containerd

Author	SHA1	Message	Date
Maksym Pavlenko	4b32819823	Remove duplicated helpers Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>	2022-11-22 17:40:36 -08:00
Maksym Pavlenko	3f331e7d13	Specify runtime configuration for sandbox shims Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>	2022-11-22 17:39:27 -08:00
Samuel Karp	7d3ca170fd	Merge pull request #7426 from samuelkarp/port-pr-5904-to-sbserver	2022-11-22 16:02:15 -08:00
Austin Vazquez	c4dee237f5	Fix order of operations when setting lease labels Fixes an edge case where `WithLabels` would overwrite `WithExpiration` on a lease when using client options. Signed-off-by: Austin Vazquez <macedonv@amazon.com>	2022-11-22 20:49:53 +00:00
Kazuyoshi Kato	722df11e92	Merge pull request #7677 from AdamKorcz/fuzz2 fix for OSS-Fuzz infra changes	2022-11-22 11:10:40 -08:00
Akihiro Suda	a22f0a4c3e	archive: set WithModTimeUpperBound when WithSourceDateEpoch is set WithModTimeUpperBound sets the upper bound value of the ModTime property of the tar entry structs. WithSourceDateEpoch now implies WithModTimeUpperBound too, in addition to WithWhiteoutTime. For moby/buildkit issue 3296 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2022-11-22 22:21:44 +09:00
Akihiro Suda	96a39ad53b	Merge pull request #7499 from Iceber/cleanup_shim_flag runtime/v2/shim: clean up the use of containerdBinary	2022-11-22 22:01:23 +09:00
AdamKorcz	ed3a49c0e6	fix for OSS-Fuzz infra changes Signed-off-by: AdamKorcz <adam@adalogics.com>	2022-11-22 10:18:28 +00:00
Samuel Karp	ac4af4df89	integration: enable CNI slow test for sbserver Signed-off-by: Samuel Karp <samuelkarp@google.com>	2022-11-21 16:45:37 -08:00
Samuel Karp	a74f7e902b	sbserver: save netns in sandbox metadata on create Port of `b41d6f40bb` to sbserver Signed-off-by: Samuel Karp <samuelkarp@google.com>	2022-11-21 16:45:37 -08:00
Samuel Karp	085d8e6334	integration: enable tests for sbserver Signed-off-by: Samuel Karp <samuelkarp@google.com>	2022-11-21 16:45:37 -08:00
Samuel Karp	1deaedd38a	sbserver: persist sandbox during partial teardown Port of `4f4aad057d` to sbserver Signed-off-by: Samuel Karp <samuelkarp@google.com>	2022-11-21 16:45:36 -08:00
Kazuyoshi Kato	20cb9a9fd8	Merge pull request #7693 from hoyosjs/juhoyosa/enable-ptrace-proc-vm-apis Add process_vm read and write calls to default seccomp profile	2022-11-21 12:02:42 -08:00
Kazuyoshi Kato	49251e4de6	Merge pull request #7707 from austinvazquez/resolve-scorecards-workflow-warnings Resolve Scorecards GitHub Actions workflow warnings	2022-11-21 10:48:32 -08:00
Austin Vazquez	5a7c108ba4	Resolve Scorecards GitHub Actions workflow warnings Allow actions/checkout in scorecards workflow to use v3.1.0 commit. Resolves `save-state` command usage warnings. Signed-off-by: Austin Vazquez <macedonv@amazon.com>	2022-11-21 16:21:57 +00:00
Phil Estes	99acefaad9	Merge pull request #7697 from inspektor-gadget/qasim/add-sandbox-uid-annotation cri: add pod uid annotation	2022-11-21 10:54:20 -05:00
Phil Estes	de73676e9b	Merge pull request #7699 from yanggangtony/client-with-conn Missed out `platform interface` when reused the conn for Client.	2022-11-21 10:52:10 -05:00
Samuel Karp	59f210d8ba	Merge pull request #7700 from jellor/remove-rollback	2022-11-20 23:13:49 -08:00
Samuel Karp	e5f13e81ab	Merge pull request #7704 from thaJeztah/bump_deps	2022-11-20 23:11:07 -08:00
Samuel Karp	0ad110ae10	Merge pull request #7705 from thaJeztah/update_md2man	2022-11-20 23:00:58 -08:00
Sebastiaan van Stijn	b7b185c92f	update github.com/cpuguy83/go-md2man/v2 to v2.0.2 no significant updates, just keeping up with latest version full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.1...v2.0.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:52:50 +01:00
Sebastiaan van Stijn	6142a2a24a	sys: remove unused GetOpenFds() This was no longer used since `058eea362a` (v1.0.0-alpha0), and there's no external users. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:27:21 +01:00
Sebastiaan van Stijn	f0ce2f6d36	remotes/docker: remove deprecated NewAuthorizer alias This was deprecated since containerd v1.3.0. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:27:21 +01:00
Sebastiaan van Stijn	c71a311561	sys: remove aliases for deprecated EpollCreate1, EpollCtl, EpollWait These have been deprecated since containerd v1.4.0. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:27:20 +01:00
Sebastiaan van Stijn	3e5b444ac4	pkg/cri/util/: remove deprecated NormalizeImageRef alias Has been deprecated in containerd v1.3.0, so we can remove this. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:27:20 +01:00
Sebastiaan van Stijn	3a7cfaebbd	sys: remove alias for deprecated sys.RunningInUserNS() The alias is in the 1.6 release, which should give consumers time to migrate. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:27:19 +01:00
