github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,124 Commits 3 Branches 2 Tags 112 MiB
db43e3d1f7
Commit Graph

13124 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maksym Pavlenko
9e5c207e4c Wire up client bridges 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-10 22:01:35 -08:00
Maksym Pavlenko
4b1ebef3c5 Add Sandbox service GRPC bridge 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-10 21:53:53 -08:00
Maksym Pavlenko
47cb5f64b3 Add Task Service GRPC bridge 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-10 21:53:53 -08:00
ruiwen-zhao
51a8db233d Send container events with nil PodSandboxStatus 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:39 +00:00
ruiwen-zhao
27c8f4085c Move PLEG event generation back to sbserver to avoid missing pod sandbox status 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:33 +00:00
Fu Wei
cf7b705dcd
Merge pull request #8086 from neersighted/apparmor_parser_regression 
Revert `apparmor_parser` regression
 2023-02-11 09:27:53 +08:00
Fu Wei
362ba2c743
Merge pull request #7981 from dmcgowan/sandbox-controller-interface-refactor 
[sandbox] refactor controller interface
 2023-02-11 09:22:36 +08:00
Nathan
7cf5560754 test: add hostNetwork tests for both windows and linux 
Signed-off-by: Nathan <aitumik@protonmail.com>
 2023-02-11 00:15:48 +03:00
Phil Estes
024a748c09
Merge pull request #7933 from AkihiroSuda/drop-libbtrfs 
btrfs: depend on kernel UAPI instead of libbtrfs
 2023-02-10 16:13:19 -05:00
Bjorn Neergaard
d33a43cc23
pkg/apparmor: clarify Godoc 
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
 2023-02-10 10:23:59 -07:00
Bjorn Neergaard
a3265102d9
Revert "Don't check for apparmor_parser to be present" 
This reverts commit 1acca8bba3.

As stated in the Godoc, this function is intended to check for presence
of `apparmor_parser`. Changing this regressed the public API of
containerd, and directly contradicts the way that this function is
consumed inside of containerd itself:
* fdfdc9bfc0/pkg/apparmor/apparmor.go (L20)
* fdfdc9bfc0/pkg/cri/sbserver/helpers_linux.go (L85)
* fdfdc9bfc0/pkg/cri/server/helpers_linux.go (L144)

This has lead to a number of painful regressions and attempted fixes in
Moby:
* https://github.com/moby/moby/issues/44900
* https://github.com/moby/moby/pull/44902
* https://github.com/moby/moby/issues/44970

While reverting this late into the life of 1.6 and at the start of the
life of 1.7 is likely painful, I think this is ultimately the best path
to take, as containerd is subject to the same failure to start
containers with an AppArmor kernel when `apparmor_parser` is missing as
Moby.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
 2023-02-10 10:05:56 -07:00
Derek McGowan
fdfdc9bfc0
Merge pull request #8082 from AkihiroSuda/ci-skip-on-fork 
CI: skip some jobs when `repo != containerd/containerd`
 2023-02-10 08:35:51 -08:00
Sebastiaan van Stijn
c990e3f2ed
contrib/apparmor: remove version-dependent rules 
These conditions were added in docker in 8cf89245f5
to account for old versions of debian/ubuntu (apparmor_parser < 2.8.95)
that lacked some options;

> This allows us to use the apparmor profile we have in contrib/apparmor/
> and solves the problems where certain functions are not apparent on older
> versions of apparmor_parser on debian/ubuntu.

Those patches were from 2015/2016, and all currently supported distro
versions should now have more current versions than that. Looking at the
oldest supported versions;

Ubuntu 18.04 "Bionic":

    apparmor_parser --version
    AppArmor parser version 2.12
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2012 Canonical Ltd.

Debian 10 "Buster"

    apparmor_parser --version
    AppArmor parser version 2.13.2
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2018 Canonical Ltd.

