Merge pull request opencontainers#3302 from kolyshkin/ci-unparam

Enable unparam linter; fix/mute existing warnings

.golangci.yml

@@ -9,3 +9,4 @@ linters:
     - gofumpt
     - errorlint
     - unconvert
+    - unparam

checkpoint.go

@@ -80,7 +80,7 @@ checkpointed.`,
 func prepareImagePaths(context *cli.Context) (string, string, error) {
 	imagePath := context.String("image-path")
 	if imagePath == "" {
-		imagePath = getDefaultImagePath(context)
+		imagePath = getDefaultImagePath()
 	}
 
 	if err := os.MkdirAll(imagePath, 0o600); err != nil {

libcontainer/cgroups/devices/devices_emulator.go

@@ -139,7 +139,7 @@ func parseLine(line string) (*deviceRule, error) {
 	return &rule, nil
 }
 
-func (e *Emulator) addRule(rule deviceRule) error {
+func (e *Emulator) addRule(rule deviceRule) error { //nolint:unparam
 	if e.rules == nil {
 		e.rules = make(map[deviceMeta]devices.Permissions)
 	}

libcontainer/cgroups/ebpf/devicefilter/devicefilter.go

@@ -65,8 +65,7 @@ func DeviceFilter(rules []*devices.Rule) (asm.Instructions, string, error) {
 			return nil, "", err
 		}
 	}
-	insts, err := p.finalize()
-	return insts, license, err
+	return p.finalize(), license, nil
 }
 
 type program struct {
@@ -181,7 +180,7 @@ func (p *program) appendRule(rule *devices.Rule) error {
 	return nil
 }
 
-func (p *program) finalize() (asm.Instructions, error) {
+func (p *program) finalize() asm.Instructions {
 	var v int32
 	if p.defaultAllow {
 		v = 1
@@ -193,7 +192,7 @@ func (p *program) finalize() (asm.Instructions, error) {
 		asm.Return(),
 	)
 	p.blockID = -1
-	return p.insts, nil
+	return p.insts
 }
 
 func acceptBlock(accept bool) asm.Instructions {

libcontainer/cgroups/fs/blkio_test.go

@@ -164,7 +164,7 @@ type blkioStatFailureTestCase struct {
 	filename string
 }
 
-func appendBlkioStatEntry(blkioStatEntries *[]cgroups.BlkioStatEntry, major, minor, value uint64, op string) {
+func appendBlkioStatEntry(blkioStatEntries *[]cgroups.BlkioStatEntry, major, minor, value uint64, op string) { //nolint:unparam
 	*blkioStatEntries = append(*blkioStatEntries, cgroups.BlkioStatEntry{Major: major, Minor: minor, Value: value, Op: op})
 }
 

libcontainer/factory_linux.go

@@ -231,7 +231,7 @@ func (l *LinuxFactory) Load(id string) (Container, error) {
 	if err != nil {
 		return nil, err
 	}
-	state, err := l.loadState(containerRoot, id)
+	state, err := l.loadState(containerRoot)
 	if err != nil {
 		return nil, err
 	}
@@ -351,7 +351,7 @@ func (l *LinuxFactory) StartInitialization() (err error) {
 	return i.Init()
 }
 
-func (l *LinuxFactory) loadState(root, id string) (*State, error) {
+func (l *LinuxFactory) loadState(root string) (*State, error) {
 	stateFilePath, err := securejoin.SecureJoin(root, stateFilename)
 	if err != nil {
 		return nil, err

libcontainer/init_linux.go

@@ -360,7 +360,7 @@ func setupUser(config *initConfig) error {
 
 	// Before we change to the container's user make sure that the processes
 	// STDIO is correctly owned by the user that we are switching to.
-	if err := fixStdioPermissions(config, execUser); err != nil {
+	if err := fixStdioPermissions(execUser); err != nil {
 		return err
 	}
 
@@ -401,7 +401,7 @@ func setupUser(config *initConfig) error {
 // fixStdioPermissions fixes the permissions of PID 1's STDIO within the container to the specified user.
 // The ownership needs to match because it is created outside of the container and needs to be
 // localized.
-func fixStdioPermissions(config *initConfig, u *user.ExecUser) error {
+func fixStdioPermissions(u *user.ExecUser) error {
 	var null unix.Stat_t
 	if err := unix.Stat("/dev/null", &null); err != nil {
 		return &os.PathError{Op: "stat", Path: "/dev/null", Err: err}

libcontainer/integration/exec_test.go

@@ -40,7 +40,7 @@ func testExecPS(t *testing.T, userns bool) {
 	}
 	config := newTemplateConfig(t, &tParam{userns: userns})
 
