Commit Graph

11340 Commits

Author SHA1 Message Date
guodong
ceab73007f use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers
Signed-off-by: guodong <guodong9211@gmail.com>
2022-11-30 00:32:08 +08:00
Phil Estes
e0be97ccee Merge pull request #7721 from thaJeztah/protobuf_extensions_fix
go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions
2022-11-28 12:22:50 -05:00
Fu Wei
4b8002e5d1 Merge pull request #7714 from hoyosjs/patch-1
Add ptrace readby and tracedby to default AppArmor profile
2022-11-28 22:32:59 +08:00
Fu Wei
6bfe6e38b2 Merge pull request #7684 from mxpv/sb-runtime-fix
Fix sandbox API when calling sandboxed shims
2022-11-28 22:32:08 +08:00
Fu Wei
24020812bb Merge pull request #7669 from yanggangtony/status-clean
make status more readable and update easy.
2022-11-27 23:12:23 +08:00
Fu Wei
0db400a8ba Merge pull request #7720 from thaJeztah/fix_gomod
integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4
2022-11-27 23:11:26 +08:00
Sebastiaan van Stijn
2136736f52 go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions
This module made a whoopsie, and updated to `google.golang.org/protobuf`
in a patch release, but `google.golang.org/protobuf` is not backward
compatible with `github.com/golang/protobuf`.

Updating the minimum version to v1.0.4 which corrects this, to prevent
users of containerd as a module from accidentally pulling in the wrong
version:

- v1.0.3 switched to use `google.golang.org/protobuf`; https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.2..v1.0.3
- This was reverted in v1.0.4 (which is the same as v1.0.2); https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.3..v1.0.4
- And a `v2` was created instead; https://github.com/matttproud/golang_protobuf_extensions/releases/tag/v2.0.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-25 15:06:58 +01:00
Sebastiaan van Stijn
63c6c55ab4 go.mod: roll back github.com/containerd/cgroups to v1.0.4 release
This was updated in 470d3ee057, but we
only needed the ebpf update. As nothing depends on this module anymore,
other than for the stats package (which didn't change in between), we
can (for now) roll it back to v1.0.4, and just force the newer ebpf
package.

Things rolled back (doesn't affect vendored code);

https://github.com/containerd/cgroups/compare/7083cd60b721..v1.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-25 10:00:37 +01:00
Sebastiaan van Stijn
3c1c0878e3 integration/client: update containerd version to v1.7.0-beta.0
While the version isn't used (as it's replaced), let's keep it somewhat
in line with reality :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-25 09:29:03 +01:00
Sebastiaan van Stijn
ebd63adac2 integration/client: fix go.mod grouping
go.mod doesn't always do a great job on keeping the dependencies grouped in the
right block; 2b60770c4b added an extra "require"
block, after which things went downward.

This patch is grouping them back in the right block to nudge it in the right
direction.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-25 09:22:36 +01:00
Juan Hoyos
8d868dadb7 Add ptrace readby and tracedby to default AppArmor profile
Fixes https://github.com/containerd/containerd/issues/7695. The default profile allows processes within the container to trace others, but blocks reads/traces. This means that diagnostic facilities in processes can't easily collect crash/hang dumps. A usual workflow used by solutions like crashpad and similar projects is that the process that's unresponsive will spawn a process to collect diagnostic data using ptrace. seccomp-bpf, yama ptrace settings, and CAP_SYS_PTRACE already provide security mechanisms to reduce the scopes in which the API can be used. This enables reading from /proc/* files provided the tracer process passes all other checks.

Signed-off-by: Juan Hoyos <juan.s.hoyos@outlook.com>
2022-11-23 15:01:32 -05:00
Fu Wei
d063186221 Merge pull request #7706 from austinvazquez/resolve-windows-workflow-warnings
Resolve warnings in Windows GitHub Actions periodic workflows
2022-11-23 16:18:37 +08:00
Austin Vazquez
8c035d3873 Resolve warnings in Windows GitHub Actions periodic workflows
Upgrade actions/github-script from v3 to v6 to resolve Node.js 12
and `set-output` command warnings.
Upgrade google-github-actions/upload-cloud-storage from v0.8.0 to
v0.10.4 to resolve `set-output` command warnings.
Upgrade actions/checkout from v2 to v3 to resolve Node.js 12 warnings.
Remove references to `set-output` command from workflow.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2022-11-23 03:34:55 +00:00
Maksym Pavlenko
6d830d30ad Merge pull request #7470 from lengrongfu/feat/sandbox_api_status
Sandbox API: implement Controller.Status for SandboxAPI
2022-11-22 18:11:57 -08:00
Maksym Pavlenko
ae0da7dc58 Use sandbox store to retrieve runtime info for sandboxed containers
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-11-22 17:43:40 -08:00
Maksym Pavlenko
3ddaa34445 Retrieve sandbox creation time from store.
All pause container object references must be removed
from sbserver. This is an implementation detail of
podsandbox package.

Added TODOs for remaining work.

