Yocto 2.4
Move OpenBMC to Yocto 2.4(rocko)
Tested: Built and verified Witherspoon and Palmetto images
Change-Id: I12057b18610d6fb0e6903c60213690301e9b0c67
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Disable-building-recvtty.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Disable-building-recvtty.patch
new file mode 100644
index 0000000..fa1f695
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Disable-building-recvtty.patch
@@ -0,0 +1,26 @@
+From aa2fc7b0eacba61175f083cc8d8adc233bcd0575 Mon Sep 17 00:00:00 2001
+From: Paul Barker <pbarker@toganlabs.com>
+Date: Thu, 12 Oct 2017 11:34:24 +0000
+Subject: [PATCH] Disable building recvtty
+
+Signed-off-by: Paul Barker <pbarker@toganlabs.com>
+Upstream-status: Inappropriate
+---
+ Makefile | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 0fcf508..24f47dc 100644
+--- a/src/import/Makefile
++++ b/src/import/Makefile
+@@ -38,7 +38,6 @@ contrib/cmd/recvtty/recvtty: $(SOURCES)
+
+ static: $(SOURCES)
+ CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
+- CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+
+ release:
+ @flag_list=(seccomp selinux apparmor static); \
+--
+2.7.4
+
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Update-to-runtime-spec-198f23f827eea397d4331d7eb048d.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Update-to-runtime-spec-198f23f827eea397d4331d7eb048d.patch
new file mode 100644
index 0000000..bcc76fc
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Update-to-runtime-spec-198f23f827eea397d4331d7eb048d.patch
@@ -0,0 +1,89 @@
+From e8ef6025a4f48620baf91737cd37eb5e6a40f48c Mon Sep 17 00:00:00 2001
+From: Justin Cormack <justin.cormack@docker.com>
+Date: Fri, 23 Jun 2017 17:14:59 -0700
+Subject: [PATCH 1/3] Update to runtime spec
+ 198f23f827eea397d4331d7eb048d9d4c7ff7bee
+
+Updates memory limits to be int64, and removes Platform from spec.
+
+Signed-off-by: Justin Cormack <justin.cormack@docker.com>
+---
+ vendor.conf | 2 +-
+ .../opencontainers/runtime-spec/specs-go/config.go | 23 ++++++----------------
+ 2 files changed, 7 insertions(+), 18 deletions(-)
+
+diff --git a/vendor.conf b/vendor.conf
+index e23e7ea7..09a8a924 100644
+--- a/src/import/vendor.conf
++++ b/src/import/vendor.conf
+@@ -1,7 +1,7 @@
+ # OCI runtime-spec. When updating this, make sure you use a version tag rather
+ # than a commit ID so it's much more obvious what version of the spec we are
+ # using.
+-github.com/opencontainers/runtime-spec 239c4e44f2a612ed85f6db9c66247aa33f437e91
++github.com/opencontainers/runtime-spec 198f23f827eea397d4331d7eb048d9d4c7ff7bee
+ # Core libcontainer functionality.
+ github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
+ github.com/opencontainers/selinux v1.0.0-rc1
+diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+index 8bf8d924..68ab112e 100644
+--- a/src/import/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
++++ b/src/import/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+@@ -6,8 +6,6 @@ import "os"
+ type Spec struct {
+ // Version of the Open Container Runtime Specification with which the bundle complies.
+ Version string `json:"ociVersion"`
+- // Platform specifies the configuration's target platform.
+- Platform Platform `json:"platform"`
+ // Process configures the container process.
+ Process *Process `json:"process,omitempty"`
+ // Root configures the container's root filesystem.
+@@ -101,15 +99,6 @@ type Root struct {
+ Readonly bool `json:"readonly,omitempty"`
+ }
+
+-// Platform specifies OS and arch information for the host system that the container
+-// is created for.
+-type Platform struct {
+- // OS is the operating system.
+- OS string `json:"os"`
+- // Arch is the architecture
+- Arch string `json:"arch"`
+-}
+-
+ // Mount specifies a mount for a container.
+ type Mount struct {
+ // Destination is the absolute path where the mount will be placed in the container.
+@@ -284,15 +273,15 @@ type LinuxBlockIO struct {
+ // LinuxMemory for Linux cgroup 'memory' resource management
+ type LinuxMemory struct {
+ // Memory limit (in bytes).
+- Limit *uint64 `json:"limit,omitempty"`
++ Limit *int64 `json:"limit,omitempty"`
+ // Memory reservation or soft_limit (in bytes).