This patch removes the version-dependent rules.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-02-10 16:30:42 +01:00
Fu Wei
4c44ec702f
Merge pull request #8078 from Fish-pro/chore/package 2023-02-10 17:35:10 +08:00
Akihiro Suda
fe0116ec2a
CI: skip some jobs when repo != containerd/containerd 
For running CI in a non-upstream repo

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 18:12:08 +09:00
Zechun Chen
b944b108df Clean up repeated package import 
Signed-off-by: Zechun Chen <zechun.chen@daocloud.io>
 2023-02-10 16:21:55 +08:00
Fu Wei
218b1a335e
Merge pull request #8076 from cpuguy83/use_data_in_descriptor 
fetch: Use data from descriptor when available.
 2023-02-10 15:50:17 +08:00
Maksym Pavlenko
195eca1d6c
Merge pull request #8077 from Fish-pro/chore/httpvar 
chore: use http constants instead of string
 2023-02-09 23:32:17 -08:00
Akihiro Suda
3eda46af12
oci: fix additional GIDs 
Test suite:
```yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: test-no-option
  annotations:
    description: "Equivalent of `docker run` (no option)"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]']
---
apiVersion: v1
kind: Pod
metadata:
  name: test-group-add-1-group-add-1234
  annotations:
    description: "Equivalent of `docker run --group-add 1 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]']
  securityContext:
    supplementalGroups: [1, 1234]
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234
  annotations:
    description: "Equivalent of `docker run --user 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]']
  securityContext:
    runAsUser: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-1234
  annotations:
    description: "Equivalent of `docker run --user 1234:1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]']
  securityContext:
    runAsUser: 1234
    runAsGroup: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-group-add-1234
  annotations:
    description: "Equivalent of `docker run --user 1234 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]']
  securityContext:
    runAsUser: 1234
    supplementalGroups: [1234]
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 15:53:00 +09:00
Akihiro Suda
ef2560d166
oci: fix loop iterator aliasing 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 15:53:00 +09:00
Derek McGowan
676b942fef
Merge pull request #8075 from swagatbora90/removeIntermediate 
Fix retry logic within devmapper device deactivation
 2023-02-09 22:21:49 -08:00
Fish-pro
76a62e52ae Use http constants instead of string 
Signed-off-by: Fish-pro <zechun.chen@daocloud.io>
 2023-02-10 14:01:48 +08:00
Akihiro Suda
a6f3cbe0ad
Merge pull request #8071 from mxpv/cleanup 
Clean CI yaml
 2023-02-10 11:34:18 +09:00
Brian Goff
13652e081e fetch: Use data from descriptor when available. 
OCI added support for a `data` field in a descriptor.
This field is expected to contain the content being pointed to by the
descriptor.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2023-02-10 01:12:40 +00:00
Akihiro Suda
52f82acb7b
btrfs: depend on kernel UAPI instead of libbtrfs 
See containerd/btrfs PR 40 and moby/moby PR 44761. (Thanks to [@]neersighted.)

The containerd/btrfs library now requires headers from kernel 4.12 or newer:
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/btrfs.h
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/btrfs_tree.h

These files are licensed under the GPL-2.0 WITH Linux-syscall-note, so it should be compatible with the Apache License 2.0.
https://spdx.org/licenses/Linux-syscall-note.html

The dependency on the kernel headers only affects users building from source.
Users on older kernels may opt to not compile this library (`BUILDTAGS=no_btfs`),
or to provide headers from a newer kernel.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 10:07:34 +09:00
Wei Fu
62df35df66 *: introduce wrapper pkgs for blockio and rdt 
Before this patch, both the RdtEnabled and BlockIOEnabled are provided
by services/tasks pkg. Since the services/tasks can be pkg plugin which
