Update docker/docker vendor to upstream latest

Also requires containerd and golang.org/x/sys vendor updates Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2019-11-22 16:23:29 -05:00
parent 0dcaf6e987
commit d6359df24f
260 changed files with 6499 additions and 2244 deletions
--- a/vendor/github.com/containerd/containerd/README.md
+++ b/vendor/github.com/containerd/containerd/README.md
@@ -3,6 +3,7 @@
 [![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd)
 [![Build Status](https://travis-ci.org/containerd/containerd.svg?branch=master)](https://travis-ci.org/containerd/containerd)
 [![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)
+![](https://github.com/containerd/containerd/workflows/Nightly/badge.svg)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield)
 [![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271)
@@ -24,6 +25,12 @@ See how to build containerd from source at [BUILDING](BUILDING.md).

 If you are interested in trying out containerd see our example at [Getting Started](docs/getting-started.md).

+## Nightly builds
+
+There are nightly builds available for download [here](https://github.com/containerd/containerd/actions?query=workflow%3ANightly).
+Binaries are generated from `master` branch every night for `Linux` and `Windows`.
+
+Please be aware: nightly builds might have critical bugs, it's not recommended for use in prodution and no support provided.

 ## Runtime Requirements

@@ -220,23 +227,23 @@ architectures, such as [Canonical's Ubuntu packaging](https://launchpad.net/ubun

 #### Enabling command auto-completion

-Starting with containerd 1.4, the urfave client feature for auto-creation of bash
-autocompletion data is enabled. To use the autocomplete feature in your shell, source
-the autocomplete/bash_autocomplete file in your .bashrc file while setting the `PROG`
-variable to `ctr`:
+Starting with containerd 1.4, the urfave client feature for auto-creation of bash and zsh
+autocompletion data is enabled. To use the autocomplete feature in a bash shell for example, source
+the autocomplete/ctr file in your `.bashrc`, or manually like:

 ```
-$ PROG=ctr source vendor/github.com/urfave/cli/autocomplete/bash_autocomplete
+$ source ./contrib/autocomplete/ctr
 ```

-#### Distribution of `ctr` autocomplete for bash
+#### Distribution of `ctr` autocomplete for bash and zsh

-Copy `vendor/github.com/urfave/cli/autocomplete/bash_autocomplete` into
-`/etc/bash_completion.d/` and rename it to `ctr`.
+For bash, copy the `contrib/autocomplete/ctr` script into
+`/etc/bash_completion.d/` and rename it to `ctr`. The `zsh_autocomplete`
+file is also available and can be used similarly for zsh users.

 Provide documentation to users to `source` this file into their shell if
 you don't place the autocomplete file in a location where it is automatically
-loaded for user's bash shell environment.
+loaded for the user's shell environment.

 ### Communication

--- a/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.pb.go
@@ -609,7 +609,18 @@ func (m *UpdateSnapshotResponse) XXX_DiscardUnknown() {
 var xxx_messageInfo_UpdateSnapshotResponse proto.InternalMessageInfo

 type ListSnapshotsRequest struct {
-	Snapshotter          string   `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
+	Snapshotter string `protobuf:"bytes,1,opt,name=snapshotter,proto3" json:"snapshotter,omitempty"`
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, images that match the following will be
+	// returned:
+	//
+	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	Filters              []string `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -796,70 +807,71 @@ func init() {
 }

