github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
5,305 Commits 3 Branches 2 Tags 112 MiB
d21f0f116e
Commit Graph

5305 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Phil Estes
c2c2b068fd
Merge pull request #3380 from crosbymichael/oom-scores 
Set shim OOM scores to +1 containerd daemon score
 2019-06-28 08:34:43 +08:00
Michael Crosby
7dfc605fc6 Set shim OOM scores to +1 containerd daemon score 
This changes the shim's OOM score from a static max killable of -999 to
be +1 of the containerd daemon's score.  This should allow the shim's to
be killed first in an OOM condition but leave the daemon alone for a bit
to help cleanup and manage the containers during this situation.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-06-27 11:14:14 -04:00
Michael Crosby
719a2c594e Robust pid locking for shim processes 
Closes #2832

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-06-26 11:43:57 -04:00
Michael Crosby
bb9616ba20
Merge pull request #3379 from Ace-Tang/clean-doc 
docs: remove shim_no_newns in ops.md
 2019-06-26 11:30:21 -04:00
Michael Crosby
e89e57c52d
Merge pull request #3377 from estesp/remove-old-doc 
No need to keep 2017 DockerCon doc
 2019-06-26 09:56:42 -04:00
Ace-Tang
2d03791158 docs: remove shim_no_newns in ops.md 
this ops is removed in commit fd2e3cd326,
remove from doc avoid misleading users.

Signed-off-by: Ace-Tang <aceapril@126.com>
 2019-06-26 16:37:36 +08:00
Phil Estes
0886e4f1b7
No need to keep 2017 DockerCon doc 
Remove outdated discussion document from repo.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-06-26 00:00:59 -04:00
Phil Estes
0e87608c2a
Merge pull request #3371 from thaJeztah/bump_libseccomp 
bump libseccomp-golang v0.9.1
 2019-06-26 08:17:36 +08:00
Michael Crosby
89ec47972f
Merge pull request #3373 from Mattias-/release-hashsum 
Add hashsum for release archives
 2019-06-25 17:24:10 -04:00
Mattias Appelgren
650a7e5c1e Add hashsum for release archives 
Signed-off-by: Mattias Appelgren <mattias@ppelgren.se>
 2019-06-25 21:00:09 +02:00
Michael Crosby
5b4ed0d886
Merge pull request #3372 from thaJeztah/bump_runc 
bump runc v1.0.0-rc8-32-gf4982d86
 2019-06-25 10:28:05 -04:00
Sebastiaan van Stijn
cb4a8f51a6
bump runc v1.0.0-rc8-32-gf4982d86 
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...f4982d86f7fde0b6f953cc62ccc4022c519a10a9

possibly relevant changes included:

- opencontainers/runc#2074 Update dependency libseccomp-golang
  - fixes https://nvd.nist.gov/vuln/detail/CVE-2017-18367
- opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
- opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
- opencontainers/runc#2042 main: not reopen /dev/stderr
- opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
- opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
- opencontainers/runc#2035 Move systemd.Manager initialization into a function in that module
- opencontainers/runc#2034 Support for logging from children processes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-06-25 13:03:23 +02:00
Sebastiaan van Stijn
bb41ef87f1
bump libseccomp-golang v0.9.1 
full diff: 32f571b700...689e3c1541

Release notes:

* Version 0.9.1 - May 21, 2019
- Minimum supported version of libseccomp bumped to v2.2.0 (fc0298087f)
- PowerPC and S390(x) architectures are unavailable below library version v2.3.0 and will return errors if used with incompatible libraries
- Use Libseccomp's `seccomp_version` API to retrieve library version
- Unconditionally set TSync attribute for filters, due to Go's heavily threaded nature
- Fix [CVE-2017-18367](https://nvd.nist.gov/vuln/detail/CVE-2017-18367) - Multiple syscall arguments were incorrectly combined with logical-OR, instead of logical-AND (06e7a29f36)
- Fix a failure to build on Debian-based distributions due to CGo code
- Fix unit test failures on 32-bit architectures
- Improve several errors to be more verbose about their causes
- Add support for SCMP_ACT_LOG (with libseccomp versions 2.4.x and higher), permitting syscalls but logging their execution
- Add support for SCMP_FLTATR_CTL_LOG (with libseccomp versions 2.4.x and higher), logging not-allowed actions when they are denied

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-06-25 10:57:58 +02:00
Phil Estes
287582585f
Merge pull request #3365 from crosbymichael/exec-lk 
Reserve exec id to prevent race
 2019-06-25 08:59:41 +08:00
Phil Estes
b2662f21a2
Merge pull request #3370 from mxpv/file-io 
Fix shim's file IO logging
 2019-06-25 08:57:56 +08:00
Maksym Pavlenko
174c4907d0 Fix shim's file IO logging 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-06-24 13:21:41 -07:00
Michael Crosby
1a8df3f237 Reserve exec id to prevent race 
ref #2820

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-06-21 14:52:44 -04:00
Michael Crosby
b88362fd55
Merge pull request #3361 from crosbymichael/io-wait 
Add timeout for I/O waitgroups
 2019-06-21 14:28:46 -04:00
Michael Crosby
245052243d Add timeout for I/O waitgroups 
Closes #3286

This and a combination of a couple Docker changes are needed to fully
resolve the issue on the Docker side.  However, this ensures that after
processes exit, we still leave some time for the I/O to fully flush
before closing.  Without this timeout, the delete methods would block
forever.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-06-20 16:13:51 -04:00
Phil Estes
574bde08ba
Merge pull request #3360 from ZYecho/polish-log 
fix: polish log to make more clear
 2019-06-20 18:17:44 +03:00
Phil Estes
6f788f861e
Merge pull request #3358 from ehotinger/ehotinger/gh-templates 
Switch to GitHub's new issue templates.
 2019-06-20 18:16:42 +03:00
Phil Estes
b95f0a6cea
Merge pull request #3359 from keloyang/close-socket-fd 
Close the inherited socket fd
 2019-06-20 18:12:25 +03:00
zhangyue
12a14c4424 fix: polish log to make more clear 
Signed-off-by: zhangyue <zy675793960@yeah.net>
 2019-06-20 20:46:26 +08:00
Shukui Yang
ec78305c49 Close the inherited socket fd 
containerd-shim has dup the fd 3, and it don't need fd 3 any more.

