Phil Estes
2bc4e90f6f
Don't inadvertently clip release notes
...
Specify a much larger linecount for extracting tag annotation from git.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-28 17:54:08 -04:00
Phil Estes
8e9ba8376e
Merge pull request #4271 from cpuguy83/actions_add_windows_integration
...
Move windows CI to actions
2020-05-28 11:40:29 -04:00
Akihiro Suda
27f1e0d9ed
Merge pull request #4283 from hs0210/work
...
Add unit test for func in remotes/docker/handler.go
2020-05-29 00:25:41 +09:00
Phil Estes
137abe4ef9
Merge pull request #4282 from estesp/add-release-action
...
Add release GH Action triggered by signed tag
2020-05-28 11:12:08 -04:00
Michael Crosby
77bc753024
Merge pull request #4289 from dmcgowan/next-1.4-beta
...
Update release notes for 1.4.0-beta.1
2020-05-28 10:49:40 -04:00
Hu Shuai
230cf6deda
Add unit test for func in remotes/docker/handler.go
...
Signed-off-by: Hu Shuai <hus.fnst@cn.fujitsu.com>
2020-05-28 16:54:33 +08:00
Phil Estes
bb2b2825b6
Add release GH Action triggered by signed tag
...
This will check that the tag is signed and then checkout the tag, build
official binaries, sha256sum the tarball, and upload those assets to the
release, officially generating a release in GitHub from the signed tag.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-27 16:56:13 -04:00
Derek McGowan
8f1ddb1428
Update release for 1.4.0-beta.1
...
Signed-off-by: Derek McGowan <derek@mcg.dev>
2020-05-27 13:42:02 -07:00
Maksym Pavlenko
26f7df1466
Merge pull request #4288 from crosbymichael/cri-bump
...
Update CRI to 52c2c6b5df
2020-05-27 11:33:12 -07:00
Brian Goff
c376f4f763
Move Windows testing to GH Actions
...
This eliminates the need for appveyor.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-05-27 10:45:22 -07:00
Brian Goff
3226283470
Fix client tests to work on Windows.
...
- Powershell is no longer available in nanoserver, so change commands to
run accordingly.
- Set platform specific commands for short and long running containers
- Skips 2 tests which do not run on Windows.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-05-27 10:42:23 -07:00
Phil Estes
f0f49c6cab
Merge pull request #4284 from jmillikin-stripe/cli-tls-flags
...
Add `ctr` flags for configuring default TLS credentials for registry
2020-05-27 09:59:58 -04:00
John Millikin
b8ccdcb07d
Add ctr flags for configuring default TLS credentials.
...
Signed-off-by: John Millikin <jmillikin@stripe.com>
2020-05-27 21:59:33 +09:00
Michael Crosby
c5273930bd
Update CRI to 52c2c6b5df
...
This bump contains updates for CRI with selinux support.
Signed-off-by: Michael Crosby <michael@thepasture.io>
2020-05-26 21:06:18 -04:00
Maksym Pavlenko
4cbf59db82
Merge pull request #4279 from AkihiroSuda/ci-cgroup2
...
cgroup2 CI
2020-05-21 13:35:49 -07:00
Akihiro Suda
af131d7258
cgroup2 CI
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-05-22 01:15:12 +09:00
Derek McGowan
1c58c5d440
Merge pull request #4277 from lucaskanashiro/fix-build-on-riscv64
...
riscv64 arch does not support -buildmode=pie
2020-05-20 12:46:50 -07:00
Lucas Kanashiro
e34bf08e58
riscv64 arch does not support -buildmode=pie
...
Signed-off-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
2020-05-20 16:28:10 -03:00
Derek McGowan
7ef3c0f47d
Merge pull request #4275 from estesp/fix-image-usage
...
Fix image usage calculation error
2020-05-20 08:35:05 -07:00
Phil Estes
0c9b05fa60
Fix image usage calculation error
...
Including snapshotter usage in total calculation should be gated by the
option `snapshotter` boolean.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-20 08:44:05 -04:00
Phil Estes
4e08c2de67
Merge pull request #4269 from KentaTada/remove-unused-syscall
...
seccomp: remove the unused query_module(2)
2020-05-19 11:14:31 -04:00
Kenta Tada
03755821d2
seccomp: remove the unused query_module(2)
...
query_module(2) is only in kernels before Linux 2.6.
Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
2020-05-19 10:36:55 +09:00
Phil Estes
d7c4bda3b1
Merge pull request #4264 from thaJeztah/seccomp_allow_clock_adjtime
...
seccomp: Whitelist `clock_adjtime`
2020-05-18 09:36:08 -04:00
Phil Estes
0f2b15b7af
Merge pull request #4261 from gaurav1086/fix_docker_data_race
...
docker: fix data race on err
2020-05-18 09:34:04 -04:00
Phil Estes
0814750023
Merge pull request #4262 from gaurav1086/fix_data_race_in_unpacker
...
unpacker: Fix data race and possible data corruption
2020-05-18 09:32:24 -04:00
Phil Estes
49db7dfcfb
Merge pull request #4260 from thaJeztah/bump_golang_1.13.11
...
Bump Golang 1.13.11
2020-05-18 09:24:14 -04:00
Stanislav Levin
5765991f2c
seccomp: Whitelist clock_adjtime
...
This only allows making the syscall. CAP_SYS_TIME is still required
for time adjustment (enforced by the kernel):
```
kernel/time/posix-timers.c:
1112 SYSCALL_DEFINE2(clock_adjtime, const clockid_t, which_clock,
1113 struct __kernel_timex __user *, utx)
...
