github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,124 Commits 3 Branches 2 Tags 112 MiB
db43e3d1f7
Commit Graph

13124 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Derek McGowan
276dce8651
Merge pull request #9358 from thaJeztah/bump_runc_binary_1.1.10 
update runc binary to v1.1.10
 2023-11-13 22:42:22 +00:00
Akhil Mohan
e682da76ce
fix labels in pod sandbox 
Signed-off-by: Akhil Mohan <makhil@vmware.com>
 2023-11-14 01:52:09 +05:30
Akhil Mohan
64c41162c3
update tests to use labels from cri/labels 
Signed-off-by: Akhil Mohan <makhil@vmware.com>
 2023-11-14 01:46:43 +05:30
Akhil Mohan
7e79225cec
refactor labels used in cri server 
remove the duplication of labels used in cri/server
and move them to a common package cri/labels

Signed-off-by: Akhil Mohan <makhil@vmware.com>
 2023-11-14 01:45:26 +05:30
Sebastiaan van Stijn
274a162824
update runc binary to v1.1.10 
- full diff: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.10

This is the tenth (and most likely final) patch release in the 1.1.z
release branch of runc. It mainly fixes a few issues in cgroups, and a
umask-related issue in tmpcopyup.

- Add support for `hugetlb.<pagesize>.rsvd` limiting and accounting.
  Fixes the issue of postgres failing when hugepage limits are set.
- Fixed permissions of a newly created directories to not depend on the value
  of umask in tmpcopyup feature implementation.
- libcontainer: cgroup v1 GetStats now ignores missing `kmem.limit_in_bytes`
  (fixes the compatibility with Linux kernel 6.1+).
- Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb
  configuration. This issue is not a security issue because it requires a
  malicious config.json, which is outside of our threat model.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-11-13 16:03:29 +01:00
Iceber Gu
2e014fa2ac cri: fix update of pinned label for images 
Signed-off-by: Iceber Gu <caiwei95@hotmail.com>
 2023-11-10 23:27:11 +08:00
Samuel Karp
45d7f2324d
Merge pull request #9046 from thaJeztah/depguard_libcontainer 
golangci-lint: enable depguard to prevent re-introducing libcontainer
 2023-11-10 02:27:18 +00:00
Kazuyoshi Kato
67650f2bf1
Merge pull request #9348 from lengrongfu/feat/default-enable-unprivileged-icmp-and-ports 
add default enable unprivileged icmp/ports
 2023-11-10 00:36:21 +00:00
Phil Estes
1dd9581209
Merge pull request #9262 from fuweid/init-upgrade-test 
integration: init release upgrade testing
 2023-11-09 19:54:40 +00:00
Sebastiaan van Stijn
cb555fa16f
golangci-lint: enable depguard to prevent re-introducing libcontainer 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-11-09 13:20:48 +01:00
Samuel Karp
669e0786d8
Merge pull request #9145 from deitch/doc-runtime-shim 
document runtime and shim configuration and selection
 2023-11-09 07:24:31 +00:00
Phil Estes
c2b39b139e
Merge pull request #9349 from fuweid/deflaky-TestIssue9103 
integration: deflake TestIssue9103
 2023-11-08 17:58:08 +00:00
Wei Fu
dac056fe74 integration: deflake TestIssue9103 
Fixes: #9334

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-11-08 23:40:00 +08:00
rongfu.leng
7b9fcfd7c6 add default enable unprivileged icmp/ports 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-11-08 23:00:35 +08:00
Samuel Karp
5149050d6b
Merge pull request #9172 from lengrongfu/feat/add-validate-unprivileged 
add verify kernel version when enable unprivileged
 2023-11-08 07:34:58 +00:00
Phil Estes
c3101bd45f
Merge pull request #9341 from lengrongfu/fix/replace-expected-field 
fix: expected and actual field position adjustment
 2023-11-07 20:40:39 +00:00
Kazuyoshi Kato
186075d554
Merge pull request #9324 from thaJeztah/checkpoint_errs 
client: remove obsolete ErrCheckpointRWUnsupported
 2023-11-07 15:53:50 +00:00
Derek McGowan
de55dfc0f1
Merge pull request #9318 from dmcgowan/prepare-2.0-beta.0 
Prepare release notes for 2.0.0-beta.0
 2023-11-06 17:21:29 +00:00
rongfu.leng
a7cd49c68a expected and actual field position adjustment 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-11-07 00:20:06 +08:00
rongfu.leng
e099717f9f validate kernel version for unprivileged icmp/port 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-11-06 23:50:12 +08:00
Avi Deitcher
76049170b8 document runtime and shim configuration and selection 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2023-11-06 08:59:36 +02:00
Wei Fu
2fab240f21 integration: init release upgrade test 
The TestUpgrade downloads the latest of previous release's binary and
use them to setup pods and then use current release to recover the
existing pods.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-11-05 17:51:28 +08:00
Samuel Karp
bd2db42464
Merge pull request #9287 from lengrongfu/feat/add-warning-use-inheritable 
add warning use inheritable Capabilities
 2023-11-04 00:33:18 +00:00
Akihiro Suda
33fab02dce
Merge pull request #7647 from thaJeztah/no_execabs 
switch back from golang.org/x/sys/execabs to os/exec (go1.19)
 2023-11-03 07:40:22 +00:00
Samuel Karp
edbd387236
Merge pull request #9319 from samuelkarp/config-deprecation-warnings 
cri: add deprecation warnings for mirrors, auths, and configs
 2023-11-02 20:19:04 +00:00
Sebastiaan van Stijn
2af6db672e
switch back from golang.org/x/sys/execabs to os/exec (go1.19) 
This is effectively a revert of 2ac9968401, which
switched from os/exec to the golang.org/x/sys/execabs package to mitigate
security issues (mainly on Windows) with lookups resolving to binaries in the
current directory.

