A call to ExecSync should only return if the client context was canceled or
exceeded. The Timeout parameter to ExecSyncRequest is now used to send SIGKILL
if the exec'd process does not exit within Timeout but all paths wait for the
exec to exit.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
A call to StopContainer should only return if the client context is canceled or
its deadline was exceeded. The Timeout parameter on StopContainerRequest is now
used as the time AFTER sending the stop signal before the SIGKILL is delivered.
The call will remain until the container has exited or the client context has
finished.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
A call to RunPodSandbox should only return timeout if the operation has timed
out because the clients context deadline was exceeded. On client cancelation
it should return gRPC Canceled otherwise it should block until the sandbox has
exited.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
full diff: 32f571b700...689e3c1541
Release notes:
* Version 0.9.1 - May 21, 2019
- Minimum supported version of libseccomp bumped to v2.2.0 (fc0298087f)
- PowerPC and S390(x) architectures are unavailable below library version v2.3.0 and will return errors if used with incompatible libraries
- Use Libseccomp's `seccomp_version` API to retrieve library version
- Unconditionally set TSync attribute for filters, due to Go's heavily threaded nature
- Fix [CVE-2017-18367](https://nvd.nist.gov/vuln/detail/CVE-2017-18367) - Multiple syscall arguments were incorrectly combined with logical-OR, instead of logical-AND (06e7a29f36)
- Fix a failure to build on Debian-based distributions due to CGo code
- Fix unit test failures on 32-bit architectures
- Improve several errors to be more verbose about their causes
- Add support for SCMP_ACT_LOG (with libseccomp versions 2.4.x and higher), permitting syscalls but logging their execution
- Add support for SCMP_FLTATR_CTL_LOG (with libseccomp versions 2.4.x and higher), logging not-allowed actions when they are denied
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Minor correctness. We should use the value of the const in the error message
instead of hard coding it in the string so if maxDNSSearches ever changes so
does the error.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
