This system call is only available on 32- and 64-bit PowerPC, it is used
by modern programming language implementations to implement coroutine
features through userspace context switches.
moby [1] and systemd nspawn [2] already whitelist this system call so it
makes sense to whitelist it in containerd as well.
[1]: https://github.com/moby/moby/pull/43092
[2]: https://github.com/systemd/systemd/pull/9487
Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
Enabling this option effectively causes RDT class of a container to be a
soft requirement. If RDT support has not been enabled the RDT class
setting will not have any effect.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
Use goresctrl for parsing container and pod annotations related to RDT.
In practice, from the users' point of view, this patchs adds support for
a container annotation and two separate pod annotations for controlling
the RDT class of containers.
Container annotation can be used by a CRI client:
"io.kubernetes.cri.rdt-class"
Pod annotations for specifying the RDT class in the K8s pod spec level:
"rdt.resources.beta.kubernetes.io/pod"
(pod-wide default for all containers within)
"rdt.resources.beta.kubernetes.io/container.<container_name>"
(container-specific overrides)
Annotations are intended as an intermediate step before the CRI API
supports RDT.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
Add support for configuring the Linux resctrl pseudo-filesystem with
goresctrl library. The functionality is integrated in the
"io.containerd.service.v1.tasks-service" plugin.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
Use the syscall method instead of repeating the type conversions for
the syscall.Stat_t Atim/Atimespec members. This also allows to drop the
//nolint: unconvert comments.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Adds an equivalent TestSandboxRemoveWithoutIPLeakage for Windows, in which
we assert that the IPs are not leaked when a Pod's HNS namespace dissapears
and the Pod is deleted afterwards.
Signed-off-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
This patch makes the Windows Integration GitHub workflow conditionally
execute the CI artifact upload to GCP on successful runs iff the GitHub
secrets containing the GCP access info are defined.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Seems $(PWD) if the shell is powershell may not be inherited properly
as it ends up being an empty string. The result of this is that using
mingw's make with powershell is that $(PWD)/bin ends up being /bin and the
windows shim will get placed there. make install afterwards will try to find
the shim at $pwd/bin and fail.
Changing to CURDIR https://www.gnu.org/software/make/manual/make.html#index-CURDIR
seems to be a solution here as it's not inherited by the environment and
is set by make itself so should work across any type of shell.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
The "notready-sandbox" array will only have a CONTAINER_CREATED
and a CONTAINER_EXITED in the sandbox. So there will be no running
task to send a Kill() to. This means that on Windows, it will always
return an ErrorNotFound.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This offers a more reliable way of killing a process. The /IM flag
allows us to specify the "image name" of the process we're killing.
This means we can use wildcards, foce kill a process and all the child
processes it may have spawned.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This change fixes flakiness on Windows for TestContainerListStatsWithSandboxIdFilter
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
The global &daemon{} object only gets an address assigned if you call
start() on it, which only gets called if you don't pass no-daemon. The
aftermath of this is that running the integration tests with no-daemon
just has them fail trying to create a client for containerd.
This change just assigns whatever address is passed to the binary even in
the no-daemon case so you can run the integration tests against an already
running containerd instance.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
