Phil Estes
0814750023
Merge pull request #4262 from gaurav1086/fix_data_race_in_unpacker
...
unpacker: Fix data race and possible data corruption
2020-05-18 09:32:24 -04:00
Phil Estes
49db7dfcfb
Merge pull request #4260 from thaJeztah/bump_golang_1.13.11
...
Bump Golang 1.13.11
2020-05-18 09:24:14 -04:00
Mike Brown
dc81240a6d
Merge pull request #1484 from thaJeztah/bump_containerd
...
vendor: containerd/containerd v1.4.0-beta.0
2020-05-18 08:11:36 -05:00
Mike Brown
36ba7766fb
Merge pull request #1483 from thaJeztah/bump_cni
...
vendor: containerd/go-cni 0553354f0046ccd41a02e724826040491a3d8998
2020-05-18 08:04:16 -05:00
Stanislav Levin
5765991f2c
seccomp: Whitelist clock_adjtime
...
This only allows making the syscall. CAP_SYS_TIME is still required
for time adjustment (enforced by the kernel):
```
kernel/time/posix-timers.c:
1112 SYSCALL_DEFINE2(clock_adjtime, const clockid_t, which_clock,
1113 struct __kernel_timex __user *, utx)
...
1121 err = do_clock_adjtime(which_clock, &ktx);
1100 int do_clock_adjtime(const clockid_t which_clock, struct __kernel_timex * ktx)
1101 {
...
1109 return kc->clock_adj(which_clock, ktx);
1299 static const struct k_clock clock_realtime = {
...
1304 .clock_adj = posix_clock_realtime_adj,
188 static int posix_clock_realtime_adj(const clockid_t which_clock,
189 struct __kernel_timex *t)
190 {
191 return do_adjtimex(t);
kernel/time/timekeeping.c:
2312 int do_adjtimex(struct __kernel_timex *txc)
2313 {
...
2321 /* Validate the data before disabling interrupts */
2322 ret = timekeeping_validate_timex(txc);
2246 static int timekeeping_validate_timex(const struct __kernel_timex *txc)
2247 {
2248 if (txc->modes & ADJ_ADJTIME) {
...
2252 if (!(txc->modes & ADJ_OFFSET_READONLY) &&
2253 !capable(CAP_SYS_TIME))
2254 return -EPERM;
2255 } else {
2256 /* In order to modify anything, you gotta be super-user! */
2257 if (txc->modes && !capable(CAP_SYS_TIME))
2258 return -EPERM;
```
Fixes: moby/moby 40919
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-17 23:11:04 +02:00
Gaurav Singh
db74d3115e
unpacker: Fix data race and possible data corruption
...
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
2020-05-17 10:55:52 -04:00
Gaurav Singh
2325182529
docker: fix data race on err
...
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
2020-05-17 09:20:38 -04:00
Sebastiaan van Stijn
d07a71b97f
Bump Golang 1.13.11
...
full diff: https://github.com/golang/go/compare/go1.13.10...go1.13.11
go1.13.11 (released 2020/05/14) includes fixes to the compiler. See the Go 1.13.11
milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.13.11+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-16 14:57:04 +02:00
Sebastiaan van Stijn
f9083f167a
vendor: containerd/containerd v1.4.0-beta.0
...
full diff: ed261720c8
2020-05-16 14:37:00 +02:00
Sebastiaan van Stijn
103785ea26
vendor: containerd/go-cni 0553354f0046ccd41a02e724826040491a3d8998
...
full diff: 0d360c50b1...0553354f00
2020-05-16 12:58:26 +02:00
Maksym Pavlenko
b7cf3c68e7
Merge pull request #4258 from estesp/codeql
...
Add CodeQL Analysis workflow
2020-05-15 10:05:21 -07:00
Phil Estes
0207b7ff0e
Enable running CodeQL on PRs that modify Action
...
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-15 12:51:48 -04:00
Phil Estes
5425067e8f
Merge pull request #4256 from mxpv/nightly_pr
...
Trigger nightly builds on pull reuqest events
2020-05-15 12:38:26 -04:00
Justin Hutchings
1a06884f18
Add CodeQL Analysis workflow
...
