containerd

Author	SHA1	Message	Date
Ian Campbell	0161764ef5	Always use a writeable snapshot as the rootfs. This will be made readonly by runc based on spec.Root.Readonly (which we already set correctly) but defering until then gives runc the chance to make any missing mount points as it processes the spec.Mount array. This is necessary because many container images lack mount points for things like the /etc/hosts which we want to overbind. This is not noticed with e.g. Docker because it automatically creates an additional layer containing those. This is something we may want to do here as well eventually but for now using a writeable snapshot is both necessary and sufficient. The same does not apply to the sandbox since we never modify its rootfs or want to mount anything in it etc, add a comment to clarify. Fixes #220. Signed-off-by: Ian Campbell <ijc@docker.com>	2017-09-06 22:20:14 +01:00
Jamie Zhuang	915f5b0aea	Make sandbox container image configurable Signed-off-by: Jamie Zhuang <lanchongyizu@gmail.com>	2017-09-03 02:53:17 -04:00
Lantao Liu	c3cb1cfde8	Revert "Setting containerd shim cgroup same as pod cgroup" This reverts commit `59008c608e`. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-09-02 04:20:55 +00:00
Lantao Liu	aa3635c75a	Merge pull request #183 from Random-Liu/cri-containerd-exit-with-containerd Cri containerd exits with containerd	2017-09-01 16:39:38 -07:00
Lantao Liu	c3e8c69aff	Let cri-containerd exit with containerd Signed-off-by: Lantao Liu <lantaol@google.com>	2017-09-01 23:14:04 +00:00
Mike Brown	4f442de959	adds support for AppArmor Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2017-09-01 18:08:34 -05:00
Lantao Liu	4f449cec5f	Merge pull request #202 from Random-Liu/fix-image-repo-digest Fix repo digest for schema 1 image.	2017-09-01 16:01:05 -07:00
Lantao Liu	7121d251b0	Return image repo digest in container status. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-09-01 20:58:15 +00:00
Lantao Liu	5057c2d4fb	Merge pull request #197 from Random-Liu/not-remove-out-dated-tag Do not remove out dated image tag.	2017-09-01 00:48:37 -07:00
Lantao Liu	cfb5513a54	Fix repo digest for schema 1 image. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-09-01 07:18:02 +00:00
Lantao Liu	73bb6e3283	Do not remove out dated image tag. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-09-01 07:09:13 +00:00
Lantao Liu	9c49624174	Merge pull request #157 from miaoyq/apply-selinux-opt Support selinux options/label	2017-08-31 16:30:30 -07:00
Abhinandan Prativadi	59008c608e	Setting containerd shim cgroup same as pod cgroup Signed-off-by: Abhinandan Prativadi <abhi@docker.com>	2017-08-31 15:16:51 -07:00
Yanqiang Miao	0c3304e006	Support selinux options/label Support selinux optios/label Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>	2017-08-31 19:20:12 +08:00
Lantao Liu	ac4f238f48	Cleanup image operations. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-31 00:52:09 +00:00
Abhinandan Prativadi	e1edeae4c9	Adding option to configure cgroup to start cri-containerd Signed-off-by: Abhinandan Prativadi <abhi@docker.com>	2017-08-30 14:37:40 -07:00
Lantao Liu	c4d95aa2c4	Fix sandbox container snapshotter. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-30 18:33:59 +00:00
Lantao Liu	3f4978b77b	Use rbind and rprivate in bind mount. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-30 01:40:03 +00:00
Lantao Liu	55ee423224	Merge pull request #175 from Random-Liu/disable-pid-ns-sharing Disable pid namespace sharing	2017-08-29 13:14:18 -07:00
Lantao Liu	b73161627d	Fix fifo files leakage. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-28 21:14:35 +00:00
Lantao Liu	3b2d29be46	Merge pull request #177 from miaoyq/related-to-173 Exclude the event of sandbox containers from event stream	2017-08-28 10:00:21 -07:00
Yanqiang Miao	b18542c586	Excloude the event of sandbox containers from event stream We should exclude the event of sandbox containers from event stream in order to avoid outputting unexpected error print. related #173 Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>	2017-08-28 14:21:03 +08:00
