unable to find blkio cgroup in mounts") - return warnings + info.Warnings = append(info.Warnings, "Unable to find blkio cgroup in mounts") + return } info.BlkioWeight = cgroupEnabled(mountPoint, "blkio.weight") if !info.BlkioWeight { - warnings = append(warnings, "Your kernel does not support cgroup blkio weight") + info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio weight") } info.BlkioWeightDevice = cgroupEnabled(mountPoint, "blkio.weight_device") if !info.BlkioWeightDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio weight_device") + info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio weight_device") } info.BlkioReadBpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.read_bps_device") if !info.BlkioReadBpsDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio throttle.read_bps_device") + info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.read_bps_device") } info.BlkioWriteBpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.write_bps_device") if !info.BlkioWriteBpsDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio throttle.write_bps_device") + info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.write_bps_device") } info.BlkioReadIOpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.read_iops_device") if !info.BlkioReadIOpsDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio throttle.read_iops_device") + info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.read_iops_device") } info.BlkioWriteIOpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.write_iops_device") if !info.BlkioWriteIOpsDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio throttle.write_iops_device") + info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.write_iops_device") } - - return warnings } // applyCPUSetCgroupInfo adds the cpuset cgroup controller information to the info. -func applyCPUSetCgroupInfo(info *SysInfo) []string { - var warnings []string +func applyCPUSetCgroupInfo(info *SysInfo) { mountPoint, ok := info.cgMounts["cpuset"] if !ok { - warnings = append(warnings, "Unable to find cpuset cgroup in mounts") - return warnings + info.Warnings = append(info.Warnings, "Unable to find cpuset cgroup in mounts") + return } info.Cpuset = ok @@ -214,66 +202,54 @@ func applyCPUSetCgroupInfo(info *SysInfo) []string { cpus, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.cpus")) if err != nil { - return warnings + return } info.Cpus = strings.TrimSpace(string(cpus)) mems, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.mems")) if err != nil { - return warnings + return } info.Mems = strings.TrimSpace(string(mems)) - - return warnings } // applyPIDSCgroupInfo adds whether the pids cgroup controller is available to the info. -func applyPIDSCgroupInfo(info *SysInfo) []string { - var warnings []string +func applyPIDSCgroupInfo(info *SysInfo) { _, ok := info.cgMounts["pids"] if !ok { - warnings = append(warnings, "Unable to find pids cgroup in mounts") - return warnings + info.Warnings = append(info.Warnings, "Unable to find pids cgroup in mounts") + return } info.PidsLimit = true - return warnings } // applyDevicesCgroupInfo adds whether the devices cgroup controller is available to the info. -func applyDevicesCgroupInfo(info *SysInfo) []string { - var warnings []string +func applyDevicesCgroupInfo(info *SysInfo) { _, ok := info.cgMounts["devices"] info.CgroupDevicesEnabled = ok - return warnings } // applyNetworkingInfo adds networking information to the info. -func applyNetworkingInfo(info *SysInfo) []string { - var warnings []string +func applyNetworkingInfo(info *SysInfo) { info.IPv4ForwardingDisabled = !readProcBool("/proc/sys/net/ipv4/ip_forward") info.BridgeNFCallIPTablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-iptables") info.BridgeNFCallIP6TablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-ip6tables") - return warnings } // applyAppArmorInfo adds whether AppArmor is enabled to the info. -func applyAppArmorInfo(info *SysInfo) []string { - var warnings []string +func applyAppArmorInfo(info *SysInfo) { if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) { if _, err := ioutil.ReadFile("/sys/kernel/security/apparmor/profiles"); err == nil { info.AppArmor = true } } - return warnings } // applyCgroupNsInfo adds whether cgroupns is enabled to the info. -func applyCgroupNsInfo(info *SysInfo) []string { - var warnings []string +func applyCgroupNsInfo(info *SysInfo) { if _, err := os.Stat("/proc/self/ns/cgroup"); !os.IsNotExist(err) { info.CgroupNamespaces = true } - return warnings } var ( @@ -282,8 +258,7 @@ var ( ) // applySeccompInfo checks if Seccomp is supported, via CONFIG_SECCOMP. -func applySeccompInfo(info *SysInfo) []string { - var warnings []string +func applySeccompInfo(info *SysInfo) { seccompOnce.Do(func() { // Check if Seccomp is supported, via CONFIG_SECCOMP. if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL { @@ -294,7 +269,6 @@ func applySeccompInfo(info *SysInfo) []string { } }) info.Seccomp = seccompEnabled - return warnings } func cgroupEnabled(mountPoint, name string) bool {