Akihiro Suda 
							
						 
					 
					
						
						
							
						
						419b5ab042 
					 
					
						
						
							
							Cirrus CI (Fedora 37, Rocky 8): enable cri-integration  
						
						... 
						
						
						
						Fix issue 7889
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-04 02:20:43 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						7b1f08bf50 
					 
					
						
						
							
							nri_test.go: skip if SELinux is enabled  
						
						... 
						
						
						
						SELinux relabeling is not implemented for NRI yet
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-04 02:20:42 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						dcbb32d6fb 
					 
					
						
						
							
							cri-integration: set SelinuxRelabel  
						
						... 
						
						
						
						Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-04 02:20:42 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						0f163d6960 
					 
					
						
						
							
							TestVolumeOwnership: compare GID, not group name  
						
						... 
						
						
						
						The name of the GID 65534 differs across distros.
("nogroup" on Debian derivatives, "nobody" on Red Hat derivatives)
Fix the following test failure:
```
=== RUN   TestVolumeOwnership
    volume_copy_up_test.go:103: Create a sandbox
    main_test.go:667: Pull test image "ghcr.io/containerd/volume-ownership:2.1"
    volume_copy_up_test.go:108: Create a container with volume-ownership test image
    volume_copy_up_test.go:117: Start the container
    volume_copy_up_test.go:125: Check ownership of test directory inside container
    volume_copy_up_test.go:146: Check ownership of test directory on the host
    volume_copy_up_test.go:153:
        	Error Trace:	/root/go/src/github.com/containerd/containerd/volume_copy_up_test.go:153
        	Error:      	Not equal:
        	            	expected: "nobody:nogroup\n"
        	            	actual  : "nobody:nobody\n"
        	            	Diff:
        	            	--- Expected
        	            	+++ Actual
        	            	@@ -1,2 +1,2 @@
        	            	-nobody:nogroup
        	            	+nobody:nobody
        	Test:       	TestVolumeOwnership
--- FAIL: TestVolumeOwnership (3.45s)
```
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-04 02:20:42 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						76d68b080e 
					 
					
						
						
							
							container_stats_test.go: avoid checking snapshot size  
						
						... 
						
						
						
						On Linux, the snapshot size differs depending on the backing filesystem.
See issue 7909.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-04 02:20:41 +09:00 
						 
				 
			
				
					
						
							
							
								Mike Brown 
							
						 
					 
					
						
						
							
						
						b21d28b458 
					 
					
						
						
							
							Merge pull request  #7908  from AkihiroSuda/vagrantfile-fix-comments  
						
						... 
						
						
						
						Vagrantfile: fix comments about SELinux 
						
						
					 
					
						2023-01-03 11:19:08 -06:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						4adf3fb3af 
					 
					
						
						
							
							Merge pull request  #7906  from Iceber/use_label_uncompressed  
						
						... 
						
						
						
						Use the const labels.LabelUncompressed 
						
						
					 
					
						2023-01-04 01:04:20 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						24a255ce96 
					 
					
						
						
							
							Merge pull request  #7850  from dmcgowan/sandbox-store-local-plugin  
						
						... 
						
						
						
						[sandbox] Add sandbox store plugin type 
						
						
					 
					
						2023-01-04 00:21:06 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						12955d291e 
					 
					
						
						
							
							Vagrantfile: fix comments about SELinux  
						
						... 
						
						
						
						SELinux has been enforcing since commit a7f24b29c2akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-03 21:02:33 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						88c8480a38 
					 
					
						
						
							
							Merge pull request  #7893  from AkihiroSuda/fix-7890  
						
						... 
						
						
						
						Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts 
						
						
					 
					
						2023-01-03 19:52:50 +09:00 
						 
				 
			
				
					
						
							
							
								Iceber Gu 
							
						 
					 
					
						
						
							
						
						778e8f2af4 
					 
					
						
						
							
							Use the const labels.LabelUncompressed  
						
						... 
						
						
						
						Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io > 
						
						
					 
					
						2023-01-03 18:29:21 +08:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						a0b8401ea9 
					 
					
						
						
							
							Merge pull request  #7904  from dcantah/cri-misc-fixes  
						
						... 
						