 var fileDescriptor_cfc0ddf12791f168 = []byte{
-	// 1007 bytes of a gzipped FileDescriptorProto
+	// 1022 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0x4f, 0x6f, 0x1a, 0x47,
-	0x14, 0x67, 0x60, 0x8d, 0xe3, 0x87, 0xed, 0xd2, 0x09, 0x26, 0x68, 0x5b, 0xe1, 0x15, 0x87, 0xca,
-	0xea, 0x61, 0x37, 0xa1, 0x6a, 0xe2, 0xc4, 0x97, 0x62, 0x4c, 0x2b, 0xec, 0xd8, 0xa9, 0x36, 0xb6,
-	0x13, 0xa7, 0x55, 0xa3, 0x35, 0x8c, 0xf1, 0x0a, 0x76, 0x97, 0x32, 0x03, 0x11, 0xad, 0x54, 0xf5,
-	0x18, 0xf9, 0xd4, 0x2f, 0xe0, 0x53, 0xfb, 0x21, 0xaa, 0x7e, 0x02, 0x1f, 0x7b, 0xec, 0xa9, 0x6d,
-	0xfc, 0x25, 0x7a, 0xea, 0x1f, 0xcd, 0xec, 0x2c, 0x60, 0x4c, 0xc5, 0x82, 0xc9, 0x6d, 0x66, 0x67,
-	0x7e, 0xef, 0xfd, 0xe6, 0xf7, 0xe6, 0xbd, 0x37, 0x0b, 0xdb, 0x35, 0x9b, 0x9d, 0xb6, 0x8f, 0xf5,
-	0x8a, 0xe7, 0x18, 0x15, 0xcf, 0x65, 0x96, 0xed, 0x92, 0x56, 0x75, 0x70, 0x68, 0x35, 0x6d, 0x83,
-	0x92, 0x56, 0xc7, 0xae, 0x10, 0x6a, 0x50, 0xd7, 0x6a, 0xd2, 0x53, 0x8f, 0x51, 0xa3, 0x73, 0xaf,
-	0x3f, 0xd1, 0x9b, 0x2d, 0x8f, 0x79, 0x58, 0xeb, 0xa3, 0xf4, 0x00, 0xa1, 0xf7, 0x37, 0x75, 0xee,
-	0xa9, 0xa9, 0x9a, 0x57, 0xf3, 0xc4, 0x66, 0x83, 0x8f, 0x7c, 0x9c, 0xfa, 0x5e, 0xcd, 0xf3, 0x6a,
-	0x0d, 0x62, 0x88, 0xd9, 0x71, 0xfb, 0xc4, 0x20, 0x4e, 0x93, 0x75, 0xe5, 0xa2, 0x36, 0xbc, 0x78,
-	0x62, 0x93, 0x46, 0xf5, 0xa5, 0x63, 0xd1, 0xba, 0xdc, 0xb1, 0x3a, 0xbc, 0x83, 0xd9, 0x0e, 0xa1,
-	0xcc, 0x72, 0x9a, 0x72, 0xc3, 0xfd, 0x50, 0x67, 0x64, 0xdd, 0x26, 0xa1, 0x86, 0xe3, 0xb5, 0x5d,
-	0xe6, 0xe3, 0x72, 0x7f, 0x23, 0x48, 0x7f, 0xde, 0x22, 0x4d, 0xab, 0x45, 0x9e, 0xca, 0x53, 0x98,
-	0xe4, 0xeb, 0x36, 0xa1, 0x0c, 0x6b, 0x90, 0x08, 0x0e, 0xc6, 0x48, 0x2b, 0x83, 0x34, 0xb4, 0xb6,
-	0x60, 0x0e, 0x7e, 0xc2, 0x49, 0x88, 0xd5, 0x49, 0x37, 0x13, 0x15, 0x2b, 0x7c, 0x88, 0xd3, 0x10,
-	0xe7, 0xa6, 0x5c, 0x96, 0x89, 0x89, 0x8f, 0x72, 0x86, 0xbf, 0x84, 0x78, 0xc3, 0x3a, 0x26, 0x0d,
-	0x9a, 0x51, 0xb4, 0xd8, 0x5a, 0x22, 0xbf, 0xa5, 0x8f, 0xd3, 0x51, 0x1f, 0xcd, 0x4a, 0x7f, 0x2c,
-	0xcc, 0x94, 0x5c, 0xd6, 0xea, 0x9a, 0xd2, 0xa6, 0xfa, 0x10, 0x12, 0x03, 0x9f, 0x03, 0x5a, 0xa8,
-	0x4f, 0x2b, 0x05, 0x73, 0x1d, 0xab, 0xd1, 0x26, 0x92, 0xaa, 0x3f, 0x79, 0x14, 0x5d, 0x47, 0xb9,
-	0x6d, 0xb8, 0x73, 0xcd, 0x11, 0x6d, 0x7a, 0x2e, 0x25, 0xd8, 0x80, 0xb8, 0x50, 0x8a, 0x66, 0x90,
-	0xe0, 0x7c, 0x67, 0x90, 0xb3, 0x50, 0x52, 0xdf, 0xe5, 0xeb, 0xa6, 0xdc, 0x96, 0xfb, 0x0b, 0xc1,
-	0xed, 0x43, 0x9b, 0xbc, 0x7a, 0x9b, 0x42, 0x1e, 0x0d, 0x09, 0x59, 0x18, 0x2f, 0xe4, 0x08, 0x4a,
-	0xb3, 0x56, 0xf1, 0x33, 0x48, 0x5d, 0xf5, 0x32, 0xad, 0x84, 0x45, 0x58, 0x12, 0x1f, 0xe8, 0x0d,
-	0xb4, 0xcb, 0x15, 0x60, 0x39, 0x30, 0x32, 0x2d, 0x8f, 0x1d, 0x58, 0x31, 0x89, 0xe3, 0x75, 0x66,
-	0x91, 0x14, 0xfc, 0x5e, 0xac, 0x14, 0x3d, 0xc7, 0xb1, 0xd9, 0xe4, 0xd6, 0x30, 0x28, 0xae, 0xe5,
-	0x04, 0x92, 0x8b, 0x71, 0xe0, 0x21, 0xd6, 0x8f, 0xcc, 0x17, 0x43, 0xb7, 0xa2, 0x38, 0xfe, 0x56,
-	0x8c, 0x24, 0x34, 0xeb, 0x7b, 0x51, 0x86, 0xdb, 0x4f, 0x99, 0xc5, 0x66, 0x21, 0xe2, 0xbf, 0x51,
-	0x50, 0xca, 0xee, 0x89, 0xd7, 0x53, 0x04, 0x0d, 0x28, 0xd2, 0xcf, 0x96, 0xe8, 0x95, 0x6c, 0x79,
-	0x04, 0x4a, 0xdd, 0x76, 0xab, 0x42, 0xaa, 0xe5, 0xfc, 0x07, 0xe3, 0x55, 0xd9, 0xb1, 0xdd, 0xaa,
-	0x29, 0x30, 0xb8, 0x08, 0x50, 0x69, 0x11, 0x8b, 0x91, 0xea, 0x4b, 0x8b, 0x65, 0x14, 0x0d, 0xad,
-	0x25, 0xf2, 0xaa, 0xee, 0xd7, 0x61, 0x3d, 0xa8, 0xc3, 0xfa, 0x7e, 0x50, 0x87, 0x37, 0x6f, 0x5d,
-	0xfc, 0xbe, 0x1a, 0xf9, 0xe1, 0x8f, 0x55, 0x64, 0x2e, 0x48, 0x5c, 0x81, 0x71, 0x23, 0xed, 0x66,
-	0x35, 0x30, 0x32, 0x37, 0x89, 0x11, 0x89, 0x2b, 0x30, 0xbc, 0xdd, 0x8b, 0x6e, 0x5c, 0x44, 0x37,
-	0x3f, 0xfe, 0x1c, 0x5c, 0xa9, 0x59, 0x07, 0xf3, 0x39, 0xa4, 0xae, 0x06, 0x53, 0x26, 0xd7, 0x27,
-	0xa0, 0xd8, 0xee, 0x89, 0x27, 0x8c, 0x24, 0xc2, 0x88, 0xcc, 0xc9, 0x6d, 0x2a, 0xfc, 0xa4, 0xa6,
-	0x40, 0xe6, 0x7e, 0x46, 0xb0, 0x72, 0x20, 0x8e, 0x3b, 0xf9, 0x4d, 0x09, 0xbc, 0x47, 0xa7, 0xf5,
-	0x8e, 0x37, 0x20, 0xe1, 0x6b, 0x2d, 0x1a, 0xae, 0xb8, 0x2b, 0xa3, 0x82, 0xf4, 0x29, 0xef, 0xc9,
-	0xbb, 0x16, 0xad, 0x9b, 0x32, 0xa4, 0x7c, 0x9c, 0x7b, 0x01, 0xe9, 0x61, 0xe6, 0x33, 0x93, 0x65,
-	0x1d, 0x52, 0x8f, 0x6d, 0xda, 0x13, 0x3c, 0x7c, 0x4d, 0xcc, 0x1d, 0xc1, 0xca, 0x10, 0xf2, 0x1a,
-	0xa9, 0xd8, 0x94, 0xa4, 0x36, 0x61, 0xf1, 0x80, 0x5a, 0x35, 0x72, 0x93, 0x5c, 0xde, 0x80, 0x25,
-	0x69, 0x43, 0xd2, 0xc2, 0xa0, 0x50, 0xfb, 0x1b, 0x3f, 0xa7, 0x63, 0xa6, 0x18, 0xf3, 0x9c, 0xb6,
-	0x5d, 0xaf, 0x4a, 0xa8, 0x40, 0xc6, 0x4c, 0x39, 0xfb, 0xf0, 0x35, 0x02, 0x85, 0xa7, 0x29, 0x7e,
-	0x1f, 0xe6, 0x0f, 0xf6, 0x76, 0xf6, 0x9e, 0x3c, 0xdb, 0x4b, 0x46, 0xd4, 0x77, 0xce, 0xce, 0xb5,
-	0x04, 0xff, 0x7c, 0xe0, 0xd6, 0x5d, 0xef, 0x95, 0x8b, 0xd3, 0xa0, 0x1c, 0x96, 0x4b, 0xcf, 0x92,
-	0x48, 0x5d, 0x3c, 0x3b, 0xd7, 0x6e, 0xf1, 0x25, 0xde, 0xa2, 0xb0, 0x0a, 0xf1, 0x42, 0x71, 0xbf,
-	0x7c, 0x58, 0x4a, 0x46, 0xd5, 0xe5, 0xb3, 0x73, 0x0d, 0xf8, 0x4a, 0xa1, 0xc2, 0xec, 0x0e, 0xc1,
-	0x1a, 0x2c, 0x14, 0x9f, 0xec, 0xee, 0x96, 0xf7, 0xf7, 0x4b, 0x5b, 0xc9, 0x98, 0xfa, 0xee, 0xd9,
-	0xb9, 0xb6, 0xc4, 0x97, 0xfd, 0x5a, 0xc9, 0x48, 0x55, 0x5d, 0x7c, 0xfd, 0x63, 0x36, 0xf2, 0xcb,
-	0x4f, 0x59, 0xc1, 0x20, 0xff, 0xcf, 0x3c, 0x2c, 0xf4, 0x34, 0xc6, 0xdf, 0xc1, 0xbc, 0x7c, 0x4a,
-	0xe0, 0xf5, 0x69, 0x9f, 0x37, 0xea, 0xc3, 0x29, 0x90, 0x52, 0xc4, 0x36, 0x28, 0xe2, 0x84, 0x1f,
-	0x4f, 0xf5, 0x24, 0x50, 0xef, 0x4f, 0x0a, 0x93, 0x6e, 0xeb, 0x10, 0xf7, 0xbb, 0x2d, 0x36, 0xc6,
-	0x5b, 0xb8, 0xd2, 0xdc, 0xd5, 0xbb, 0xe1, 0x01, 0xd2, 0xd9, 0x11, 0xc4, 0xfd, 0x60, 0xe0, 0x07,
-	0x53, 0xb6, 0x38, 0x35, 0x7d, 0x2d, 0xb3, 0x4b, 0xfc, 0x29, 0xce, 0x4d, 0xfb, 0x2d, 0x3f, 0x8c,
-	0xe9, 0x91, 0x8f, 0x83, 0xff, 0x35, 0xdd, 0x06, 0x85, 0x57, 0xce, 0x30, 0x91, 0x19, 0xd1, 0x2e,
-	0xc3, 0x44, 0x66, 0x64, 0x61, 0xfe, 0x16, 0xe2, 0x7e, 0x6d, 0x0a, 0x73, 0xa2, 0x91, 0xf5, 0x57,
-	0x5d, 0x9f, 0x1c, 0x28, 0x9d, 0x77, 0x41, 0xe1, 0x25, 0x08, 0x87, 0x20, 0x3f, 0xaa, 0xc8, 0xa9,
-	0x0f, 0x26, 0xc6, 0xf9, 0x8e, 0xef, 0x22, 0x7c, 0x0a, 0x73, 0xa2, 0xbc, 0x60, 0x3d, 0x04, 0xfb,
-	0x81, 0x5a, 0xa6, 0x1a, 0xa1, 0xf7, 0xfb, 0xbe, 0x36, 0xbf, 0xba, 0x78, 0x93, 0x8d, 0xfc, 0xf6,
-	0x26, 0x1b, 0xf9, 0xfe, 0x32, 0x8b, 0x2e, 0x2e, 0xb3, 0xe8, 0xd7, 0xcb, 0x2c, 0xfa, 0xf3, 0x32,
-	0x8b, 0x5e, 0x6c, 0x4d, 0xff, 0xcf, 0xb9, 0xd1, 0x9b, 0x3c, 0x8f, 0x1c, 0xc7, 0xc5, 0x55, 0xfa,
-	0xe8, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8e, 0xa0, 0xb2, 0xda, 0xc4, 0x0e, 0x00, 0x00,
+	0x14, 0x67, 0x61, 0x8d, 0xc3, 0xc3, 0x76, 0xe9, 0x04, 0x13, 0xb4, 0xad, 0xf0, 0x8a, 0x43, 0x65,
+	0xf5, 0xb0, 0x9b, 0x50, 0x35, 0x71, 0xe2, 0x4b, 0x31, 0xa6, 0x15, 0x76, 0xec, 0x54, 0x1b, 0xdb,
+	0x89, 0xd3, 0xaa, 0xd1, 0x1a, 0x06, 0xbc, 0x82, 0xdd, 0xa5, 0xcc, 0x40, 0x44, 0x2b, 0x55, 0x3d,
+	0x46, 0x3e, 0xf5, 0x0b, 0xf8, 0xd4, 0x7e, 0x88, 0xaa, 0x9f, 0xc0, 0xc7, 0x1e, 0x7b, 0x6a, 0x1b,
+	0x7f, 0x89, 0x9e, 0xfa, 0x47, 0x33, 0x3b, 0x0b, 0x18, 0x53, 0xb1, 0xac, 0xc9, 0x6d, 0x66, 0x67,
+	0xde, 0xef, 0xfd, 0xde, 0xef, 0xcd, 0x7b, 0x33, 0x0b, 0x3b, 0x0d, 0x8b, 0x9e, 0x76, 0x4f, 0xb4,
+	0xaa, 0x6b, 0xeb, 0x55, 0xd7, 0xa1, 0xa6, 0xe5, 0xe0, 0x4e, 0x6d, 0x74, 0x68, 0xb6, 0x2d, 0x9d,
+	0xe0, 0x4e, 0xcf, 0xaa, 0x62, 0xa2, 0x13, 0xc7, 0x6c, 0x93, 0x53, 0x97, 0x12, 0xbd, 0x77, 0x6f,
+	0x38, 0xd1, 0xda, 0x1d, 0x97, 0xba, 0x48, 0x1d, 0x5a, 0x69, 0xbe, 0x85, 0x36, 0xdc, 0xd4, 0xbb,
+	0xa7, 0xa4, 0x1b, 0x6e, 0xc3, 0xe5, 0x9b, 0x75, 0x36, 0xf2, 0xec, 0x94, 0xf7, 0x1a, 0xae, 0xdb,
+	0x68, 0x61, 0x9d, 0xcf, 0x4e, 0xba, 0x75, 0x1d, 0xdb, 0x6d, 0xda, 0x17, 0x8b, 0xea, 0xf8, 0x62,
+	0xdd, 0xc2, 0xad, 0xda, 0x4b, 0xdb, 0x24, 0x4d, 0xb1, 0x63, 0x6d, 0x7c, 0x07, 0xb5, 0x6c, 0x4c,
+	0xa8, 0x69, 0xb7, 0xc5, 0x86, 0xfb, 0x81, 0x62, 0xa4, 0xfd, 0x36, 0x26, 0xba, 0xed, 0x76, 0x1d,
+	0xea, 0xd9, 0xe5, 0xff, 0x96, 0x20, 0xf3, 0x79, 0x07, 0xb7, 0xcd, 0x0e, 0x7e, 0x2a, 0xa2, 0x30,
+	0xf0, 0xd7, 0x5d, 0x4c, 0x28, 0x52, 0x21, 0xe9, 0x07, 0x46, 0x71, 0x27, 0x2b, 0xa9, 0xd2, 0x7a,
+	0xc2, 0x18, 0xfd, 0x84, 0x52, 0x10, 0x6b, 0xe2, 0x7e, 0x36, 0xca, 0x57, 0xd8, 0x10, 0x65, 0x20,
+	0xce, 0xa0, 0x1c, 0x9a, 0x8d, 0xf1, 0x8f, 0x62, 0x86, 0xbe, 0x84, 0x78, 0xcb, 0x3c, 0xc1, 0x2d,
+	0x92, 0x95, 0xd5, 0xd8, 0x7a, 0xb2, 0xb0, 0xad, 0x4d, 0xd3, 0x51, 0x9b, 0xcc, 0x4a, 0x7b, 0xcc,
+	0x61, 0xca, 0x0e, 0xed, 0xf4, 0x0d, 0x81, 0xa9, 0x3c, 0x84, 0xe4, 0xc8, 0x67, 0x9f, 0x96, 0x34,
+	0xa4, 0x95, 0x86, 0x85, 0x9e, 0xd9, 0xea, 0x62, 0x41, 0xd5, 0x9b, 0x3c, 0x8a, 0x6e, 0x48, 0xf9,
+	0x1d, 0xb8, 0x73, 0xcd, 0x11, 0x69, 0xbb, 0x0e, 0xc1, 0x48, 0x87, 0x38, 0x57, 0x8a, 0x64, 0x25,
+	0xce, 0xf9, 0xce, 0x28, 0x67, 0xae, 0xa4, 0xb6, 0xc7, 0xd6, 0x0d, 0xb1, 0x2d, 0xff, 0x97, 0x04,
+	0xb7, 0x8f, 0x2c, 0xfc, 0xea, 0x6d, 0x0a, 0x79, 0x3c, 0x26, 0x64, 0x71, 0xba, 0x90, 0x13, 0x28,
+	0xcd, 0x5b, 0xc5, 0xcf, 0x20, 0x7d, 0xd5, 0x4b, 0x58, 0x09, 0x4b, 0xb0, 0xcc, 0x3f, 0x90, 0x1b,
+	0x68, 0x97, 0x2f, 0xc2, 0x8a, 0x0f, 0x12, 0x96, 0xc7, 0x2e, 0xac, 0x1a, 0xd8, 0x76, 0x7b, 0xf3,
+	0x28, 0x0a, 0x76, 0x2e, 0x56, 0x4b, 0xae, 0x6d, 0x5b, 0x74, 0x76, 0x34, 0x04, 0xb2, 0x63, 0xda,
+	0xbe, 0xe4, 0x7c, 0xec, 0x7b, 0x88, 0x0d, 0x33, 0xf3, 0xc5, 0xd8, 0xa9, 0x28, 0x4d, 0x3f, 0x15,
+	0x13, 0x09, 0xcd, 0xfb, 0x5c, 0x54, 0xe0, 0xf6, 0x53, 0x6a, 0xd2, 0x79, 0x88, 0xf8, 0x6f, 0x14,
+	0xe4, 0x8a, 0x53, 0x77, 0x07, 0x8a, 0x48, 0x23, 0x8a, 0x0c, 0xab, 0x25, 0x7a, 0xa5, 0x5a, 0x1e,
+	0x81, 0xdc, 0xb4, 0x9c, 0x1a, 0x97, 0x6a, 0xa5, 0xf0, 0xc1, 0x74, 0x55, 0x76, 0x2d, 0xa7, 0x66,
+	0x70, 0x1b, 0x54, 0x02, 0xa8, 0x76, 0xb0, 0x49, 0x71, 0xed, 0xa5, 0x49, 0xb3, 0xb2, 0x2a, 0xad,
+	0x27, 0x0b, 0x8a, 0xe6, 0xf5, 0x61, 0xcd, 0xef, 0xc3, 0xda, 0x81, 0xdf, 0x87, 0xb7, 0x6e, 0x5d,
+	0xfc, 0xbe, 0x16, 0xf9, 0xe1, 0x8f, 0x35, 0xc9, 0x48, 0x08, 0xbb, 0x22, 0x65, 0x20, 0xdd, 0x76,
+	0xcd, 0x07, 0x59, 0x98, 0x05, 0x44, 0xd8, 0x15, 0x29, 0xda, 0x19, 0x64, 0x37, 0xce, 0xb3, 0x5b,
+	0x98, 0x1e, 0x07, 0x53, 0x6a, 0xde, 0xc9, 0x7c, 0x0e, 0xe9, 0xab, 0xc9, 0x14, 0xc5, 0xf5, 0x09,
+	0xc8, 0x96, 0x53, 0x77, 0x39, 0x48, 0x32, 0x88, 0xc8, 0x8c, 0xdc, 0x96, 0xcc, 0x22, 0x35, 0xb8,
+	0x65, 0xfe, 0x67, 0x09, 0x56, 0x0f, 0x79, 0xb8, 0xb3, 0x9f, 0x14, 0xdf, 0x7b, 0x34, 0xac, 0x77,
+	0xb4, 0x09, 0x49, 0x4f, 0x6b, 0x7e, 0xe1, 0xf2, 0xb3, 0x32, 0x29, 0x49, 0x9f, 0xb2, 0x3b, 0x79,
+	0xcf, 0x24, 0x4d, 0x43, 0xa4, 0x94, 0x8d, 0xf3, 0x2f, 0x20, 0x33, 0xce, 0x7c, 0x6e, 0xb2, 0x18,
+	0x90, 0x7e, 0x6c, 0x91, 0x81, 0xe0, 0x33, 0xf4, 0xc4, 0x2c, 0x2c, 0xd6, 0xad, 0x16, 0xc5, 0x1d,
+	0x92, 0x8d, 0xaa, 0xb1, 0xf5, 0x84, 0xe1, 0x4f, 0xf3, 0xc7, 0xb0, 0x3a, 0x86, 0x79, 0x8d, 0x6e,
+	0x2c, 0x24, 0xdd, 0x2d, 0x58, 0x3a, 0x24, 0x66, 0x03, 0xdf, 0xa4, 0xca, 0x37, 0x61, 0x59, 0x60,
+	0x08, 0x5a, 0x08, 0x64, 0x62, 0x7d, 0xe3, 0x55, 0x7b, 0xcc, 0xe0, 0x63, 0x56, 0xed, 0x96, 0xe3,
+	0xd6, 0x30, 0xe1, 0x96, 0x31, 0x43, 0xcc, 0x3e, 0x7c, 0x2d, 0x81, 0xcc, 0x0a, 0x18, 0xbd, 0x0f,
+	0x8b, 0x87, 0xfb, 0xbb, 0xfb, 0x4f, 0x9e, 0xed, 0xa7, 0x22, 0xca, 0x3b, 0x67, 0xe7, 0x6a, 0x92,
+	0x7d, 0x3e, 0x74, 0x9a, 0x8e, 0xfb, 0xca, 0x41, 0x19, 0x90, 0x8f, 0x2a, 0xe5, 0x67, 0x29, 0x49,
+	0x59, 0x3a, 0x3b, 0x57, 0x6f, 0xb1, 0x25, 0x76, 0x79, 0x21, 0x05, 0xe2, 0xc5, 0xd2, 0x41, 0xe5,
+	0xa8, 0x9c, 0x8a, 0x2a, 0x2b, 0x67, 0xe7, 0x2a, 0xb0, 0x95, 0x62, 0x95, 0x5a, 0x3d, 0x8c, 0x54,
+	0x48, 0x94, 0x9e, 0xec, 0xed, 0x55, 0x0e, 0x0e, 0xca, 0xdb, 0xa9, 0x98, 0xf2, 0xee, 0xd9, 0xb9,
+	0xba, 0xcc, 0x96, 0xbd, 0x2e, 0x4a, 0x71, 0x4d, 0x59, 0x7a, 0xfd, 0x63, 0x2e, 0xf2, 0xcb, 0x4f,
+	0x39, 0xce, 0xa0, 0xf0, 0xcf, 0x22, 0x24, 0x06, 0x1a, 0xa3, 0xef, 0x60, 0x51, 0x3c, 0x32, 0xd0,
+	0x46, 0xd8, 0x87, 0x8f, 0xf2, 0x30, 0x84, 0xa5, 0x10, 0xb1, 0x0b, 0x32, 0x8f, 0xf0, 0xe3, 0x50,
+	0x8f, 0x05, 0xe5, 0xfe, 0xac, 0x66, 0xc2, 0x6d, 0x13, 0xe2, 0xde, 0x3d, 0x8c, 0xf4, 0xe9, 0x08,
+	0x57, 0xae, 0x7d, 0xe5, 0x6e, 0x70, 0x03, 0xe1, 0xec, 0x18, 0xe2, 0x5e, 0x32, 0xd0, 0x83, 0x90,
+	0x97, 0x9f, 0x92, 0xb9, 0x56, 0xf3, 0x65, 0xf6, 0x48, 0x67, 0xd0, 0xde, 0x63, 0x20, 0x08, 0xf4,
+	0xc4, 0x67, 0xc3, 0xff, 0x42, 0x77, 0x41, 0x66, 0x3d, 0x35, 0x48, 0x66, 0x26, 0x5c, 0xa4, 0x41,
+	0x32, 0x33, 0xb1, 0x65, 0x7f, 0x0b, 0x71, 0xaf, 0x6b, 0x05, 0x89, 0x68, 0x62, 0x67, 0x56, 0x36,
+	0x66, 0x37, 0x14, 0xce, 0xfb, 0x20, 0xb3, 0x16, 0x84, 0x02, 0x90, 0x9f, 0xd4, 0xfe, 0x94, 0x07,
+	0x33, 0xdb, 0x79, 0x8e, 0xef, 0x4a, 0xe8, 0x14, 0x16, 0x78, 0x7b, 0x41, 0x5a, 0x00, 0xf6, 0x23,
+	0xbd, 0x4c, 0xd1, 0x03, 0xef, 0xf7, 0x7c, 0x6d, 0x7d, 0x75, 0xf1, 0x26, 0x17, 0xf9, 0xed, 0x4d,
+	0x2e, 0xf2, 0xfd, 0x65, 0x4e, 0xba, 0xb8, 0xcc, 0x49, 0xbf, 0x5e, 0xe6, 0xa4, 0x3f, 0x2f, 0x73,
+	0xd2, 0x8b, 0xed, 0xf0, 0x7f, 0xa3, 0x9b, 0x83, 0xc9, 0xf3, 0xc8, 0x49, 0x9c, 0x1f, 0xa5, 0x8f,
+	0xfe, 0x0b, 0x00, 0x00, 0xff, 0xff, 0x3b, 0x8b, 0xa6, 0xa4, 0xde, 0x0e, 0x00, 0x00,
 }

