containerd

Author	SHA1	Message	Date
Paul "TBBle" Hampson	909730decb	Skip tests that do not apply to WCOW on Windows Filesystem permissions and ownership are not modifiable via an image mount. Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>	2023-03-31 06:15:18 -07:00
Paul "TBBle" Hampson	469c13997a	Ensure mounts are unmounted before leaving the test This is necessary on Windows, as it's not possible to delete a snapshot while it is still mounted, even if the mount-point has been deleted. Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>	2023-03-31 06:15:17 -07:00
Paul "TBBle" Hampson	84cc3e496b	Unify testutil.Unmount on Windows and Unix Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>	2023-03-31 06:15:17 -07:00
Paul "TBBle" Hampson	474a257b16	Implement Windows mounting for bind and windows-layer mounts Using symlinks for bind mounts means we are not protecting an RO-mounted layer against modification. Windows doesn't currently appear to offer a better approach though, as we cannot create arbitrary empty WCOW scratch layers at this time. For windows-layer mounts, Unmount does not have access to the mounts used to create it. So we store the relevant data in an Alternate Data Stream on the mountpoint in order to be able to Unmount later. Based on approach in https://github.com/containerd/containerd/pull/2366, with sign-offs recorded as 'Based-on-work-by' trailers below. This also partially-reverts some changes made in #6034 as they are not needed with this mounting implmentation, which no longer needs to be handled specially by the caller compared to non-Windows mounts. Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com> Based-on-work-by: Michael Crosby <crosbymichael@gmail.com> Based-on-work-by: Darren Stahl <darst@microsoft.com>	2023-03-31 06:15:17 -07:00
Paul "TBBle" Hampson	34b07d3e2d	Implement WCOW parentless active snapshots and view snapshots The WCOW layer support does not support creating sandboxes with no parent. Instead, parentless scratch layers must be layed out as a directory containing only a directory named 'Files', and all data stored inside 'Files'. At commit-time, this will be converted in-place into a read-only layer suitable for use as a parent layer. The WCOW layer support also does not deal with making read-only layers, i.e. layers that are prepared to be parent layers, visible in a read-only manner. A bind-mount or junction point cannot be made read-only, so a view must instead be a small sandbox layer that we can mount via WCOW, and discard later, to protect the layer against accidental or deliberate modification. Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>	2023-03-31 06:15:17 -07:00
Fu Wei	988ee8ffef	Merge pull request #8208 from Iceber/fix_runtime_path fix the task setting the runtime path	2023-03-31 12:38:08 +08:00
Hsing-Yu (David) Chen	82ec62b865	fix: cio.Cancel() should close the pipes PR fixes #8326. Signed-off-by: Hsing-Yu (David) Chen <davidhsingyuchen@gmail.com>	2023-03-30 18:39:21 -07:00
Samuel Karp	8f756bc8c2	Merge pull request #8309 from vinayakankugoyal/fixresolv Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind.	2023-03-30 17:34:08 -07:00
Vinayak Goyal	ac84bf7c89	Update sbserver to add noexec nodev and nosuid to /etc/resolv.conf mount bind. Signed-off-by: Vinayak Goyal <vinaygo@google.com>	2023-03-30 21:54:21 +00:00
Akihiro Suda	812111eb08	Merge pull request #8327 from mxpv/linux-mounts Keep linux mounts for linux sandboxes on Windows/Darwin	2023-03-30 17:21:21 +09:00
Maksym Pavlenko	126ab72fea	Keep linux mounts for linux sandboxes on Windows/Darwin Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>	2023-03-29 19:00:06 -07:00
Fu Wei	6682c63175	Merge pull request #8159 from mxpv/split Initial split of sandboxed CRI service	2023-03-30 09:10:39 +08:00
Vinayak Goyal	990199a021	Test to ensure nosuid,nodev,noexec are set on /etc/reolv.conf mount. Signed-off-by: Vinayak Goyal <vinaygo@google.com>	2023-03-29 20:34:05 +00:00
Phil Estes	ca7be3e050	Merge pull request #8323 from AkihiroSuda/runc-1.1.5 update runc binary to v1.1.5	2023-03-29 10:54:41 -04:00
Akihiro Suda	96490734b7	update runc binary to v1.1.5 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2023-03-29 17:17:19 +09:00
Akihiro Suda	b55dad06aa	go.mod: github.com/opencontainers/runc v1.1.5 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2023-03-29 17:16:57 +09:00
Iceber Gu	c89438e834	integration: add container start test using abs runtime path Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-29 11:54:52 +08:00
Maksym Pavlenko	3557ac884b	Extract image service from CRI Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>	2023-03-28 20:37:26 -07:00
Iceber Gu	97064b0772	WithRuntimePath uses the TaskInfo.RuntimePath field Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-29 11:34:50 +08:00
Fu Wei	831b9a9ae8	Merge pull request #8278 from Iceber/cleanup_protobuild_config	2023-03-29 07:09:33 +08:00
Maksym Pavlenko	a47ac4a352	Merge pull request #8295 from samruddhikhandale/samruddhikhandale/add-dev-container Adds dev container config and updates docs with Codespaces information	2023-03-28 12:18:16 -07:00
