Commit Graph

11472 Commits

Author SHA1 Message Date
Luca Comellini
d7507c3c13 Bump grpc to v1.51.0
Signed-off-by: Luca Comellini <luca.com@gmail.com>
2022-12-12 09:16:53 -08:00
Fu Wei
5e51347a63 Merge pull request #7798 from calvin0327/fix-sdNotify
fix sdNotify func when debug level
2022-12-12 14:36:12 +08:00
calvin0327
f219f7d1ea fix sdNotify func when debug level
Signed-off-by: wen chen <wen.chen@daocloud.io>
2022-12-12 10:06:35 +08:00
Maksym Pavlenko
36641eade6 Merge pull request #7794 from austinvazquez/upgrade-github-actions-packages
Upgrade GitHub actions packages in release workflow
2022-12-11 10:37:34 -08:00
Samuel Karp
e3ceecf92e Merge pull request #7796 from austinvazquez/enable-local-linux-ci
Enable GitHub Actions local Linux CI runs
2022-12-11 00:30:16 -08:00
Austin Vazquez
66f71ea4d5 Enable GitHub Actions local Linux CI runs
Sync package index and automatic yes to apt repository prompts.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2022-12-11 04:37:21 +00:00
Austin Vazquez
14a38e12b7 Upgrade GitHub actions packages in release workflow
Resolve NodeJS 12 and command deprecation warnings by upgrading
docker/setup-buildx-action and crazy-max/ghaction-github-runtime
packages.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2022-12-10 07:58:35 +00:00
Mike Brown
4f4fa9b497 Merge pull request #7791 from fuweid/follow-up-7073
integration: increase timeout in container_event_test.go
2022-12-09 12:43:05 -06:00
Phil Estes
a7428f4473 Merge pull request #7732 from AkihiroSuda/sha256-simd
digest: use github.com/minio/sha256-simd
2022-12-09 09:37:37 -05:00
Phil Estes
e5751d44c4 Merge pull request #7787 from ginglis13/restore-fail
allow client to remove created tasks with PID 0
2022-12-09 09:29:51 -05:00
Wei Fu
423f4388b4 integration: increase timeout in container_event_test.go
Follow-up: https://github.com/containerd/containerd/pull/7073#discussion_r1044142416

Signed-off-by: Wei Fu <fuweid89@gmail.com>
2022-12-09 15:26:49 +08:00
Fu Wei
f2cf411b79 Merge pull request #7073 from ruiwen-zhao/event
Add container event support to containerd
2022-12-09 15:24:23 +08:00
Akihiro Suda
ce7694b2b1 Merge pull request #7786 from davidhsingyuchen/docs-err-unexpected-status
docs: Authorizer.Authorize could return ErrUnexpectedStatus
2022-12-09 14:42:02 +09:00
Derek McGowan
f3368b4a5b Merge pull request #7772 from mathis-m/fix/userxattr_on_tmpfs
fix: check for tmpfs when evaluating if userxattr is needed
2022-12-08 16:02:08 -08:00
Gavin Inglis
80839f11e2 allow client to remove created tasks with PID 0
Fixes #7357

If a container is restored from a checkpoint that has a configuration
error, the task for the restored container is created, but fails to
start and is left in the state CREATED with a PID of 0. Before this
change, the only way to remove this task was to find the PID of the shim
monitoring the task and kill that process. Now, ctr t rm <task> will
work on tasks that result in the CREATED state with PID 0.