 // Reference imports to suppress errors if they are not otherwise used.
@@ -1787,6 +1799,21 @@ func (m *ListSnapshotsRequest) MarshalTo(dAtA []byte) (int, error) {
 		i = encodeVarintSnapshots(dAtA, i, uint64(len(m.Snapshotter)))
 		i += copy(dAtA[i:], m.Snapshotter)
 	}
+	if len(m.Filters) > 0 {
+		for _, s := range m.Filters {
+			dAtA[i] = 0x12
+			i++
+			l = len(s)
+			for l >= 1<<7 {
+				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+				l >>= 7
+				i++
+			}
+			dAtA[i] = uint8(l)
+			i++
+			i += copy(dAtA[i:], s)
+		}
+	}
 	if m.XXX_unrecognized != nil {
 		i += copy(dAtA[i:], m.XXX_unrecognized)
 	}
@@ -2204,6 +2231,12 @@ func (m *ListSnapshotsRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovSnapshots(uint64(l))
 	}
+	if len(m.Filters) > 0 {
+		for _, s := range m.Filters {
+			l = len(s)
+			n += 1 + l + sovSnapshots(uint64(l))
+		}
+	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@@ -2487,6 +2520,7 @@ func (this *ListSnapshotsRequest) String() string {
 	}
 	s := strings.Join([]string{`&ListSnapshotsRequest{`,
 		`Snapshotter:` + fmt.Sprintf("%v", this.Snapshotter) + `,`,
+		`Filters:` + fmt.Sprintf("%v", this.Filters) + `,`,
 		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
@@ -4704,6 +4738,38 @@ func (m *ListSnapshotsRequest) Unmarshal(dAtA []byte) error {
 			}
 			m.Snapshotter = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Filters", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSnapshots
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthSnapshots
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSnapshots
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Filters = append(m.Filters, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipSnapshots(dAtA[iNdEx:])
--- a/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto
+++ b/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto
@@ -133,6 +133,18 @@ message UpdateSnapshotResponse {