-	buffers, exitCode, err := runContainer(t, config, "", "ps", "-o", "pid,user,comm")
+	buffers, exitCode, err := runContainer(t, config, "ps", "-o", "pid,user,comm")
 	if err != nil {
 		t.Fatalf("%s: %s", buffers, err)
 	}
@@ -67,7 +67,7 @@ func TestIPCPrivate(t *testing.T) {
 	ok(t, err)
 
 	config := newTemplateConfig(t, nil)
-	buffers, exitCode, err := runContainer(t, config, "", "readlink", "/proc/self/ns/ipc")
+	buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/ipc")
 	ok(t, err)
 
 	if exitCode != 0 {
@@ -89,7 +89,7 @@ func TestIPCHost(t *testing.T) {
 
 	config := newTemplateConfig(t, nil)
 	config.Namespaces.Remove(configs.NEWIPC)
-	buffers, exitCode, err := runContainer(t, config, "", "readlink", "/proc/self/ns/ipc")
+	buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/ipc")
 	ok(t, err)
 
 	if exitCode != 0 {
@@ -112,7 +112,7 @@ func TestIPCJoinPath(t *testing.T) {
 	config := newTemplateConfig(t, nil)
 	config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipc")
 
-	buffers, exitCode, err := runContainer(t, config, "", "readlink", "/proc/self/ns/ipc")
+	buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/ipc")
 	ok(t, err)
 
 	if exitCode != 0 {
@@ -132,7 +132,7 @@ func TestIPCBadPath(t *testing.T) {
 	config := newTemplateConfig(t, nil)
 	config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipcc")
 
-	if _, _, err := runContainer(t, config, "", "true"); err == nil {
+	if _, _, err := runContainer(t, config, "true"); err == nil {
 		t.Fatal("container succeeded with bad ipc path")
 	}
 }
@@ -163,7 +163,7 @@ func testRlimit(t *testing.T, userns bool) {
 		Cur: 1024,
 	}))
 
-	out, _, err := runContainer(t, config, "", "/bin/sh", "-c", "ulimit -n")
+	out, _, err := runContainer(t, config, "/bin/sh", "-c", "ulimit -n")
 	ok(t, err)
 	if limit := strings.TrimSpace(out.Stdout.String()); limit != "1025" {
 		t.Fatalf("expected rlimit to be 1025, got %s", limit)
@@ -537,7 +537,7 @@ func testCpuShares(t *testing.T, systemd bool) {
 	config := newTemplateConfig(t, &tParam{systemd: systemd})
 	config.Cgroups.Resources.CpuShares = 1
 
-	if _, _, err := runContainer(t, config, "", "ps"); err == nil {
+	if _, _, err := runContainer(t, config, "ps"); err == nil {
 		t.Fatalf("runContainer should failed with invalid CpuShares")
 	}
 }
@@ -562,7 +562,7 @@ func testPids(t *testing.T, systemd bool) {
 	config.Cgroups.Resources.PidsLimit = -1
 
 	// Running multiple processes.
-	_, ret, err := runContainer(t, config, "", "/bin/sh", "-c", "/bin/true | /bin/true | /bin/true | /bin/true")
+	_, ret, err := runContainer(t, config, "/bin/sh", "-c", "/bin/true | /bin/true | /bin/true | /bin/true")
 	ok(t, err)
 
 	if ret != 0 {
@@ -572,7 +572,7 @@ func testPids(t *testing.T, systemd bool) {
 	// Enforce a permissive limit. This needs to be fairly hand-wavey due to the
 	// issues with running Go binaries with pids restrictions (see below).
 	config.Cgroups.Resources.PidsLimit = 64
-	_, ret, err = runContainer(t, config, "", "/bin/sh", "-c", `
+	_, ret, err = runContainer(t, config, "/bin/sh", "-c", `
 	/bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true |
 	/bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true |
 	/bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true |
@@ -586,7 +586,7 @@ func testPids(t *testing.T, systemd bool) {
 	// Enforce a restrictive limit. 64 * /bin/true + 1 * shell should cause this
 	// to fail reliability.
 	config.Cgroups.Resources.PidsLimit = 64
-	out, _, err := runContainer(t, config, "", "/bin/sh", "-c", `
+	out, _, err := runContainer(t, config, "/bin/sh", "-c", `
 	/bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true |
 	/bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true |
 	/bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true |
@@ -632,7 +632,7 @@ func testCgroupResourcesUnifiedErrorOnV1(t *testing.T, systemd bool) {
 	config.Cgroups.Resources.Unified = map[string]string{
 		"memory.min": "10240",
 	}
-	_, _, err := runContainer(t, config, "", "true")
+	_, _, err := runContainer(t, config, "true")
 	if !strings.Contains(err.Error(), cgroups.ErrV1NoUnified.Error()) {
 		t.Fatalf("expected error to contain %v, got %v", cgroups.ErrV1NoUnified, err)
 	}
@@ -716,7 +716,7 @@ func testCgroupResourcesUnified(t *testing.T, systemd bool) {
 