						
						
						CRI: Comment cleanup/misc fixes 
						
						
					 
					
						2023-01-03 16:08:54 +09:00 
						 
				 
			
				
					
						
							
							
								Danny Canter 
							
						 
					 
					
						
						
							
						
						3f0edb249b 
					 
					
						
						
							
							CRI: Comment cleanup/misc fixes  
						
						... 
						
						
						
						Comments in initPlatform for Windows states that the options were
Linux specific. Additionally properly wrap an error after trying
to setup CDI on Linux.
Signed-off-by: Danny Canter <danny@dcantah.dev > 
						
						
					 
					
						2023-01-02 18:55:31 -08:00 
						 
				 
			
				
					
						
							
							
								Fu Wei 
							
						 
					 
					
						
						
							
						
						9a7c264d25 
					 
					
						
						
							
							Merge pull request  #5674  from dmcgowan/metadata-snapshot-publish  
						
						
						
						
					 
					
						2023-01-03 09:23:48 +08:00 
						 
				 
			
				
					
						
							
							
								Fu Wei 
							
						 
					 
					
						
						
							
						
						93370c806b 
					 
					
						
						
							
							Merge pull request  #7887  from AkihiroSuda/vagrantfile-remove-setenforce-0  
						
						
						
						
					 
					
						2023-01-03 08:49:25 +08:00 
						 
				 
			
				
					
						
							
							
								Derek McGowan 
							
						 
					 
					
						
						
							
						
						5e2b7c5b7a 
					 
					
						
						
							
							Merge pull request  #7894  from my-git9/cleanup/errdefs  
						
						... 
						
						
						
						reused package errdefs for error 
						
						
					 
					
						2023-01-02 11:57:58 -08:00 
						 
				 
			
				
					
						
							
							
								Derek McGowan 
							
						 
					 
					
						
						
							
						
						1d43149c79 
					 
					
						
						
							
							Merge pull request  #7888  from AkihiroSuda/integration-images-switch-away-from-dockerhub  
						
						... 
						
						
						
						integration/images: switch away from Docker Hub to avoid rate limit 
						
						
					 
					
						2023-01-02 11:33:54 -08:00 
						 
				 
			
				
					
						
							
							
								xin.li 
							
						 
					 
					
						
						
							
						
						1753e5af7a 
					 
					
						
						
							
							Reused errdefs for error  
						
						... 
						
						
						
						Signed-off-by: xin.li <xin.li@daocloud.io > 
						
						
					 
					
						2023-01-02 21:39:20 +08:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						5a00d28a6f 
					 
					
						
						
							
							Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts  
						
						... 
						
						
						
						Fix issue 7890
Tested on Ubuntu 22.10, with swapon and swapoff:
```
$ GITHUB_WORKSPACE="" ENABLE_CRI_SANDBOXES="" CONTAINERD_RUNTIME=io.containerd.runc.v2 FOCUS=TestUpdateContainerResources_Memory make cri-integration
...
=== RUN   TestUpdateContainerResources_MemorySwap
    container_update_resources_test.go:161: Create a sandbox
INFO[0000] Using the following image list: {Alpine:docker.io/library/alpine:latest BusyBox:docker.io/library/busybox:latest Pause:registry.k8s.io/pause:3.8 ResourceConsumer:registry.k8s.io/e2e-test-images/resource-consumer:1.10 VolumeCopyUp:ghcr.io/containerd/volume-copy-up:2.1 VolumeOwnership:ghcr.io/containerd/volume-ownership:2.1}
    main_test.go:663: Image "registry.k8s.io/pause:3.8" already exists, not pulling.
    container_update_resources_test.go:174: Create a container with memory limit but no swap
    container_update_resources_test.go:186: Check memory limit in container OCI spec
    container_update_resources_test.go:194: Check memory limit in container OCI spec
    container_update_resources_test.go:200: Start the container
    container_update_resources_test.go:205: Check memory limit in cgroup
    container_update_resources_test.go:211: Update container memory limit after started
    container_update_resources_test.go:217: Check memory limit in container OCI spec
    container_update_resources_test.go:222: Check memory limit in cgroup
--- PASS: TestUpdateContainerResources_MemorySwap (0.88s)
=== RUN   TestUpdateContainerResources_MemoryLimit
    container_update_resources_test.go:228: Create a sandbox
    main_test.go:663: Image "registry.k8s.io/pause:3.8" already exists, not pulling.
    container_update_resources_test.go:238: Create a container with memory limit
    container_update_resources_test.go:249: Check memory limit in container OCI spec
    container_update_resources_test.go:257: Update container memory limit after created
    container_update_resources_test.go:263: Check memory limit in container OCI spec
    container_update_resources_test.go:269: Start the container
    container_update_resources_test.go:274: Check memory limit in cgroup
    container_update_resources_test.go:280: Update container memory limit after started
    container_update_resources_test.go:286: Check memory limit in container OCI spec
    container_update_resources_test.go:292: Check memory limit in cgroup
--- PASS: TestUpdateContainerResources_MemoryLimit (0.91s)
PASS
```
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-02 13:15:38 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						a5ea5935b7 
					 