 message ListSnapshotsRequest{
 	string snapshotter = 1;
+
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, images that match the following will be
+	// returned:
+	//
+	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	repeated string filters = 2;
 }

 message ListSnapshotsResponse {
--- a/vendor/github.com/containerd/containerd/client_opts.go
+++ b/vendor/github.com/containerd/containerd/client_opts.go
@@ -130,6 +130,14 @@ func WithPullUnpack(_ *Client, c *RemoteContext) error {
 	return nil
 }

+// WithUnpackOpts is used to add unpack options to the unpacker.
+func WithUnpackOpts(opts []UnpackOpt) RemoteOpt {
+	return func(_ *Client, c *RemoteContext) error {
+		c.UnpackOpts = append(c.UnpackOpts, opts...)
+		return nil
+	}
+}
+
 // WithPullSnapshotter specifies snapshotter name used for unpacking
 func WithPullSnapshotter(snapshotterName string) RemoteOpt {
 	return func(_ *Client, c *RemoteContext) error {
--- a/vendor/github.com/containerd/containerd/cmd/containerd/command/config.go
+++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/config.go
@@ -65,10 +65,14 @@ func outputConfig(cfg *srvconfig.Config) error {
 		}
 	}

+	if config.Timeouts == nil {
+		config.Timeouts = make(map[string]string)
+	}
 	timeouts := timeout.All()
-	config.Timeouts = make(map[string]string)
 	for k, v := range timeouts {
-		config.Timeouts[k] = v.String()
+		if config.Timeouts[k] == "" {
+			config.Timeouts[k] = v.String()
+		}
 	}

 	// for the time being, keep the defaultConfig's version set at 1 so that
--- a/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go
+++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go
@@ -284,7 +284,7 @@ func setLevel(context *cli.Context, config *srvconfig.Config) error {
 		l = config.Debug.Level
 	}
 	if l != "" {
-		lvl, err := log.ParseLevel(l)
+		lvl, err := logrus.ParseLevel(l)
 		if err != nil {
 			return err
 		}
--- a/vendor/github.com/containerd/containerd/cmd/containerd/command/main_windows.go
+++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/main_windows.go
@@ -23,7 +23,6 @@ import (
 	"path/filepath"
 	"unsafe"

-	winio "github.com/Microsoft/go-winio"
 	"github.com/Microsoft/go-winio/pkg/etw"
 	"github.com/Microsoft/go-winio/pkg/etwlogrus"
 	"github.com/Microsoft/go-winio/pkg/guid"
@@ -70,7 +69,7 @@ func setupDumpStacks() {
 	// signaled. ACL'd to builtin administrators and local system
 	event := "Global\\stackdump-" + fmt.Sprint(os.Getpid())
 	ev, _ := windows.UTF16PtrFromString(event)
-	sd, err := winio.SddlToSecurityDescriptor("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
+	sd, err := windows.SecurityDescriptorFromString("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
 	if err != nil {
 		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", event, err.Error())
 		return
@@ -78,7 +77,7 @@ func setupDumpStacks() {
 	var sa windows.SecurityAttributes
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 	h, err := windows.CreateEvent(&sa, 0, 0, ev)
 	if h == 0 || err != nil {
 		logrus.Errorf("failed to create debug stackdump event %s: %s", event, err.Error())
--- a/vendor/github.com/containerd/containerd/cmd/containerd/command/service_windows.go
+++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/service_windows.go
@@ -42,6 +42,7 @@ var (
 	registerServiceFlag   bool
 	unregisterServiceFlag bool
 	runServiceFlag        bool
+	logFileFlag           string

 	kernel32     = windows.NewLazySystemDLL("kernel32.dll")
 	setStdHandle = kernel32.NewProc("SetStdHandle")
@@ -52,6 +53,8 @@ var (
 	service *handler
 )

+const defaultServiceName = "containerd"
+
 // serviceFlags returns an array of flags for configuring containerd to run
 // as a Windows service under control of SCM.
 func serviceFlags() []cli.Flag {
@@ -59,7 +62,7 @@ func serviceFlags() []cli.Flag {
 		cli.StringFlag{
 			Name:  "service-name",
 			Usage: "Set the Windows service name",
-			Value: "containerd",
+			Value: defaultServiceName,
 		},
 		cli.BoolFlag{
 			Name:  "register-service",
@@ -74,14 +77,18 @@ func serviceFlags() []cli.Flag {
 			Usage:  "",
 			Hidden: true,
 		},
+		cli.StringFlag{
+			Name:  "log-file",
+			Usage: "Path to the containerd log file",
+		},
 	}
 }

