From 1da2c5b4833264e86fb8b800d2152b0732ddfb01 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 5 Dec 2024 16:32:18 -0800 Subject: [PATCH] Add runc_nocr build tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows to make a 17% smaller runc binary by not compiling in checkpoint/restore support. It turns out that google.golang.org/protobuf package, used by go-criu, is quite big, and go linker can't drop unused stuff if reflection is used anywhere in the code. Currently there's no alternative to using protobuf in go-criu, and since not all users use c/r, let's provide them an option for a smaller binary. For the reference, here's top10 biggest vendored packages, as reported by gsa[1]: $ gsa runc | grep vendor | head │ 8.59% │ google.golang.org/protobuf │ 1.3 MB │ vendor │ │ 5.76% │ github.com/opencontainers/runc │ 865 kB │ vendor │ │ 4.05% │ github.com/cilium/ebpf │ 608 kB │ vendor │ │ 2.86% │ github.com/godbus/dbus/v5 │ 429 kB │ vendor │ │ 1.25% │ github.com/urfave/cli │ 188 kB │ vendor │ │ 0.90% │ github.com/vishvananda/netlink │ 135 kB │ vendor │ │ 0.59% │ github.com/sirupsen/logrus │ 89 kB │ vendor │ │ 0.56% │ github.com/checkpoint-restore/go-criu/v6 │ 84 kB │ vendor │ │ 0.51% │ golang.org/x/sys │ 76 kB │ vendor │ │ 0.47% │ github.com/seccomp/libseccomp-golang │ 71 kB │ vendor │ And here is a total binary size saving when `runc_nocr` is used. For non-stripped binaries: $ gsa runc-cr runc-nocr | tail -3 │ -17.04% │ runc-cr │ 15 MB │ 12 MB │ -2.6 MB │ │ │ runc-nocr │ │ │ │ └─────────┴──────────────────────────────────────────┴──────────┴──────────┴─────────┘ And for stripped binaries: │ -17.01% │ runc-cr-stripped │ 11 MB │ 8.8 MB │ -1.8 MB │ │ │ runc-nocr-stripped │ │ │ │ └─────────┴──────────────────────────────────────────┴──────────┴──────────┴─────────┘ [1]: https://github.com/Zxilly/go-size-analyzer Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 ++ README.md | 8 ++++++++ libcontainer/criu_linux.go | 2 ++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index cfdf4fb8725..3e61184dd12 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -78,6 +78,8 @@ jobs: go-version: "${{ env.GO_VERSION }}" - name: compile with no build tags run: make BUILDTAGS="" + - name: compile with runc_nocr build tag + run: make EXTRA_BUILDTAGS="runc_nocr" codespell: runs-on: ubuntu-24.04 diff --git a/README.md b/README.md index 50fcd4e9222..d4e3f9a9e92 100644 --- a/README.md +++ b/README.md @@ -103,9 +103,17 @@ e.g. to disable seccomp: make BUILDTAGS="" ``` +To add some more build tags to the default set, use the `EXTRA_BUILDTAGS` +make variable, e.g. to disable checkpoint/restore: + +```bash +make EXTRA_BUILDTAGS="runc_nocr" +``` + | Build Tag | Feature | Enabled by Default | Dependencies | |---------------|---------------------------------------|--------------------|---------------------| | `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` | +| `runc_nocr` | Disables runc checkpoint/restore. | no | `criu` | The following build tags were used earlier, but are now obsoleted: - **runc_nodmz** (since runc v1.2.1 runc dmz binary is dropped) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 65bd08ea1ed..7886b5ec2b6 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -1,3 +1,5 @@ +//go:build !runc_nocr + package libcontainer import (