Sebastiaan van Stijn	bd912bbee0	go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2 Same commit, but now tagged diff: https://github.com/matttproud/golang_protobuf_extensions/compare/c182affec369...v1.0.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:21:42 +01:00
Sebastiaan van Stijn	5f23daeb26	go.mod: github.com/moby/sys/sequential v0.5.0 Same commit, but now tagged diff: https://github.com/moby/sys/compare/b22ba8a69b30...sequential/v0.5.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:20:47 +01:00
Sebastiaan van Stijn	763ec7c862	go.mod: github.com/cpuguy83/go-md2man/v2 v2.0.2 it's an indirect dependency, but updating allows us to drop another dependency. full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 22:19:43 +01:00
Sebastiaan van Stijn	0f616e3549	go.mod: github.com/AdaLogics/go-fuzz-headers v0.0.0-20221118232415-3345c89a7c72 full diff: `443f56ff4b...3345c89a7c` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 21:59:44 +01:00
Sebastiaan van Stijn	df4d07352d	go.mod: golang.org/x/sys v0.2.0 full diff: https://github.com/golang/sys/compare/v0.1.0...v0.2.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 21:58:02 +01:00
Sebastiaan van Stijn	4e68634ef0	go.mod: github.com/sirupsen/logrus v1.9.0 full diff: https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-11-20 21:53:29 +01:00
Akihiro Suda	b9f79d3018	Merge pull request #7703 from yanggangtony/fsnotify Fsnotify bump and change code	2022-11-20 19:50:54 +09:00
Fu Wei	c1c81857bf	Merge pull request #7683 from yanggangtony/build-md fix build containerd in centos9	2022-11-20 13:12:27 +08:00
Phil Estes	9b0c83eda6	Merge pull request #7701 from yanggangtony/bumo-urfave-cli Bump urfave-cli to v1.22.10	2022-11-19 21:35:18 -05:00
yanggang	579c7f43de	Change fsnotify event status condition. Signed-off-by: yanggang <gang.yang@daocloud.io>	2022-11-20 09:43:54 +08:00
yanggang	2cea525eee	Bump fsnotify to v1.6.0 Signed-off-by: yanggang <gang.yang@daocloud.io>	2022-11-20 09:37:37 +08:00
yanggang	73c6db881b	Bump urfave-cli to v1.22.10 Signed-off-by: yanggang <gang.yang@daocloud.io>	2022-11-19 15:13:27 +08:00
guodong	bf777a70b1	remove duplicated tx rollback Signed-off-by: guodong <guodong9211@gmail.com>	2022-11-19 13:57:55 +08:00
Fu Wei	8e787543de	Merge pull request #7685 from sofat1989/mainrunserially can set up the network serially by CNI plugins	2022-11-19 12:33:40 +08:00
yanggang	70b65062c7	Missed out `platform interface` when reused the conn for Client. Signed-off-by: yanggang <gang.yang@daocloud.io>	2022-11-19 11:01:19 +08:00
Changwei Ge	176e8d35ce	image/label: print more characters of label keys Like stargz and nydus remote snapshotter, some snapshots lables are introduced and passed to snapshotter from containerd automatically. The label keys' length are all longer than 10. The limitation of 10 characters makes it harder to debug what label is not appropriate. So we'd better to print more of the wrong label. Signed-off-by: Changwei Ge <gechangwei@bytedance.com>	2022-11-19 09:40:02 +08:00
Qasim Sarfraz	0c4d32c131	cri: add pod uid annotation Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>	2022-11-19 01:12:02 +01:00
Samuel Karp	58180661eb	Merge pull request #7656 from ruiwen-zhao/removeAlpha	2022-11-18 15:23:57 -08:00
yanggang	438db09b07	Fix building.md for btrfs Signed-off-by: yanggang <gang.yang@daocloud.io>	2022-11-19 06:52:42 +08:00
ruiwen-zhao	792294ce06	Update to cri-api v0.26.0-beta.0 Signed-off-by: ruiwen-zhao <ruiwen@google.com>	2022-11-18 21:13:34 +00:00
ruiwen-zhao	234bf990dc	Copy cri-api v1alpha2 from v0.25.4 to containerd internal directory Signed-off-by: ruiwen-zhao <ruiwen@google.com>	2022-11-18 21:09:43 +00:00
Maksym Pavlenko	a30e1bb081	Merge pull request #7696 from dcantah/unused-arg overlay: Remove unused method param	2022-11-18 10:56:16 -08:00
Juan Hoyos	e224f77eb7	Add process_vm read and write calls to default seccomp profile Follow up to `94faa70df4`. The commit referenced allowed `ptrace` calls in the default seccomp profile following the usual tracing security checks in for Kernels newer than 4.8. Kernels prior to this version are susceptible to [CVE-2019-2054](https://github.com/advisories/GHSA-qgfr-27qf-f323). Moby's default had allowed for `ptrace` for kernels newer than 4.8 at the time the commit was created. The current [seccomp default](https://github.com/moby/moby/blob/master/profiles/seccomp/default_linux.go#L405-L417) has been updated to include `process_vm_read` and `process_vm_write`. Mirror that policy to complete the classic ptrace set of APIs. Signed-off-by: Juan Hoyos <juan.s.hoyos@outlook.com>	2022-11-18 10:51:45 -05:00
Phil Estes	ff8094961c	Merge pull request #7691 from AkihiroSuda/fedora37 CI: update Fedora to 37	2022-11-18 10:34:50 -05:00

... 62 63 64 65 66 ...

14496 Commits