 // applyPlatformFlags applies platform-specific flags.
 func applyPlatformFlags(context *cli.Context) {
-
-	if s := context.GlobalString("service-name"); s != "" {
-		serviceNameFlag = s
+	serviceNameFlag = context.GlobalString("service-name")
+	if serviceNameFlag == "" {
+		serviceNameFlag = defaultServiceName
 	}
 	for _, v := range []struct {
 		name string
@@ -102,6 +109,7 @@ func applyPlatformFlags(context *cli.Context) {
 	} {
 		*v.d = context.GlobalBool(v.name)
 	}
+	logFileFlag = context.GlobalString("log-file")
 }

 type handler struct {
@@ -243,7 +251,15 @@ func registerUnregisterService(root string) (bool, error) {
 			return true, err
 		}

-		logrus.SetOutput(ioutil.Discard)
+		logOutput := ioutil.Discard
+		if logFileFlag != "" {
+			f, err := os.OpenFile(logFileFlag, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+			if err != nil {
+				return true, errors.Wrapf(err, "open log file %q", logFileFlag)
+			}
+			logOutput = f
+		}
+		logrus.SetOutput(logOutput)
 	}
 	return false, nil
 }
--- a/vendor/github.com/containerd/containerd/diff/apply/apply_linux.go
+++ b/vendor/github.com/containerd/containerd/diff/apply/apply_linux.go
@@ -26,12 +26,18 @@ import (
 	"github.com/containerd/containerd/archive"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/mount"
+	"github.com/opencontainers/runc/libcontainer/system"
 	"github.com/pkg/errors"
 )

 func apply(ctx context.Context, mounts []mount.Mount, r io.Reader) error {
 	switch {
 	case len(mounts) == 1 && mounts[0].Type == "overlay":
+		// OverlayConvertWhiteout (mknod c 0 0) doesn't work in userns.
+		// https://github.com/containerd/containerd/issues/3762
+		if system.RunningInUserNS() {
+			break
+		}
 		path, parents, err := getOverlayPath(mounts[0].Options)
 		if err != nil {
 			if errdefs.IsInvalidArgument(err) {
--- a/vendor/github.com/containerd/containerd/events/exchange/exchange.go
+++ b/vendor/github.com/containerd/containerd/events/exchange/exchange.go
@@ -225,7 +225,7 @@ func validateTopic(topic string) error {
 }

 func validateEnvelope(envelope *events.Envelope) error {
-	if err := namespaces.Validate(envelope.Namespace); err != nil {
+	if err := identifiers.Validate(envelope.Namespace); err != nil {
 		return errors.Wrapf(err, "event envelope has invalid namespace")
 	}

--- a/vendor/github.com/containerd/containerd/identifiers/validate.go
+++ b/vendor/github.com/containerd/containerd/identifiers/validate.go
@@ -42,13 +42,13 @@ var (
 	identifierRe = regexp.MustCompile(reAnchor(alphanum + reGroup(separators+reGroup(alphanum)) + "*"))
 )

-// Validate return nil if the string s is a valid identifier.
+// Validate returns nil if the string s is a valid identifier.
 //
-// identifiers must be valid domain names according to RFC 1035, section 2.3.1.  To
-// enforce case insensitivity, all characters must be lower case.
+// identifiers are similar to the domain name rules according to RFC 1035, section 2.3.1. However
+// rules in this package are relaxed to allow numerals to follow period (".") and mixed case is
+// allowed.
 //
-// In general, identifiers that pass this validation, should be safe for use as
-// a domain names or filesystem path component.
+// In general identifiers that pass this validation should be safe for use as filesystem path components.
 func Validate(s string) error {
 	if len(s) == 0 {
 		return errors.Wrapf(errdefs.ErrInvalidArgument, "identifier must not be empty")
--- a/vendor/github.com/containerd/containerd/images/handlers.go
+++ b/vendor/github.com/containerd/containerd/images/handlers.go
@@ -22,6 +22,7 @@ import (
 	"sort"

 	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/platforms"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -226,6 +227,7 @@ func FilterPlatforms(f HandlerFunc, m platforms.Matcher) HandlerFunc {
 // The results will be ordered according to the comparison operator and
 // use the ordering in the manifests for equal matches.
 // A limit of 0 or less is considered no limit.
+// A not found error is returned if no manifest is matched.
 func LimitManifests(f HandlerFunc, m platforms.MatchComparer, n int) HandlerFunc {
 	return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
 		children, err := f(ctx, desc)
@@ -245,8 +247,13 @@ func LimitManifests(f HandlerFunc, m platforms.MatchComparer, n int) HandlerFunc
 				return m.Less(*children[i].Platform, *children[j].Platform)
 			})

-			if n > 0 && len(children) > n {
-				children = children[:n]
+			if n > 0 {
+				if len(children) == 0 {
+					return children, errors.Wrap(errdefs.ErrNotFound, "no match for platform in manifest")
+				}
+				if len(children) > n {
+					children = children[:n]
+				}
 			}
 		default:
 			// only limit manifests from an index
--- a/vendor/github.com/containerd/containerd/install.go
+++ b/vendor/github.com/containerd/containerd/install.go
@@ -21,6 +21,8 @@ import (
 	"context"
 	"os"
 	"path/filepath"
+	"runtime"
+	"strings"

 	introspectionapi "github.com/containerd/containerd/api/services/introspection/v1"
 	"github.com/containerd/containerd/archive"
@@ -48,6 +50,15 @@ func (c *Client) Install(ctx context.Context, image Image, opts ...InstallOpts)
 	if err != nil {
 		return err
 	}
+
+	var binDir, libDir string
+	if runtime.GOOS == "windows" {
+		binDir = "Files\\bin"
+		libDir = "Files\\lib"
+	} else {
+		binDir = "bin"
+		libDir = "lib"
+	}
 	for _, layer := range manifest.Layers {
 		ra, err := cs.ReaderAt(ctx, layer)
 		if err != nil {
@@ -60,9 +71,14 @@ func (c *Client) Install(ctx context.Context, image Image, opts ...InstallOpts)
 		}
 		if _, err := archive.Apply(ctx, path, r, archive.WithFilter(func(hdr *tar.Header) (bool, error) {
 			d := filepath.Dir(hdr.Name)
-			result := d == "bin"
+			result := d == binDir
+
 			if config.Libs {
-				result = result || d == "lib"
+				result = result || d == libDir
+			}
+
+			if runtime.GOOS == "windows" {
+				hdr.Name = strings.Replace(hdr.Name, "Files", "", 1)
 			}
 			if result && !config.Replace {
 				if _, err := os.Lstat(filepath.Join(path, hdr.Name)); err == nil {
--- a/vendor/github.com/containerd/containerd/log/context.go
+++ b/vendor/github.com/containerd/containerd/log/context.go
@@ -18,7 +18,6 @@ package log

 import (
 	"context"
-	"sync/atomic"

 	"github.com/sirupsen/logrus"
 )
@@ -38,23 +37,10 @@ type (
 	loggerKey struct{}
 )

-// TraceLevel is the log level for tracing. Trace level is lower than debug level,
-// and is usually used to trace detailed behavior of the program.
-const TraceLevel = logrus.Level(uint32(logrus.DebugLevel + 1))
-
 // RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to
 // ensure the formatted time is always the same number of characters.
 const RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"

-// ParseLevel takes a string level and returns the Logrus log level constant.
-// It supports trace level.
-func ParseLevel(lvl string) (logrus.Level, error) {
-	if lvl == "trace" {
-		return TraceLevel, nil
-	}
-	return logrus.ParseLevel(lvl)
-}
-
 // WithLogger returns a new context with the provided logger. Use in
 // combination with logger.WithField(s) for great effect.
 func WithLogger(ctx context.Context, logger *logrus.Entry) context.Context {
@@ -72,19 +58,3 @@ func GetLogger(ctx context.Context) *logrus.Entry {

 	return logger.(*logrus.Entry)
 }
-
-// Trace logs a message at level Trace with the log entry passed-in.
-func Trace(e *logrus.Entry, args ...interface{}) {
-	level := logrus.Level(atomic.LoadUint32((*uint32)(&e.Logger.Level)))
-	if level >= TraceLevel {
-		e.Debug(args...)
-	}
-}
-
-// Tracef logs a message at level Trace with the log entry passed-in.
-func Tracef(e *logrus.Entry, format string, args ...interface{}) {
-	level := logrus.Level(atomic.LoadUint32((*uint32)(&e.Logger.Level)))
-	if level >= TraceLevel {
-		e.Debugf(format, args...)
-	}
-}
--- a/vendor/github.com/containerd/containerd/metadata/adaptors.go
+++ b/vendor/github.com/containerd/containerd/metadata/adaptors.go
@@ -24,6 +24,7 @@ import (
 	"github.com/containerd/containerd/filters"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/snapshots"
 )

 func adaptImage(o interface{}) filters.Adaptor {
@@ -139,6 +140,36 @@ func adaptLease(lease leases.Lease) filters.Adaptor {
 	})
 }

