Since a recent contributor edited the synced version of this in the website (containerd.io) repo, we should just update the main repo and let the auto-sync PR get these 2 files back in sync with the latest releases.
Signed-off-by: Phil Estes <estesp@amazon.com>
Distros usually like to install docs, so add a rule for that, so
dist maintainers don't need to care about the details.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
This is a partial revert of "cri/sbserver: Use platform instead of GOOS
for userns detection".
While what that commit did is 100% the right thing to do, when the
sandbox_mode is "shim" all controller.XXX() calls are RPCs and the
controller.Create() call initializes the controller. Therefore, things
like "getSandboxController()" don't work in the case of "shim"
sandbox_mode until after the controller.Create().
Due to this asymmetry and the lack of tests for shim mode, we didn't
catch it before.
This patch just reverts that commit so that the Create() and
getSandboxController() calls remain where they were, and just relies on
the config Linux section as a hack to detect if the pod sandbox will use
user namespaces or not.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Make the rather obscure systemd notification build-time optional by
setting 'no_systemd' tag and so skip dependencies on around 9kLoC
vendor code.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
cgroupv1HasHugetlb() and cgroupv2HasHugetlb() may return errors, but nobody
(there's just one call site anyways) ever cares. So drop the unnecessary code.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
The default version of MinGW and GCC on the GitHub-hosted Windows 2019
runners compile fine but lead to linker errors during runtime.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Tests in pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
since Go 1.21.
e.g.,
> ```
> === FAIL: pkg/cri/sbserver TestGenerateSeccompSecurityProfileSpecOpts/should_set_default_seccomp_when_seccomp_is_runtime/default (0.00s)
> container_create_linux_test.go:1013:
> Error Trace: /home/runner/work/containerd/containerd/pkg/cri/sbserver/container_create_linux_test.go:1013
> Error: Not equal:
> expected: 0x263d880
> actual : 0x263cbc0
> Test: TestGenerateSeccompSecurityProfileSpecOpts/should_set_default_seccomp_when_seccomp_is_runtime/default
> ```
See comments in PR 8957.
Thanks to Wei Fu for analyzing this.
Co-authored-by: Wei Fu <fuweid89@gmail.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
- Fill OSVersion field of ocispec.Platform for windows OS in
transfer service plugin init()
- Do not return error from transfer service ReceiveStream if
stream.Recv() returned context.Canceled error
Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
@samuelkarp's https://github.com/samuelkarp/runj is a de facto default
FreeBSD runtime.
This change creates a set of defaults for FreeBSD setting
`wtf.sbk.runj.v1` as the default runtime.
Signed-off-by: Artem Khramov <akhramov@pm.me>
Following the addition of annotations to the grpc/ttrpc API surface,
follow suit with adding annotations to the controller api surface.
Signed-off-by: Danny Canter <danny@dcantah.dev>
An oft employed scheme for a lot of our APIs is to include an
annotations field which is just a map of string to string. This
usually allows folks using the API to send over metadata or auxiliary
information without needing to get a new field added (especially where
the field might not make sense for it to be a standalone field). I think
having annotations for CreateSandbox make sense for this same use case.
Signed-off-by: Danny Canter <danny@dcantah.dev>
This update addresses an issue where the stat call on FreeBSD could
return -1 for regular files. This led to incorrect Devmajor and
Devminor values, which should be zero in such cases. Refer to the
discussion on this bug in the following PR:
https://github.com/containerd/containerd/pull/5991.
The code change now handles this scenario appropriately.
Signed-off-by: Artem Khramov <akhramov@pm.me>
Since the moby/moby can't handle duplicate exit event well, it's hard
for containerd to retry shutdown if there is error, like context
canceled.
In order to prevent from regression like #4769, I add skipped
integration case as TODO item and we should rethink about how to handle
the task/shim lifecycle.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Distros tend to change this to specific locations (eg. on MVCC installs),
therefore introduce a generic environment variable that's a common practise
since 30+ years and thus already well known and supported by distros.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