Signed-off-by: Gavin Inglis <giinglis@amazon.com>
2022-12-08 22:04:24 +00:00
Hsing-Yu (David) Chen
d5010a12df docs: Authorizer.Authorize could return ErrUnexpectedStatus
Signed-off-by: Hsing-Yu (David) Chen <davidhsingyuchen@gmail.com>
2022-12-08 13:24:48 -08:00
Maksym Pavlenko
e1abaeb386 Merge pull request #7764 from mxpv/config
Pass TOML configuration options for runtimes CRI is not aware of
2022-12-08 12:59:13 -08:00
mathis-m
2eabcf7026 fix: check for tmpfs when evaluating if userxattr should be used
Signed-off-by: mathis-m <mathis.michel@outlook.de>
2022-12-08 20:55:15 +01:00
ruiwen-zhao
a6929f9f6b Add Evented PLEG support to sandbox server
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
2022-12-08 19:31:36 +00:00
ruiwen-zhao
a338abc902 Add container event support to containerd
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
2022-12-08 19:30:39 +00:00
Maksym Pavlenko
34513f9c11 Merge pull request #7776 from mxpv/build
Cleanup build constraints
2022-12-08 10:28:07 -08:00
Maksym Pavlenko
e14753fc54 Respect no_cri constraint
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-12-08 09:36:23 -08:00
Maksym Pavlenko
3bc8fc4d30 Cleanup build constraints
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-12-08 09:36:20 -08:00
Maksym Pavlenko
d39ee7b1b7 Merge pull request #7775 from mxpv/defaults
There is no way to disable debug endpoint on Darwin
2022-12-08 09:31:34 -08:00
Maksym Pavlenko
c040f83825 Fix default config for Darwin
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-12-08 07:49:14 -08:00
Akihiro Suda
cde9490779 digest: use github.com/minio/sha256-simd
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-12-08 18:50:00 +09:00
Akihiro Suda
8b42517786 Merge pull request #7777 from AkihiroSuda/vagrant-rocky-version
CI: Vagrant: pin rockylinux/8 to v5.0.0
2022-12-08 17:21:27 +09:00
Akihiro Suda
0b349428e9 CI: Vagrant: pin rockylinux/8 to v5.0.0
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-12-08 11:37:36 +09:00
Akihiro Suda
50da24c5ec Merge pull request #7774 from thaJeztah/bump_golang_net
vendor: golang.org/x/net v0.4.0
2022-12-08 09:46:50 +09:00
Maksym Pavlenko
d10dbd2d2d Merge pull request #7773 from mxpv/ctx
Fix context when waiting sandbox
2022-12-07 13:53:37 -08:00
Derek McGowan
241563be06 Merge pull request from GHSA-2qjp-425j-52j9
CRI stream server: Fix goroutine leak in Exec
2022-12-07 13:50:26 -08:00
Sebastiaan van Stijn
662d8a085e vendor: golang.org/x/net v0.4.0
golang.org/x/net contains a fix for CVE-2022-41717, which was addressed
in stdlib in go1.19.4 and go1.18.9;

> net/http: limit canonical header cache by bytes, not entries
>
> An attacker can cause excessive memory growth in a Go server accepting
> HTTP/2 requests.
>
> HTTP/2 server connections contain a cache of HTTP header keys sent by
> the client. While the total number of entries in this cache is capped,
> an attacker sending very large keys can cause the server to allocate
> approximately 64 MiB per open connection.
>
> This issue is also fixed in golang.org/x/net/http2 v0.4.0,
> for users manually configuring HTTP/2.

full diff: https://github.com/golang/net/compare/c63010009c80...v0.4.0

other dependency updates (due to (circular) dependencies between them):

- golang.org/x/sys v0.3.0: https://github.com/golang/sys/compare/v0.2.0...v0.3.0
- golang.org/x/term v0.3.0: https://github.com/golang/term/compare/v0.1.0...v0.3.0
- golang.org/x/text v0.5.0: https://github.com/golang/text/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-07 22:20:44 +01:00
Maksym Pavlenko
f9295aa49f Fix context when waiting sandbox
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-12-07 12:52:04 -08:00
Maksym Pavlenko
8ab1d44967 Pass runtime configuration as TOML blob
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-12-07 10:55:06 -08:00
Maksym Pavlenko
3e92dedc2e Update runtime options to include bytes blob
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-12-07 10:55:06 -08:00
Akihiro Suda
5f845588a5 Merge pull request #7765 from thaJeztah/update_go_1.19.4
update to go1.19.4, go1.18.9
2022-12-08 00:43:12 +09:00
Fu Wei
0fa51f54df Merge pull request #7763 from cpuguy83/simpler_pushcontent
Change PushContent to require only Provider
2022-12-07 09:39:09 +08:00
Maksym Pavlenko
03a4dc0711 Merge pull request #7768 from mxpv/fixes
sbserver bug fixing
2022-12-06 17:07:54 -08:00
Kazuyoshi Kato
62968d9ecc Merge pull request #7671 from fangn2/adding-unit-test-for-opentelemetry-tracing
Add unit test to Opentelemetry tracing
2022-12-06 16:03:16 -08:00
Maksym Pavlenko
a113737ccf sbserver bug fixing
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-12-06 15:32:42 -08:00
Sebastiaan van Stijn
85776d2c67 update to go1.19.4, go1.18.9
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).