 	for _, tc := range testCases {
 		config.Cgroups.Resources.Unified = tc.cfg
-		buffers, ret, err := runContainer(t, config, "", tc.cmd...)
+		buffers, ret, err := runContainer(t, config, tc.cmd...)
 		if tc.expError != "" {
 			if err == nil {
 				t.Errorf("case %q failed: expected error, got nil", tc.name)
@@ -934,7 +934,7 @@ func TestMountCgroupRO(t *testing.T) {
 		return
 	}
 	config := newTemplateConfig(t, nil)
-	buffers, exitCode, err := runContainer(t, config, "", "mount")
+	buffers, exitCode, err := runContainer(t, config, "mount")
 	if err != nil {
 		t.Fatalf("%s: %s", buffers, err)
 	}
@@ -981,7 +981,7 @@ func TestMountCgroupRW(t *testing.T) {
 		}
 	}
 
-	buffers, exitCode, err := runContainer(t, config, "", "mount")
+	buffers, exitCode, err := runContainer(t, config, "mount")
 	if err != nil {
 		t.Fatalf("%s: %s", buffers, err)
 	}
@@ -1198,7 +1198,7 @@ func TestSTDIOPermissions(t *testing.T) {
 	}
 
 	config := newTemplateConfig(t, nil)
-	buffers, exitCode, err := runContainer(t, config, "", "sh", "-c", "echo hi > /dev/stderr")
+	buffers, exitCode, err := runContainer(t, config, "sh", "-c", "echo hi > /dev/stderr")
 	ok(t, err)
 	if exitCode != 0 {
 		t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr)
@@ -1446,7 +1446,7 @@ func TestPIDHost(t *testing.T) {
 
 	config := newTemplateConfig(t, nil)
 	config.Namespaces.Remove(configs.NEWPID)
-	buffers, exitCode, err := runContainer(t, config, "", "readlink", "/proc/self/ns/pid")
+	buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/pid")
 	ok(t, err)
 
 	if exitCode != 0 {
@@ -1740,7 +1740,7 @@ func TestCGROUPPrivate(t *testing.T) {
 
 	config := newTemplateConfig(t, nil)
 	config.Namespaces.Add(configs.NEWCGROUP, "")
-	buffers, exitCode, err := runContainer(t, config, "", "readlink", "/proc/self/ns/cgroup")
+	buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/cgroup")
 	ok(t, err)
 
 	if exitCode != 0 {
@@ -1764,7 +1764,7 @@ func TestCGROUPHost(t *testing.T) {
 	ok(t, err)
 
 	config := newTemplateConfig(t, nil)
-	buffers, exitCode, err := runContainer(t, config, "", "readlink", "/proc/self/ns/cgroup")
+	buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/cgroup")
 	ok(t, err)
 
 	if exitCode != 0 {
@@ -1801,7 +1801,7 @@ func testFdLeaks(t *testing.T, systemd bool) {
 	ok(t, err)
 
 	config := newTemplateConfig(t, &tParam{systemd: systemd})
-	buffers, exitCode, err := runContainer(t, config, "", "true")
+	buffers, exitCode, err := runContainer(t, config, "true")
 	ok(t, err)
 
 	if exitCode != 0 {

libcontainer/integration/seccomp_test.go

@@ -282,7 +282,7 @@ func TestSeccompPermitWriteMultipleConditions(t *testing.T) {
 		},
 	}
 
-	buffers, exitCode, err := runContainer(t, config, "", "ls", "/")
+	buffers, exitCode, err := runContainer(t, config, "ls", "/")
 	if err != nil {
 		t.Fatalf("%s: %s", buffers, err)
 	}
@@ -331,7 +331,7 @@ func TestSeccompDenyWriteMultipleConditions(t *testing.T) {
 		},
 	}
 
