cgroupsv2.LoadManager() already performs VerifyGroupPath(), and returns
an error if the path is invalid, so this check is redundant.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Discovered this while using HTTP tracing via OpenTelemetry inside of
buildkitd, where the trace spans were not being reported for the
registry PUT http requests. The spans are only reported on the Close
for the Body, after adding these Close calls, the spans are reported as
expected.
Signed-off-by: coryb <cbennett@netflix.com>
Before this change, for several of the services that `WithServices`
handles, only the grpc client is supported.
Now, for instance, one can use an `images.Store` directly instead of
only an `imagesapi.StoreSlient`.
Some of the methods have been renamed to satisfy the difference between
using a grpc `<Foo>Client` vs the main interface.
I did not see a good candidate for TaskService so have left that mostly
unchanged.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The `cri-in-userns` stage is for testing "CRI-in-UserNS", which should be used in conjunction with "Kubelet-in-UserNS":
https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
This feature is mostly expected to be used for `kind` and `minikube`.
Requires Rootless Docker/Podman/nerdctl with cgroup v2 delegation: https://rootlesscontaine.rs/getting-started/common/cgroup2/
(Rootless Docker/Podman/nerdctl prepares the UserNS, so we do not need to create UserNS by ourselves)
Usage:
```
podman build --target cri-in-userns -t cri-in-userns -f contrib/Dockerfile.test .
podman run -it --rm --privileged cri-in-userns
```
The stage is tested on CI with Rootless Podman on Fedora 34 on Vagrant.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Move to single lchmod interface mirroring other implementations.
Separate logic for freebsd which supports symlink no follow flag.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Adds support for mirrors which are non-compliant with the
OCI distribution specification but have previously mirrored
content with a namespace prefix after the API root `/v2`.
Signed-off-by: Derek McGowan <derek@mcg.dev>
0.8.18 contains a fix for shim delete behavior, please see:
microsoft/hcsshim#1041
There's no new vendored files as nothing from hcsshim/cmd/containerd-shim-runhcs-v1
gets imported here but for containerd releases the runhcs shim binary is built from whatever
commit is vendored into containerd.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
For Windows, the container image's OS version must closely match the host's OS version.
For this reason, we need to add the --os-version annotation in image manifest lists,
so the Windows nodes can pull the appropriate image from the list.
Previously, the docker manifest CLI did not have the capability to set the --os-version,
it, but it has been introduced in docker 20.10.0.
We're also adding busybox.exe in the image, so we can run Linux commands inside the
container, so the tests will be simpler.
When building Windows images, a docker buildx builder needs to be created and used. When
building Windows images with docker buildx, the flag --output=type=registry is required,
otherwise it cannot be referenced on a Linux node.
Signed-off-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
add '--snapshotter-labels' in ctr run and ctr c create
which can pass labels to snappshotter on preparing new
snapshot.
Pass command label to snapshotter can help it determine
which kind of writable snapshots should be provide.
For some snapshotter, such as overlaybd:
( https://github.com/alibaba/accelerated-container-image ),
it can provide 2 kind of writable snapshot (overlayfs dir or
blockdevice) by command label values.
Signed-off-by: Yifan Yuan <tuji.yyf@alibaba-inc.com>
Commits 77374e8 and b5f530a changed handling of the `DESTDIR` and `PREFIX`
variables, and introduced a `MANDIR` variable.
However, in those commits, the variables are concatenated with a directory
separator (`/`); `$DESTDIR/$PREFIX`. The `$PREFIX` variable (and consequently,
the `MANDIR` variable) already should have a leading `/` (absolute path), so
there should be no need to add it. In addition, adding the `/`, would not allow
either an empty path to be passed (well, it would result in `//` in the path),
or for `$PREFIX` to be used with a relative path (with an empty `$PREFIX`).
This patch removes the directory separator.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If a container failed to start due to a bad command, the container could not be
recreated with a proper command in its stead. Adds a test that verifies this scenario.
Signed-off-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
- View was somehow logging itself as "prepare"
- Cleanup should have its debug log as like other exported methods
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