These minor releases include 2 security fixes following the security policy:

- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

  The os.DirFS function and http.Dir type provide access to a tree of files
  rooted at a given directory. These functions permitted access to Windows
  device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
  would open the COM1 device.
  Both os.DirFS and http.Dir only provide read-only filesystem access.

  In addition, on Windows, an os.DirFS for the directory \(the root of the
  current drive) can permit a maliciously crafted path to escape from the
  drive and access any path on the system.

  The behavior of os.DirFS("") has changed. Previously, an empty root was
  treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
  path "/tmp". This now returns an error.

  This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.

- net/http: limit canonical header cache by bytes, not entries

  An attacker can cause excessive memory growth in a Go server accepting
  HTTP/2 requests.

  HTTP/2 server connections contain a cache of HTTP header keys sent by
  the client. While the total number of entries in this cache is capped,
  an attacker sending very large keys can cause the server to allocate
  approximately 64 MiB per open connection.

  This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
  manually configuring HTTP/2.

  Thanks to Josselin Costanzi for reporting this issue.

  This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4

And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4

The golang.org/x/net fix is in 1e63c2f08a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 22:48:09 +01:00
Brian Goff
840a657ebc Change PushContent to require only Provider
Before this required a full content.Store so that it could annotate
distribution sources.
With this change PushContent can be used with just a content.Provider.
If the content.Provider is also a content.Manager then distribution
sources will be updated accordingly.

This allows people to use this function with a significantly
implementation.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2022-12-06 17:33:33 +00:00
Phil Estes
5d4276cc34 Merge pull request #7525 from thaJeztah/remove_deprecated_stubs
remove some (aliases for) deprecated functions
2022-12-06 11:49:18 -05:00
Akihiro Suda
698622b89a Merge pull request #7673 from turan18/ctr-restore
Refactor ctr restore to allow for tty allocation
2022-12-06 17:55:19 +09:00
Tony Fang
8472946799 Adding unit tests to opentelemetry tracing
Refractor newExporter and newTracer, add unit tests to them
This PR is part of issue 7493

Signed-off-by: Tony Fang <nenghui.fang@gmail.com>
2022-12-06 03:14:06 +00:00
Maksym Pavlenko
6918432780 Merge pull request #7748 from yanggangtony/containerd-stress
fix panic when containerd-stress density --count 0
2022-12-05 10:08:58 -08:00
Phil Estes
9f44e6c3c0 Merge pull request #7753 from dmcgowan/transfer-wrap-stream-proxy-errors
Unwrap proto errors in streaming client
2022-12-05 08:05:23 -08:00
Akihiro Suda
be4a0d1ee5 Merge pull request #7755 from cji/patch-1
Fix process_vm_* syscall names in seccomp
2022-12-05 10:04:08 +09:00
Fu Wei
021beb59e4 Merge pull request #7747 from yanggangtony/fix-ops-md 2022-12-04 00:01:00 +08:00
Derek McGowan
8a25fa584f Unwrap proto errors in streaming client
Allows clients to properly detect context cancellation

Signed-off-by: Derek McGowan <derek@mcg.dev>
2022-12-02 22:30:54 -08:00