					
						
						
							
							integration/images: switch away from Docker Hub to avoid rate limit  
						
						... 
						
						
						
						Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-02 05:49:30 +09:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						119bbec9e2 
					 
					
						
						
							
							Vagrantfile: install-rootless-podman: remove setenforce 0  
						
						... 
						
						
						
						rootless overlayfs is compatible with SELinux since kernel 5.13
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp > 
						
						
					 
					
						2023-01-02 03:01:48 +09:00 
						 
				 
			
				
					
						
							
							
								Samuel Karp 
							
						 
					 
					
						
						
							
						
						d769f03592 
					 
					
						
						
							
							Merge pull request  #7882  from kinvolk/rata/userns-stateless-pods  
						
						
						
						
					 
					
						2022-12-30 23:42:59 -08:00 
						 
				 
			
				
					
						
							
							
								Fu Wei 
							
						 
					 
					
						
						
							
						
						426175e517 
					 
					
						
						
							
							Merge pull request  #7881  from Iceber/sort_content_labels  
						
						
						
						
					 
					
						2022-12-31 11:30:32 +08:00 
						 
				 
			
				
					
						
							
							
								Rodrigo Campos 
							
						 
					 
					
						
						
							
						
						72ef986222 
					 
					
						
						
							
							cri: Simplify parseUsernsIDs()  
						
						... 
						
						
						
						Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com > 
						
						
					 
					
						2022-12-30 16:49:28 -03:00 
						 
				 
			
				
					
						
							
							
								Rodrigo Campos 
							
						 
					 
					
						
						
							
						
						4eed20fc31 
					 
					
						
						
							
							cri: Verify userns container config is consisten with sandbox  
						
						... 
						
						
						
						The sandbox and container both have the userns config. Lets make sure
they are the same, therefore consistent.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com > 
						
						
					 
					
						2022-12-30 15:07:54 -03:00 
						 
				 
			
				
					
						
							
							
								Rodrigo Campos 
							
						 
					 
					
						
						
							
						
						a44b356274 
					 
					
						
						
							
							cri: Fix assert vs require in tests  
						
						... 
						
						
						
						Currently we require that c.containerSpec() does not return an error
if test.err is not set.
However, if the require fails (i.e. it indeed returned an error) the
rest of the code is executed anyways. The rest of the code assumes it
did not return an error (so code assumes spec is not nil). This fails
miserably if it indeed returned an error, as spec is nil and go crashes
while running the unit tests.
Let's require it is not an error, so code does not continue to execute
if that fails and go doesn't crash.
In the test.err case is not harmful the bug of using assert, but let's
switch it to require too as that is what we really want.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com > 
						
						
					 
					
						2022-12-30 14:02:10 -03:00 
						 
				 
			
				
					
						
							
							
								Samuel Karp 
							
						 
					 
					
						
						
							
						
						b0b28f1d8e 
					 
					
						
						
							
							Merge pull request  #7879  from fuweid/clean-build-tags  
						
						
						
						
					 
					
						2022-12-30 00:22:03 -08:00 
						 
				 
			
				
					
						
							
							
								Samuel Karp 
							
						 
					 
					
						
						
							
						
						5cf6040cce 
					 
					
						
						
							
							Merge pull request  #7880  from kinvolk/rata/userns-stateless-pods  
						
						
						
						
					 
					
						2022-12-30 00:18:15 -08:00 
						 
				 
			
				
					
						
							
							
								Iceber Gu 
							
						 
					 
					
						
						
							
						
						6b333fd210 
					 
					
						
						
							
							ctr contents ls sorts the labels of the content 
						
						... 
						