Phil Estes	662ff50b73	Merge pull request #8313 from mxpv/atomic Use atomic.Bool from stdlib (and remove pkg/atomic)	2023-03-28 13:41:49 -04:00
Maksym Pavlenko	a6ac62f02e	Merge pull request #8315 from cpuguy83/devmapper_plugin_skip devmapper plugin: skip plugin when not configured	2023-03-28 09:36:36 -07:00
Brian Goff	c56f54aa1e	devmapper plugin: skip plugin when not configured This is not really an error in most cases as most people do not use devmapper, however this shows up as an error in the logs and in the plugin service when querying the plugins. Signed-off-by: Brian Goff <cpuguy83@gmail.com>	2023-03-28 00:00:55 +00:00
Maksym Pavlenko	4a00e06034	Merge pull request #8312 from mxpv/oci Defer uid lookups on Darwin	2023-03-27 15:34:32 -07:00
Maksym Pavlenko	a11e47b48c	Use built in atomic.Bool Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>	2023-03-27 12:08:06 -07:00
Maksym Pavlenko	87346df54f	Defer uid lookups on Darwin Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>	2023-03-27 10:24:01 -07:00
Vinayak Goyal	ae4dbb60d5	Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind. Signed-off-by: Vinayak Goyal <vinaygo@google.com>	2023-03-24 21:56:53 +00:00
Fu Wei	f7f2be7321	Merge pull request #8302 from Iceber/fix_ctr_task_metrics ctr/tasks: fix unmarshal the task metrics for cgroup v1	2023-03-24 20:26:05 +08:00
Iceber Gu	1be08b10f7	ctr/tasks: fix unmarshal the task metrics for cgroups v1 Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-23 14:42:24 +08:00
Samruddhi Khandale	8322bcb881	Adds a file header Signed-off-by: Samruddhi Khandale <samruddhikhandale@github.com>	2023-03-22 19:31:15 +00:00
Samruddhi Khandale	50b576a94e	Adds a dev container and Codespaces docs Signed-off-by: Samruddhi Khandale <samruddhikhandale@github.com>	2023-03-22 19:28:44 +00:00
Iceber Gu	0bbca7f1bc	Cleanup protobuild config Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-22 13:28:41 +08:00
Fu Wei	584d13d5cb	Merge pull request #8276 from Iceber/remove_cri_v1alpha2 Remove CRI v1alpha2 [deprecated since v1.7]	2023-03-22 13:25:07 +08:00
Phil Estes	3a1047319f	Merge pull request #8279 from Iceber/remove_criu_path Remove the CriuPath field from runc's options	2023-03-20 14:50:33 -04:00
Derek McGowan	e2cb6b82d1	Merge pull request #8259 from laurazard/readonly-overlay Add `ReadonlyMounts` to make overlay mounts readonly	2023-03-17 22:34:38 -07:00
Laura Brehm	daa3a7665e	Add `WithReadonlyTempMount` to create readonly temporary mounts This is necessary so we can mount snapshots more than once with overlayfs, otherwise mounts enter an unknown state. related: https://github.com/moby/buildkit/pull/1100 Signed-off-by: Laura Brehm <laurabrehm@hey.com> Co-authored-by: Zou Nengren <zouyee1989@gmail.com>	2023-03-17 15:51:18 +00:00
Maksym Pavlenko	63e45eb5d8	Merge pull request #8281 from hach-que/patch-1 fix: 'failed to resolve symlink' error messaging	2023-03-16 15:23:19 -07:00
June Rhodes	f48ae22273	fix: Update error message format based on feedback Signed-off-by: June Rhodes <504826+hach-que@users.noreply.github.com>	2023-03-17 06:49:12 +11:00
June Rhodes	3193650f13	fix: 'failed to resolve symlink' error messaging This error message currently does not provide useful information, because the `src` value that is interleaved will have been overridden by the call to `osi.ResolveSymbolicLink`. This stores the original `src` before the `osi.ResolveSymbolicLink` call so the error message can be useful. Signed-off-by: June Rhodes <504826+hach-que@users.noreply.github.com>	2023-03-17 05:12:43 +11:00
Fu Wei	e208c24256	Merge pull request #8175 from Iceber/fix_cni_metadata adding cni metadata to the container in the `ctr run --config`	2023-03-16 23:29:48 +08:00
Iceber Gu	14714b94de	Fold the output of `crictl info` Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-16 19:50:59 +08:00
Iceber Gu	5fdca538d0	adding cni metadata to the container in the `ctr run --config` Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-16 18:01:53 +08:00
Iceber Gu	32d431a7cb	Update crictl doc Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-16 17:49:14 +08:00
Iceber Gu	690ae58ca7	Update cri-tools version on windows Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-16 17:48:53 +08:00
Iceber Gu	5956cdea87	Remove third-party package cri-api Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-16 17:48:53 +08:00
Iceber Gu	c011502bd1	Remove cri v1alpha1 services Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-16 17:48:49 +08:00
Iceber Gu	23d288a809	Remove the CriuPath field from runc's options Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2023-03-16 17:12:51 +08:00
Fu Wei	732d184cbb	Merge pull request #8275 from AkihiroSuda/remove-config-v1 Remove support for config.toml `version = 1`	2023-03-16 17:12:08 +08:00
Fu Wei	2f4f015e5e	Merge pull request #8277 from dcantah/netconf-cni-fix CRI: Don't always close netConfMonitor channel	2023-03-16 17:05:48 +08:00

... 9 10 11 12 13 ...

12558 Commits