After some analysis, it was found that Content.Reader was generally
redudant to an io.ReaderAt. This change removes `Content.Reader` in
favor of a `Content.ReaderAt`. In general, `ReaderAt` can perform better
over interfaces with indeterminant latency because it avoids remote
state for reads. Where a reader is required, a helper is provided to
convert it into an `io.SectionReader`.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Use lchown when remapping the container's rootfs as to ensure that the
symlink has the correct permissions but the underlying file that it
points to is not modified.
Remapping on the host can cause host files to change outside of the
rootfs if symlinks are dereferenced.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Use the CopyFileRange and Lsetxattr from golang.org/x/sys/unix instead
of their counterparts from github.com/containerd/continuity/sysx. These
are 1:1 replacements (except for the fd parameter types in
CopyFileRange).
This will eventually allow to remove these functions there as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
The syscall package is locked down and the comment in [1] advises to
switch code to use the corresponding package from golang.org/x/sys. Do
so and replace usage of package syscall with package
golang.org/x/sys/{unix,windows} where applicable.
[1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24
This will also allow to get updates and fixes for syscall wrappers
without having to use a new go version.
Errno, Signal and SysProcAttr aren't changed as they haven't been
implemented in x/sys/. Stat_t from syscall is used if standard library
packages (e.g. os) require it. syscall.ENOTSUP, syscall.SIGKILL and
syscall.SIGTERM are used for cross-platform files.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Add an option that allows users for force kill and delete a process/task
when calling `Delete`
Fixes#1274
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This adds an explaination to some of the config file settings and what
the accomplish in containerd.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This sets the subreaper to true in the default linux config as the
common usecase is to not run containerd as pid 1.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
When we generate protobufs, descriptors outlining all messages and
services are merged into a single file that can be used to identify
unexpected changes to the API that may affect stability. We follow a
similar process to Go's stability guarantees using the protobuf
descriptors to identify changes before they become a problem.
Please see README.md for details.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Snapshotters for run must be created with requested snapshotter.
The order of the options is important to ensure that the snapshotter
is set before the snapshots are created.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
There were a few files printing warnings during the build due to
erroneous imports. These imports have now been removed.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