+func adaptSnapshot(info snapshots.Info) filters.Adaptor {
+	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
+		if len(fieldpath) == 0 {
+			return "", false
+		}
+
+		switch fieldpath[0] {
+		case "kind":
+			switch info.Kind {
+			case snapshots.KindActive:
+				return "active", true
+			case snapshots.KindView:
+				return "view", true
+			case snapshots.KindCommitted:
+				return "committed", true
+			}
+		case "name":
+			return info.Name, true
+		case "parent":
+			if info.Parent != "" {
+				return info.Parent, true
+			}
+		case "labels":
+			return checkMap(fieldpath[1:], info.Labels)
+		}
+
+		return "", false
+	})
+}
+
 func checkMap(fieldpath []string, m map[string]string) (string, bool) {
 	if len(m) == 0 {
 		return "", false
--- a/vendor/github.com/containerd/containerd/metadata/namespaces.go
+++ b/vendor/github.com/containerd/containerd/metadata/namespaces.go
@@ -20,6 +20,7 @@ import (
 	"context"

 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/identifiers"
 	l "github.com/containerd/containerd/labels"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/pkg/errors"
@@ -41,7 +42,7 @@ func (s *namespaceStore) Create(ctx context.Context, namespace string, labels ma
 		return err
 	}

-	if err := namespaces.Validate(namespace); err != nil {
+	if err := identifiers.Validate(namespace); err != nil {
 		return err
 	}

--- a/vendor/github.com/containerd/containerd/metadata/snapshot.go
+++ b/vendor/github.com/containerd/containerd/metadata/snapshot.go
@@ -25,6 +25,7 @@ import (
 	"time"

 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/filters"
 	"github.com/containerd/containerd/labels"
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/metadata/boltutil"
@@ -530,7 +531,7 @@ type infoPair struct {
 	info snapshots.Info
 }

-func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
+func (s *snapshotter) Walk(ctx context.Context, fn snapshots.WalkFunc, fs ...string) error {
 	ns, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
 		return err
@@ -542,6 +543,11 @@ func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapsho
 		lastKey   string
 	)

+	filter, err := filters.ParseAll(fs...)
+	if err != nil {
+		return err
+	}
+
 	for {
 		if err := view(ctx, s.db, func(tx *bolt.Tx) error {
 			bkt := getSnapshotterBucket(tx, ns, s.name)
@@ -604,8 +610,11 @@ func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapsho
 				return err
 			}

-			if err := fn(ctx, overlayInfo(info, pair.info)); err != nil {
-				return err
+			info = overlayInfo(info, pair.info)
+			if filter.Match(adaptSnapshot(info)) {
+				if err := fn(ctx, info); err != nil {
+					return err
+				}
 			}
 		}

--- a/vendor/github.com/containerd/containerd/namespaces/context.go
+++ b/vendor/github.com/containerd/containerd/namespaces/context.go
@@ -21,6 +21,7 @@ import (
 	"os"

 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/identifiers"
 	"github.com/pkg/errors"
 )

@@ -70,7 +71,7 @@ func NamespaceRequired(ctx context.Context) (string, error) {
 	if !ok || namespace == "" {
 		return "", errors.Wrapf(errdefs.ErrFailedPrecondition, "namespace is required")
 	}
-	if err := Validate(namespace); err != nil {
+	if err := identifiers.Validate(namespace); err != nil {
 		return "", errors.Wrap(err, "namespace validation")
 	}
 	return namespace, nil
--- a/vendor/github.com/containerd/containerd/namespaces/validate.go
+++ b/vendor/github.com/containerd/containerd/namespaces/validate.go
@@ -1,83 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-// Package namespaces provides tools for working with namespaces across
-// containerd.
-//
-// Namespaces collect resources such as containers and images, into a unique
-// identifier space. This means that two applications can use the same
-// identifiers and not conflict while using containerd.
-//
-// This package can be used to ensure that client and server functions
-// correctly store the namespace on the context.
-package namespaces
-
-import (
-	"regexp"
-
-	"github.com/containerd/containerd/errdefs"
-	"github.com/pkg/errors"
-)
-
-const (
-	maxLength = 76
-	alpha     = `[A-Za-z]`
-	alphanum  = `[A-Za-z0-9]+`
-	label     = alpha + alphanum + `(:?[-]+` + alpha + alphanum + `)*`
-)
-
-var (
-	// namespaceRe validates that a namespace matches valid identifiers.
-	//
-	// Rules for domains, defined in RFC 1035, section 2.3.1, are used for
-	// namespaces.
-	namespaceRe = regexp.MustCompile(reAnchor(label + reGroup("[.]"+reGroup(label)) + "*"))
-)
-
-// Validate returns nil if the string s is a valid namespace.
-//
-// To allow such namespace identifiers to be used across various contexts
-// safely, the character set has been restricted to that defined for domains in
-// RFC 1035, section 2.3.1. This will make namespace identifiers safe for use
-// across networks, filesystems and other media.
-//
-// The identifier specification departs from RFC 1035 in that it allows
-// "labels" to start with number and only enforces a total length restriction
-// of 76 characters.
-//
-// While the character set may be expanded in the future, namespace identifiers
-// are guaranteed to be safely used as filesystem path components.
-//
-// For the most part, this doesn't need to be called directly when using the
-// context-oriented functions.
-func Validate(s string) error {
-	if len(s) > maxLength {
-		return errors.Wrapf(errdefs.ErrInvalidArgument, "namespace %q greater than maximum length (%d characters)", s, maxLength)
-	}
-
-	if !namespaceRe.MatchString(s) {
-		return errors.Wrapf(errdefs.ErrInvalidArgument, "namespace %q must match %v", s, namespaceRe)
-	}
-	return nil
-}
-
-func reGroup(s string) string {
-	return `(?:` + s + `)`
-}
-
-func reAnchor(s string) string {
-	return `^` + s + `$`
-}
--- a/vendor/github.com/containerd/containerd/oci/spec_opts.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts.go
@@ -1006,6 +1006,21 @@ func WithParentCgroupDevices(_ context.Context, _ Client, _ *containers.Containe
 	return nil
 }

+// WithAllDevicesAllowed permits READ WRITE MKNOD on all devices nodes for the container
+func WithAllDevicesAllowed(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	setLinux(s)
+	if s.Linux.Resources == nil {
+		s.Linux.Resources = &specs.LinuxResources{}
+	}
+	s.Linux.Resources.Devices = []specs.LinuxDeviceCgroup{
+		{
+			Allow:  true,
+			Access: rwm,
+		},
+	}
+	return nil
+}
+
 // WithDefaultUnixDevices adds the default devices for unix such as /dev/null, /dev/random to
 // the container's resource cgroup spec
 func WithDefaultUnixDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
@@ -1100,7 +1115,6 @@ func WithDefaultUnixDevices(_ context.Context, _ Client, _ *containers.Container
 }

 // WithPrivileged sets up options for a privileged container
-// TODO(justincormack) device handling
 var WithPrivileged = Compose(
 	WithAllCapabilities,
 	WithMaskedPaths(nil),
--- a/vendor/github.com/containerd/containerd/oci/spec_opts_linux.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_linux.go
@@ -19,12 +19,69 @@
 package oci

 import (
+	"context"
+	"io/ioutil"
 	"os"
+	"path/filepath"

+	"github.com/containerd/containerd/containers"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"golang.org/x/sys/unix"
 )

+// WithHostDevices adds all the hosts device nodes to the container's spec
+func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	setLinux(s)
+
+	devs, err := getDevices("/dev")
+	if err != nil {
+		return err
+	}
+	s.Linux.Devices = append(s.Linux.Devices, devs...)
+	return nil
+}
+
+func getDevices(path string) ([]specs.LinuxDevice, error) {
+	files, err := ioutil.ReadDir(path)
+	if err != nil {
+		return nil, err
+	}
+	var out []specs.LinuxDevice
+	for _, f := range files {
+		switch {
+		case f.IsDir():
+			switch f.Name() {
+			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
+			// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
+			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
+				continue
+			default:
+				sub, err := getDevices(filepath.Join(path, f.Name()))
+				if err != nil {
+					return nil, err
+				}
+
+				out = append(out, sub...)
+				continue
+			}
+		case f.Name() == "console":
+			continue
+		}
+		device, err := deviceFromPath(filepath.Join(path, f.Name()), "rwm")
+		if err != nil {
+			if err == ErrNotADevice {
+				continue
+			}
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, err
+		}
+		out = append(out, *device)
+	}
+	return out, nil
+}
+
 func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
 	var stat unix.Stat_t
 	if err := unix.Lstat(path, &stat); err != nil {
--- a/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go
@@ -19,12 +19,69 @@
 package oci

 import (
+	"context"
+	"io/ioutil"
 	"os"
+	"path/filepath"

+	"github.com/containerd/containerd/containers"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"golang.org/x/sys/unix"
 )

+// WithHostDevices adds all the hosts device nodes to the container's spec
+func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	setLinux(s)
+
+	devs, err := getDevices("/dev")
+	if err != nil {
+		return err
+	}
+	s.Linux.Devices = append(s.Linux.Devices, devs...)
+	return nil
+}
+
+func getDevices(path string) ([]specs.LinuxDevice, error) {
+	files, err := ioutil.ReadDir(path)
+	if err != nil {
+		return nil, err
+	}
+	var out []specs.LinuxDevice
+	for _, f := range files {
+		switch {
+		case f.IsDir():
+			switch f.Name() {
+			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
+			// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
+			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
+				continue
+			default:
+				sub, err := getDevices(filepath.Join(path, f.Name()))
+				if err != nil {
+					return nil, err
+				}
+
+				out = append(out, sub...)
+				continue
+			}
+		case f.Name() == "console":
+			continue
+		}
+		device, err := deviceFromPath(filepath.Join(path, f.Name()), "rwm")
+		if err != nil {
+			if err == ErrNotADevice {
+				continue
+			}
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, err
+		}
+		out = append(out, *device)
+	}
+	return out, nil
+}
+
 func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
 	var stat unix.Stat_t
 	if err := unix.Lstat(path, &stat); err != nil {
--- a/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go
@@ -67,6 +67,13 @@ func WithWindowNetworksAllowUnqualifiedDNSQuery() SpecOpts {
 	}
 }

