If you're adding `-v` to TESTFLAGS, you probably want to see the server
logs, as well as the extra output from the testing framework.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This commit adds a config flag for allowing GC to clean layer contents up after
unpacking these contents completed, which leads to deduplication of layer
contents between the snapshotter and the contnet store.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
This includes an update of the selinux package and the ability in the CRI
configuration to set the upper bounds for the selinux category labels that are
generated.
Signed-off-by: Michael Crosby <michael@thepasture.io>
`exec.CombinedOutput()` intermittently returns `ECHILD` due to our
signal handling.
`wait(2)`: https://man7.org/linux/man-pages/man2/wait.2.html
> ECHILD (for waitpid() or waitid()) The process specified by pid
> (waitpid()) or idtype and id (waitid()) does not exist or is
> not a child of the calling process. (This can happen for
> one's own child if the action for SIGCHLD is set to SIG_IGN.
> See also the Linux Notes section about threads.)
Fix#4387
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The flag was being silently ignored, and so no network setup was done,
and no notice given.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Give control of the content labeling process for children to
the client. This allows the client to control the names
associated with the labels and filter out labels.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Before this change, if an event fails to send on the first attempt,
subsequent attempts will fail with context.Cancelled because the the
caller of publish passes a cancellable timeout, which the publisher uses
to send the event.
The publisher returns immediately if the send fails, but adds the event
to an async queue to try again.
Meanwhile the caller will return cancelling the context.
Additionally, subsequent attempts may fail to send because the timeout
was expected to be for a single request but the queue sleeps for
`attempt*time.Second`.
In the shim service, the timeout was set to 5s, which means the send
will fail with context.DeadlineExceeded before it reaches `maxRequeue`
(which is currently 5).
This change moves the timeout to the publisher so each send attempt gets
its own timeout.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This allows an admin to set the upper bounds on the category range for selinux
labels. This can be useful when handling allocation of PVs or other volume
types that need to be shared with selinux enabled on the hosts and volumes.
Signed-off-by: Michael Crosby <michael@thepasture.io>
We are going to deprecate shim v1 (#4365), but it is still early to
disable the tests for them
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
