github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,191 Commits 3 Branches 2 Tags 112 MiB
01d77d44f5
Commit Graph

51 Commits

Author SHA1 Message Date
Filipe Brandenburger
01d77d44f5 Update github.com/opencontainers/runtime-tools to v0.6.0 
Also add new dependencies on github.com/xeipuuv/gojson* (brought up by
new runtime-tools) and adapt the containerd/cri code to replace the APIs
that were removed by runtime-tools.

In particular, add new helpers to handle the capabilities, since
runtime-tools now split them into separate sets of functions for each
capability set.

Replace g.Spec() with g.Config since g.Spec() has been deprecated in the
runtime-tools API.

Signed-off-by: Filipe Brandenburger <filbranden@google.com>
 2018-06-20 13:52:50 -07:00
Lantao Liu
b367f30097 Erase ambient capabilities. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 14:37:05 -07:00
Lantao Liu
a5d1332e8f Explicitly set rw for privileged container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-07 15:13:14 -07:00
Lantao Liu
279fa853a6 Always mount sysfs as rw. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-26 18:58:26 -07:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
387da59ee5 Rename all variables to remove "cricontainerd". 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-19 21:59:32 +00:00
Mike Brown
d4e7154625 move links for cri-containerd to cri 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-13 17:06:26 -05:00
Lantao Liu
46fc92f65f Use new namespace mode and support shared pid namespace. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-08 03:10:57 +00:00
Lantao Liu
4dfd8250fd Fix a privileged check. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-27 02:25:52 +00:00
Lantao Liu
6fadb7f5e9 Minor code cleanup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-18 07:31:16 +00:00
Jose Carlos Venegas Munoz
b383b0261a Annotations: Provide container metadata for VM based runtimes 
For hypervisor-based container runtimes (like Kata Containers, Clear Containers
or runv) a pod will be created in a VM and then create containers within the VM.

When a runtime is requested for container commands like create and start, both
the instal "pause" container and next containers need to be added to the pod
namespace (same VM).

A runtime does not know if it needs to create/start a VM or if it needs to add a
container to an already running VM pod.

This patch adds a way to provide this information through container annotations.
When starting a container or a sandbox, 2 annotations are added:

- type (Container or Sandbox)
- sandbox name

This allow to a VM based runtime to decide if they need to create a pod VM or
container within the VM pod.

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-01-17 09:57:20 -06:00
Lantao Liu
025ffe551f Rename kubernetes-incubator/cri-containerd to containerd/cri-containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-10 22:35:33 +00:00
Daniel Nephin
85d3bf0660 Use SpecOpts from new oci package 
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
 2017-11-28 15:30:11 -05:00
Ian Campbell
d75e0882c4 typo: subtract not substract. 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-10-13 09:50:17 +01:00
Yanqiang Miao
c65921b16a Get the mountInfo by 'LookupMount' in containerd 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-12 11:09:24 +08:00
Lantao Liu
bde8b0517e Update kubernetes and containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-11 06:16:19 +00:00
Lantao Liu
23b8330b44 Merge pull request #322 from miaoyq/fix-314 
Update kubernetes version to the PR#52395 and support `unconfined` apparmor
 2017-10-04 10:49:56 -07:00
Yanqiang Miao
9f656cdda4 Support unconfined apparmor 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-04 09:50:27 +08:00
Lantao Liu
a81a47bf9b Fix update container resources 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-03 06:03:39 +00:00
Lantao Liu
cd57d063c5 Add systemd cgroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-26 06:44:30 +00:00
Lantao Liu
21233b22be Check seccomp enable and add unit test for seccomp/apparmor. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:26 +00:00
Yanqiang Miao
49eb38a5d4 Ensure the mount point is propagated 
mount with `rshared`, the host path should be shared.
mount with `rslave`, the host pash should be shared or slave.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-19 14:21:21 +08:00
Lantao Liu
cd27050425 Add image volume support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-15 11:25:55 +01:00
Ian Campbell
56539bd3a4 Require generateContainerSpec passes during tests and abort if not 
This is achieved by switching `assert.NoError` to `require.NoError` in several
places.

Otherwise the test code will continue and dereference a nil spec, leading to a
panic which obscures the real failure.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-15 11:06:25 +01:00
Lantao Liu
0bfcdd39ab Remove /run mount for backward compatibility with docker. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 07:34:00 +00:00
Lantao Liu
3e4b4234c6 Merge pull request #218 from miaoyq/fixes-185 
Update kubernetes version and support mount propagation
 2017-09-06 21:03:56 -07:00
Yanqiang Miao
9da460ec0a Support mount propagation 
fixex #185

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-07 08:58:20 +08:00
Lantao Liu
8569fa366e Merge pull request #215 from Random-Liu/add-capability-all 
Add "ALL" capabilities support.
 2017-09-05 18:14:36 -07:00
Lantao Liu
d02ecc4673 Add "ALL" capabilities support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 00:05:08 +00:00
Ian Campbell
1dea8fdfc4 Handle environment variables which containe spaces 
This avoids errors such as:

    spec: invalid environment variable "JAVA_OPTS=-Djava.security.egd=file:/dev/urandom"

use SplitN(2) to get the envvar name and value while allowing the value to
contain `=`.

Add some variables to the test data which have one or more `=` in the value.
Since this makes the resulting list of variables to check rather long split the
check in two and check the container config and image config derived values
independently.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-05 23:06:07 +01:00
Yanqiang Miao
0c3304e006 Support selinux options/label 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-31 19:20:12 +08:00
Lantao Liu
3f4978b77b Use rbind and rprivate in bind mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 01:40:03 +00:00
Lantao Liu
f46cd1a71a Disable pid namespace sharing 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 05:44:46 +00:00
Lantao Liu
270e09ab26 Use containerd WithUserID. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 21:11:56 +00:00
Lantao Liu
a80df151d1 Add RunAsUsername support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 00:47:35 +00:00
Yanqiang Miao
1aec120d5f Support NoNewPrivileges 
fixes #117

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-24 08:37:40 +08:00
Yanqiang Miao
8adad23015 Group all privileged logic together 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-22 09:16:37 +08:00
Lantao Liu
2427d332f0 Add TERM=xterm when tty=true. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-11 16:53:40 +00:00
Mike Brown
73748840da Swicth to 1.0.0-alpha2 containerd api. 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-02 23:21:37 +00:00
Lantao Liu
ffb69423ec Temporarily remove unit test relying on fake containerd services. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-31 22:42:10 +00:00
Lantao Liu
7b16a35287 Use new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Random-Liu
b398a161de Get runtime spec from container metadata. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-07-28 16:26:20 +00:00
Lantao Liu
7ddc85f3ca Remove unused fields and comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-28 16:59:35 +00:00
Lantao Liu
862d00a21c Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 01:56:13 +00:00
Lantao Liu
9b79201aa5 Add ExecSync. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 22:28:48 +00:00
Lantao Liu
cb9e104cf1 Create/delete containerd containerd 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
bad279e0f6 Finish snapshot support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Mike Brown
484a326717 modify code to compile on updated containerd 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-15 23:14:21 +00:00
Lantao Liu
dee95bc315 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 01:18:22 +00:00
Crazykev
49e7ef2153 update kubernetes vendor for new CRI change 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-05-24 10:25:55 +08:00