oom_score_adj must be in the range -1000 to 1000. In AdjustOOMScore if containerd's score is already at the maximum value we should set that value for the shim instead of trying to set 1001 which is invalid.
Signed-off-by: Simon Kaegi <simon_kaegi@ca.ibm.com>
WithAdditionalContainerLabels() preserves the existing entries in c.Labels.
OTOH, WithContainerLabels() clears them.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The new function `WithLogURI(uri *url.URL)` replaces `WithBinaryLogURI(binary string, args map[string]string)`
so as to allow passing an existring URI object.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The additional []containerd.RemoteOpt is not used by ctr currently,
but planned to be used by nerdctl and also probably by stargz's ctr-remote.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
zstd is a compression algorithm that has a very fast decoder, while
providing also good compression ratios. The fast decoder makes it
suitable for container images, as decompressing the tarballs is a very
expensive operation.
https://github.com/opencontainers/image-spec/pull/788 added support
for zstd to the OCI image specs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Inclavare Containers is an innovation of container runtime with the
novel approach for launching protected containers in hardware-assisted
Trusted Execution Environment (TEE) technology, aka Enclave, which can
prevent the untrusted entity, such as Cloud Service Provider (CSP), from
accessing the sensitive and confidential assets in use.
Signed-off-by: Zhiguang Jia <jia_zhiguang@126.com>
When multiple clients are pulling the same image, we may have this
lock error. Short-lived locks are probably fine, but long-lived locks
may indicate that containerd has some issues.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Specifically, all the functions above applyWindowsLayer are actually
used by the (generic) applyNaive code, while the functions below this
point are specific to applyWindowsLayer.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
applyFunc now takes an io.Reader instead of a tar.Reader because I'm
trying to mirror the API of the not-yet-exposed implementation of this
same behaviour in github.com/Microsoft/hcsshim/internal/ociwclayer,
with an eye to later moving to that implementation it is ever exposed.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
When a base runtime spec is being used, admins can configure defaults for the
spec so that default ulimits or other security related settings get applied for
all containers launched.
Signed-off-by: Michael Crosby <michael@thepasture.io>
