github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
9,083 Commits 3 Branches 4 Tags
cb1580937a049453680d876cec594d52c13241c1
Commit Graph

1093 Commits

Author SHA1 Message Date
Derek McGowan
4a4bb851f5 Merge pull request from GHSA-36xw-fx78-c5r4 
Use path based unix socket for shims
 2020-11-30 10:32:18 -08:00
Kevin Parsons
b2420ebcd1 Fix Windows service panic file to not be read-only 
Go 1.14 introduced a change to os.OpenFile (and syscall.Open) on Windows
that uses the permissions passed to determine if the file should be
created read-only or not. If the user-write bit (0200) is not set, then
FILE_ATTRIBUTE_READONLY is set on the underlying CreateFile call.

This is a significant change for any Windows code which created new
files and set the permissions to 0 (previously the permissions had no
affect, so some code didn't set them at all).

This change fixes the issue for the Windows service panic file. It will
now properly be created as a non-read-only file on Go 1.14+.

I have looked over the rest of the containerd code and didn't see other
places where this seems like an issue.

Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
 2020-11-24 01:37:00 -08:00
Brian Goff
bd7c6ca6fa Fix integer overflow on windows 
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-11-16 19:21:00 +00:00
Samuel Karp
126b35ca43 containerd-shim: use path-based unix socket 
This allows filesystem-based ACLs for configuring access to the socket
of a shim.

Ported from Michael Crosby's similar patch for v2 shims.

Signed-off-by: Samuel Karp <skarp@amazon.com>
 2020-11-11 11:47:47 -08:00
Michael Crosby
bd908acabd Use path based unix socket for shims 
This allows filesystem based ACLs for configuring access to the socket of a
shim.