						
						
						Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io > 
						
						
					 
					
						2022-12-30 15:58:47 +08:00 
						 
				 
			
				
					
						
							
							
								Rodrigo Campos 
							
						 
					 
					
						
						
							
						
						3b48fb5b59 
					 
					
						
						
							
							cri: Shadow variables to avoid t.Parallel() issues  
						
						... 
						
						
						
						This is a follow-up suggested by Fu Wei.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com > 
						
						
					 
					
						2022-12-29 18:16:20 -03:00 
						 
				 
			
				
					
						
							
							
								Mike Brown 
							
						 
					 
					
						
						
							
						
						66f186d42d 
					 
					
						
						
							
							Merge pull request  #7679  from kinvolk/rata/userns-stateless-pods  
						
						... 
						
						
						
						Add support for user namespaces in stateless pods (KEP-127) 
						
						
					 
					
						2022-12-29 14:08:24 -06:00 
						 
				 
			
				
					
						
							
							
								Wei Fu 
							
						 
					 
					
						
						
							
						
						6b7e237fc7 
					 
					
						
						
							
							chore: use go fix to cleanup old +build buildtag  
						
						... 
						
						
						
						Signed-off-by: Wei Fu <fuweid89@gmail.com > 
						
						
					 
					
						2022-12-29 14:25:14 +08:00 
						 
				 
			
				
					
						
							
							
								Derek McGowan 
							
						 
					 
					
						
						
							
						
						cfe7ac9956 
					 
					
						
						
							
							Merge pull request  #7529  from iyear/refactor-metastore-tx  
						
						... 
						
						
						
						Refactor metastore transaction 
						
						
					 
					
						2022-12-28 20:08:38 -08:00 
						 
				 
			
				
					
						
							
							
								Derek McGowan 
							
						 
					 
					
						
						
							
						
						729206f6d0 
					 
					
						
						
							
							Merge pull request  #7874  from thaJeztah/appendOSMounts_error  
						
						... 
						
						
						
						oci: appendOSMounts(): remove unused error, and move 
						
						
					 
					
						2022-12-28 20:04:06 -08:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						ec67e05738 
					 
					
						
						
							
							Merge pull request  #7863  from pacoxu/v1.26-kube  
						
						... 
						
						
						
						add kube v1.26: remove v1alph2 cri support 
						
						
					 
					
						2022-12-29 02:47:37 +09:00 
						 
				 
			
				
					
						
							
							
								iyear 
							
						 
					 
					
						
						
							
						
						1d0619bc0c 
					 
					
						
						
							
							Refactor metastore transaction  
						
						... 
						
						
						
						Signed-off-by: Junyu Liu <ljyngup@gmail.com > 
						
						
					 
					
						2022-12-28 18:37:28 +08:00 
						 
				 
			
				
					
						
							
							
								Fu Wei 
							
						 
					 
					
						
						
							
						
						aee92eb46e 
					 
					
						
						
							
							Merge pull request  #7875  from yanggangtony/runc-version  
						
						... 
						
						
						
						make runc 1.1 for oss_fuzz_build.sh 
						
						
					 
					
						2022-12-28 10:42:18 +08:00 
						 
				 
			
				
					
						
							
							
								Rodrigo Campos 
							
						 
					 
					
						
						
							
						
						ca69ae2656 
					 
					
						
						
							
							Add integration tests for CRI userns  
						
						... 
						
						
						
						Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com > 
						
						
					 
					
						2022-12-27 22:01:12 -03:00 
						 
				 
			
				
					
						
							
							
								Derek McGowan 
							
						 
					 
					
						
						
							
						
						27f43506b4 
					 
					
						
						
							
							Merge pull request  #7872  from yanggangtony/cri-sbserver  
						
						... 
						
						
						
						CRI sbserver: Prevent server reuse after Shutdown 
						
						
					 
					
						2022-12-27 15:54:29 -08:00 
						 
				 
			
				
					
						
							
							
								Derek McGowan 
							
						 
					 
					
						
						
							
						
						ba243ffaaf 
					 
					
						
						
							
							Merge pull request  #7521  from iyear/fix-defer  
						
						... 
						