+// WithHostDevices adds all the hosts device nodes to the container's spec
+//
+// Not supported on windows
+func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+	return nil
+}
+
 func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
 	return nil, errors.New("device from path not supported on Windows")
 }
--- a/vendor/github.com/containerd/containerd/pkg/process/io.go
+++ b/vendor/github.com/containerd/containerd/pkg/process/io.go
@@ -40,7 +40,9 @@ import (

 var bufPool = sync.Pool{
 	New: func() interface{} {
-		buffer := make([]byte, 32<<10)
+		// setting to 4096 to align with PIPE_BUF
+		// http://man7.org/linux/man-pages/man7/pipe.7.html
+		buffer := make([]byte, 4096)
 		return &buffer
 	},
 }
--- a/vendor/github.com/containerd/containerd/pull.go
+++ b/vendor/github.com/containerd/containerd/pull.go
@@ -70,6 +70,11 @@ func (c *Client) Pull(ctx context.Context, ref string, opts ...RemoteOpt) (_ Ima
 		}
 		unpackWrapper, eg := u.handlerWrapper(ctx, &unpacks)
 		defer func() {
+			if retErr != nil {
+				// Forcibly stop the unpacker if there is
+				// an error.
+				eg.Cancel()
+			}
 			if err := eg.Wait(); err != nil {
 				if retErr == nil {
 					retErr = errors.Wrap(err, "unpack")
--- a/vendor/github.com/containerd/containerd/reference/reference.go
+++ b/vendor/github.com/containerd/containerd/reference/reference.go
@@ -124,7 +124,7 @@ func (r Spec) Hostname() string {
 	i := strings.Index(r.Locator, "/")

 	if i < 0 {
-		i = len(r.Locator) + 1
+		return r.Locator
 	}
 	return r.Locator[:i]
 }
--- a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go
+++ b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go
@@ -339,9 +339,9 @@ func (pw *pushWriter) Commit(ctx context.Context, size int64, expected digest.Di
 	}

 	// 201 is specified return status, some registries return
-	// 200 or 204.
+	// 200, 202 or 204.
 	switch resp.StatusCode {
-	case http.StatusOK, http.StatusCreated, http.StatusNoContent:
+	case http.StatusOK, http.StatusCreated, http.StatusNoContent, http.StatusAccepted:
 	default:
 		return errors.Errorf("unexpected status: %s", resp.Status)
 	}
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go
@@ -55,7 +55,7 @@ var (
 	empty   = &ptypes.Empty{}
 	bufPool = sync.Pool{
 		New: func() interface{} {
-			buffer := make([]byte, 32<<10)
+			buffer := make([]byte, 4096)
 			return &buffer
 		},
 	}
--- a/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go
+++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/service_linux.go
@@ -55,6 +55,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
 			io.CopyBuffer(epollConsole, in, *bp)
 			// we need to shutdown epollConsole when pipe broken
 			epollConsole.Shutdown(p.epoller.CloseConsole)
+			epollConsole.Close()
 		}()
 	}

@@ -73,9 +74,8 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
 		p := bufPool.Get().(*[]byte)
 		defer bufPool.Put(p)
 		io.CopyBuffer(outw, epollConsole, *p)
-		epollConsole.Close()
-		outr.Close()
 		outw.Close()
+		outr.Close()
 		wg.Done()
 	}()
 	cwg.Wait()
--- a/vendor/github.com/containerd/containerd/services/server/config/config.go
+++ b/vendor/github.com/containerd/containerd/services/server/config/config.go
@@ -28,6 +28,8 @@ import (
 	"github.com/containerd/containerd/plugin"
 )

+// NOTE: Any new map fields added also need to be handled in mergeConfig.
+
 // Config provides containerd configuration data for the server
 type Config struct {
 	// Version of the config file
@@ -321,6 +323,10 @@ func mergeConfig(to, from *Config) error {
 		to.ProxyPlugins[k] = v
 	}

+	for k, v := range from.Timeouts {
+		to.Timeouts[k] = v
+	}
+
 	return nil
 }

--- a/vendor/github.com/containerd/containerd/services/snapshots/service.go
+++ b/vendor/github.com/containerd/containerd/services/snapshots/service.go
@@ -227,7 +227,7 @@ func (s *service) List(sr *snapshotsapi.ListSnapshotsRequest, ss snapshotsapi.Sn
 		}

 		return nil
-	})
+	}, sr.Filters...)
 	if err != nil {
 		return err
 	}
--- a/vendor/github.com/containerd/containerd/snapshots/overlay/overlay.go
+++ b/vendor/github.com/containerd/containerd/snapshots/overlay/overlay.go
@@ -165,9 +165,8 @@ func (o *snapshotter) Usage(ctx context.Context, key string) (snapshots.Usage, e
 		return snapshots.Usage{}, err
 	}

-	upperPath := o.upperPath(id)
-
 	if info.Kind == snapshots.KindActive {
+		upperPath := o.upperPath(id)
 		du, err := fs.DiskUsage(ctx, upperPath)
 		if err != nil {
 			// TODO(stevvooe): Consider not reporting an error in this case.
@@ -282,14 +281,14 @@ func (o *snapshotter) Remove(ctx context.Context, key string) (err error) {
 	return t.Commit()
 }

-// Walk the committed snapshots.
-func (o *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
+// Walk the snapshots.
+func (o *snapshotter) Walk(ctx context.Context, fn snapshots.WalkFunc, fs ...string) error {
 	ctx, t, err := o.ms.TransactionContext(ctx, false)
 	if err != nil {
 		return err
 	}
 	defer t.Rollback()
-	return storage.WalkInfo(ctx, fn)
+	return storage.WalkInfo(ctx, fn, fs...)
 }

 // Cleanup cleans up disk resources from removed or abandoned snapshots
--- a/vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go
+++ b/vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go
@@ -153,9 +153,10 @@ func (p *proxySnapshotter) Remove(ctx context.Context, key string) error {
 	return errdefs.FromGRPC(err)
 }

-func (p *proxySnapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
+func (p *proxySnapshotter) Walk(ctx context.Context, fn snapshots.WalkFunc, fs ...string) error {
 	sc, err := p.client.List(ctx, &snapshotsapi.ListSnapshotsRequest{
 		Snapshotter: p.snapshotterName,
+		Filters:     fs,
 	})
 	if err != nil {
 		return errdefs.FromGRPC(err)
--- a/vendor/github.com/containerd/containerd/snapshots/snapshotter.go
+++ b/vendor/github.com/containerd/containerd/snapshots/snapshotter.go
@@ -118,6 +118,9 @@ func (u *Usage) Add(other Usage) {
 	u.Inodes += other.Inodes
 }

+// WalkFunc defines the callback for a snapshot walk.
+type WalkFunc func(context.Context, Info) error
+
 // Snapshotter defines the methods required to implement a snapshot snapshotter for
 // allocating, snapshotting and mounting filesystem changesets. The model works
 // by building up sets of changes with parent-child relationships.
@@ -314,9 +317,15 @@ type Snapshotter interface {
 	// removed before proceeding.
 	Remove(ctx context.Context, key string) error

-	// Walk all snapshots in the snapshotter. For each snapshot in the
-	// snapshotter, the function will be called.
-	Walk(ctx context.Context, fn func(context.Context, Info) error) error
+	// Walk will call the provided function for each snapshot in the
+	// snapshotter which match the provided filters. If no filters are
+	// given all items will be walked.
+	// Filters:
+	//  name
+	//  parent
+	//  kind (active,view,committed)
+	//  labels.(label)
+	Walk(ctx context.Context, fn WalkFunc, filters ...string) error

 	// Close releases the internal resources.
 	//
--- a/vendor/github.com/containerd/containerd/snapshots/storage/bolt.go
+++ b/vendor/github.com/containerd/containerd/snapshots/storage/bolt.go
@@ -24,6 +24,7 @@ import (
 	"time"