Co-authored-by: Samuel Karp <skarp@amazon.com>
Signed-off-by: Samuel Karp <skarp@amazon.com>
Signed-off-by: Michael Crosby <michael@thepasture.io>
Signed-off-by: Michael Crosby <michael.crosby@apple.com>
 2020-11-11 11:47:46 -08:00
Li Ning
97cee75da8 ctr: fix the incorrect image unmount error hint 
Signed-off-by: Li Ning <lining@cmss.chinamobile.com>
 2020-11-11 19:57:31 +08:00
Michael Crosby
5f74840a9a Merge pull request #4709 from AkihiroSuda/ctr-apparmor 
ctr: add AppArmor flags
 2020-11-10 10:21:51 -05:00
Akihiro Suda
9d54648be3 ctr: add AppArmor flags 
e.g.
```
$ sudo ./bin/ctr run --apparmor-default-profile "cri-containerd.apparmor.d" docker.io/library/alpine:latest foo cat /proc/self/attr/current
cri-containerd.apparmor.d (enforce)
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-11-10 14:19:35 +09:00
Evan Hazlett
ef48ef1e4c add config path option to ctr for runtime 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2020-10-29 15:21:37 +00:00
Avi Deitcher
57baf92211 use proper buffer size for content get 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-27 10:11:55 +02:00
Michael Crosby
21b6f68765 Add CNI support to ctr run 
This adds linux cni support to `ctr run` via a `--cni` flag.  This uses the
default configuration for CNI on `ctr` to configure the network namespace for a
container.

Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-10-14 22:37:53 -04:00
Davanum Srinivas
edc671d6a0 disable staticcheck for IsAnInteractiveSession 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-10-13 10:47:18 -04:00
Derek McGowan
1c60ae7f87 Use local version of cri packages 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2020-10-07 10:59:40 -07:00
Phil Estes
534be84c5d Merge pull request #4529 from gongguan/creator 
avoid unnecessary NewCreator calls
 2020-09-21 13:33:51 -04:00
Guanjun Gong
0dea724fc0 NewTask avoid unnecessary cio.NewCreator calls 
Signed-off-by: Guanjun Gong <gongguanjun@hotmail.com>
 2020-09-21 11:45:37 +08:00
Derek McGowan
438c87b8e0 Merge pull request #4534 from sedflix/zfs-root-path 
zfs: seperate implementation pkg from plugin pkg
 2020-09-18 10:28:23 -07:00
Phil Estes
1484593ee9 Merge pull request #4533 from sedflix/aufs-seperate-plugin 
feat(snapshot::aufs): config root_path
 2020-09-18 10:18:31 -04:00
Siddharth Yadav
96f4ce4a5c zfs: seperate implementation pkg from plugin pkg and revendor 
Signed-off-by: Siddharth Yadav <sedflix@gmail.com>
 2020-09-18 18:49:12 +05:30
Siddharth Yadav
2354e187c3 aufs: seperate implementation pkg from plugin pkg and revendor 
Signed-off-by: Siddharth Yadav <sedflix@gmail.com>
 2020-09-18 18:37:23 +05:30
Teemu Kallio
71fd68a920 devicemapper: seperate implementation pkg from plugin pkg 
Signed-off-by: Teemu Kallio <teemu.kallio@pm.me>
 2020-09-18 12:00:14 +02:00
Li Yuxuan
bdb5b2ce47 ctr: Return error if task.Metrics fails 
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
 2020-09-10 16:42:35 +08:00
Qian Xiao
469b637358 Fix ctr command typo. 
Signed-off-by: Qian Xiao <heyheyco@gmail.com>
 2020-09-07 15:50:52 -07:00
Brian Goff
899b4e3cb5 Ignore SIGURG signals in signal forwarder 
Starting with go1.14, the go runtime hijacks SIGURG but with no way to
not send to other signal handlers.

In practice, we get this signal frequently.
I found this while testing out go1.15 with ctr and multiple execs with
only `echo hello`. When the process exits quickly, if the previous
commit is not applied, you end up with an error message that it couldn't
forward SIGURG to the container (due to the process being gone).

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-09-04 16:19:31 -07:00
Brian Goff
6650510836 Exit signal forward if process not found 
Previously the signal loop can end up racing with the process exiting.
Intead of logging and continuing the loop, exit early.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-09-04 16:17:00 -07:00
Derek McGowan
d4e78200d6 Merge pull request #4518 from knight42/feat/btrfs-config-root-path 
feat(snapshot::btrfs): config root_path
 2020-09-03 11:12:27 -07:00
Derek McGowan
445e26fff4 Merge pull request #4517 from knight42/feat/native-config-root-path 
feat(snapshot::native): config root_path
 2020-09-03 11:10:37 -07:00
Jian Zeng
c50ff694f0 refactor(native): separate init from implementation 
Part of #4513

Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
 2020-09-03 19:58:31 +08:00
Jian Zeng
a52daa26ae refactor(btrfs): separate init from implementation 
Part of #4513

Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
 2020-09-03 19:54:18 +08:00
Shishir Mahajan
1eae524df6 ctr: CLI Flag (seccomp-profile) for setting custom seccomp profile. 
Signed-off-by: Shishir Mahajan <smahajan@roblox.com>
 2020-09-02 16:13:11 -07:00
Derek McGowan
70ffb12c1b Separate overlay implementation from plugin 
Put the overlay plugin in a separate package to allow the overlay package to be
used without needing to import and initialize the plugin.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2020-08-26 18:50:51 -07:00
Michael Crosby
db687ff485 Add --runtime-root to ctr 
Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-08-21 04:55:28 -04:00
Michael Crosby
7e84abe99c Merge pull request #4468 from prashantbhutani90/master 
Report correct stats for windows containers
 2020-08-25 11:37:28 -04:00
Wei Fu
433662502f Merge pull request #4456 from crisesw/ctr-cpu-limit 
Add --cpu-quota, --cpu-period flag to ctr
 2020-08-12 20:14:13 +08:00
Prashant Bhutani
35b63c064f Report correct stats for windows containers 
Windows container stats were reporting incorrect metrics for cpu kernel runtime.

Signed-off-by: Prashant Bhutani <prbhutan@microsoft.com>
 2020-08-12 00:51:37 +05:30
Akihiro Suda
8433602989 update runc to v1.0.0-rc92 
Changes: https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-08-06 20:31:33 +09:00
kenneth.kang
e20a5079e8 Add --cpu-quota, --cpu-period flag to ctr 
Signed-off-by: Kenneth Kang <kenneth.kang@lge.com>
 2020-08-06 10:04:59 +09:00
Michael Crosby
02afa94256 Add --cpus flag to ctr 
Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-07-28 23:06:07 -04:00
Maksym Pavlenko
97c081c84b Merge pull request #4410 from TBBle/minor_windows_fixes 
Minor fixes around Windows network setup
 2020-07-21 15:26:18 -07:00
Paul "TBBle" Hampson
06fb93e0f0 Reject host-mode networking on Windows 
The flag was being silently ignored, and so no network setup was done,
and no notice given.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
 2020-07-21 19:43:08 +10:00
Sherif
96099550b5 parseIDMapping: accept 32-bit IDs 
Signed-off-by: Sherif Mowafy <sherif.mowafy@gmail.com>
 2020-07-19 10:09:51 +02:00
Phil Estes
45c28f56b2 Add ability to use remapper labels versus remapping snapshot helper 
A simple starting point for testing the remapper labels with
fuse-overlayfs snapshotter

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-06-29 10:21:55 -04:00
Wei Fu
4b5d7f66c9 Merge pull request #4290 from mxpv/ctr-oci 
Add ctr subcommand to print default OCI spec
 2020-05-29 10:45:36 +08:00
Maksym Pavlenko
636c533d95 Add ctr subcommand to print default OCI spec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2020-05-28 14:06:44 -07:00
John Millikin
b8ccdcb07d Add ctr flags for configuring default TLS credentials. 
Signed-off-by: John Millikin <jmillikin@stripe.com>
 2020-05-27 21:59:33 +09:00
Phil Estes
990076b731 Merge pull request #4228 from thaJeztah/refactor_reaper 
Refactor reaper-related functionality to be in the sys/reaper package
 2020-05-07 14:32:55 -04:00
Michael Crosby
b2aef14c0c Merge pull request #4210 from cpuguy83/ctr_mount 
Add commands to mount/unmount image from ref
 2020-05-07 13:07:38 -04:00
Sebastiaan van Stijn
1b66fecad3 Integrate sys.SetSubreaper, sys.GetSubreaper in sys/reaper package 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-05-04 08:44:02 +02:00
Sebastiaan van Stijn
23aab35fdb Remove libcontainer from containerd-shim 
Replace the libcontainer variant with the one in our sys package

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-05-03 16:53:24 +02:00
fahedouch
8e76d18eff remove if condition because it is handled by the sdNotify daemon func 
Signed-off-by: fahedouch <fahed.dorgaa@gmail.com>

lint code

Signed-off-by: fahedouch <fahed.dorgaa@gmail.com>
 2020-04-26 23:18:34 +02:00
Brian Goff
1a10211e3f WithLease: always return context and done fn 
We should never return a nil context because of the way this function is
typically used... e.g.

```
  ctx, done, err := containerd.WithLease(ctx)
```

If there is an error `ctx` will be nil and any error handling may cause
an NPE if it tries to use `ctx`.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-04-25 21:16:43 -07:00