Recent changes removed the need for libseccomp-dev when building
containerd. The btrfs tools package is already installed on GH Actions
runners and was already a no-op so the whole step can be removed.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
The cgo dependency on libseccomp was removed in containerd/cri#1548.
The `seccomp` build tag is now ignored (and the seccomp support is always built-in).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
8448b92d23...8871d5cdf8
The cgo dependency on libseccomp was removed in containerd/cri#1548.
The `seccomp` build tag is now ignored (and the seccomp support is
always built-in).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Authorizer interface can’t be really implemented because
scopes are passed in on a side channel via private value in context.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This will ensure that we can always get the current Windows OS build
version, without being put into Windows 8 compatibility mode.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
full diff: d3ef23f19f...efbc4488d8
Fix sameFile() to recognize empty files as the same
- fixes "Empty files can diff as "modified" even when they're not"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If you're adding `-v` to TESTFLAGS, you probably want to see the server
logs, as well as the extra output from the testing framework.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This includes an update of the selinux package and the ability in the CRI
configuration to set the upper bounds for the selinux category labels that are
generated.
Signed-off-by: Michael Crosby <michael@thepasture.io>
`exec.CombinedOutput()` intermittently returns `ECHILD` due to our
signal handling.
`wait(2)`: https://man7.org/linux/man-pages/man2/wait.2.html
> ECHILD (for waitpid() or waitid()) The process specified by pid
> (waitpid()) or idtype and id (waitid()) does not exist or is
> not a child of the calling process. (This can happen for
> one's own child if the action for SIGCHLD is set to SIG_IGN.
> See also the Linux Notes section about threads.)
Fix#4387
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The flag was being silently ignored, and so no network setup was done,
and no notice given.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Give control of the content labeling process for children to
the client. This allows the client to control the names
associated with the labels and filter out labels.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Before this change, if an event fails to send on the first attempt,
subsequent attempts will fail with context.Cancelled because the the
caller of publish passes a cancellable timeout, which the publisher uses
to send the event.
The publisher returns immediately if the send fails, but adds the event
to an async queue to try again.
Meanwhile the caller will return cancelling the context.
Additionally, subsequent attempts may fail to send because the timeout
was expected to be for a single request but the queue sleeps for
`attempt*time.Second`.
In the shim service, the timeout was set to 5s, which means the send
will fail with context.DeadlineExceeded before it reaches `maxRequeue`
(which is currently 5).
This change moves the timeout to the publisher so each send attempt gets
its own timeout.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
