This adds a configuration knob for adding request headers to all
registry requests. It is not namespaced to a registry.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This moves most of the API calls off of the `labels` package onto the root
selinux package. This is the newer API for most selinux operations.
Signed-off-by: Michael Crosby <michael@thepasture.io>
full diff: https://github.com/opencontainers/selinux/compare/v1.5.1...v1.5.2
- Implement FormatMountLabel unconditionally
Implementing FormatMountLabel on situations built without selinux
should be possible; the context will be ignored if no SELinux is available.
- Remote potential race condition, where mcs label is freed
Theorectially if you do not change the MCS Label then we free it and two
commands later reserve it. If some other process was grabbing MCS Labels
at the same time, the other process could get the same label.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When I changed the vendor.conf format to use tags, many of the
dependencies didn't use tagged versions, and the column format
made the file slightly more consistent / easier to read.
With many dependencies moving to go modules, we see more deps
tagging releases, and we're now more actively trying to use
tagged releases for our dependencies.
With containerd/containerd changing the format to use tags as
default, it makes sense to do the same here as well (to allow
for easier comparing the vendor.conf files between repositories)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 0d360c50b1...0553354f00
- Add WithConfList opt for adding conf list from bytes
- Use Go modules instead of vndr
- Test on go1.13, 1.14, remove go1.12
- Update pkg/errors v0.9.1, switch to using errors.Is() instead of errors.Cause()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We encountered two failing end-to-end tests after the adoption of
https://github.com/containerd/cri/pull/1470 in
https://github.com/cri-o/cri-o/pull/3749:
```
Summarizing 2 Failures:
[Fail] [sig-cli] Kubectl Port forwarding With a server listening on 0.0.0.0 that expects a client request [It] should support a client that connects,
sends DATA, and disconnects
test/e2e/kubectl/portforward.go:343
[Fail] [sig-cli] Kubectl Port forwarding With a server listening on localhost that expects a client request [It] should support a client that connects
, sends DATA, and disconnects
test/e2e/kubectl/portforward.go:343
```
Increasing the timeout to 1s fixes the issue.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
This swaps the RunningInUserNS() function that we're using
from libcontainer/system with the one in containerd/sys.
This removes the dependency on libcontainer/system, given
these were the only functions we're using from that package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
