full diff: f3200d17e0...ab34263943
Worth mentioning that there's a comment updated in golang.org/x/net/websocket:
This package currently lacks some features found in alternative
and more actively maintained WebSocket packages:
https://godoc.org/github.com/gorilla/websockethttps://godoc.org/nhooyr.io/websocket
It's used in k8s.io/apiserver/pkg/util/wsstream/stream.go, so perhaps that should
be reviewed if the alternatives are better for how it's used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/json-iterator/go/compare/v1.1.9...v1.1.10
- Fix 459 map keys of custom types should serialize using MarshalText when available
- Fix potential panic in (*stringAny).ToInt64 and (*stringAny).ToUint64 (see 450)
- Fix 449 do NOT marshal the field whose name start with underscore
- Reuse stream buffer and remove flush in (*Stream).WriteMore(see 441 440)
- Fix 421 simplify the error string returned by the decoder when it meets error unmarshaling anonymous structs
- Fix 389 411 do NOT marshal the json.RawMessage type field whose real type is integer/float as "null" with ValidateJsonRawMessage option enabled
- Fix 326 do Not marshal private field after calling extra.SetNamingStrategy() to register naming strategy extension
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`vagrant up` will build and install containerd and all dependencies,
setting up proper SELinux contexts on the runc and containerd binaries.
The VM is configured to be SELinux Enforcing by default but this gets
changed during various CI passes via a matrix param to Disabled and
Permissive before running tests. I have an open PR to fix the
container-selinux policy for containerd at
https://github.com/containers/container-selinux/pull/98 which once
accepted we will want to update the CI matrix to use Enforcing mode
instead of Permissive.
All tests currently pass in SELinux permissive mode with containerd
configured with `enable_selinux=true`. To see which tests are failing
with SELinux enforcing and an already spun up VM:
`SELINUX=Enforcing vagrant up --provision-with=selinux,test-cri`
To test SELinux enforcing in a new VM:
`vagrant destroy -force; SELINUX=Enforcing vagrant up --provision-with=shell,selinux,test-cri`
The `selinux` shell provisioner, parameterized by the SELINUX envvar,
will configure the system as you would expect, with the side effect that
containerd is configured with `enable_selinux=true` via
`/etc/containerd/config.toml` for Permissive or Enforcing modes and
`enable_selinux=false` when SELINUX=Disabled.
Provided that virtualization is suported, this Vagrantfile and provisioners
make it easy to test containerd/cri for conformance under SELinux on
non-SELinux systems.
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
Proxy registries are designed to serve content from upstreams.
However, the proxy hostname will usually not match the hostname
of the upstream, requiring the proxy to only use a single
upstream or use its own pattern matching to determine the upstream.
To solve this issue, the client will pass along the namespace which
is being used for the request, allowing mirrors to easily map
to multiple upstreams. This query parameter can safely be ignored
if multiple upstreams are not supported.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Recent changes removed the need for libseccomp-dev when building
containerd. The btrfs tools package is already installed on GH Actions
runners and was already a no-op so the whole step can be removed.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
The cgo dependency on libseccomp was removed in containerd/cri#1548.
The `seccomp` build tag is now ignored (and the seccomp support is always built-in).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
8448b92d23...8871d5cdf8
The cgo dependency on libseccomp was removed in containerd/cri#1548.
The `seccomp` build tag is now ignored (and the seccomp support is
always built-in).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
