More linting fixes (with golint/revive enabled)

checkpoint.go

@@ -8,7 +8,7 @@ import (
 	"path/filepath"
 	"strconv"
 
-	criu "github.com/checkpoint-restore/go-criu/v5/rpc"
+	criurpc "github.com/checkpoint-restore/go-criu/v5/rpc"
 	"github.com/opencontainers/runc/libcontainer"
 	"github.com/opencontainers/runc/libcontainer/userns"
 	"github.com/opencontainers/runtime-spec/specs-go"
@@ -133,11 +133,11 @@ func setManageCgroupsMode(context *cli.Context, options *libcontainer.CriuOpts)
 	if cgOpt := context.String("manage-cgroups-mode"); cgOpt != "" {
 		switch cgOpt {
 		case "soft":
-			options.ManageCgroupsMode = criu.CriuCgMode_SOFT
+			options.ManageCgroupsMode = criurpc.CriuCgMode_SOFT
 		case "full":
-			options.ManageCgroupsMode = criu.CriuCgMode_FULL
+			options.ManageCgroupsMode = criurpc.CriuCgMode_FULL
 		case "strict":
-			options.ManageCgroupsMode = criu.CriuCgMode_STRICT
+			options.ManageCgroupsMode = criurpc.CriuCgMode_STRICT
 		default:
 			fatal(errors.New("Invalid manage cgroups mode"))
 		}

create.go

@@ -56,7 +56,7 @@ command(s) that get executed on start, edit the args parameter of the spec. See
 		if err := checkArgs(context, 1, exactArgs); err != nil {
 			return err
 		}
-		status, err := startContainer(context, CT_ACT_CREATE, nil)
+		status, err := startContainer(context, actCreate, nil)
 		if err == nil {
 			// exit with the container's exit status so any external supervisor
 			// is notified of the exit with the correct exit status.

exec.go

@@ -180,7 +180,7 @@ func execProcess(context *cli.Context) (int, error) {
 		consoleSocket:   context.String("console-socket"),
 		detach:          context.Bool("detach"),
 		pidFile:         context.String("pid-file"),
-		action:          CT_ACT_RUN,
+		action:          actRun,
 		init:            false,
 		preserveFDs:     context.Int("preserve-fds"),
 		subCgroupPaths:  cgPaths,

libcontainer/capabilities/capabilities.go

@@ -113,7 +113,7 @@ func (c *Caps) ApplyBoundingSet() error {
 	return c.pid.Apply(capability.BOUNDING)
 }
 
-// Apply sets all the capabilities for the current process in the config.
+// ApplyCaps sets all the capabilities for the current process in the config.
 func (c *Caps) ApplyCaps() error {
 	c.pid.Clear(allCapabilityTypes)
 	for _, g := range capTypes {

libcontainer/cgroups/devices/devices_emulator.go

@@ -304,7 +304,7 @@ func EmulatorFromList(list io.Reader) (*Emulator, error) {
 // This function is the sole reason for all of Emulator -- to allow us
 // to figure out how to update a containers' cgroups without causing spurious
 // device errors (if possible).
-func (source *Emulator) Transition(target *Emulator) ([]*devices.Rule, error) {
+func (source *Emulator) Transition(target *Emulator) ([]*devices.Rule, error) { //nolint:revive // ignore receiver name should be consistent
 	var transitionRules []*devices.Rule
 	oldRules := source.rules
 

libcontainer/cgroups/ebpf/ebpf_linux.go

@@ -33,12 +33,12 @@ func findAttachedCgroupDeviceFilters(dirFd int) ([]*ebpf.Program, error) {
 	size := 64
 	retries := 0
 	for retries < 10 {
-		progIds := make([]uint32, size)
+		progIDs := make([]uint32, size)
 		query := bpfAttrQuery{
 			TargetFd:   uint32(dirFd),
 			AttachType: uint32(unix.BPF_CGROUP_DEVICE),
-			ProgIds:    uint64(uintptr(unsafe.Pointer(&progIds[0]))),
-			ProgCnt:    uint32(len(progIds)),
+			ProgIds:    uint64(uintptr(unsafe.Pointer(&progIDs[0]))),
+			ProgCnt:    uint32(len(progIDs)),
 		}
 
 		// Fetch the list of program ids.
@@ -58,10 +58,10 @@ func findAttachedCgroupDeviceFilters(dirFd int) ([]*ebpf.Program, error) {
 		}
 
