It is hard to tell where the `log_hook` log comes from, when we run test
parallelly. Add test name as field as debug purpose.
```
log_hook.go:47: time="2023-01-29T13:09:37.687070239+08:00" level=debug msg=fetch func=remotes.Fetch file="/home/fuwei/go/src/github.com/containerd/containerd/remotes/handlers.go:114" digest="sha256:ea362f368469f909a95f9a6e54ebe0121ce0a8e3c30583dd9c5fb35b14544dec" mediatype=application/vnd.docker.image.rootfs.diff.tar.gzip size=28566425 testcase=TestCRIImagePullTimeout/NoDataTransferred
```
REF: #8024
Signed-off-by: Wei Fu <fuweid89@gmail.com>
/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too.
This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Ubuntu 18.04 will reach its End of Standard Support in April 2023:
https://wiki.ubuntu.com/Releases
By updating Ubuntu from 18.04 to 20.04, the dynamically-linked glibc
version is bumped up from 2.27 to 2.31.
The dynamically linked containerd binary still seems to be compatible with
CentOS 7 (glibc 2.17).
The runc binary in the `cri-containerd(-cni)-<VERSION>-linux-<ARCH>.tar.gz`
bundle no longer works on CentOS 7, though, but this is acceptable, as the
`cri-containerd(-cni)` bundle has been deprecated since containerd 1.6.
```
$ ldd /usr/local/sbin/runc
linux-vdso.so.1 => (0x00007fffee9c4000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007eff48721000)
libseccomp.so.2 => /lib64/libseccomp.so.2 (0x00007eff484e0000)
libc.so.6 => /lib64/libc.so.6 (0x00007eff48112000)
/lib64/ld-linux-x86-64.so.2 (0x00007eff492cb000)
$ /usr/local/sbin/runc
/usr/local/sbin/runc: symbol lookup error: /usr/local/sbin/runc: undefined symbol: seccomp_notify_respond
```
Fix issue 7961
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Update the release date to better coincide with Kubernetes 1.23 end
of life and the containerd 1.7 release.
Signed-off-by: Derek McGowan <derek@mcg.dev>
`*` was left out and therefore the `/bin` directory is also copied over, while the following commands assume the files are copied to `containerd`
Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
- Add Target to mount.Mount.
- Add UnmountMounts to unmount a list of mounts in reverse order.
- Add UnmountRecursive to unmount deepest mount first for a given target, using
moby/sys/mountinfo.
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
Some of this code was originally added in b7b1200dd3,
which likely meant to initialize the slice with a length to reduce allocations,
however, instead of initializing with a zero-length and a capacity, it
initialized the slice with a fixed length, which was corrected in commit
0c63c42f81.
This patch initializes the slice with a zero-length and expected capacity.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In the refactor from 926b9c72f61b5be6bf8d952512f1d0932fbaf898, the error
handling was substantially reworked, and changed the types of errors
returned.
Notably, in the case of a network error, instead of propogating the
error through to return from pushWriter.Write (as previously), it would
be propagated through to pushWriter.Commit - however, this is too late,
since we've already closed the io.Pipe by the time we would have reached
this function. Therefore, we get the generic error message "io:
read/write on closed pipe" for *every network error*.
This patch corrects this behavior to ensure that the correct error
object is always returned as early as possible, by checking the error
result after writing and detecting a closed pipe.
Additionally, we do some additional hardening - specifically we prevent
falling through when resetting the content or detecting errors, and
update the tests to explicitly check for the ErrReset message.
Signed-off-by: Justin Chadwell <me@jedevc.com>