Signed-off-by: Justin Hutchings <jhutchings1@github.com>
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-15 10:15:46 -04:00
Maksym Pavlenko
563964e9d5
Trigger nightly builds on pull reuqest events
...
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2020-05-14 18:39:32 -07:00
Mike Brown
82a602bf12
Merge pull request #1480 from mikebrow/remove-boilerplate
...
removing boilerplate test already replaced by project boiler check
2020-05-14 19:37:01 -05:00
Wei Fu
6312b52de5
Merge pull request #4245 from thaJeztah/remove_deprecated_dualstack
...
ConfigureHosts: remove deprecated DualStack option
2020-05-15 08:00:03 +08:00
Derek McGowan
32985949d4
Merge pull request #4242 from dmcgowan/1.4-beta
...
Add release notes for 1.4 beta
2020-05-14 16:20:50 -07:00
Mike Brown
3f0aa45453
removing boilerplate test replace by projectboiler check
...
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2020-05-14 17:52:12 -05:00
Derek McGowan
77ab0104e2
Add release notes for 1.4 beta
...
Signed-off-by: Derek McGowan <derek@mcg.dev>
2020-05-14 13:04:02 -07:00
Maksym Pavlenko
7fd23fe143
Merge pull request #4254 from thaJeztah/bump_go_digest
...
vendor: opencontainers/go-digest v1.0.0
2020-05-14 11:42:16 -07:00
Sebastiaan van Stijn
6eeed18cb4
vendor: opencontainers/go-digest v1.0.0
...
full diff: 28d3ccc31a
2020-05-14 18:49:49 +02:00
Derek McGowan
7207226e9d
Merge pull request #4253 from estesp/no-codecov-comment
...
Set codecov to not comment on PRs
2020-05-13 07:32:25 -07:00
Phil Estes
7cdacdda81
Set codecov to not comment on PRs
...
Until we totally remove codecov, this will keep it from commenting on
PRs but reports will still be available on codecov.io
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2020-05-13 09:19:42 -04:00
Phil Estes
f13ba8f2f2
Merge pull request #4247 from thaJeztah/bump_continuity
...
vendor: containerd/continuity, containerd/fifo, containerd/go-runc
2020-05-12 10:41:02 -04:00
Phil Estes
65df60b3c9
Merge pull request #4251 from thaJeztah/bump_cri
...
vendor: update containerd/cri, remove "docker/distribution" dependency
2020-05-12 09:49:22 -04:00
Sebastiaan van Stijn
3e7bbb8a49
vendor: update containerd/cri, remove "docker/distribution" dependency
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-12 15:00:51 +02:00
Mike Brown
64aa9da76f
Merge pull request #1477 from saschagrunert/port-forward-timeout
...
Increase port-forward timeout to 1s to fix e2e test
2020-05-12 07:59:14 -05:00
Akihiro Suda
6038423bdd
Merge pull request #4250 from milkwine/master
...
doc: update example about task in README.md
2020-05-12 21:05:21 +09:00
Sascha Grunert
e2cedb9469
Increase port-forward timeout to 1s to fix e2e test
...
We encountered two failing end-to-end tests after the adoption of
https://github.com/containerd/cri/pull/1470 in
https://github.com/cri-o/cri-o/pull/3749 :
```
Summarizing 2 Failures:
[Fail] [sig-cli] Kubectl Port forwarding With a server listening on 0.0.0.0 that expects a client request [It] should support a client that connects,
sends DATA, and disconnects
test/e2e/kubectl/portforward.go:343
[Fail] [sig-cli] Kubectl Port forwarding With a server listening on localhost that expects a client request [It] should support a client that connects
, sends DATA, and disconnects
test/e2e/kubectl/portforward.go:343
```
Increasing the timeout to 1s fixes the issue.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-05-12 12:43:14 +02:00
milkwine
9898dc2a64
Code about task in "README.md" is out of date
...
Signed-off-by: SiYu Zhao <d.chaser.zsy@gmail.com>
2020-05-12 16:15:13 +08:00
Wei Fu
8c366df5c6
Merge pull request #1476 from dmcgowan/replace-docker-distribution
...
Use digestset from go-digest
2020-05-12 10:18:25 +08:00
Derek McGowan
21ad9c4e21
Use digestset from go-digest
...