can be initialized multiple times or concurrently. It will fire data-race
issue as there is no mutex to protect `enable`.

This patch is aimed to provide wrapper pkgs to use intel/{blockio,rdt}
safely.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-02-10 08:21:34 +08:00
Swagat Bora
6ae3e5df6a Fix retry logic within devmapper device deactivation 
Signed-off-by: Swagat Bora <sbora@amazon.com>
 2023-02-09 23:40:18 +00:00
Maksym Pavlenko
6adb6a727e Rename release CI job 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-09 15:30:52 -08:00
Maksym Pavlenko
aed3b0a70b Clean CI file 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-09 15:30:52 -08:00
Samuel Karp
26509fa765
Merge pull request #8074 from kzys/fix-8073 
Fixes https://github.com/containerd/containerd/issues/8073
 2023-02-09 15:28:32 -08:00
Kazuyoshi Kato
617c66dcc7 Add critest.exe in $PATH 
The binary location was moved since
https://github.com/kubernetes-sigs/cri-tools/pull/1085.

Fixes #8073.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2023-02-09 22:23:01 +00:00
yulng
6cdc221f59 'go routine' should be 'goroutine' 
Signed-off-by: yulng <wei.yang@daocloud.io>
 2023-02-08 14:10:34 +08:00
Derek McGowan
b0e97c0f9b
Use multierror for cleanup error 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-07 11:06:14 -08:00
Phil Estes
97480afdac
Merge pull request #7976 from yulng/lowercase 
keep the uppercase letter for flag info
 2023-02-07 09:54:38 +00:00
Derek McGowan
34314717b0
Remove sandox store and controller service type 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 22:05:26 -08:00
Derek McGowan
a788f6c799
Move local sandbox controller under plugins package 
Add options to sandbox controller interface.
Update sandbox controller interface to fully utilize sandbox controller
interface.
Move grpc error conversion to service.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 22:04:45 -08:00
Derek McGowan
2717685dad
Refactor sandbox controller interface 
Update the sandbox controller interface to use local types rather than
using the API types.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 21:39:30 -08:00
Kay Yan
0b33a45fad cri: fix Mirrors deprecation comment 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2023-02-07 09:53:57 +08:00
Fu Wei
20de989afc
Merge pull request #8049 from kiashok/updateShimTag 
go.mod: Bump hcsshim to v0.10.0-rc.5
 2023-02-06 22:24:33 +08:00
TTFISH
5bc3fea621 update fuzz function names in docs with golang naming convention 
Signed-off-by: Jiongchi Yu <jcyu.2022@phdcs.smu.edu.sg>
 2023-02-06 17:59:07 +08:00
yulng
757b8f702b
keep the uppercase letter for flag info 
Signed-off-by: yulng <wei.yang@daocloud.io>
 2023-02-06 16:37:24 +08:00
Maksym Pavlenko
94934e1a47
Merge pull request #8045 from mxpv/sb 
Fix sandbox exit monitor
 2023-02-03 11:31:43 -08:00
Kirtana Ashok
e5c57f2422 update hcsshim tag to v0.10.0-rc.5 and revendor 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-02-03 10:50:56 -08:00
TTFISH
904a87d26d docs: fix function names in fuzzing test documentation 
Signed-off-by: Jiongchi Yu <jcyu.2022@phdcs.smu.edu.sg>
 2023-02-03 23:19:00 +08:00
Maksym Pavlenko
1f35b03369 Fix sandbox exit monitor 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 14:02:52 -08:00
Maksym Pavlenko
3d32da8f60
Merge pull request #7979 from mxpv/grpc 
Generate GRPC contracts for runtime APIs
 2023-02-02 11:49:32 -08:00
Maksym Pavlenko
d1cd9757eb Generate GRPC for runtime task service 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 09:58:43 -08:00
Maksym Pavlenko
86c238c873 Generate GRPC for runtime sandbox API 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 09:58:43 -08:00
Maksym Pavlenko
99580e0aad Update TTRPC and Protobuild dependencies 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 09:58:43 -08:00
Phil Estes
60363db5bc
Merge pull request #8035 from ktock/fixunmount 
Make argument validation of `mount.UnmountRecursive` compatible to `mount.UnmountAll`
 2023-02-02 11:55:24 -05:00