ENABLE_CRI_SANDBOXES is already passed to the daemon, but was not passed
to the tests prior to this commit. Passing ENABLE_CRI_SANDBOXES to the
tests allows tests to be skipped if they're not appropriate for sbserver
(or the functionality hasn't been implemented in sbserver yet).
Signed-off-by: Samuel Karp <samuelkarp@google.com>
Add a new ctr cli option, allowing the garbage collector to discard any
unpacked layers after importing an image. This new option is
incompatible with the no-unpack ctr import option.
Signed-off-by: James Jenkins <James.Jenkins@ibm.com>
For some shims (namely github.com/cpuguy83/containerd-shim-systemd-v1),
the shim cgroup test doesn't make sense since there is only a single
shim process for the entire node.
I use these integration tests to make sure the shim is compatible with
the runc shims and generally works as expected. This will let me skip
the shim cgroup test as there is no process for the shim to stick into
the cgroup... mostly.
There is a bootstrap process as well as a PTY copier proces which do use
the shim cgroup if provided, but the test is not able to check for
those (unless we enable tty on the test, which is a bit arbitrary and
not useful).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Rework sandbox monitoring, we should rely on Controller.Wait instead of
CRIService.StartSandboxExitMonitor
Signed-off-by: WangLei <wllenyj@linux.alibaba.com>
sudo(8) strips environment variables by default. Explicitly set
ENABLE_CRI_SANDBOXES so we can ensure we test the sbserver CRI
implementation.
Signed-off-by: Samuel Karp <samuelkarp@google.com>
when a put request is retried due to the response from registry,
the body of the request should be seekable. A dynamic pipe is added
to the body so that the content of the body can be read again.
Currently a maximum of 5 resets are allowed, above which will fail the
request. A new error ErrReset is introduced which informs that a
reset has occured and request needs to be retried.
also added tests for Copy() and push() to test the new functionality
Signed-off-by: Akhil Mohan <makhil@vmware.com>
pkg/cri/sbserver/cri_fuzzer.go and pkg/cri/server/cri_fuzzer.go were
mostly the same.
This commit merges them together and move the unified fuzzer to
contrib/fuzz again to sort out dependencies. pkg/cri/ shouldn't consume
cmd/.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
github.com/AdaLogics/go-fuzz-headers and
github.com/AdamKorcz/go-118-fuzz-build have less dependencies in
the last versions.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Uses teststat to parse the go test json and output markdown which will
be posted as a summary to the github action run.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
When unpacking a TAR archive, containerd preserves file's owner:
https://github.com/containerd/containerd/blob/main/archive/tar.go#L384
In some cases this behavior is not desired. In current implementation we
avoid `Lchown` on Windows. Another case when this should be skipped is
when using native snapshotter on darwin and running as non-root user.
This PR extracts a generic option - `WithNoSameOwner` (same as
`tar --no-same-owner`) to skip `Lchown` when its not required.
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
