github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
6,018 Commits 3 Branches 2 Tags 112 MiB
55c9eade39
Commit Graph

6018 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gaurav Singh
ae08491bff waitForPid: fix goroutine leak 
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
 2020-06-07 17:33:10 -04:00
Maksym Pavlenko
38cb1c1a54
Merge pull request #4303 from estesp/update-hcsshim-release-flow 
Streamline hcsshim build addition to release flow
 2020-06-04 10:34:07 -07:00
Phil Estes
8fcd5a1f28
Streamline hcs shim release flow 
Improvements to acquire/build hcsshim from source in the release
workflow.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-06-04 12:23:50 -04:00
Phil Estes
8f959d569a
Merge pull request #4292 from cpuguy83/add_hcsshim_to_release_tar 
Add windows hcsshim to release pipeline
 2020-06-04 08:56:09 -04:00
Phil Estes
7e98b43cfa
Merge pull request #4299 from estesp/update-cri-tools 
Match version used in CRI project
 2020-06-03 15:42:24 -04:00
Phil Estes
ef0cf12647
Match version used in CRI project 
Use the critools version currently being used in the CRI project CI.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-06-03 15:12:48 -04:00
Brian Goff
2be80f9997 Add windows hcsshim to release pipeline 
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-06-03 11:10:33 -07:00
Michael Crosby
7ce8a9d7d3
Merge pull request #4204 from ashrayjain/aj/add-kill-retry 
Make killing shims more resilient
 2020-06-03 11:10:43 -04:00
Phil Estes
7121969f2d
Merge pull request #4296 from dims/revendor-containerd-cri-for-tolerating-hugepages-cgroup 
Revendor CRI to 62c91260d2
 2020-06-03 09:35:46 -04:00
Ashray Jain
3e95727f39 Make killing shims more resilient 
Currently, we send a single SIGKILL to the shim process
once and then we spin in a loop where we use kill(pid, 0)
to detect when the pid has disappeared completely.

Unfortunately, this has a race condition since pids can be reused causing us
to spin in an infinite loop when that happens.

This adds a timeout to this loop which logs a warning and exits the
infinite loop.

Signed-off-by: Ashray Jain <ashrayj@palantir.com>
 2020-06-03 12:57:08 +01:00
Davanum Srinivas
e64b14820e
Revendor CRI to 62c91260d2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-06-02 15:27:39 -04:00
Derek McGowan
3dd8242a67
Add host specific headers 
Allows configuring headers per registry host

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2020-06-01 18:27:41 -07:00
Michael Crosby
62dd14114d
Merge pull request #4273 from AkihiroSuda/oomv2 
cgroup2: implement `containerd.events.TaskOOM` event
 2020-06-01 12:51:34 -04:00
Akihiro Suda
2f601013e6 cgroup2: implement containerd.events.TaskOOM event 
How to test (from https://github.com/opencontainers/runc/pull/2352#issuecomment-620834524):
  (host)$ sudo swapoff -a
  (host)$ sudo ctr run -t --rm --memory-limit $((1024*1024*32)) docker.io/library/alpine:latest foo
  (container)$ sh -c 'VAR=$(seq 1 100000000)'

