This allows Go to build third party packages correctly without vendoring
issues what want to create their own SpecOpts.
Fixes#2289
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This renames the runtime interface to PlatformRuntime to denote the
layer at which the runtime is being abstracted. This should be used to
abstract different platforms that vary greatly and do not have full
compat with OCI based binary runtimes.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Actually we have been testing containerd with the runc version that is defined
in vendor.conf rather than the one defined in RUNC.md. (`script/setup/install-runc`).
This commit makes sure that the revision defined in vendor.conf is always the desired one.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This allows many different commands to be used as OCI hooks. It allows
these commands to template out different args and env vars so that
normal commands can accept the OCI spec State payload over stdin.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Update apply layers to recursive from the top layer.
Update apply layer to check for exists and apply single layer.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
The mountinfo parser implemented via `fmt.Sscanf()` is slower than the one
using `strings.Split()` and `strconv.Atoi()`. This rewrite helps to speed it
up to a factor of 8x, here is a result from `go bench`:
> BenchmarkParsingScanf-4 300 22294112 ns/op
> BenchmarkParsingSplit-4 3000 2780703 ns/op
I tried other approaches, such as using `fmt.Sscanf()` for the first
three (integer) fields and `strings.Split()` for the rest, but it slows
things down considerably:
> BenchmarkParsingMixed-4 1000 8827058 ns/op
Note the old code uses `fmt.Sscanf` first, then a linear search for the
'-' field, then a split for the last 3 fields. The new code relies
on a single split.
One other thing is, the new code is more future proof as it skips
extra optional fields before the separator (currently there are none).
I have also added more comments to aid in future development.
Finally, the test data is fixed to not have white space before
the first field.
Based on a similar change in Moby,
https://github.com/moby/moby/pull/36091
[v2: remove no-op break statement to silence staticcheck]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This allows non-privileged users to use containerd.
If a non root user tried to set a negative oom score adjustment,
it will fail. Containerd should not fail if running rootless.
This is part of a larger track of work integrating containerd
into Cloudfoundry's garden with support for rootless.
[#156343443]
Signed-off-by: Danail Branekov <danailster@gmail.com>
This allows non-privileged users to use containerd. This is part of a
larger track of work integrating containerd into Cloudfoundry's garden
with support for rootless.
[#156343575]
Signed-off-by: Claudia Beresford <cberesford@pivotal.io>
This adds gc.root label to snapshots created with prepare and commit via
the CLI. WIthout this, created snapshots get immediately garbage
collected. There may be a better solution but this seems to be a solid
stop gap.
We may also need to add more functionality around snapshot labeling for
the CLI but current use cases are unclear.
Signed-off-by: Stephen J Day <stevvooe@gmail.com>
This seems to pickup a bunch of *.c files and some other changes which follow
from having included some new packages because of that.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This renames the license file (so automated tooling can find it, which I care
about) and also pulls in some documentation and comment changes, plus some
functional changes:
PR#33 -- future-proof the algorithm field.
PR#34 -- disallow upper case in hex portion.
No changes appear to be required to containerd code.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
