Update runc to v1.0.0-rc91
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91 Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This commit is contained in:
Davanum Srinivas
58
vendor/github.com/opencontainers/runc/README.md
generated
vendored
58
vendor/github.com/opencontainers/runc/README.md
generated
vendored
@@ -3,6 +3,7 @@
|
||||
[](https://travis-ci.org/opencontainers/runc)
|
||||
[](https://goreportcard.com/report/github.com/opencontainers/runc)
|
||||
[](https://godoc.org/github.com/opencontainers/runc)
|
||||
[](https://bestpractices.coreinfrastructure.org/projects/588)
|
||||
|
||||
## Introduction
|
||||
|
||||
@@ -18,22 +19,23 @@ You can find official releases of `runc` on the [release](https://github.com/ope
|
||||
|
||||
Currently, the following features are not considered to be production-ready:
|
||||
|
||||
* Support for cgroup v2
|
||||
* [Support for cgroup v2](./docs/cgroup-v2.md)
|
||||
|
||||
## Security
|
||||
|
||||
The reporting process and disclosure communications are outlined in [/org/security](https://github.com/opencontainers/org/blob/master/security/).
|
||||
The reporting process and disclosure communications are outlined [here](https://github.com/opencontainers/org/blob/master/SECURITY.md).
|
||||
|
||||
### Security Audit
|
||||
A third party security audit was performed by Cure53, you can see the full report [here](https://github.com/opencontainers/runc/blob/master/docs/Security-Audit.pdf).
|
||||
|
||||
## Building
|
||||
|
||||
`runc` currently supports the Linux platform with various architecture support.
|
||||
It must be built with Go version 1.6 or higher in order for some features to function properly.
|
||||
It must be built with Go version 1.13 or higher.
|
||||
|
||||
In order to enable seccomp support you will need to install `libseccomp` on your platform.
|
||||
> e.g. `libseccomp-devel` for CentOS, or `libseccomp-dev` for Ubuntu
|
||||
|
||||
Otherwise, if you do not want to build `runc` with seccomp support you can add `BUILDTAGS=""` when running make.
|
||||
|
||||
```bash
|
||||
# create a 'github.com/opencontainers' in your GOPATH/src
|
||||
cd github.com/opencontainers
|
||||
@@ -58,20 +60,22 @@ sudo make install
|
||||
|
||||
#### Build Tags
|
||||
|
||||
`runc` supports optional build tags for compiling support of various features.
|
||||
To add build tags to the make option the `BUILDTAGS` variable must be set.
|
||||
`runc` supports optional build tags for compiling support of various features,
|
||||
with some of them enabled by default (see `BUILDTAGS` in top-level `Makefile`).
|
||||
|
||||
To change build tags from the default, set the `BUILDTAGS` variable for make,
|
||||
e.g.
|
||||
|
||||
```bash
|
||||
make BUILDTAGS='seccomp apparmor'
|
||||
```
|
||||
|
||||
| Build Tag | Feature | Dependency |
|
||||
|-----------|------------------------------------|-------------|
|
||||
| seccomp | Syscall filtering | libseccomp |
|
||||
| selinux | selinux process and mount labeling | <none> |
|
||||
| apparmor | apparmor profile support | <none> |
|
||||
| ambient | ambient capability support | kernel 4.3 |
|
||||
| nokmem | disable kernel memory account | <none> |
|
||||
| Build Tag | Feature | Enabled by default | Dependency |
|
||||
|-----------|------------------------------------|--------------------|------------|
|
||||
| seccomp | Syscall filtering | yes | libseccomp |
|
||||
| selinux | selinux process and mount labeling | yes | <none> |
|
||||
| apparmor | apparmor profile support | yes | <none> |
|
||||
| nokmem | disable kernel memory accounting | no | <none> |
|
||||
|
||||
|
||||
### Running the test suite
|
||||
@@ -97,17 +101,30 @@ You can run a specific integration test by setting the `TESTPATH` variable.
|
||||
# make test TESTPATH="/checkpoint.bats"
|
||||
```
|
||||
|
||||
You can run a test in your proxy environment by setting `DOCKER_BUILD_PROXY` and `DOCKER_RUN_PROXY` variables.
|
||||
You can run a specific rootless integration test by setting the `ROOTLESS_TESTPATH` variable.
|
||||
|
||||
```bash
|
||||
# make test DOCKER_BUILD_PROXY="--build-arg HTTP_PROXY=http://yourproxy/" DOCKER_RUN_PROXY="-e HTTP_PROXY=http://yourproxy/"
|
||||
# make test ROOTLESS_TESTPATH="/checkpoint.bats"
|
||||
```
|
||||
|
||||
You can run a test using your container engine's flags by setting `CONTAINER_ENGINE_BUILD_FLAGS` and `CONTAINER_ENGINE_RUN_FLAGS` variables.
|
||||
|
||||
```bash
|
||||
# make test CONTAINER_ENGINE_BUILD_FLAGS="--build-arg http_proxy=http://yourproxy/" CONTAINER_ENGINE_RUN_FLAGS="-e http_proxy=http://yourproxy/"
|
||||
```
|
||||
|
||||
### Dependencies Management
|
||||
|
||||
`runc` uses [vndr](https://github.com/LK4D4/vndr) for dependencies management.
|
||||
Please refer to [vndr](https://github.com/LK4D4/vndr) for how to add or update
|
||||
new dependencies.
|
||||
`runc` uses [Go Modules](https://github.com/golang/go/wiki/Modules) for dependencies management.
|
||||
Please refer to [Go Modules](https://github.com/golang/go/wiki/Modules) for how to add or update
|
||||
new dependencies. When updating dependencies, be sure that you are running Go `1.14` or newer.
|
||||
|
||||
```
|
||||
# Update vendored dependencies
|
||||
make vendor
|
||||
# Verify all dependencies
|
||||
make verify-dependencies
|
||||
```
|
||||
|
||||
## Using runc
|
||||
|
||||
@@ -275,6 +292,9 @@ PIDFile=/run/mycontainerid.pid
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
#### cgroup v2
|
||||
See [`./docs/cgroup-v2.md`](./docs/cgroup-v2.md).
|
||||
|
||||
## License
|
||||
|
||||
The code and docs are released under the [Apache 2.0 license](LICENSE).
|
||||
|
||||
Reference in New Issue
Block a user