The $EDITOR is not clear for user. If the env doesn't set the value for
$EDITOR, the users don't know how to use this subcommand when they get
error like this:
```
sh: 1: /tmp/edit-605573012: Permission denied
```
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Adds ctr run --memory-limit for all platforms.
Adds ctr run --cpu-count for Windows platforms.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
```
1152b960fcee041f50df15cdc67c29dbccf801ef (HEAD -> master, origin/master)
Merge pull request #73 from gliptak/gofmt1
afd5981a16647b45b6dba3a50a88418b576cc17d Gofmt cgroup_test
65ce98b3dfeb0a9a8fecd7e4ebffb24ad0bfe28f Merge pull request #69 from
cclerget/master-weight-pointer
0f372c6d4a65a49c72b0afbd1aee6214637958bf Merge pull request #71 from
JoeWrightss/patch-1
f48bd85c9cbc306fada0cebc3a646a1f1fe99afe Fixs return error message
10cd53efd916e22b9bdea67223d287684f57f1f4 Merge pull request #70 from
gliptak/patch-1
64bade4cea6c438ee51a7a12528225946b42c6ca Take value instead of pointer
value
b49c4713f3824e81bfa67faddcdde1414171b54e Correct ineffassign warning
3bc6dde829bc2dc8d4097ce8ad5acc275de3df06 Merge pull request #68 from
cclerget/master-net_prio-typo
6b552a86e60e31903d3f8f3f494eda71f562cc54 Fix net_prio typo
c0437c3dd5958f74d7f54e9f5def749850b9d6a1 Merge pull request #67 from
gpanouts/get-all-cgroup-tasks
a31a0ff985237eddf30d9fe30a3643c7da4ae912 Add functionality for
retrieving all tasks of a cgroup
82cb49fc1779971dfef4ad696f1453f6f44987b1 Merge pull request #63 from
ChrsMark/lenient-subsystems-checking
7d825b29aecc02bb1e9bede427f8ed62bbc3030d Add test for cgroups load when
missing hierarchy in one subsystem
f6cbfb45aec6a2590c7e7f4b84a080602b3e642d Change Load function in order
to be more lenient on subsystems' checking
965bb1da4db7c8ce2690108c5a081562ce7493cb Merge pull request #66 from
crosbymichael/systemdci
ab9ec0e4abde2c2cb999719ff43af2d3b5830f75 (fork/systemdci, systemdci) Add
go-systemd dep for CI testing
0e94a83b6eb6cf4bc05d7f91ec1eaad57a77d3b6 Merge pull request #59 from
gliptak/patch-1
4479d118c89b5500a08cce7a78bbe822229c1e65 Merge pull request #62 from
estesp/fix-gofmt
9beb998c23f510b1e6670ad7791807eb9aff6741 Merge pull request #61 from
gliptak/patch-3
9a09e5899acc95fabcc620d6489fec674e6dddfa Fix gofmt of systemd.go
84e6e6ed2afdf661cd9dbf47c6f3412b546bc67f Merge pull request #60 from
gliptak/patch-2
e13f6cc3b9637c36e6a8af393b561127498f4be5 Add GoReportCard badge to
README
d124595ee85c245e7c1443fe402adf7ce4f7f6a4 Add Go 1.11 to Travis
d961ab930c38eb8bedcded479f1708b2ef4984c5 Correct typo
d2400726cfa7904fb79e3b896ec0e6ae500a76bd Merge pull request #57 from
estesp/project-update
e4cf832b95deb7ce898ece716307abc35cbd0a09 Add project references and use
common project travis
8baeff6b9d069acde48ef1bedec7e0f8ba684f05 Merge pull request #56 from
grantseltzer/patch-1
9de57ffeb46f6179333d7939436d92dcb5631e5f Add godoc badge to README.md
5017d4e9a9cf2d4381db99eacd9baf84b95bfb14 Merge pull request #54 from
WeiZhang555/bugfix
13aaafdc37e772059d3234ec762303537f440c5b Bugfix: can't write to cpuset
cgroup
58556f5ad8448d99a6f7bea69ea4bdb7747cfeb0 Merge pull request #53 from
baude/systemdslicedelegate
15ed73c1c075e6590ecf56170acedcba0da8167e systemd-239+ no longer allows
delegate slice
3024bc7cc0c88af4b32d38a14444f38e65ab169f Merge pull request #52 from
Sykomaniac/bugfix/slice-name
2596f332e449ea374f0f24a977437116714ce7ef Remove call to unitName
2e2922e146ed53ccf4481c245187b6afe244fded Merge pull request #51 from
containerd/type
0f3de2f77d3b76b3871242fbab2a6116179229af (type) Fix empty device type
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
While looking through the Moby source code was found /proc/asound to be shared
with containers as read-only.
This can lead to two information leaks.
---
**Leak of media playback status of the host**
Steps to reproduce the issue:
- Listen to music/Play a YouTube video/Do anything else that involves sound
output
- Execute docker run --rm ubuntu:latest bash -c "sleep 7; cat
/proc/asound/card*/pcm*p/sub*/status | grep state | cut -d ' ' -f2 | grep
RUNNING || echo 'not running'"
- See that the containerized process is able to check whether someone on the
host is playing music as it prints RUNNING
- Stop the music output
- Execute the command again (The sleep is delaying the output because
information regarding playback status isn't propagated instantly)
- See that it outputs not running
**Describe the results you received:**
A containerized process is able to gather information on the playback
status of an audio device governed by the host. Therefore a process of a
container is able to check whether and what kind of user activity is
present on the host system. Also, this may indicate whether a container
runs on a desktop system or a server as media playback rarely happens on
server systems.
The description above is in regard to media playback - when examining
`/proc/asound/card*/pcm*c/sub*/status` (`pcm*c` instead of `pcm*p`) this
can also leak information regarding capturing sound, as in recording
audio or making calls on the host system.
Reported-by: Philipp Schmied <pschmied@mailbox.org>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In many cases code is calling errors.Wrapf with an arbitrary string
instead of a format string. This causes confusing errors when the
wrapped error message contains '%' characters.
This change replaces such calls with calls to errors.Wrap.
Signed-off-by: John Starks <jostarks@microsoft.com>
support checkpoint without committing a checkpoint dir into a
checkpoint image and restore without untar image into checkpoint
directory. support for both v1 and v2 runtime
Signed-off-by: Ace-Tang <aceapril@126.com>
Signed-off-by: John Howard <jhoward@microsoft.com>
Allows containerd.exe to run as a Windows service. eg
Register: `.\containerd.exe --register-service`
Start: `net start containerd`
...
Stop: `net stop containerd`
Unregister: `.\containerd.exe --unregister-service`
When running as a service, logs will go to the Windows application
event log.
add ImagePath and WorkPath for checkpoint process, add CriuImagePath
and CriuWorkPath for create process in runtime v2 protobuf
Signed-off-by: Ace-Tang <aceapril@126.com>
add ImagePath and WorkPath for checkpoint process, add CriuImagePath
and CriuWorkPath for create process in runtime v1 protobuf
Signed-off-by: Ace-Tang <aceapril@126.com>
when use `ctr t checkpoint`, runtime name should get from container
info, but not passed by flag, since task has already running with
specified runtime
Signed-off-by: Ace-Tang <aceapril@126.com>