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-11-22 17:43:36 -08:00
Maksym Pavlenko
4b32819823 Remove duplicated helpers
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-11-22 17:40:36 -08:00
Maksym Pavlenko
3f331e7d13 Specify runtime configuration for sandbox shims
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-11-22 17:39:27 -08:00
Samuel Karp
7d3ca170fd Merge pull request #7426 from samuelkarp/port-pr-5904-to-sbserver 2022-11-22 16:02:15 -08:00
Kazuyoshi Kato
722df11e92 Merge pull request #7677 from AdamKorcz/fuzz2
fix for OSS-Fuzz infra changes
2022-11-22 11:10:40 -08:00
Akihiro Suda
96a39ad53b Merge pull request #7499 from Iceber/cleanup_shim_flag
runtime/v2/shim: clean up the use of containerdBinary
2022-11-22 22:01:23 +09:00
AdamKorcz
ed3a49c0e6 fix for OSS-Fuzz infra changes
Signed-off-by: AdamKorcz <adam@adalogics.com>
2022-11-22 10:18:28 +00:00
Samuel Karp
ac4af4df89 integration: enable CNI slow test for sbserver
Signed-off-by: Samuel Karp <samuelkarp@google.com>
2022-11-21 16:45:37 -08:00
Samuel Karp
a74f7e902b sbserver: save netns in sandbox metadata on create
Port of b41d6f40bb to sbserver

Signed-off-by: Samuel Karp <samuelkarp@google.com>
2022-11-21 16:45:37 -08:00
Samuel Karp
085d8e6334 integration: enable tests for sbserver
Signed-off-by: Samuel Karp <samuelkarp@google.com>
2022-11-21 16:45:37 -08:00
Samuel Karp
1deaedd38a sbserver: persist sandbox during partial teardown
Port of 4f4aad057d to sbserver

Signed-off-by: Samuel Karp <samuelkarp@google.com>
2022-11-21 16:45:36 -08:00
Kazuyoshi Kato
20cb9a9fd8 Merge pull request #7693 from hoyosjs/juhoyosa/enable-ptrace-proc-vm-apis
Add process_vm read and write calls to default seccomp profile
2022-11-21 12:02:42 -08:00
Kazuyoshi Kato
49251e4de6 Merge pull request #7707 from austinvazquez/resolve-scorecards-workflow-warnings
Resolve Scorecards GitHub Actions workflow warnings
2022-11-21 10:48:32 -08:00
Austin Vazquez
5a7c108ba4 Resolve Scorecards GitHub Actions workflow warnings
Allow actions/checkout in scorecards workflow to use v3.1.0 commit.
Resolves `save-state` command usage warnings.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2022-11-21 16:21:57 +00:00
Phil Estes
99acefaad9 Merge pull request #7697 from inspektor-gadget/qasim/add-sandbox-uid-annotation
cri: add pod uid annotation
2022-11-21 10:54:20 -05:00
Phil Estes
de73676e9b Merge pull request #7699 from yanggangtony/client-with-conn
Missed out `platform interface` when reused the conn for Client.
2022-11-21 10:52:10 -05:00
Samuel Karp
59f210d8ba Merge pull request #7700 from jellor/remove-rollback 2022-11-20 23:13:49 -08:00
Samuel Karp
e5f13e81ab Merge pull request #7704 from thaJeztah/bump_deps 2022-11-20 23:11:07 -08:00
Samuel Karp
0ad110ae10 Merge pull request #7705 from thaJeztah/update_md2man 2022-11-20 23:00:58 -08:00
Sebastiaan van Stijn
b7b185c92f update github.com/cpuguy83/go-md2man/v2 to v2.0.2
no significant updates, just keeping up with latest version

full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.1...v2.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-20 22:52:50 +01:00
Sebastiaan van Stijn
bd912bbee0 go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2
Same commit, but now tagged

diff: https://github.com/matttproud/golang_protobuf_extensions/compare/c182affec369...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-20 22:21:42 +01:00
Sebastiaan van Stijn
5f23daeb26 go.mod: github.com/moby/sys/sequential v0.5.0
Same commit, but now tagged

diff: https://github.com/moby/sys/compare/b22ba8a69b30...sequential/v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-20 22:20:47 +01:00
Sebastiaan van Stijn
763ec7c862 go.mod: github.com/cpuguy83/go-md2man/v2 v2.0.2
it's an indirect dependency, but updating allows us to drop another
dependency.

full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-20 22:19:43 +01:00
Sebastiaan van Stijn
0f616e3549 go.mod: github.com/AdaLogics/go-fuzz-headers v0.0.0-20221118232415-3345c89a7c72
full diff: 443f56ff4b...3345c89a7c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-20 21:59:44 +01:00
Sebastiaan van Stijn
df4d07352d go.mod: golang.org/x/sys v0.2.0
full diff: https://github.com/golang/sys/compare/v0.1.0...v0.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-20 21:58:02 +01:00
Sebastiaan van Stijn
4e68634ef0 go.mod: github.com/sirupsen/logrus v1.9.0
full diff: https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-20 21:53:29 +01:00
Akihiro Suda
b9f79d3018 Merge pull request #7703 from yanggangtony/fsnotify
Fsnotify bump and change code
2022-11-20 19:50:54 +09:00
Fu Wei
c1c81857bf Merge pull request #7683 from yanggangtony/build-md
fix build containerd in centos9
2022-11-20 13:12:27 +08:00
Phil Estes
9b0c83eda6 Merge pull request #7701 from yanggangtony/bumo-urfave-cli
Bump urfave-cli to v1.22.10
2022-11-19 21:35:18 -05:00
yanggang
579c7f43de Change fsnotify event status condition.
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-20 09:43:54 +08:00
yanggang
2cea525eee Bump fsnotify to v1.6.0
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-20 09:37:37 +08:00
yanggang
73c6db881b Bump urfave-cli to v1.22.10
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-19 15:13:27 +08:00
guodong
bf777a70b1 remove duplicated tx rollback
Signed-off-by: guodong <guodong9211@gmail.com>
2022-11-19 13:57:55 +08:00
Fu Wei
8e787543de Merge pull request #7685 from sofat1989/mainrunserially
can set up the network serially by CNI plugins
2022-11-19 12:33:40 +08:00
yanggang
70b65062c7 Missed out platform interface when reused the conn for Client.
Signed-off-by: yanggang <gang.yang@daocloud.io>
2022-11-19 11:01:19 +08:00