Lantao Liu	f46cd1a71a	Disable pid namespace sharing Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-28 05:44:46 +00:00
Lantao Liu	fda30c3ad2	Do not teardown when network namespace is removed already. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-28 05:10:30 +00:00
Lantao Liu	270e09ab26	Use containerd WithUserID. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-25 21:11:56 +00:00
Lantao Liu	980e8e8007	Merge pull request #168 from Random-Liu/add-run-as-user Add RunAsUser support	2017-08-25 13:45:47 -07:00
Lantao Liu	60d8430ac1	Do not checkpoint sandbox pid. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-25 01:38:05 +00:00
Lantao Liu	a80df151d1	Add RunAsUsername support. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-25 00:47:35 +00:00
Lantao Liu	e1f74f00a5	Various security related fixes Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-24 21:52:30 +00:00
Lantao Liu	a795927c5a	Get CreatedAt from containerd instead of maintaining it ourselves. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-24 18:38:00 +00:00
Lantao Liu	73bb9696e8	Merge pull request #151 from Random-Liu/add-instrumented-service Add instrumented service.	2017-08-24 11:26:39 -07:00
Lantao Liu	36da027c20	Merge pull request #138 from abhinandanpb/p_netns Creating sandbox namespace	2017-08-24 11:26:21 -07:00
Lantao Liu	c6191122f2	Merge pull request #163 from abhinandanpb/containerd-alpha6 Updating to container1.0-alpha	2017-08-24 10:43:43 -07:00
Abhinandan Prativadi	5a119200b8	Creating permanent sandbox namespace This commit contains changes to create/delete permanent namespace for a sandbox container. Signed-off-by: Abhinandan Prativadi <abhi@docker.com>	2017-08-24 10:43:42 -07:00
zhangzhenhao	331e542c09	add the user id support of runAsUser Signed-off-by: zhangzhenhao <zhangzhenhao@outlook.com>	2017-08-24 23:29:45 +08:00
Abhinandan Prativadi	728dced6a1	Updating to container1.0-alpha Signed-off-by: Abhinandan Prativadi <abhi@docker.com>	2017-08-23 23:17:21 -07:00
Lantao Liu	2faa665eb2	Merge pull request #155 from miaoyq/support-nonewprivileges Support NoNewPrivileges	2017-08-23 20:58:38 -07:00
Yanqiang Miao	1aec120d5f	Support NoNewPrivileges fixes #117 Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>	2017-08-24 08:37:40 +08:00
Lantao Liu	45ee2e554a	Add container attach support. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-23 23:48:31 +00:00
Lantao Liu	77b703f1e7	Move generateID to util. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-23 23:46:55 +00:00
Lantao Liu	dd6e9fb88d	Merge pull request #156 from yanxuean/metalabel Checkpoint and restart recovery	2017-08-23 15:36:19 -07:00
yanxuean	d2757cb8f9	Checkpoint and restart recovery fix part of #120 Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2017-08-23 17:01:13 +08:00
Lantao Liu	195b52500f	Add instrumented service. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-23 07:02:12 +00:00
Lantao Liu	7901f56367	Merge pull request #150 from Random-Liu/support-update-container-resources Support update container resources	2017-08-22 23:28:48 -07:00
Lantao Liu	f6d99abcf4	Add hostport support Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-23 01:33:02 +00:00
Lantao Liu	8f898cb3b8	Import ocicni update from https://github.com/Random-Liu/ocicni Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-23 01:25:12 +00:00
Lantao Liu	a0589d37dd	Implement container resources update Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-22 18:40:30 +00:00
Lantao Liu	d41c23e31d	Update code to make it build Signed-off-by: Lantao Liu <lantaol@google.com>	2017-08-22 05:38:51 +00:00
Lantao Liu	50b01812ce	Merge pull request #147 from miaoyq/group-all-privileged-logic Group all privileged logic together	2017-08-21 18:43:06 -07:00
Yanqiang Miao	8adad23015	Group all privileged logic together Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>	2017-08-22 09:16:37 +08:00

1 2 3 4

159 Commits