from the go1.19 release notes https://go.dev/doc/go1.19#os-exec-path

> ## PATH lookups
>
> Command and LookPath no longer allow results from a PATH search to be found
> relative to the current directory. This removes a common source of security
> problems but may also break existing programs that depend on using, say,
> exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in
> the current directory. See the os/exec package documentation for information
> about how best to update such programs.
>
> On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath
> environment variable, making it possible to disable the default implicit search
> of “.” in PATH lookups on Windows systems.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-11-02 21:15:40 +01:00
Samuel Karp
a596d09ec9
cri: add deprecation warning for configs 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-11-02 11:17:32 -07:00
Samuel Karp
35924bccc0
cri: add deprecation warning for auths 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-11-02 11:17:32 -07:00
Samuel Karp
d7cb25d770
cri: add deprecation warning for mirrors 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-11-02 11:17:31 -07:00
Samuel Karp
58cc275eb8
cri: add ability to emit deprecation warnings 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-11-02 11:17:31 -07:00
Samuel Karp
6cd0e8e405
Merge pull request #9321 from dmcgowan/switch-to-plugin-repo 
Switch to plugin repo
 2023-11-02 16:50:49 +00:00
Phil Estes
740717673f
Merge pull request #9317 from jsturtevant/fix-sbserver-windows 
CRI: Handle ArgsEscaped for new Sb Server by clearing commandline in spec
 2023-11-02 14:45:39 +00:00
Phil Estes
3d6c5ea487
Merge pull request #9308 from ZhangShuaiyi/fix/TestRwLoop 
test: remove /dev/loopX in TestRwLoop
 2023-11-02 14:44:59 +00:00
Phil Estes
cb742b5dff
Merge pull request #9320 from vinayakankugoyal/io_uring 
Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile.
 2023-11-02 14:43:35 +00:00
Sebastiaan van Stijn
68cac3f62f
client: remove obsolete ErrCheckpointRWUnsupported 
runtime v1 is deprecated, and this error appears to be unused.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-11-02 09:49:14 +01:00
rongfu.leng
df19888f83 add warning use inheritable Capabilities 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-11-02 16:14:59 +08:00
Derek McGowan
411e2bce49
Remove plugins package 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 23:01:42 -07:00
Derek McGowan
9db21401c4
Switch to github.com/containerd/plugin 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 23:01:42 -07:00
Akihiro Suda
a72adffa65
Merge pull request #9316 from dmcgowan/rename-client-package 
Move client to subpackage
 2023-11-02 02:16:08 +00:00
Vinayak Goyal
a48ddf4a20 Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2023-11-02 01:23:58 +00:00
Derek McGowan
2dfae4c4b6
Prepare release notes for v2.0.0-beta.0 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 17:23:18 -07:00
Derek McGowan
6ca4b52605
Update mailmap 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 17:10:26 -07:00
James Sturtevant
a67efe88db
Add tests cases 
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
 2023-11-01 15:32:43 -07:00
Derek McGowan
f1d659dc50
Update package name in Makefile 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 14:28:24 -07:00
James Sturtevant
0ffc3e9873
Handle ArgsEscaped for new Sb Server 
The PR https://github.com/containerd/containerd/pull/8198 fixed this for CRI but missed clearing the commandline in the forked SB server. This simply adds that back in

Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
 2023-11-01 12:06:07 -07:00
Derek McGowan
b85df264ef
Rename opt to avoid stutter 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 10:39:54 -07:00
Derek McGowan
261e01c2ac
Move client to subpackage 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 10:37:00 -07:00
Akihiro Suda
19ff94b701
Merge pull request #9306 from dmcgowan/containerd-v2-module 
Containerd v2 module
 2023-11-01 15:20:35 +00:00
Shuaiyi Zhang
b6adf43d4a test: use 'Autoclear: ture' in TestRwLoop and add Autoclear test 
Signed-off-by: Shuaiyi Zhang <zhang_syi@qq.com>
 2023-11-01 11:49:12 +08:00
Samuel Karp
d8d2b79e1d
Merge pull request #9305 from AlexRod34/doc-ops-update 
Update cli --help output for consistency
 2023-10-30 20:23:00 +00:00