+- Reservation *uint64 `json:"reservation,omitempty"`
++ Reservation *int64 `json:"reservation,omitempty"`
+ // Total memory limit (memory + swap).
+- Swap *uint64 `json:"swap,omitempty"`
++ Swap *int64 `json:"swap,omitempty"`
+ // Kernel memory limit (in bytes).
+- Kernel *uint64 `json:"kernel,omitempty"`
++ Kernel *int64 `json:"kernel,omitempty"`
+ // Kernel memory limit for tcp (in bytes)
+- KernelTCP *uint64 `json:"kernelTCP,omitempty"`
++ KernelTCP *int64 `json:"kernelTCP,omitempty"`
+ // How aggressive the kernel will swap memory pages.
+ Swappiness *uint64 `json:"swappiness,omitempty"`
+ }
+@@ -486,7 +475,7 @@ type WindowsNetwork struct {
+ EndpointList []string `json:"endpointList,omitempty"`
+ // Specifies if unqualified DNS name resolution is allowed.
+ AllowUnqualifiedDNSQuery bool `json:"allowUnqualifiedDNSQuery,omitempty"`
+- // Comma seperated list of DNS suffixes to use for name resolution.
++ // Comma separated list of DNS suffixes to use for name resolution.
+ DNSSearchList []string `json:"DNSSearchList,omitempty"`
+ // Name (ID) of the container that we will share with the network stack.
+ NetworkSharedContainerName string `json:"networkSharedContainerName,omitempty"`
+--
+2.11.0
+
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Use-correct-go-cross-compiler.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Use-correct-go-cross-compiler.patch
new file mode 100644
index 0000000..8f5171a
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Use-correct-go-cross-compiler.patch
@@ -0,0 +1,85 @@
+From 037c20b3b3ef5e9ead0282aa64f9b88c0c18934d Mon Sep 17 00:00:00 2001
+From: Paul Barker <pbarker@toganlabs.com>
+Date: Thu, 5 Oct 2017 13:14:40 +0000
+Subject: [PATCH] Use correct go cross-compiler
+
+We need to use '${GO}' as set by OpenEmbedded instead of just 'go'. Just using
+'go' will invoke go-native.
+
+Signed-off-by: Paul Barker <pbarker@toganlabs.com>
+Upstream-status: Inappropriate
+---
+ Makefile | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 8117892..0fcf508 100644
+--- a/src/import/Makefile
++++ b/src/import/Makefile
+@@ -27,18 +27,18 @@ SHELL := $(shell command -v bash 2>/dev/null)
+ .DEFAULT: runc
+
+ runc: $(SOURCES)
+- go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
++ $(GO) build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
+
+ all: runc recvtty
+
+ recvtty: contrib/cmd/recvtty/recvtty
+
+ contrib/cmd/recvtty/recvtty: $(SOURCES)
+- go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
++ $(GO) build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+
+ static: $(SOURCES)
+- CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
+- CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
++ CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
++ CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+
+ release:
+ @flag_list=(seccomp selinux apparmor static); \
+@@ -62,15 +62,15 @@ release:
+ CGO_ENABLED=1; \
+ }; \
+ echo "Building target: $$output"; \
+- go build -i $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \
++ $(GO) build -i $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \
+ done
+
+ dbuild: runcimage
+ docker run --rm -v $(CURDIR):/go/src/$(PROJECT) --privileged $(RUNC_IMAGE) make clean all
+
+ lint:
+- go vet $(allpackages)
+- go fmt $(allpackages)
++ $(GO) vet $(allpackages)
++ $(GO) fmt $(allpackages)
+
+ man:
+ man/md2man-all.sh
+@@ -88,7 +88,7 @@ unittest: runcimage
+ docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localunittest
+
+ localunittest: all
+- go test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages)
++ $(GO) test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages)
+
+ integration: runcimage
+ docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localintegration
+@@ -134,10 +134,10 @@ clean:
+ validate:
+ script/validate-gofmt
+ script/validate-shfmt
+- go vet $(allpackages)
++ $(GO) vet $(allpackages)
+
+ ci: validate localtest
+
+ # memoize allpackages, so that it's executed only once and only if used
+-_allpackages = $(shell go list ./... | grep -v vendor)
++_allpackages = $(shell $(GO) list ./... | grep -v vendor)
+ allpackages = $(if $(__allpackages),,$(eval __allpackages := $$(_allpackages)))$(__allpackages)
+--
+2.7.4
+
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
new file mode 100644
index 0000000..48c1250
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
@@ -0,0 +1,33 @@
+From 3fff2a3505fba1d1ff0074edff15708a77f6cfa9 Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Wed, 12 Jul 2017 13:35:03 -0700
+Subject: [PATCH] runc: Add --console-socket=/dev/null
+
+This allows for setting up a detached session where you do not want to
+set the terminal to false in the config.json. More or less this is a
+runtime override.