						
						
						Fix incorrect defer usage and refactor judgement 
						
						
					 
					
						2022-12-27 15:50:41 -08:00 
						 
				 
			
				
					
						
							
							
								Fu Wei 
							
						 
					 
					
						
						
							
						
						4fe2d14e1b 
					 
					
						
						
							
							Merge pull request  #7869  from dcantah/domainname-oci  
						
						... 
						
						
						
						oci: Add WithDomainname 
						
						
					 
					
						2022-12-27 19:18:12 +08:00 
						 
				 
			
				
					
						
							
							
								yanggang 
							
						 
					 
					
						
						
							
						
						09243e43ff 
					 
					
						
						
							
							make runc 1.1 for oss_fuzz_build.sh  
						
						... 
						
						
						
						Signed-off-by: yanggang <gang.yang@daocloud.io > 
						
						
					 
					
						2022-12-27 18:25:53 +08:00 
						 
				 
			
				
					
						
							
							
								Sebastiaan van Stijn 
							
						 
					 
					
						
						
							
						
						94c68aa001 
					 
					
						
						
							
							oci: appendOSMounts(): remove unused error, and move  
						
						... 
						
						
						
						This function was added in ae22854e2bgithub@gone.nl > 
						
						
					 
					
						2022-12-27 10:23:26 +01:00 
						 
				 
			
				
					
						
							
							
								Akihiro Suda 
							
						 
					 
					
						
						
							
						
						bae8fb9142 
					 
					
						
						
							
							Merge pull request  #7871  from yanggangtony/error-def  
						
						... 
						
						
						
						Reused errdefs define error 
						
						
					 
					
						2022-12-27 18:07:18 +09:00 
						 
				 
			
				
					
						
							
							
								Paco Xu 
							
						 
					 
					
						
						
							
						
						d66afd2116 
					 
					
						
						
							
							add kube v1.26: remove v1alpha2 cri support  
						
						... 
						
						
						
						Signed-off-by: Paco Xu <paco.xu@daocloud.io > 
						
						
					 
					
						2022-12-27 14:57:06 +08:00 
						 
				 
			
				
					
						
							
							
								yanggang 
							
						 
					 
					
						
						
							
						
						e94d925711 
					 
					
						
						
							
							CRI sbserver: Prevent server reuse after Shutdown.  
						
						... 
						
						
						
						Signed-off-by: yanggang <gang.yang@daocloud.io > 
						
						
					 
					
						2022-12-27 14:16:40 +08:00 
						 
				 
			
				
					
						
							
							
								yanggang 
							
						 
					 
					
						
						
							
						
						b10536d64f 
					 
					
						
						
							
							Reused errdefs define error  
						
						... 
						
						
						
						Signed-off-by: yanggang <gang.yang@daocloud.io > 
						
						
					 
					
						2022-12-27 14:09:40 +08:00 
						 
				 
			
				
					
						
							
							
								Danny Canter 
							
						 
					 
					
						
						
							
						
						229779a4e5 
					 
					
						
						
							
							oci: Add WithDomainname  
						
						... 
						
						
						
						A domainname field was recently added to the OCI spec. Prior to this
folks would need to set this with a sysctl, but now runtimes should be
able to setdomainname(2). There's an open change to runc at the moment
to add support for this so I've just left testing as a couple spec
validations in CRI until that's in and usable.
Signed-off-by: Danny Canter <danny@dcantah.dev > 
						
						
					 
					
						2022-12-26 04:03:45 -05:00 
						 
				 
			
				
					
						
							
							
								Fu Wei 
							
						 
					 
					
						
						
							
						
						3fefb98f99 
					 
					
						
						
							
							Merge pull request  #7866  from Iceber/ctr_tasks_kill  
						
						... 
						
						
						
						fix `ctr tasks kill` does not remove cni network under windows 
						
						
					 
					
						2022-12-26 14:24:10 +08:00 
						 
				 
			
				
					
						
							
							
								Fu Wei 
							
						 
					 
					
						
						
							
						
						4c3eb5f0c3 
					 
					
						
						
							
							Merge pull request  #7858  from aojea/network_metrics  
						
						
						
						
					 
					
						2022-12-26 09:03:16 +08:00