containerd

Author	SHA1	Message	Date
Akihiro Suda	eb5a0c04b4	apparmor: add `signal (receive) peer=/usr/local/bin/rootlesskit,` Fix containerd/nerdctl issue 2730 > [Rootless] `nerdctl rm` fails when AppArmor is loaded: > `error="unknown error after kill: runc did not terminate successfully: exit status 1: > unable to signal init: permission denied\n: unknown"` Caused by: > kernel: audit: type=1400 audit(1713840662.766:122): apparmor="DENIED" operation="signal" class="signal" > profile="nerdctl-default" pid=366783 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill > peer="/usr/local/bin/rootlesskit" The issue is known to happen on Ubuntu 23.10 and 24.04 LTS. Doesn't seem to happen on Ubuntu 22.04 LTS. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-04-23 12:21:26 +09:00
Derek McGowan	5e470e1cae	Update HTTPFallback to handle tls handshake timeout Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-04-22 18:53:27 -07:00
dependabot[bot]	a37b451cde	build(deps): bump tags.cncf.io/container-device-interface Bumps [tags.cncf.io/container-device-interface](https://github.com/cncf-tags/container-device-interface) from 0.7.1 to 0.7.2. - [Release notes](https://github.com/cncf-tags/container-device-interface/releases) - [Commits](https://github.com/cncf-tags/container-device-interface/compare/v0.7.1...v0.7.2) --- updated-dependencies: - dependency-name: tags.cncf.io/container-device-interface dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-22 23:45:02 +00:00
Derek McGowan	1412a255ec	Merge pull request #10068 from kiashok/portForwardingWindows-ipv6 Account for ipv6 localhost in windows port forwarding	2024-04-22 21:14:18 +00:00
Derek McGowan	888fd315fd	Update CNI to v1.2.0 Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-04-22 14:12:15 -07:00
Phil Estes	6d1ae8b439	Merge pull request #10104 from thaJeztah/go1.21.9 update to go1.21.9, go1.22.2	2024-04-22 20:12:51 +00:00
Fabiano Fidêncio	9ee3bfaba2	images: tests: Fix typos in the tests This is a non-functional change, that fixes the following typos: * Snashotter -> Snapshotter * expectSnapshotter -> expectedSnapshotter * expectErr -> expectedErr * exiting-runtime -> existing-runtime Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>	2024-04-22 21:04:49 +02:00
Sebastiaan van Stijn	13e6b2b686	update to go1.21.9, go1.22.2 go1.21.9 (released 2024-04-03) includes a security fix to the net/http package, as well as bug fixes to the linker, and the go/types and net/http packages. See the Go 1.21.9 milestone for more details; https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved These minor releases include 1 security fixes following the security policy: - http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but we do parse them. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. Set a limit on the amount of excess header frames we will process before closing a connection. Thanks to Bartek Nowotarski (https://nowotarski.info/) for reporting this issue. This is CVE-2023-45288 and Go issue https://go.dev/issue/65051. View the release notes for more information: https://go.dev/doc/devel/release#go1.22.2 - https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.21.8...go1.21.9 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-04-22 19:43:32 +02:00
Derek McGowan	42e4de9c54	Prepare release notes for v2.0.0-rc.1 Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-04-22 10:13:11 -07:00
Derek McGowan	17294e5816	Merge pull request #10047 from containerd/dependabot/go_modules/golang-x-5cf8641f85 build(deps): bump the golang-x group with 3 updates	2024-04-22 16:18:12 +00:00
Shuaiyi Zhang	c51463010e	docs: update registry config guide Signed-off-by: Shuaiyi Zhang <zhang_syi@qq.com>	2024-04-22 12:01:30 +00:00
ChengenH	4a31bd606d	chore: use errors.New to replace fmt.Errorf with no parameters will much better Signed-off-by: ChengenH <hce19970702@gmail.com>	2024-04-21 21:49:31 +08:00
Fu Wei	8936631603	Merge pull request #10099 from kiashok/updateHcsshim-main Update hcsshim to v0.12.3	2024-04-21 12:55:17 +00:00
Kirtana Ashok	a6a82c1023	Update hcsshim to v0.12.3 Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>	2024-04-19 15:26:47 -07:00
Kirtana Ashok	7e60d5a074	Account for ipv4 vs ipv6 localhost in windows port forwarding Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>	2024-04-19 11:30:49 -07:00
Kazuyoshi Kato	6e0dc9f50f	Merge pull request #10089 from samuelkarp/bump-nri-v0.6.1 mod: bump github.com/containerd/nri@v0.6.1	2024-04-18 23:07:13 +00:00
Samuel Karp	a153b2cd32	mod: bump github.com/containerd/nri@v0.6.1 Fixes https://github.com/containerd/containerd/issues/10085 Signed-off-by: Samuel Karp <samuelkarp@google.com>	2024-04-18 15:00:34 -07:00