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+---
+ utils_linux.go | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/utils_linux.go b/utils_linux.go
+index 8085f7fe..e6d31b35 100644
+--- a/src/import/utils_linux.go
++++ b/src/import/utils_linux.go
+@@ -227,6 +227,11 @@ type runner struct {
+ }
+
+ func (r *runner) run(config *specs.Process) (int, error) {
++ if (r.consoleSocket == "/dev/null") {
++ r.detach = false
++ r.consoleSocket = ""
++ config.Terminal = false
++ }
+ if err := r.checkTerminal(config); err != nil {
+ r.destroy()
+ return -1, err
+--
+2.11.0
+
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0002-Remove-Platform-as-no-longer-in-OCI-spec.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0002-Remove-Platform-as-no-longer-in-OCI-spec.patch
new file mode 100644
index 0000000..7970dec
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0002-Remove-Platform-as-no-longer-in-OCI-spec.patch
@@ -0,0 +1,75 @@
+From e1146182a8cebb5a6133a9e298a5e4acf99652e9 Mon Sep 17 00:00:00 2001
+From: Justin Cormack <justin.cormack@docker.com>
+Date: Fri, 23 Jun 2017 17:16:08 -0700
+Subject: [PATCH 2/3] Remove Platform as no longer in OCI spec
+
+This was never used, just validated, so was removed from spec.
+
+Signed-off-by: Justin Cormack <justin.cormack@docker.com>
+---
+ libcontainer/specconv/example.go | 5 -----
+ spec.go | 14 --------------
+ 2 files changed, 19 deletions(-)
+
+diff --git a/libcontainer/specconv/example.go b/libcontainer/specconv/example.go
+index 33134116..d6621194 100644
+--- a/src/import/libcontainer/specconv/example.go
++++ b/src/import/libcontainer/specconv/example.go
+@@ -2,7 +2,6 @@ package specconv
+
+ import (
+ "os"
+- "runtime"
+ "strings"
+
+ "github.com/opencontainers/runtime-spec/specs-go"
+@@ -15,10 +14,6 @@ func sPtr(s string) *string { return &s }
+ func Example() *specs.Spec {
+ return &specs.Spec{
+ Version: specs.Version,
+- Platform: specs.Platform{
+- OS: runtime.GOOS,
+- Arch: runtime.GOARCH,
+- },
+ Root: specs.Root{
+ Path: "rootfs",
+ Readonly: true,
+diff --git a/spec.go b/spec.go
+index 92d38f57..876937d2 100644
+--- a/src/import/spec.go
++++ b/src/import/spec.go
+@@ -7,7 +7,6 @@ import (
+ "fmt"
+ "io/ioutil"
+ "os"
+- "runtime"
+
+ "github.com/opencontainers/runc/libcontainer/configs"
+ "github.com/opencontainers/runc/libcontainer/specconv"
+@@ -131,9 +130,6 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) {
+ if err = json.NewDecoder(cf).Decode(&spec); err != nil {
+ return nil, err
+ }
+- if err = validatePlatform(&spec.Platform); err != nil {
+- return nil, err
+- }
+ return spec, validateProcessSpec(spec.Process)
+ }
+
+@@ -148,13 +144,3 @@ func createLibContainerRlimit(rlimit specs.LinuxRlimit) (configs.Rlimit, error)
+ Soft: rlimit.Soft,
+ }, nil
+ }
+-
+-func validatePlatform(platform *specs.Platform) error {
+- if platform.OS != runtime.GOOS {
+- return fmt.Errorf("target os %s mismatch with current os %s", platform.OS, runtime.GOOS)
+- }
+- if platform.Arch != runtime.GOARCH {
+- return fmt.Errorf("target arch %s mismatch with current arch %s", platform.Arch, runtime.GOARCH)
+- }
+- return nil
+-}
+--
+2.11.0
+
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0003-Update-memory-specs-to-use-int64-not-uint64.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0003-Update-memory-specs-to-use-int64-not-uint64.patch
new file mode 100644
index 0000000..50a9b7f
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0003-Update-memory-specs-to-use-int64-not-uint64.patch
@@ -0,0 +1,194 @@
+From 3d9074ead33a5c27dc20bb49457c69c6d2ae6b57 Mon Sep 17 00:00:00 2001
+From: Justin Cormack <justin.cormack@docker.com>
+Date: Fri, 23 Jun 2017 17:17:00 -0700
+Subject: [PATCH 3/3] Update memory specs to use int64 not uint64
+
+replace #1492 #1494
+fix #1422
+
+Since https://github.com/opencontainers/runtime-spec/pull/876 the memory
+specifications are now `int64`, as that better matches the visible interface where
+`-1` is a valid value. Otherwise finding the correct value was difficult as it
+was kernel dependent.