Removes docker/distribution dependency
Signed-off-by: Derek McGowan <derek@mcg.dev>
2020-05-11 14:17:34 -07:00
Sebastiaan van Stijn
f09e999099
vendor: containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c
...
full diff: a5c2862aed...7016d3ce23
2020-05-11 23:13:39 +02:00
Sebastiaan van Stijn
d9d1d5b624
vendor: containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf
...
full diff: bda0ff6ed7...f15a329036
2020-05-11 23:11:33 +02:00
Sebastiaan van Stijn
c5078a5b72
vendor: containerd/continuity d3ef23f19fbb106bb73ffde425d07a9187e30745
...
full diff: 0ec596719c...d3ef23f19f
2020-05-11 23:02:40 +02:00
Phil Estes
04985039ce
Merge pull request #4214 from payall4u/bugfix-check-not-exist
...
Transfer error to ErrNotFound when kill a not exist container
2020-05-11 10:25:02 -04:00
Phil Estes
f03fc406ab
Merge pull request #4246 from thaJeztah/bump_cri
...
vendor: update containerd/cri to current master
2020-05-11 10:01:47 -04:00
payall4u
b437938d2f
Transfer error to ErrNotFound when kill a not exist container, also add
...
test case.
Signed-off-by: payall4u <404977848@qq.com>
Add integration test case
Signed-off-by: payall4u <404977848@qq.com>
2020-05-11 21:53:43 +08:00
Sebastiaan van Stijn
2c77dc63a4
vendor: update containerd/cri to current master
...
- Remove dependency on libcontainer/system
- Get rid of socat for port forwarding
- Roll docker/distribution back to latest (v2.7.1) release
Now that 901bcb2231
2020-05-11 09:09:39 +02:00
Wei Fu
8252e54f93
Merge pull request #1472 from mxpv/profile
...
Add config flag to default empty seccomp profile
2020-05-11 10:16:00 +08:00
Mike Brown
942c22bec8
Merge pull request #1429 from Random-Liu/create-etcd-user
...
Create etcd user in cloud init.
2020-05-10 19:39:47 -05:00
Mike Brown
bd0a76565a
Merge pull request #1469 from thaJeztah/remove_libcontainer_system
...
Remove dependency on libcontainer/system
2020-05-10 19:33:17 -05:00
Derek McGowan
dbedcf8706
Merge pull request #1449 from mikebrow/make-http-with-tlsconfig-a-warning
...
removes the error when tls is configured for https but http is tried first
2020-05-10 16:09:41 -07:00
Sebastiaan van Stijn
0e1b7bdb59
Remove dependency on libcontainer/system
...
This swaps the RunningInUserNS() function that we're using
from libcontainer/system with the one in containerd/sys.
This removes the dependency on libcontainer/system, given
these were the only functions we're using from that package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-10 21:58:16 +02:00
Maksym Pavlenko
674fe72aa8
Update docs for unset seccomp profile
...
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2020-05-10 10:46:58 -07:00
Mike Brown
9413131c7d
Merge pull request #1475 from thaJeztah/remove_deprecated_dualstack
...
newTransport(): remove deprecated DualStack option
2020-05-10 10:13:26 -05:00
Sebastiaan van Stijn
a4f8be1d43
vendor: kubernetes v1.18.2
...
Fix client watch reestablishment handling of client-side timeouts
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-10 14:44:22 +02:00
Sebastiaan van Stijn
0d198fd096
vendor: roll docker/distribution back to latest (v2.7.1) release
...
Now that 901bcb2231
2020-05-10 14:44:19 +02:00
Sebastiaan van Stijn
c96373f6d5
newTransport(): remove deprecated DualStack option
...
The `DualStack` option was deprecated in Go 1.12, and is now enabled by default
(through commit github.com/golang/go@efc185029bf770894defe63cec2c72a4c84b2ee9).
> The Dialer.DualStack field is now meaningless and documented as deprecated.
>
> To disable fallback, set FallbackDelay to a negative value.
The default `FallbackDelay` is 300ms; to make this more explicit, this patch
sets `FallbackDelay` to the default value.
Note that Docker Hub currently does not support IPv6 (DNS for registry-1.docker.io
has no AAAA records, so we should not hit the 300ms delay).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-10 12:39:10 +02:00