Phil Estes	d8340d9286	Merge pull request #10078 from containerd/dependabot/go_modules/github.com/pelletier/go-toml/v2-2.2.1 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1	2024-04-18 21:50:00 +00:00
Phil Estes	b73c7585ee	Merge pull request #10079 from containerd/dependabot/go_modules/github.com/klauspost/compress-1.17.8 build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8	2024-04-18 21:49:46 +00:00
dependabot[bot]	77512e2d79	build(deps): bump the golang-x group with 3 updates Bumps the golang-x group with 3 updates: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/mod` from 0.16.0 to 0.17.0 - [Commits](https://github.com/golang/mod/compare/v0.16.0...v0.17.0) Updates `golang.org/x/sync` from 0.6.0 to 0.7.0 - [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0) Updates `golang.org/x/sys` from 0.18.0 to 0.19.0 - [Commits](https://github.com/golang/sys/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-15 23:41:36 +00:00
dependabot[bot]	c8d9eba7c6	build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8 Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.7 to 1.17.8. - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](https://github.com/klauspost/compress/compare/v1.17.7...v1.17.8) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-15 23:41:14 +00:00
dependabot[bot]	1c0f73aa0d	build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1 Bumps [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) from 2.2.0 to 2.2.1. - [Release notes](https://github.com/pelletier/go-toml/releases) - [Changelog](https://github.com/pelletier/go-toml/blob/v2/.goreleaser.yaml) - [Commits](https://github.com/pelletier/go-toml/compare/v2.2.0...v2.2.1) --- updated-dependencies: - dependency-name: github.com/pelletier/go-toml/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-15 23:41:04 +00:00
Samuel Karp	8317959018	Merge pull request #10073 from dcantah/snapshotters-root-export Snapshotters: Export the root path	2024-04-15 07:31:09 +00:00
Danny Canter	32caaee484	Snapshotters: Export the root path Some of the snapshotters that allow you to change their root location were already doing this, this just makes all of them follow the same pattern. Signed-off-by: Danny Canter <danny@dcantah.dev>	2024-04-14 06:24:33 -07:00
Fu Wei	8eb03f17b1	Merge pull request #10070 from testwill/close_file fix: close profile	2024-04-14 00:58:38 +00:00
Maksym Pavlenko	92900bf730	Merge pull request #10069 from anmaxvl/hpc-default-workingdir fix default working directory `hostProcess`	2024-04-12 18:12:42 +00:00
guangwu	b82ced57f9	fix: close profile Signed-off-by: guoguangwu <guoguangwug@gmail.com>	2024-04-12 18:08:29 +08:00
Maksim An	c7ea06a69b	fix default working directory `hostProcess` Per https://github.com/kubernetes/enhancements/tree/master/keps/sig-windows/1981-windows-privileged-container-support#container-mounts the default working directory for `hostProcess` containers should be `C:\hpc`, however the current default is set to windows default which is `C:\`. Signed-off-by: Maksim An <maksiman@microsoft.com>	2024-04-11 23:35:55 -07:00
Fu Wei	b693d137ed	Merge pull request #10048 from containerd/dependabot/go_modules/otel-db663757ef build(deps): bump the otel group with 8 updates	2024-04-12 02:42:16 +00:00
dependabot[bot]	1040c7b98e	build(deps): bump the otel group with 8 updates Bumps the otel group with 8 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) \| `0.49.0` \| `0.50.0` \| \| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) \| `0.49.0` \| `0.50.0` \| \| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) \| `1.24.0` \| `1.25.0` \| \| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) \| `1.24.0` \| `1.25.0` \| \| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) \| `1.24.0` \| `1.25.0` \| \| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) \| `1.24.0` \| `1.25.0` \| \| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) \| `1.24.0` \| `1.25.0` \| \| [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) \| `1.24.0` \| `1.25.0` \| Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.49.0 to 0.50.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.49.0...zpages/v0.50.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.49.0 to 0.50.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.49.0...zpages/v0.50.0) Updates `go.opentelemetry.io/otel` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.25.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.25.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.25.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.25.0) Updates `go.opentelemetry.io/otel/sdk` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.25.0) Updates `go.opentelemetry.io/otel/trace` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/trace dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-11 18:13:08 +00:00