+
+Signed-off-by: Justin Cormack <justin.cormack@docker.com>
+---
+ libcontainer/cgroups/fs/memory.go | 36 +++++++++++++++++-------------------
+ libcontainer/configs/cgroup_linux.go | 10 +++++-----
+ update.go | 14 +++++++-------
+ 3 files changed, 29 insertions(+), 31 deletions(-)
+
+diff --git a/libcontainer/cgroups/fs/memory.go b/libcontainer/cgroups/fs/memory.go
+index da2cc9f8..b739c631 100644
+--- a/src/import/libcontainer/cgroups/fs/memory.go
++++ b/src/import/libcontainer/cgroups/fs/memory.go
+@@ -73,14 +73,14 @@ func EnableKernelMemoryAccounting(path string) error {
+ // until a limit is set on the cgroup and limit cannot be set once the
+ // cgroup has children, or if there are already tasks in the cgroup.
+ for _, i := range []int64{1, -1} {
+- if err := setKernelMemory(path, uint64(i)); err != nil {
++ if err := setKernelMemory(path, i); err != nil {
+ return err
+ }
+ }
+ return nil
+ }
+
+-func setKernelMemory(path string, kernelMemoryLimit uint64) error {
++func setKernelMemory(path string, kernelMemoryLimit int64) error {
+ if path == "" {
+ return fmt.Errorf("no such directory for %s", cgroupKernelMemoryLimit)
+ }
+@@ -88,7 +88,7 @@ func setKernelMemory(path string, kernelMemoryLimit uint64) error {
+ // kernel memory is not enabled on the system so we should do nothing
+ return nil
+ }
+- if err := ioutil.WriteFile(filepath.Join(path, cgroupKernelMemoryLimit), []byte(strconv.FormatUint(kernelMemoryLimit, 10)), 0700); err != nil {
++ if err := ioutil.WriteFile(filepath.Join(path, cgroupKernelMemoryLimit), []byte(strconv.FormatInt(kernelMemoryLimit, 10)), 0700); err != nil {
+ // Check if the error number returned by the syscall is "EBUSY"
+ // The EBUSY signal is returned on attempts to write to the
+ // memory.kmem.limit_in_bytes file if the cgroup has children or
+@@ -106,14 +106,12 @@ func setKernelMemory(path string, kernelMemoryLimit uint64) error {
+ }
+
+ func setMemoryAndSwap(path string, cgroup *configs.Cgroup) error {
+- ulimited := -1
+-
+- // If the memory update is set to uint64(-1) we should also
+- // set swap to uint64(-1), it means unlimited memory.
+- if cgroup.Resources.Memory == uint64(ulimited) {
+- // Only set swap if it's enbled in kernel
++ // If the memory update is set to -1 we should also
++ // set swap to -1, it means unlimited memory.
++ if cgroup.Resources.Memory == -1 {
++ // Only set swap if it's enabled in kernel
+ if cgroups.PathExists(filepath.Join(path, cgroupMemorySwapLimit)) {
+- cgroup.Resources.MemorySwap = uint64(ulimited)
++ cgroup.Resources.MemorySwap = -1
+ }
+ }
+
+@@ -128,29 +126,29 @@ func setMemoryAndSwap(path string, cgroup *configs.Cgroup) error {
+ // When update memory limit, we should adapt the write sequence
+ // for memory and swap memory, so it won't fail because the new
+ // value and the old value don't fit kernel's validation.