 		// Convert the ids to program handles.
-		progIds = progIds[:size]
-		programs := make([]*ebpf.Program, 0, len(progIds))
-		for _, progId := range progIds {
-			program, err := ebpf.NewProgramFromID(ebpf.ProgramID(progId))
+		progIDs = progIDs[:size]
+		programs := make([]*ebpf.Program, 0, len(progIDs))
+		for _, progID := range progIDs {
+			program, err := ebpf.NewProgramFromID(ebpf.ProgramID(progID))
 			if err != nil {
 				// We skip over programs that give us -EACCES or -EPERM. This
 				// is necessary because there may be BPF programs that have
@@ -73,14 +73,14 @@ func findAttachedCgroupDeviceFilters(dirFd int) ([]*ebpf.Program, error) {
 				// programs (and stops runc from breaking on distributions with
 				// very strict SELinux policies).
 				if errors.Is(err, os.ErrPermission) {
-					logrus.Debugf("ignoring existing CGROUP_DEVICE program (prog_id=%v) which cannot be accessed by runc -- likely due to LSM policy: %v", progId, err)
+					logrus.Debugf("ignoring existing CGROUP_DEVICE program (prog_id=%v) which cannot be accessed by runc -- likely due to LSM policy: %v", progID, err)
 					continue
 				}
 				return nil, fmt.Errorf("cannot fetch program from id: %w", err)
 			}
 			programs = append(programs, program)
 		}
-		runtime.KeepAlive(progIds)
+		runtime.KeepAlive(progIDs)
 		return programs, nil
 	}
 

libcontainer/cgroups/file.go

@@ -76,7 +76,7 @@ var (
 	// TestMode is set to true by unit tests that need "fake" cgroupfs.
 	TestMode bool
 
-	cgroupFd     int = -1
+	cgroupFd     = -1
 	prepOnce     sync.Once
 	prepErr      error
 	resolveFlags uint64

libcontainer/cgroups/fs/cpuacct.go

@@ -46,7 +46,7 @@ func (s *CpuacctGroup) GetStats(path string, stats *cgroups.Stats) error {
 	if !cgroups.PathExists(path) {
 		return nil
 	}
-	userModeUsage, kernelModeUsage, err := getCpuUsageBreakdown(path)
+	userModeUsage, kernelModeUsage, err := getCPUUsageBreakdown(path)
 	if err != nil {
 		return err
 	}
@@ -76,7 +76,7 @@ func (s *CpuacctGroup) GetStats(path string, stats *cgroups.Stats) error {
 }
 
 // Returns user and kernel usage breakdown in nanoseconds.
-func getCpuUsageBreakdown(path string) (uint64, uint64, error) {
+func getCPUUsageBreakdown(path string) (uint64, uint64, error) {
 	var userModeUsage, kernelModeUsage uint64
 	const (
 		userField   = "user"

libcontainer/cgroups/fs/memory.go

@@ -91,21 +91,15 @@ func setMemoryAndSwap(path string, r *configs.Resources) error {
 			if err := setSwap(path, r.MemorySwap); err != nil {
 				return err
 			}
-			if err := setMemory(path, r.Memory); err != nil {
-				return err
-			}
-			return nil
+			return setMemory(path, r.Memory)
 		}
 	}
 
 	if err := setMemory(path, r.Memory); err != nil {
 		return err
 	}
-	if err := setSwap(path, r.MemorySwap); err != nil {
-		return err
-	}
 
-	return nil
+	return setSwap(path, r.MemorySwap)
 }
 
 func (s *MemoryGroup) Set(path string, r *configs.Resources) error {

libcontainer/cgroups/fs2/cpu.go

@@ -10,12 +10,12 @@ import (
 	"github.com/opencontainers/runc/libcontainer/configs"
 )
 
-func isCpuSet(r *configs.Resources) bool {
+func isCPUSet(r *configs.Resources) bool {
 	return r.CpuWeight != 0 || r.CpuQuota != 0 || r.CpuPeriod != 0
 }
 
-func setCpu(dirPath string, r *configs.Resources) error {
-	if !isCpuSet(r) {
+func setCPU(dirPath string, r *configs.Resources) error {
+	if !isCPUSet(r) {
 		return nil
 	}
 
@@ -46,7 +46,7 @@ func setCpu(dirPath string, r *configs.Resources) error {
 	return nil
 }
 