Signed-off-by: Shukui Yang <keloyangsk@gmail.com>
 2019-06-20 19:35:05 +08:00
Wei Fu
111b082e20
Merge pull request #3356 from mxpv/binary-io-path 
BinaryIO/LogFile creator bug fixing
 2019-06-20 10:25:47 +08:00
Maksym Pavlenko
fbf96d302a Fix path in LogFile creator 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-06-19 16:53:33 -07:00
Michael Crosby
7ac57b6392
Merge pull request #3357 from odinuge/dependency-cgroups 
Update dependency containerd/cgroups
 2019-06-19 16:43:35 -04:00
Eric Hotinger
63a8dee60d Switch to GitHub's new issue templates. 
Signed-off-by: Eric Hotinger <ehotinger@gmail.com>
 2019-06-19 12:28:24 -07:00
Odin Ugedal
341c7c144f
Update dependency containerd/cgroups 
Signed-off-by: Odin Ugedal <odin@ugedal.com>
 2019-06-19 21:19:00 +02:00
Michael Crosby
8bb521318a
Merge pull request #3055 from ehotinger/ehotinger/flow-opts 
Allow opts to flow to the backend snapshotter during snapshot creation.
 2019-06-19 14:54:36 -04:00
Maksym Pavlenko
5e0d793801 Fix bugs in BinaryIO creator 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-06-19 11:15:17 -07:00
Eric Hotinger
75f183887a Allow opts to flow to the backend snapshotter during snapshot creation. 
Signed-off-by: Eric Hotinger <ehotinger@gmail.com>
 2019-06-19 11:00:22 -07:00
Phil Estes
4355a2accc
Merge pull request #3355 from Ace-Tang/avoid-start-hang 
Add timeout in load shim v2
 2019-06-19 11:29:27 +01:00
Ace-Tang
95f9bbf18b Add timeout in load shim v2 
add timeout in connect shim v2 avoid starting containerd hang

Signed-off-by: Ace-Tang <aceapril@126.com>
 2019-06-19 13:10:18 +08:00
Michael Crosby
434f69e790
Merge pull request #3353 from mikebrow/fix-slack-invite 
switch to a working link
 2019-06-18 11:33:41 -04:00
Mike Brown
62e9e11696 switch to a working link 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-06-18 09:53:43 -05:00
Justin
3e7c6f6a6b
Merge pull request #3352 from crosbymichael/sn-panic 
Fix snapshotter getter in client code
 2019-06-17 11:05:11 -07:00
Michael Crosby
41e1bb8328 Fix snapshotter getter in client code 
Fixes #3312

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-06-17 16:57:48 +00:00
Akihiro Suda
cbb108e228
Merge pull request #3348 from mxpv/new-binary-io 
Make newBinaryIO public
 2019-06-16 21:47:56 +02:00
Phil Estes
062d056196
Merge pull request #3345 from crosbymichael/diff-panic 
Ensure labels is not nil in differ
 2019-06-14 11:43:18 -04:00
Michael Crosby
052551573d Ensure labels is not nil in differ 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-06-14 15:20:32 +00:00
Phil Estes
50cd49d1c8
Merge pull request #3343 from thaJeztah/appveyor_bump_go_1.12 
AppVeyor: Bump golang 1.12.6
 2019-06-14 10:27:25 -04:00
Sebastiaan van Stijn
67cf9f7f02
AppVeyor: Bump golang 1.12.6 
go1.12.6 (released 2019/06/11) includes fixes to the compiler, the linker,
the go command, and the crypto/x509, net/http, and os packages. See the
Go 1.12.6 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.12.6

full diff: https://github.com/golang/go/compare/go1.12.5...go1.12.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-06-14 15:58:28 +02:00
Justin
fe58b496bb
Merge pull request #3341 from crosbymichael/ttrpcmd 
Update ttrpc for interceptors, closure, and metadata
 2019-06-13 16:46:27 -07:00
Michael Crosby
0b7abc02b2 ttrpc updates for interceptors, close, and metadata 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-06-13 19:09:07 +00:00
Phil Estes
40b17e97f6
Merge pull request #3218 from fuweid/me-cross-push 
remotes: support cross-repo-push
 2019-06-13 09:42:00 -04:00
Phil Estes
667195fdd9
Merge pull request #3339 from YLonely/typo-fix 
docs: Fix typo to some markdown files in /docs.
 2019-06-13 08:34:05 -04:00
BoWen Yan
d15a06b190 docs: Fix typo to some markdown files in /docs. 
Signed-off-by: BoWen Yan <loneybw@gmail.com>
 2019-06-13 15:29:12 +08:00
Wei Fu
dd7c0aabcc remotes: support cross-repo-push 
With distribution source label in content store, select the longest
common prefix components as condidate mount blob source and try to push
with mount blob.

Fix #2964

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2019-06-13 09:51:46 +08:00
Maksym Pavlenko
bca5667362 Make newBinaryIO public 
Allow third-party runtime implementations to reuse NewBinaryIO
in order to support pluggable shim logging binary protocol.

Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-06-12 16:22:10 -07:00