1121 err = do_clock_adjtime(which_clock, &ktx);
1100 int do_clock_adjtime(const clockid_t which_clock, struct __kernel_timex * ktx)
1101 {
...
1109 return kc->clock_adj(which_clock, ktx);
1299 static const struct k_clock clock_realtime = {
...
1304 .clock_adj = posix_clock_realtime_adj,
188 static int posix_clock_realtime_adj(const clockid_t which_clock,
189 struct __kernel_timex *t)
190 {
191 return do_adjtimex(t);
kernel/time/timekeeping.c:
2312 int do_adjtimex(struct __kernel_timex *txc)
2313 {
...
2321 /* Validate the data before disabling interrupts */
2322 ret = timekeeping_validate_timex(txc);
2246 static int timekeeping_validate_timex(const struct __kernel_timex *txc)
2247 {
2248 if (txc->modes & ADJ_ADJTIME) {
...
2252 if (!(txc->modes & ADJ_OFFSET_READONLY) &&
2253 !capable(CAP_SYS_TIME))
2254 return -EPERM;
2255 } else {
2256 /* In order to modify anything, you gotta be super-user! */
2257 if (txc->modes && !capable(CAP_SYS_TIME))
2258 return -EPERM;
```
Fixes: moby/moby 40919
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-17 23:11:04 +02:00
Gaurav Singh
db74d3115e
unpacker: Fix data race and possible data corruption
...
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
2020-05-17 10:55:52 -04:00
Gaurav Singh
2325182529
docker: fix data race on err
...
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
2020-05-17 09:20:38 -04:00
Sebastiaan van Stijn
d07a71b97f
Bump Golang 1.13.11
...
full diff: https://github.com/golang/go/compare/go1.13.10...go1.13.11
go1.13.11 (released 2020/05/14) includes fixes to the compiler. See the Go 1.13.11
milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.13.11+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-16 14:57:04 +02:00
Maksym Pavlenko
b7cf3c68e7
Merge pull request #4258 from estesp/codeql
...
Add CodeQL Analysis workflow
2020-05-15 10:05:21 -07:00
Phil Estes
0207b7ff0e
Enable running CodeQL on PRs that modify Action
...
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-15 12:51:48 -04:00
Phil Estes
5425067e8f
Merge pull request #4256 from mxpv/nightly_pr
...
Trigger nightly builds on pull reuqest events
2020-05-15 12:38:26 -04:00
Justin Hutchings
1a06884f18
Add CodeQL Analysis workflow
...
Signed-off-by: Justin Hutchings <jhutchings1@github.com>
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-15 10:15:46 -04:00
Maksym Pavlenko
563964e9d5
Trigger nightly builds on pull reuqest events
...
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2020-05-14 18:39:32 -07:00
Wei Fu
6312b52de5
Merge pull request #4245 from thaJeztah/remove_deprecated_dualstack
...
ConfigureHosts: remove deprecated DualStack option
2020-05-15 08:00:03 +08:00
Derek McGowan
32985949d4
Merge pull request #4242 from dmcgowan/1.4-beta
...
Add release notes for 1.4 beta
2020-05-14 16:20:50 -07:00
Derek McGowan
77ab0104e2
Add release notes for 1.4 beta
...
Signed-off-by: Derek McGowan <derek@mcg.dev>
2020-05-14 13:04:02 -07:00
Maksym Pavlenko
7fd23fe143
Merge pull request #4254 from thaJeztah/bump_go_digest
...
vendor: opencontainers/go-digest v1.0.0
2020-05-14 11:42:16 -07:00
Sebastiaan van Stijn
6eeed18cb4
vendor: opencontainers/go-digest v1.0.0
...
full diff: 28d3ccc31a
2020-05-14 18:49:49 +02:00
Derek McGowan
7207226e9d
Merge pull request #4253 from estesp/no-codecov-comment
...
Set codecov to not comment on PRs
2020-05-13 07:32:25 -07:00
Phil Estes
7cdacdda81
Set codecov to not comment on PRs
...
Until we totally remove codecov, this will keep it from commenting on
PRs but reports will still be available on codecov.io
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-13 09:19:42 -04:00
Phil Estes
f13ba8f2f2
Merge pull request #4247 from thaJeztah/bump_continuity
...
vendor: containerd/continuity, containerd/fifo, containerd/go-runc
2020-05-12 10:41:02 -04:00
Phil Estes
65df60b3c9
Merge pull request #4251 from thaJeztah/bump_cri
...
vendor: update containerd/cri, remove "docker/distribution" dependency
2020-05-12 09:49:22 -04:00
Sebastiaan van Stijn
3e7bbb8a49
vendor: update containerd/cri, remove "docker/distribution" dependency
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-12 15:00:51 +02:00
Akihiro Suda
6038423bdd
Merge pull request #4250 from milkwine/master
...
doc: update example about task in README.md
2020-05-12 21:05:21 +09:00
milkwine
9898dc2a64
Code about task in "README.md" is out of date
...
Signed-off-by: SiYu Zhao <d.chaser.zsy@gmail.com>
2020-05-12 16:15:13 +08:00
Sebastiaan van Stijn
f09e999099
vendor: containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c
...
full diff: a5c2862aed...7016d3ce23
2020-05-11 23:13:39 +02:00
Sebastiaan van Stijn
d9d1d5b624
vendor: containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf
...
full diff: bda0ff6ed7...f15a329036
2020-05-11 23:11:33 +02:00
Sebastiaan van Stijn
c5078a5b72
vendor: containerd/continuity d3ef23f19fbb106bb73ffde425d07a9187e30745
...
full diff: 0ec596719c...d3ef23f19f
2020-05-11 23:02:40 +02:00
