github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
9,015 Commits 3 Branches 2 Tags 112 MiB
45df696bf3
Commit Graph

9015 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Akihiro Suda
4702af9178
CI: cache ~/.vagrant.d/boxes 
For deflaking `vagrant up`

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-03-01 15:01:47 +09:00
Akihiro Suda
9ade247b38
overlay: support "userxattr" option (kernel 5.11) 
The "userxattr" option is needed for mounting overlayfs inside a user namespace with kernel >= 5.11.

The "userxattr" option is NOT needed for the initial user namespace (aka "the host").

Also, Ubuntu (since circa 2015) and Debian (since 10) with kernel < 5.11 can mount the overlayfs in a user namespace without the "userxattr" option.

The corresponding kernel commit: 2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1
> ovl: user xattr
>
> Optionally allow using "user.overlay." namespace instead of "trusted.overlay."
> ...
> Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the
> "user.overlay.redirect" or "user.overlay.metacopy" xattrs.

Fix issue 5060

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-03-01 13:54:51 +09:00
Iceber Gu
ba199129b6
update linuxkit readme 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-03-01 12:00:56 +08:00
Derek McGowan
10bbd1a462
Merge pull request #5051 from wzshiming/fix/missing-close 
Fix missing close
 2021-02-26 14:59:43 -08:00
Maksym Pavlenko
46c9746507
Merge pull request #5064 from Iceber/fix-redundant-slice 
oci: fix superfluous slice operations
 2021-02-26 09:44:50 -08:00
Derek McGowan
07a3ce3d7f
Merge pull request #5080 from dmcgowan/prepare-1.5.0-beta.2 
Prepare 1.5.0-beta.2 release
 2021-02-26 08:52:27 -08:00
Derek McGowan
9884730e5c
Merge pull request #5069 from AkihiroSuda/restart-fast 
restart: skip Sleep() for the first iteration of the reconcilation
 2021-02-25 16:37:53 -08:00
Mike Brown
4379557924
Merge pull request #5086 from eramos2/revise-docs 
Fixed wording in docs, and broken link
 2021-02-25 15:32:25 -06:00
Phil Estes
8dbe53a2a9
Merge pull request #5070 from yoheiueda/empty-masked 
cri: set default masked/readonly paths to empty paths
 2021-02-25 15:38:45 -05:00
alexyadon
c61f0ceada
Fix broken docs links (#5085) 
* docs: fix broken links

Signed-off-by: Alex Yadon <alex.yadon@ibm.com>

* docs: use relative paths

Signed-off-by: Alex Yadon <alex.yadon@ibm.com>
 2021-02-25 14:09:49 -06:00
Iceber Gu
f7f6aabfff oci: fix superfluous slice operations 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-02-26 02:35:25 +08:00
Emmanuel Ramos
224efa9dae Fixed wording in docs, and broken link 
Signed-off-by: Emmanuel Ramos <emmanuel.ramos2@ibm.com>
 2021-02-25 13:18:13 -05:00
Phil Estes
2bc8c779c5
Merge pull request #5068 from AkihiroSuda/restart-test 
restart: add an integration test
 2021-02-25 12:16:51 -05:00
Michael Crosby
119fe70469
Merge pull request #5071 from AkihiroSuda/restart-parallel 
restart: parallelize reconcile()
 2021-02-25 11:33:26 -05:00
Phil Estes
7738370db7
Merge pull request #5083 from AkihiroSuda/remove-dep-gocapability 
drop dependency on github.com/syndtr/gocapability
 2021-02-25 10:48:21 -05:00
Akihiro Suda
7ee610edb5
drop dependency on github.com/syndtr/gocapability 
pkg/cap has the full list of the caps (for UT, originally),
so we can drop dependency on github.com/syndtr/gocapability

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-02-25 15:17:28 +09:00
Akihiro Suda
9822173354
cap: rename FromUint64 to FromBitmap 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-02-25 15:02:10 +09:00
Akihiro Suda
6ab6eaa790
restart: skip Sleep() for the first iteration of the reconcilation 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-02-25 13:30:38 +09:00
Akihiro Suda
36df282dcb
restart: add an integration test 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-02-25 13:30:22 +09:00
Akihiro Suda
b23dc1131e
restart: parallelize reconcile() 
The only shared variable `m.client` is thread-safe, so we can safely
parallelize the loops.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-02-25 13:30:00 +09:00
Derek McGowan
f38a797034
Prepare release notes for 1.5.0-beta.2 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-02-24 08:56:20 -08:00
Yohei Ueda
07f1df4541
cri: set default masked/readonly paths to empty paths 
Fixes #5029.

Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
 2021-02-24 23:50:40 +09:00
Phil Estes
af4c55fa4a
Merge pull request #5078 from AkihiroSuda/fix-5077 
CI: fix "ls: cannot access '/etc/cni/net.d': Permission denied"
 2021-02-24 09:01:39 -05:00
Akihiro Suda
b4ef1e9dc7
CI: fix "ls: cannot access '/etc/cni/net.d': Permission denied" 
The CI host was probably updated recently and the permission bits of the
directory was changed.