An event `/tasks/oom {"container_id":"foo"}` will be displayed in `ctr events`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-06-01 14:00:13 +09:00
Phil Estes
d9809bbbe0
Merge pull request #4293 from mxpv/revendor 
Revendor CRI to 8898550e34
 2020-05-29 18:41:54 -04:00
Maksym Pavlenko
62fd1750e2 Revendor CRI to 8898550e34 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2020-05-29 14:34:27 -07:00
Wei Fu
4b5d7f66c9
Merge pull request #4290 from mxpv/ctr-oci 
Add ctr subcommand to print default OCI spec
 2020-05-29 10:45:36 +08:00
Derek McGowan
be23b965e4
Merge pull request #4291 from estesp/fix-release-markdown-length 
Don't inadvertently clip release notes
 2020-05-28 16:10:49 -07:00
Phil Estes
2bc4e90f6f
Don't inadvertently clip release notes 
Specify a much larger linecount for extracting tag annotation from git.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-05-28 17:54:08 -04:00
Maksym Pavlenko
636c533d95 Add ctr subcommand to print default OCI spec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2020-05-28 14:06:44 -07:00
Phil Estes
8e9ba8376e
Merge pull request #4271 from cpuguy83/actions_add_windows_integration 
Move windows CI to actions
 2020-05-28 11:40:29 -04:00
Akihiro Suda
27f1e0d9ed
Merge pull request #4283 from hs0210/work 
Add unit test for func in remotes/docker/handler.go
 2020-05-29 00:25:41 +09:00
Phil Estes
137abe4ef9
Merge pull request #4282 from estesp/add-release-action 
Add release GH Action triggered by signed tag
 2020-05-28 11:12:08 -04:00
Michael Crosby
77bc753024
Merge pull request #4289 from dmcgowan/next-1.4-beta 
Update release notes for 1.4.0-beta.1
 2020-05-28 10:49:40 -04:00
Hu Shuai
230cf6deda Add unit test for func in remotes/docker/handler.go 
Signed-off-by: Hu Shuai <hus.fnst@cn.fujitsu.com>
 2020-05-28 16:54:33 +08:00
Phil Estes
bb2b2825b6
Add release GH Action triggered by signed tag 
This will check that the tag is signed and then checkout the tag, build
official binaries, sha256sum the tarball, and upload those assets to the
release, officially generating a release in GitHub from the signed tag.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-05-27 16:56:13 -04:00
Derek McGowan
8f1ddb1428
Update release for 1.4.0-beta.1 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2020-05-27 13:42:02 -07:00
Maksym Pavlenko
26f7df1466
Merge pull request #4288 from crosbymichael/cri-bump 
Update CRI to 52c2c6b5df
 2020-05-27 11:33:12 -07:00
Brian Goff
c376f4f763 Move Windows testing to GH Actions 
This eliminates the need for appveyor.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-05-27 10:45:22 -07:00
Brian Goff
3226283470 Fix client tests to work on Windows. 
- Powershell is no longer available in nanoserver, so change commands to
  run accordingly.
- Set platform specific commands for short and long running containers
- Skips 2 tests which do not run on Windows.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-05-27 10:42:23 -07:00
Phil Estes
f0f49c6cab
Merge pull request #4284 from jmillikin-stripe/cli-tls-flags 
Add `ctr` flags for configuring default TLS credentials for registry
 2020-05-27 09:59:58 -04:00
John Millikin
b8ccdcb07d
Add ctr flags for configuring default TLS credentials. 
Signed-off-by: John Millikin <jmillikin@stripe.com>
 2020-05-27 21:59:33 +09:00
Michael Crosby
c5273930bd Update CRI to 52c2c6b5df 
This bump contains updates for CRI with selinux support.

Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-05-26 21:06:18 -04:00
Maksym Pavlenko
4cbf59db82
Merge pull request #4279 from AkihiroSuda/ci-cgroup2 
cgroup2 CI
 2020-05-21 13:35:49 -07:00
Akihiro Suda
af131d7258 cgroup2 CI 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-05-22 01:15:12 +09:00
Derek McGowan
1c58c5d440
Merge pull request #4277 from lucaskanashiro/fix-build-on-riscv64 
riscv64 arch does not support -buildmode=pie
 2020-05-20 12:46:50 -07:00
Lucas Kanashiro
e34bf08e58 riscv64 arch does not support -buildmode=pie 
Signed-off-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
 2020-05-20 16:28:10 -03:00
Derek McGowan
7ef3c0f47d
Merge pull request #4275 from estesp/fix-image-usage 
Fix image usage calculation error
 2020-05-20 08:35:05 -07:00
Phil Estes
0c9b05fa60
Fix image usage calculation error 
Including snapshotter usage in total calculation should be gated by the
option `snapshotter` boolean.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-05-20 08:44:05 -04:00
Derek McGowan
84619ee998
Fix configurations with no server provided 
When a server is specified at the top level, there is a bug
that prevents the keys from being checked properly.
When no server is provided, the server attempts to parse
with an empty host, leaving partial values and a defaulted
skip verify configuration.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2020-05-19 19:16:50 -07:00
Derek McGowan
06b0cd45ba
Fix nil pointer errors 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2020-05-19 19:16:39 -07:00
Phil Estes
4e08c2de67
Merge pull request #4269 from KentaTada/remove-unused-syscall 
seccomp: remove the unused query_module(2)
 2020-05-19 11:14:31 -04:00
Kenta Tada
03755821d2 seccomp: remove the unused query_module(2) 
query_module(2) is only in kernels before Linux 2.6.

Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
 2020-05-19 10:36:55 +09:00
Phil Estes
d7c4bda3b1
Merge pull request #4264 from thaJeztah/seccomp_allow_clock_adjtime 
seccomp: Whitelist `clock_adjtime`
 2020-05-18 09:36:08 -04:00
Phil Estes
0f2b15b7af
Merge pull request #4261 from gaurav1086/fix_docker_data_race 
docker: fix data race on err
 2020-05-18 09:34:04 -04:00
Phil Estes
0814750023
Merge pull request #4262 from gaurav1086/fix_data_race_in_unpacker 
unpacker: Fix data race and possible data corruption
 2020-05-18 09:32:24 -04:00
Phil Estes
49db7dfcfb
Merge pull request #4260 from thaJeztah/bump_golang_1.13.11 
Bump Golang 1.13.11
 2020-05-18 09:24:14 -04:00
Stanislav Levin
5765991f2c
seccomp: Whitelist clock_adjtime 
This only allows making the syscall. CAP_SYS_TIME is still required
for time adjustment (enforced by the kernel):

```
kernel/time/posix-timers.c:

1112 SYSCALL_DEFINE2(clock_adjtime, const clockid_t, which_clock,
1113                 struct __kernel_timex __user *, utx)
...
1121         err = do_clock_adjtime(which_clock, &ktx);

1100 int do_clock_adjtime(const clockid_t which_clock, struct __kernel_timex * ktx)
1101 {
...
1109         return kc->clock_adj(which_clock, ktx);

1299 static const struct k_clock clock_realtime = {
...
1304         .clock_adj              = posix_clock_realtime_adj,

188 static int posix_clock_realtime_adj(const clockid_t which_clock,
189                                     struct __kernel_timex *t)
190 {
191         return do_adjtimex(t);

kernel/time/timekeeping.c:

2312 int do_adjtimex(struct __kernel_timex *txc)
2313 {
...
2321         /* Validate the data before disabling interrupts */
2322         ret = timekeeping_validate_timex(txc);

2246 static int timekeeping_validate_timex(const struct __kernel_timex *txc)
2247 {
2248         if (txc->modes & ADJ_ADJTIME) {
...
2252                 if (!(txc->modes & ADJ_OFFSET_READONLY) &&
2253                     !capable(CAP_SYS_TIME))
2254                         return -EPERM;
2255         } else {
2256                 /* In order to modify anything, you gotta be super-user! */
2257                 if (txc->modes && !capable(CAP_SYS_TIME))
2258                         return -EPERM;

```

Fixes: moby/moby 40919
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-05-17 23:11:04 +02:00
Gaurav Singh
db74d3115e unpacker: Fix data race and possible data corruption 
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
 2020-05-17 10:55:52 -04:00
Gaurav Singh
2325182529 docker: fix data race on err 
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
 2020-05-17 09:20:38 -04:00