+- if cgroup.Resources.MemorySwap == uint64(ulimited) || memoryUsage.Limit < cgroup.Resources.MemorySwap {
+- if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatUint(cgroup.Resources.MemorySwap, 10)); err != nil {
++ if cgroup.Resources.MemorySwap == -1 || memoryUsage.Limit < uint64(cgroup.Resources.MemorySwap) {
++ if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
+ return err
+ }
+- if err := writeFile(path, cgroupMemoryLimit, strconv.FormatUint(cgroup.Resources.Memory, 10)); err != nil {
++ if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
+ return err
+ }
+ } else {
+- if err := writeFile(path, cgroupMemoryLimit, strconv.FormatUint(cgroup.Resources.Memory, 10)); err != nil {
++ if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
+ return err
+ }
+- if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatUint(cgroup.Resources.MemorySwap, 10)); err != nil {
++ if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
+ return err
+ }
+ }
+ } else {
+ if cgroup.Resources.Memory != 0 {
+- if err := writeFile(path, cgroupMemoryLimit, strconv.FormatUint(cgroup.Resources.Memory, 10)); err != nil {
++ if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
+ return err
+ }
+ }
+ if cgroup.Resources.MemorySwap != 0 {
+- if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatUint(cgroup.Resources.MemorySwap, 10)); err != nil {
++ if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
+ return err
+ }
+ }
+@@ -171,13 +169,13 @@ func (s *MemoryGroup) Set(path string, cgroup *configs.Cgroup) error {
+ }
+
+ if cgroup.Resources.MemoryReservation != 0 {
+- if err := writeFile(path, "memory.soft_limit_in_bytes", strconv.FormatUint(cgroup.Resources.MemoryReservation, 10)); err != nil {
++ if err := writeFile(path, "memory.soft_limit_in_bytes", strconv.FormatInt(cgroup.Resources.MemoryReservation, 10)); err != nil {
+ return err
+ }
+ }
+
+ if cgroup.Resources.KernelMemoryTCP != 0 {
+- if err := writeFile(path, "memory.kmem.tcp.limit_in_bytes", strconv.FormatUint(cgroup.Resources.KernelMemoryTCP, 10)); err != nil {
++ if err := writeFile(path, "memory.kmem.tcp.limit_in_bytes", strconv.FormatInt(cgroup.Resources.KernelMemoryTCP, 10)); err != nil {
+ return err
+ }
+ }
+diff --git a/libcontainer/configs/cgroup_linux.go b/libcontainer/configs/cgroup_linux.go
+index 3e0509de..e15a662f 100644
+--- a/src/import/libcontainer/configs/cgroup_linux.go
++++ b/src/import/libcontainer/configs/cgroup_linux.go
+@@ -43,19 +43,19 @@ type Resources struct {
+ Devices []*Device `json:"devices"`
+
+ // Memory limit (in bytes)
+- Memory uint64 `json:"memory"`
++ Memory int64 `json:"memory"`
+
+ // Memory reservation or soft_limit (in bytes)
+- MemoryReservation uint64 `json:"memory_reservation"`
++ MemoryReservation int64 `json:"memory_reservation"`
+
+ // Total memory usage (memory + swap); set `-1` to enable unlimited swap
+- MemorySwap uint64 `json:"memory_swap"`
++ MemorySwap int64 `json:"memory_swap"`
+
+ // Kernel memory limit (in bytes)
+- KernelMemory uint64 `json:"kernel_memory"`
++ KernelMemory int64 `json:"kernel_memory"`
+
+ // Kernel memory limit for TCP use (in bytes)
+- KernelMemoryTCP uint64 `json:"kernel_memory_tcp"`
++ KernelMemoryTCP int64 `json:"kernel_memory_tcp"`
+
+ // CPU shares (relative weight vs. other containers)
+ CpuShares uint64 `json:"cpu_shares"`
+diff --git a/update.go b/update.go
+index 0ea90d60..133be999 100644
+--- a/src/import/update.go
++++ b/src/import/update.go
+@@ -124,11 +124,11 @@ other options are ignored.
+
+ r := specs.LinuxResources{
+ Memory: &specs.LinuxMemory{
+- Limit: u64Ptr(0),
+- Reservation: u64Ptr(0),
+- Swap: u64Ptr(0),
+- Kernel: u64Ptr(0),
+- KernelTCP: u64Ptr(0),
++ Limit: i64Ptr(0),
++ Reservation: i64Ptr(0),
++ Swap: i64Ptr(0),
++ Kernel: i64Ptr(0),
++ KernelTCP: i64Ptr(0),
+ },
+ CPU: &specs.LinuxCPU{
+ Shares: u64Ptr(0),
+@@ -213,7 +213,7 @@ other options are ignored.
+ }
+ for _, pair := range []struct {
+ opt string
+- dest *uint64
++ dest *int64
+ }{
+ {"memory", r.Memory.Limit},
+ {"memory-swap", r.Memory.Swap},
+@@ -232,7 +232,7 @@ other options are ignored.
+ } else {
+ v = -1
+ }
+- *pair.dest = uint64(v)
++ *pair.dest = v
+ }
+ }
+ r.Pids.Limit = int64(context.Int("pids-limit"))
+--
+2.11.0
+