Fix 5077

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-02-24 19:11:10 +09:00
Phil Estes
757be0a090
Merge pull request #5017 from AkihiroSuda/parse-cap 
oci.WithPrivileged: set the current caps, not the known caps
 2021-02-23 09:10:57 -05:00
Mike Brown
9173d3e929
Merge pull request #5021 from wzshiming/fix/signal_repeatedly 
Fix repeated sending signal
 2021-02-22 09:45:56 -06:00
Phil Estes
08d765af95
Merge pull request #5028 from Iceber/runtime-spec 
oci: fix the file mode of the device
 2021-02-22 09:25:56 -05:00
Fu, Wei
096e99fe7e
Merge pull request #5057 from estesp/moar-time 
Tune test timeouts for GH Actions
 2021-02-20 10:17:24 +08:00
Phil Estes
13f904cde2
Tune test timeouts for GH Actions 
We have enough failures these days; getting timed out when tests are
almost done is the last thing we need :)

On avg. the Linux integration tests are taking 15-17 min, but sometimes
they end up at 20 or a bit over and get canceled. I've seen rare cases
where the Vagrant setup+build+test runs gets very close to 40 min as
well.

Signed-off-by: Phil Estes <estesp@amazon.com>
 2021-02-19 16:27:43 -05:00
Phil Estes
e58be59cbd
Merge pull request #5054 from jterry75/fix_env_windows 
cri: append envs from image config to empty slice to avoid env lost
 2021-02-18 20:40:44 -05:00
Justin Terry (SF)
06e4e09567 cri: append envs from image config to empty slice to avoid env lost 
Signed-off-by: Justin Terry (SF) <juterry@microsoft.com>
 2021-02-18 16:39:28 -08:00
Phil Estes
c32ccdf8be
Merge pull request #5024 from yadzhang/deepcopy-imageconfig 
cri: append envs from image config to empty slice to avoid env lost
 2021-02-18 12:51:51 -05:00
Phil Estes
d30a6c005f
Merge pull request #5045 from wzshiming/fix/file-not-closed 
FIx file is not closed
 2021-02-18 12:45:19 -05:00
Shiming Zhang
5e4acc0436 Fix file is not closed 
Signed-off-by: Shiming Zhang <wzshiming@foxmail.com>
 2021-02-18 21:38:44 +08:00
Shiming Zhang
05ef2fe2fb Fix missing close 
Signed-off-by: Shiming Zhang <wzshiming@foxmail.com>
 2021-02-18 13:21:42 +08:00
Akihiro Suda
746cef0bc2
Merge pull request #5044 from wzshiming/fix/empty-error-warpping 
Fix empty error warpping
 2021-02-18 13:47:13 +09:00
zhangyadong.0808
08318b1ab9 cri: append envs from image config to empty slice to avoid env lost 
Signed-off-by: Yadong Zhang <yadzhang@gmail.com>
 2021-02-18 11:37:41 +08:00
Shiming Zhang
59db8a10e0 Fix empty error warpping 
Signed-off-by: Shiming Zhang <wzshiming@foxmail.com>
 2021-02-18 11:06:59 +08:00
Phil Estes
a98c83c2d4
Merge pull request #5033 from chrisfregly/master 
Fix TestRuntimeHandler logging
 2021-02-17 21:53:17 -05:00
Chris Fregly
80e1d98f6b fix: issue #5032 
Signed-off-by: Chris Fregly <cfregly@ibm.com>
 2021-02-17 18:21:17 -08:00
Justin
0cc3991387
Merge pull request #4912 from dcantah/dcantah/wcow-sandbox-size 
Scratch size customization and UVM scratch creation for WCOW snapshotter
 2021-02-17 15:19:19 -08:00
Shiming Zhang
dc6f5ef3b9 Fix repeated sending signal 
Signed-off-by: Shiming Zhang <wzshiming@foxmail.com>
 2021-02-17 21:33:49 +08:00
Michael Crosby
41e3057cc6
Merge pull request #5025 from jeremyje/win20h2 
Add references to Windows 20H2 test images.
 2021-02-12 11:58:49 -05:00
Maksym Pavlenko
88d97362b3
Merge pull request #5027 from kevpar/config-check 
Improve error detection when loading config
 2021-02-10 14:37:31 -08:00
Phil Estes
2adb2ea64c
Merge pull request #4973 from lorenz/move-netns-into-statedir 
Allow moving netns directory into StateDir
 2021-02-10 13:08:50 -05:00
Lorenz Brun
36d0bc1f2b Allow moving netns directory into StateDir 
Signed-off-by: Lorenz Brun <lorenz@nexantic.com>
 2021-02-10 18:33:14 +01:00
Mike Brown
e288feacf3
Merge pull request #5026 from crosbymichael/cni-anno 
[cri] add pod annotations to CNI call
 2021-02-10 09:21:58 -06:00
Akihiro Suda
51f985cb1f
oci: move cap UT to _linux_test.go 
No substantial code change

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-02-10 17:42:18 +09:00
Iceber Gu
d08aa4b681
oci: fix the file mode of the device 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-02-10 16:37:12 +08:00
Akihiro Suda
a2d1a8a865
oci.WithPrivileged: set the current caps, not the known caps 
This change is needed for running the latest containerd inside Docker
that is not aware of the recently added caps (BPF, PERFMON, CHECKPOINT_RESTORE).

Without this change, containerd inside Docker fails to run containers with
"apply caps: operation not permitted" error.

See kubernetes-sigs/kind 2058

NOTE: The caller process of this function is now assumed to be as
privileged as possible.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-02-10 17:14:17 +09:00