github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
12,912 Commits 3 Branches 2 Tags 112 MiB
dc7dba9c20
Commit Graph

12 Commits

Author SHA1 Message Date
Bjorn Neergaard
d33a43cc23
pkg/apparmor: clarify Godoc 
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
 2023-02-10 10:23:59 -07:00
Bjorn Neergaard
a3265102d9
Revert "Don't check for apparmor_parser to be present" 
This reverts commit 1acca8bba3.

As stated in the Godoc, this function is intended to check for presence
of `apparmor_parser`. Changing this regressed the public API of
containerd, and directly contradicts the way that this function is
consumed inside of containerd itself:
* fdfdc9bfc0/pkg/apparmor/apparmor.go (L20)
* fdfdc9bfc0/pkg/cri/sbserver/helpers_linux.go (L85)
* fdfdc9bfc0/pkg/cri/server/helpers_linux.go (L144)

This has lead to a number of painful regressions and attempted fixes in
Moby:
* https://github.com/moby/moby/issues/44900
* https://github.com/moby/moby/pull/44902
* https://github.com/moby/moby/issues/44970

While reverting this late into the life of 1.6 and at the start of the
life of 1.7 is likely painful, I think this is ultimately the best path
to take, as containerd is subject to the same failure to start
containers with an AppArmor kernel when `apparmor_parser` is missing as
Moby.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
 2023-02-10 10:05:56 -07:00
Wei Fu
6b7e237fc7 chore: use go fix to cleanup old +build buildtag 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-29 14:25:14 +08:00
Maksym Pavlenko
ca3b9b50fe Run gofmt 1.19 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-08-04 18:18:33 -07:00
Eng Zer Jun
50da673592
refactor: move from io/ioutil to io and os package 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-09-21 09:50:38 +08:00
Akihiro Suda
d3aa7ee9f0
Run go fmt with Go 1.17 
The new `go fmt` adds `//go:build` lines (https://golang.org/doc/go1.17#tools).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-08-22 09:31:50 +09:00
Derek McGowan
6f027e38a8
Remove redundant build tags 
Remove build tags which are already implied by the name of the file.
Ensures build tags are used consistently

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-08-05 22:27:46 -07:00
Shiming Zhang
79e3452213 update the link 
Signed-off-by: Shiming Zhang <wzshiming@foxmail.com>
 2021-05-20 11:56:29 +08:00
Shiming Zhang
1acca8bba3 Don't check for apparmor_parser to be present 
Signed-off-by: Shiming Zhang <wzshiming@foxmail.com>
 2021-05-20 11:56:29 +08:00
Derek McGowan
8cf669ce34
Fix unsupported files exporting functions for apparmor and seccomp 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-03-12 08:47:05 -08:00
Akihiro Suda
0a9147f3aa
remove "apparmor" build tag 
The "apparmor" build tag does not have any cgo dependency and can be removed safely.

Related: https://github.com/opencontainers/runc/issues/2704

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-12-08 19:22:39 +09:00
Akihiro Suda
55eda46b22
expose hostSupportsAppArmor() 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-12-07 19:12:59 +09:00