-	buffers, exitCode, err := runContainer(t, config, "", "ls", "/does_not_exist")
+	buffers, exitCode, err := runContainer(t, config, "ls", "/does_not_exist")
 	if err == nil {
 		t.Fatalf("Expecting error return, instead got 0")
 	}
@@ -375,7 +375,7 @@ func TestSeccompMultipleConditionSameArgDeniesStdout(t *testing.T) {
 		},
 	}
 
-	buffers, exitCode, err := runContainer(t, config, "", "ls", "/")
+	buffers, exitCode, err := runContainer(t, config, "ls", "/")
 	if err != nil {
 		t.Fatalf("%s: %s", buffers, err)
 	}
@@ -417,7 +417,7 @@ func TestSeccompMultipleConditionSameArgDeniesStderr(t *testing.T) {
 		},
 	}
 
-	buffers, exitCode, err := runContainer(t, config, "", "ls", "/does_not_exist")
+	buffers, exitCode, err := runContainer(t, config, "ls", "/does_not_exist")
 	if err == nil {
 		t.Fatalf("Expecting error return, instead got 0")
 	}

libcontainer/integration/utils_test.go

@@ -180,7 +180,7 @@ func newContainer(t *testing.T, config *configs.Config) (libcontainer.Container,
 //
 // buffers are returned containing the STDOUT and STDERR output for the run
 // along with the exit code and any go error
-func runContainer(t *testing.T, config *configs.Config, console string, args ...string) (buffers *stdBuffers, exitCode int, err error) {
+func runContainer(t *testing.T, config *configs.Config, args ...string) (buffers *stdBuffers, exitCode int, err error) {
 	container, err := newContainer(t, config)
 	if err != nil {
 		return nil, -1, err

notify_socket.go

@@ -43,7 +43,7 @@ func (s *notifySocket) Close() error {
 
 // If systemd is supporting sd_notify protocol, this function will add support
 // for sd_notify protocol from within the container.
-func (s *notifySocket) setupSpec(context *cli.Context, spec *specs.Spec) error {
+func (s *notifySocket) setupSpec(spec *specs.Spec) {
 	pathInContainer := filepath.Join("/run/notify", path.Base(s.socketPath))
 	mount := specs.Mount{
 		Destination: path.Dir(pathInContainer),
@@ -52,7 +52,6 @@ func (s *notifySocket) setupSpec(context *cli.Context, spec *specs.Spec) error {
 	}
 	spec.Mounts = append(spec.Mounts, mount)
 	spec.Process.Env = append(spec.Process.Env, "NOTIFY_SOCKET="+pathInContainer)
-	return nil
 }
 
 func (s *notifySocket) bindSocket() error {

tty.go

@@ -63,11 +63,10 @@ func setupProcessPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, err
 	return t, nil
 }
 
-func inheritStdio(process *libcontainer.Process) error {
+func inheritStdio(process *libcontainer.Process) {
 	process.Stdin = os.Stdin
 	process.Stdout = os.Stdout
 	process.Stderr = os.Stderr
-	return nil
 }
 
 func (t *tty) initHostConsole() error {
@@ -100,7 +99,7 @@ func (t *tty) initHostConsole() error {
 	return nil
 }
 
-func (t *tty) recvtty(process *libcontainer.Process, socket *os.File) (Err error) {
+func (t *tty) recvtty(socket *os.File) (Err error) {
 	f, err := utils.RecvFd(socket)
 	if err != nil {
 		return err
@@ -160,16 +159,15 @@ func (t *tty) waitConsole() error {
 
 // ClosePostStart closes any fds that are provided to the container and dup2'd
 // so that we no longer have copy in our process.
-func (t *tty) ClosePostStart() error {
+func (t *tty) ClosePostStart() {
 	for _, c := range t.postStart {
 		_ = c.Close()
 	}
-	return nil
 }
 
 // Close closes all open fds for the tty and/or restores the original
 // stdin state to what it was prior to the container execution
-func (t *tty) Close() error {
+func (t *tty) Close() {
 	// ensure that our side of the fds are always closed
 	for _, c := range t.postStart {
 		_ = c.Close()
@@ -186,7 +184,6 @@ func (t *tty) Close() error {
 	if t.hostConsole != nil {
 		_ = t.hostConsole.Reset()
 	}
-	return nil
 }
 
 func (t *tty) resize() error {