-func statCpu(dirPath string, stats *cgroups.Stats) error {
+func statCPU(dirPath string, stats *cgroups.Stats) error {
 	const file = "cpu.stat"
 	f, err := cgroups.OpenFile(dirPath, file, os.O_RDONLY)
 	if err != nil {

libcontainer/cgroups/fs2/create.go

@@ -48,7 +48,7 @@ func needAnyControllers(r *configs.Resources) (bool, error) {
 	if isIoSet(r) && have("io") {
 		return true, nil
 	}
-	if isCpuSet(r) && have("cpu") {
+	if isCPUSet(r) && have("cpu") {
 		return true, nil
 	}
 	if isCpusetSet(r) && have("cpuset") {
@@ -65,7 +65,7 @@ func needAnyControllers(r *configs.Resources) (bool, error) {
 // Refer to: http://man7.org/linux/man-pages/man7/cgroups.7.html
 // As at Linux 4.19, the following controllers are threaded: cpu, perf_event, and pids.
 func containsDomainController(r *configs.Resources) bool {
-	return isMemorySet(r) || isIoSet(r) || isCpuSet(r) || isHugeTlbSet(r)
+	return isMemorySet(r) || isIoSet(r) || isCPUSet(r) || isHugeTlbSet(r)
 }
 
 // CreateCgroupPath creates cgroupv2 path, enabling all the supported controllers.
@@ -117,13 +117,12 @@ func CreateCgroupPath(path string, c *configs.Cgroup) (Err error) {
 			case "domain invalid":
 				if containsDomainController(c.Resources) {
 					return fmt.Errorf("cannot enter cgroupv2 %q with domain controllers -- it is in an invalid state", current)
-				} else {
-					// Not entirely correct (in theory we'd always want to be a domain --
-					// since that means we're a properly delegated cgroup subtree) but in
-					// this case there's not much we can do and it's better than giving an
-					// error.
-					_ = cgroups.WriteFile(current, cgTypeFile, "threaded")
 				}
+				// Not entirely correct (in theory we'd always want to be a domain --
+				// since that means we're a properly delegated cgroup subtree) but in
+				// this case there's not much we can do and it's better than giving an
+				// error.
+				_ = cgroups.WriteFile(current, cgTypeFile, "threaded")
 			// If the cgroup is in (threaded) or (domain threaded) mode, we can only use thread-aware controllers
 			// (and you cannot usually take a cgroup out of threaded mode).
 			case "domain threaded":

libcontainer/cgroups/fs2/fs2.go

@@ -78,10 +78,7 @@ func (m *manager) Apply(pid int) error {
 		}
 		return err
 	}
-	if err := cgroups.WriteCgroupProc(m.dirPath, pid); err != nil {
-		return err
-	}
-	return nil
+	return cgroups.WriteCgroupProc(m.dirPath, pid)
 }
 
 func (m *manager) GetPids() ([]int, error) {
@@ -111,7 +108,7 @@ func (m *manager) GetStats() (*cgroups.Stats, error) {
 	}
 	// cpu (since kernel 4.15)
 	// Note cpu.stat is available even if the controller is not enabled.
-	if err := statCpu(m.dirPath, st); err != nil && !os.IsNotExist(err) {
+	if err := statCPU(m.dirPath, st); err != nil && !os.IsNotExist(err) {
 		errs = append(errs, err)
 	}
 	// hugetlb (since kernel 5.6)
@@ -167,7 +164,7 @@ func (m *manager) Set(r *configs.Resources) error {
 		return err
 	}
 	// cpu (since kernel 4.15)
-	if err := setCpu(m.dirPath, r); err != nil {
+	if err := setCPU(m.dirPath, r); err != nil {
 		return err
 	}
 	// devices (since kernel 4.15, pseudo-controller)

libcontainer/cgroups/fs2/memory.go

@@ -164,16 +164,16 @@ func statsFromMeminfo(stats *cgroups.Stats) error {
 
 	// Fields we are interested in.
 	var (
-		swap_free  uint64
-		swap_total uint64
-		main_total uint64
-		main_free  uint64
+		swapFree  uint64
+		swapTotal uint64
+		mainTotal uint64
+		mainFree  uint64
 	)
 	mem := map[string]*uint64{
-		"SwapFree":  &swap_free,
-		"SwapTotal": &swap_total,
-		"MemTotal":  &main_total,
-		"MemFree":   &main_free,
+		"SwapFree":  &swapFree,
+		"SwapTotal": &swapTotal,
+		"MemTotal":  &mainTotal,
+		"MemFree":   &mainFree,
 	}
 
 	found := 0
@@ -206,10 +206,10 @@ func statsFromMeminfo(stats *cgroups.Stats) error {
 		return &parseError{Path: "", File: file, Err: err}
 	}
 
