rootfs.CreateDiff might be canceled by context for some reason. Based on
this case, the defer function should use the new ctx to do cleanup
temporary snapshotter instead of the canceled one.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
lib seccomp 2.4 has huge performance regressions.
This change pins to 2.3.3 where that is not an issue
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Because of the way go handles flags, passing a flag that is not defined
will cause an error. In our case, if we kept this as a flag, then
third-party shims would break when they see this new flag. To fix this,
I moved this new configuration option to an env var. We should use env
vars from here on out to avoid breaking shim compat.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Previously the TTRPC address was generated as "<GRPC address>.ttrpc".
This change now allows explicit configuration of the TTRPC address, with
the default still being the old format if no value is specified.
As part of this change, a new configuration section is added for TTRPC
listener options.
Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
1. Revendors github.com/Microsoft/hcsshim to the latest known good commit.
This includes numerous bug fixes and improvements.
2. Vendors indirect dependency on go.opencensus.io since hcsshim now uses trace
correlation.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
When containerd-shim does reaper, the most processes are not init
process. Since json.Decode consumes more CPU resource, we should check
killall option for init process only.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
With the change in #3542 it breaks $PATH handling for images becuase our
default spec always sets a PATH on the process's .Env.
This removes the default and adds an Opt to add this back.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
EventLog is very old and provides a poor experience. We have supported
ETW for logging for a while, which is much better. We have also
observed an issue where EventLog keeps containerd.exe open, preventing
containerd from being upgraded to a new version. Due to all of this,
it makes sense to remove the old EventLog hook in favor of using ETW
logging on Windows as the primary diagnostic experience.
Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
When using a multi-container shim, the fifo of the 2nd to Nth container
will not be opened when the ctx is done. This will cause an
`ErrReadClosed` that can be ignored.
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