 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/filters"
 	"github.com/containerd/containerd/metadata/boltutil"
 	"github.com/containerd/containerd/snapshots"
 	"github.com/pkg/errors"
@@ -144,7 +145,12 @@ func UpdateInfo(ctx context.Context, info snapshots.Info, fieldpaths ...string)
 // WalkInfo iterates through all metadata Info for the stored snapshots and
 // calls the provided function for each. Requires a context with a storage
 // transaction.
-func WalkInfo(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
+func WalkInfo(ctx context.Context, fn snapshots.WalkFunc, fs ...string) error {
+	filter, err := filters.ParseAll(fs...)
+	if err != nil {
+		return err
+	}
+	// TODO: allow indexes (name, parent, specific labels)
 	return withBucket(ctx, func(ctx context.Context, bkt, pbkt *bolt.Bucket) error {
 		return bkt.ForEach(func(k, v []byte) error {
 			// skip non buckets
@@ -160,6 +166,9 @@ func WalkInfo(ctx context.Context, fn func(context.Context, snapshots.Info) erro
 			if err := readSnapshot(sbkt, nil, &si); err != nil {
 				return err
 			}
+			if !filter.Match(adaptSnapshot(si)) {
+				return nil
+			}

 			return fn(ctx, si)
 		})
@@ -297,7 +306,7 @@ func Remove(ctx context.Context, key string) (string, snapshots.Kind, error) {
 		}

 		if err := readSnapshot(sbkt, &id, &si); err != nil {
-			errors.Wrapf(err, "failed to read snapshot %s", key)
+			return errors.Wrapf(err, "failed to read snapshot %s", key)
 		}

 		if pbkt != nil {
@@ -604,3 +613,38 @@ func encodeID(id uint64) ([]byte, error) {
 	}
 	return idEncoded, nil
 }
+
+func adaptSnapshot(info snapshots.Info) filters.Adaptor {
+	return filters.AdapterFunc(func(fieldpath []string) (string, bool) {
+		if len(fieldpath) == 0 {
+			return "", false
+		}
+
+		switch fieldpath[0] {
+		case "kind":
+			switch info.Kind {
+			case snapshots.KindActive:
+				return "active", true
+			case snapshots.KindView:
+				return "view", true
+			case snapshots.KindCommitted:
+				return "committed", true
+			}
+		case "name":
+			return info.Name, true
+		case "parent":
+			if info.Parent != "" {
+				return info.Parent, true
+			}
+		case "labels":
+			if len(info.Labels) == 0 {
+				return "", false
+			}
+
+			v, ok := info.Labels[strings.Join(fieldpath[1:], ".")]
+			return v, ok
+		}
+
+		return "", false
+	})
+}
--- a/vendor/github.com/containerd/containerd/snapshots/windows/windows.go
+++ b/vendor/github.com/containerd/containerd/snapshots/windows/windows.go
@@ -125,17 +125,20 @@ func (s *snapshotter) Usage(ctx context.Context, key string) (snapshots.Usage, e
 	if err != nil {
 		return snapshots.Usage{}, err
 	}
-	defer t.Rollback()
+	id, info, usage, err := storage.GetInfo(ctx, key)
+	t.Rollback() // transaction no longer needed at this point.

-	_, info, usage, err := storage.GetInfo(ctx, key)
 	if err != nil {
 		return snapshots.Usage{}, err
 	}

 	if info.Kind == snapshots.KindActive {
-		du := fs.Usage{
-			Size: 0,
+		path := s.getSnapshotDir(id)
+		du, err := fs.DiskUsage(ctx, path)
+		if err != nil {
+			return snapshots.Usage{}, err
 		}
+
 		usage = snapshots.Usage(du)
 	}

@@ -173,20 +176,30 @@ func (s *snapshotter) Commit(ctx context.Context, name, key string, opts ...snap
 	if err != nil {
 		return err
 	}
-	defer t.Rollback()

-	usage := fs.Usage{
-		Size: 0,
+	defer func() {
+		if err != nil {
+			if rerr := t.Rollback(); rerr != nil {
+				log.G(ctx).WithError(rerr).Warn("failed to rollback transaction")
+			}
+		}
+	}()
+
+	// grab the existing id
+	id, _, _, err := storage.GetInfo(ctx, key)
+	if err != nil {
+		return err
+	}
+
+	usage, err := fs.DiskUsage(ctx, s.getSnapshotDir(id))
+	if err != nil {
+		return err
 	}

 	if _, err = storage.CommitActive(ctx, key, name, snapshots.Usage(usage), opts...); err != nil {
 		return errors.Wrap(err, "failed to commit snapshot")
 	}
-
-	if err := t.Commit(); err != nil {
-		return err
-	}
-	return nil
+	return t.Commit()
 }

 // Remove abandons the transaction identified by key. All resources
@@ -238,14 +251,14 @@ func (s *snapshotter) Remove(ctx context.Context, key string) error {
 }

 // Walk the committed snapshots.
-func (s *snapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error {
+func (s *snapshotter) Walk(ctx context.Context, fn snapshots.WalkFunc, fs ...string) error {
 	ctx, t, err := s.ms.TransactionContext(ctx, false)
 	if err != nil {
 		return err
 	}
 	defer t.Rollback()

-	return storage.WalkInfo(ctx, fn)
+	return storage.WalkInfo(ctx, fn, fs...)
 }

 // Close closes the snapshotter
--- a/vendor/github.com/containerd/containerd/unpacker.go
+++ b/vendor/github.com/containerd/containerd/unpacker.go
@@ -186,8 +186,32 @@ func (u *unpacker) unpack(ctx context.Context, config ocispec.Descriptor, layers
 	return nil
 }

-func (u *unpacker) handlerWrapper(uctx context.Context, unpacks *int32) (func(images.Handler) images.Handler, *errgroup.Group) {
-	eg, uctx := errgroup.WithContext(uctx)
+type errGroup struct {
+	*errgroup.Group
+	cancel context.CancelFunc
+}
+
+func newErrGroup(ctx context.Context) (*errGroup, context.Context) {
+	ctx, cancel := context.WithCancel(ctx)
+	eg, ctx := errgroup.WithContext(ctx)
+	return &errGroup{
+		Group:  eg,
+		cancel: cancel,
+	}, ctx
+}
+
+func (e *errGroup) Cancel() {
+	e.cancel()
+}
+
+func (e *errGroup) Wait() error {
+	err := e.Group.Wait()
+	e.cancel()
+	return err
+}
+
+func (u *unpacker) handlerWrapper(uctx context.Context, unpacks *int32) (func(images.Handler) images.Handler, *errGroup) {
+	eg, uctx := newErrGroup(uctx)
 	return func(f images.Handler) images.Handler {
 		var (
 			lock    sync.Mutex
@@ -234,7 +258,19 @@ func (u *unpacker) handlerWrapper(uctx context.Context, unpacks *int32) (func(im
 				update := !schema1
 				lock.Unlock()
 				if update {
-					u.updateCh <- desc
+					select {
+					case <-uctx.Done():
+						// Do not send update if unpacker is not running.
+					default:
+						select {
+						case u.updateCh <- desc:
+						case <-uctx.Done():
+							// Do not send update if unpacker is not running.
+						}
+					}
+					// Checking ctx.Done() prevents the case that unpacker
+					// exits unexpectedly, but update continues to be generated,
+					// and eventually fills up updateCh and blocks forever.
 				}
 			}
 			return children, nil
--- a/vendor/github.com/containerd/containerd/vendor.conf
+++ b/vendor/github.com/containerd/containerd/vendor.conf
@@ -25,16 +25,16 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1
 github.com/sirupsen/logrus v1.4.1
 github.com/urfave/cli v1.22.0
 golang.org/x/net f3200d17e092c607f615320ecaad13d87ad9a2b3
-google.golang.org/grpc 6eaf6f47437a6b4e2153a190160ef39a92c7eceb # v1.23.0
+google.golang.org/grpc 39e8a7b072a67ca2a75f57fa2e0d50995f5b22f6 # v1.23.1
 github.com/pkg/errors v0.8.1
 github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7
-golang.org/x/sys 9eafafc0a87e0fd0aeeba439a4573537970c44c7 https://github.com/golang/sys
+golang.org/x/sys c990c680b611ac1aeb7d8f2af94a825f98d69720 https://github.com/golang/sys
 github.com/opencontainers/image-spec v1.0.1
 golang.org/x/sync 42b317875d0fa942474b76e1b46a6060d720ae6e
 github.com/BurntSushi/toml v0.3.1
 github.com/grpc-ecosystem/go-grpc-prometheus 6b7015e65d366bf3f19b2b2a000a831940f0f7e0
 github.com/Microsoft/go-winio v0.4.14
-github.com/Microsoft/hcsshim 9e921883ac929bbe515b39793ece99ce3a9d7706
+github.com/Microsoft/hcsshim d2849cbdb9dfe5f513292a9610ca2eb734cdd1e7
 google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
 github.com/containerd/ttrpc 92c8520ef9f86600c650dd540266a007bf03670f
@@ -49,9 +49,10 @@ go.opencensus.io v0.22.0
 github.com/imdario/mergo v0.3.7
 github.com/cpuguy83/go-md2man v1.0.10
 github.com/russross/blackfriday v1.5.2
+github.com/google/uuid v1.1.1

 # cri dependencies
-github.com/containerd/cri 0ebf032aac5f6029f95a94e42161e9db7a7e84df # release/1.3+
+github.com/containerd/cri 8ce2ad6b7c9a83f830684d1025034fb3ad2ec375 # master
 github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
 github.com/containernetworking/cni v0.7.1
 github.com/containernetworking/plugins v0.7.6
@@ -83,9 +84,8 @@ k8s.io/utils c2654d5206da6b7b6ace12841e8f359bb89b443c
 sigs.k8s.io/yaml v1.1.0

 # zfs dependencies
-github.com/containerd/zfs 2ceb2dbb8154202ed1b8fd32e4ea25b491d7b251
+github.com/containerd/zfs 9abf673ca6ff9ab8d9bd776a4ceff8f6dc699c3d
 github.com/mistifyio/go-zfs f784269be439d704d3dfa1906f45dd848fed2beb
-github.com/google/uuid v1.1.1

 # aufs dependencies
-github.com/containerd/aufs f894a800659b6e11c1a13084abd1712f346e349c
+github.com/containerd/aufs 371312c1e31c210a21e49bf3dfd3f31729ed9f2f