-	stats.MemoryStats.SwapUsage.Usage = (swap_total - swap_free) * 1024
+	stats.MemoryStats.SwapUsage.Usage = (swapTotal - swapFree) * 1024
 	stats.MemoryStats.SwapUsage.Limit = math.MaxUint64
 
-	stats.MemoryStats.Usage.Usage = (main_total - main_free) * 1024
+	stats.MemoryStats.Usage.Usage = (mainTotal - mainFree) * 1024
 	stats.MemoryStats.Usage.Limit = math.MaxUint64
 
 	return nil

libcontainer/cgroups/systemd/common.go

@@ -37,13 +37,13 @@ var (
 	isRunningSystemd     bool
 )
 
-// NOTE: This function comes from package github.com/coreos/go-systemd/util
-// It was borrowed here to avoid a dependency on cgo.
-//
 // IsRunningSystemd checks whether the host was booted with systemd as its init
 // system. This functions similarly to systemd's `sd_booted(3)`: internally, it
 // checks whether /run/systemd/system/ exists and is a directory.
 // http://www.freedesktop.org/software/systemd/man/sd_booted.html
+//
+// NOTE: This function comes from package github.com/coreos/go-systemd/util
+// It was borrowed here to avoid a dependency on cgo.
 func IsRunningSystemd() bool {
 	isRunningSystemdOnce.Do(func() {
 		fi, err := os.Lstat("/run/systemd/system")
@@ -52,7 +52,9 @@ func IsRunningSystemd() bool {
 	return isRunningSystemd
 }
 
-// systemd represents slice hierarchy using `-`, so we need to follow suit when
+// ExpandSlice expands the path of a systemd representation of a slice hierarchy.
+//
+// Systemd represents slice hierarchy using `-`, so we need to follow suit when
 // generating the path of slice. Essentially, test-a-b.slice becomes
 // /test.slice/test-a.slice/test-a-b.slice.
 func ExpandSlice(slice string) (string, error) {
@@ -159,8 +161,8 @@ func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) {
 	return "", nil
 }
 
-// DeviceAllow is the dbus type "a(ss)" which means we need a struct
-// to represent it in Go.
+// deviceAllowEntry is a type representing an entry for DeviceAllow
+// dbus property value, which has dbus type of "a(ss)".
 type deviceAllowEntry struct {
 	Path  string
 	Perms string
@@ -459,7 +461,7 @@ func systemdVersionAtoi(verStr string) (int, error) {
 	return ver, nil
 }
 
-func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota int64, period uint64) {
+func addCPUQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota int64, period uint64) {
 	if period != 0 {
 		// systemd only supports CPUQuotaPeriodUSec since v242
 		sdVer := systemdVersion(cm)
@@ -493,7 +495,7 @@ func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota
 	}
 }
 
-func addCpuset(cm *dbusConnManager, props *[]systemdDbus.Property, cpus, mems string) error {
+func addCPUSet(cm *dbusConnManager, props *[]systemdDbus.Property, cpus, mems string) error {
 	if cpus == "" && mems == "" {
 		return nil
 	}

libcontainer/cgroups/systemd/v1.go

@@ -92,7 +92,7 @@ func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]syst
 			newProp("CPUShares", r.CpuShares))
 	}
 
-	addCpuQuota(cm, &properties, r.CpuQuota, r.CpuPeriod)
+	addCPUQuota(cm, &properties, r.CpuQuota, r.CpuPeriod)
 
 	if r.BlkioWeight != 0 {
 		properties = append(properties,
@@ -104,7 +104,7 @@ func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]syst
 			newProp("TasksMax", uint64(r.PidsLimit)))
 	}
 
-	err = addCpuset(cm, &properties, r.CpusetCpus, r.CpusetMems)
+	err = addCPUSet(cm, &properties, r.CpusetCpus, r.CpusetMems)
 	if err != nil {
 		return nil, err
 	}
@@ -210,11 +210,7 @@ func (m *legacyManager) Apply(pid int) error {
 		return err
 	}
 
-	if err := m.joinCgroups(pid); err != nil {
-		return err
-	}
-
-	return nil
+	return m.joinCgroups(pid)
 }
 
 func (m *legacyManager) Destroy() error {