Maksym Pavlenko	81546a447b	Merge pull request #10050 from containerd/dependabot/go_modules/google.golang.org/grpc-1.63.2 build(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.2	2024-04-11 17:25:48 +00:00
Maksym Pavlenko	203f9c2b5b	Merge pull request #10059 from dcantah/ignore-eintr-helper pkg/sys: Add helper to ignore eintr	2024-04-11 17:25:13 +00:00
Phil Estes	99693a32c2	Merge pull request #10041 from elezar/bump-container-device-interface-v0.7.1 Bump tags.cncf.io/container-device-interface to v0.7.1	2024-04-11 15:33:21 +00:00
Danny Canter	b50e9eae43	Refactor spots to make use of sys.IgnoringEintr This makes use of pkg/sys's IgnoringEintr function to clean up some of the redundant eintr loops we had laying around. Signed-off-by: Danny Canter <danny@dcantah.dev>	2024-04-10 11:24:01 -07:00
Danny Canter	3ea69db8e9	Add helper to ignore eintr We have quite a few pieces of code laying around containerd that all loop and ignore eintr as they make syscalls directly (or use a unix/syscall wrapper) because there's no stdlib equivalent. This adds a small utility to pkg/sys that we can use for all of these spots. Signed-off-by: Danny Canter <danny@dcantah.dev>	2024-04-10 11:16:23 -07:00
Phil Estes	2adae6093e	Merge pull request #10060 from dcantah/unix-waitid Replace direct waitid syscall with unix.Waitid	2024-04-10 16:48:12 +00:00
Evan Lezar	1b62224181	Bump tags.cncf.io/container-device-interface to v0.7.1 This includes migrating from cdi.GetRegistry() to cdi.Configure() and using top-level cdi Refresh and InjectDevices functions as applicable. Signed-off-by: Evan Lezar <elezar@nvidia.com>	2024-04-10 15:25:11 +02:00
Danny Canter	ad584ebecb	Replace direct waitid syscall with unix.Waitid This also replaces the PPidFD constant with the definition in x/sys/unix Signed-off-by: Danny Canter <danny@dcantah.dev>	2024-04-10 05:52:43 -07:00
Akihiro Suda	27dfb0d09e	Merge pull request #10054 from tklauser/unix-syncfs core/diff/apply: use unix.Syncfs	2024-04-10 10:18:47 +00:00
Derek McGowan	7c50784591	Remove empty default tls configuration in ctr Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-04-09 15:40:09 -07:00
Mike Brown	a68f9b7c56	Merge pull request #9419 from ChengyuZhu6/pause_image cri: add sandbox image name to annotations	2024-04-09 15:52:04 +00:00
ChengyuZhu6	b6e3616949	cri: add pause image name to annotations We are currently in the process of developing a feature to facilitate guest image pulling on confidential-containers, and we would be grateful for containerd's support in this endeavor. It would greatly assist our efforts if containerd could provide the pause image name and add it into the annotations. Fixes: #9418 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>	2024-04-09 22:33:58 +08:00
Tobias Klauser	0ec14fdf8c	core/diff/apply: use unix.Syncfs Use the Syncfs wrapper function defined in the golang.org/x/sys/unix package instead of manually wrapping it in doSyncFs. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>	2024-04-09 15:12:43 +02:00
dependabot[bot]	739659a4b3	build(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.1 to 1.63.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.62.1...v1.63.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-08 23:56:23 +00:00
Mike Brown	406e9e84b4	Merge pull request #9415 from kiashok/fixIntegrationClientAddr Use different containerd sock address for integration test client	2024-04-08 22:58:33 +00:00
Maksym Pavlenko	454bd58a27	Merge pull request #10031 from ktock/fail-plain-http-2.0 remote: Fix HTTPFallback fails when pushing manifest	2024-04-07 03:35:19 +00:00
Phil Estes	d29df16c75	Merge pull request #7807 from swagatbora90/tracing-documentation-update Update tracing documentation to add details about manual instrumentation	2024-04-05 14:32:47 -04:00
Phil Estes	ac8f7698cf	Merge pull request #9999 from laurazard/fix-exec-concurrent-shim runc-shim: only defer init process exits	2024-04-05 09:27:35 -04:00
Derek McGowan	d0cdb23fd2	Merge pull request #10024 from ktock/plain-http Transfer: Registry: Enable plain HTTP	2024-04-04 22:15:17 +00:00
Kohei Tokunaga	4332794384	Transfer: Registry: Enable plain HTTP Currenlty transfer service doesn't handle plain HTTP connection. This commit fixes this issue by propagating `(core/remotes/docker/config).HostOptions.DefaultScheme` from client to the transfer service. This commit also fixes ctr to use this feature for "--plain-http" flag. Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>	2024-04-03 10:46:10 +09:00

... 5 6 7 8 9 ...

14070 Commits