full diff: 0b889c03f1...8a68de567b
- utils: export RunningInUserNS()
- Support updates for net_cls (adds netclsController.Update())
- Only append Hugetlb in Subsystems list when available
- dependency updates (for compatibility with recent Go versions):
- go.mod: github.com/cilium/ebpf v0.2.0
- go.mod: github.com/coreos/go-systemd v22.1.0
- go.mod: sirupsen/logrus v1.7.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
https://github.com/actions/setup-go/tree/v2.1.3#v2
The V2 offers:
- Adds GOBIN to the PATH
- Proxy Support
- stable input
- Bug Fixes (including issues around version matching and semver)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Newer golangci-lint needs explicit `//` separator. Otherwise it treats
the entire line (`staticcheck deprecated ... yet`) as a name.
https://golangci-lint.run/usage/false-positives/#nolint
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
setupLoop()'s Autoclear (LO_FLAGS_AUTOCLEAR) will destruct the
loopback device when all associated file descriptors are closed.
However this behavior didn't work before since setupLoop() was
returning a file name. The looppack device was destructed at
the end of the function when LoopParams had Autoclear = true.
Fixes#4969.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
download.fedoraproject.org gives HTTP 404 at times,
breaking the CI. Let's give it another chance.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Looks like this import was not needed for the test; simplified the test
by just using the device-path (a counter would work, but for debugging,
having the list of paths can be useful).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
For some tools having the actual image name in the annotations is helpful for
debugging and auditing the workload.
Signed-off-by: Michael Crosby <michael@thepasture.io>
The variable `buf` is connected to containerd's stdout. So, accessing
the variable before killing containerd can cause a race condition.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
This test has been flaky in GitHub Actions. This change logs the
values from devmapper to further investigate the issue.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Use the existing `.Close()` method instead of implementing the same
logic in this function.
The defer sets `cios` to `nil` if an error occurred to preserve the
existing behavior.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The defer functions were checking the local variable, and would therefore
not be executed, as the function returned if an error occurred.
Perhaps best illustrated when renaming the local variables;
if fifos.Stdin != "" {
l, err1 := winio.ListenPipe(fifos.Stdin, nil)
if err1 != nil {
return nil, errors.Wrapf(err1, "failed to create stdin pipe %s", fifos.Stdin)
}
defer func(l net.Listener) {
if err1 != nil {
l.Close()
}
}(l)
// ...
}
if fifos.Stdout != "" {
l, err2 := winio.ListenPipe(fifos.Stdout, nil)
if err2 != nil {
return nil, errors.Wrapf(err2, "failed to create stdout pipe %s", fifos.Stdout)
}
defer func(l net.Listener) {
if err2 != nil {
l.Close()
}
}(l)
// ....
}
This patch changes the function to use a named return variable, and to use
a single `defer()` that closes all pipes.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change is mostly defensive; when checking for the returned
error, it's easy to make a mistake, and check for a "local" error,
not the actual returned error.
This patch changes the function to use a named return variable,
which is checked in the defer.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
bump version 1.3.2 for gogo/protobuf due to CVE-2021-3121 discovered
in gogo/protobuf version 1.3.1, CVE has been fixed in 1.3.2
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
`make vendor` did not do a `go mod tidy` after vendoring, whereas
CI does this as part of the vendor validation, causing CI to fail
if `make vendor` was used to update vendoring, without doing a
`go mod tidy` as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was dumping untrusted output to the debug logs from user containers.
We should not dump this type of information to reduce log sizes and any
information leaks from user containers.
Signed-off-by: Michael Crosby <michael@thepasture.io>
The event monitor handles exit events one by one. If there is something
wrong about deleting task, it will slow down the terminating Pods. In
order to reduce the impact, the exit event watcher should handle exit
event separately. If it failed, the watcher should put it into backoff
queue and retry it.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
