github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,339 Commits 3 Branches 2 Tags 112 MiB
e0be97ccee
Commit Graph

11339 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Phil Estes
e0be97ccee
Merge pull request #7721 from thaJeztah/protobuf_extensions_fix 
go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions
 2022-11-28 12:22:50 -05:00
Fu Wei
4b8002e5d1
Merge pull request #7714 from hoyosjs/patch-1 
Add ptrace readby and tracedby to default AppArmor profile
 2022-11-28 22:32:59 +08:00
Fu Wei
6bfe6e38b2
Merge pull request #7684 from mxpv/sb-runtime-fix 
Fix sandbox API when calling sandboxed shims
 2022-11-28 22:32:08 +08:00
Fu Wei
24020812bb
Merge pull request #7669 from yanggangtony/status-clean 
make status more readable and update easy.
 2022-11-27 23:12:23 +08:00
Fu Wei
0db400a8ba
Merge pull request #7720 from thaJeztah/fix_gomod 
integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4
 2022-11-27 23:11:26 +08:00
Sebastiaan van Stijn
2136736f52
go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions 
This module made a whoopsie, and updated to `google.golang.org/protobuf`
in a patch release, but `google.golang.org/protobuf` is not backward
compatible with `github.com/golang/protobuf`.

Updating the minimum version to v1.0.4 which corrects this, to prevent
users of containerd as a module from accidentally pulling in the wrong
version:

- v1.0.3 switched to use `google.golang.org/protobuf`; https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.2..v1.0.3
- This was reverted in v1.0.4 (which is the same as v1.0.2); https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.3..v1.0.4
- And a `v2` was created instead; https://github.com/matttproud/golang_protobuf_extensions/releases/tag/v2.0.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-25 15:06:58 +01:00
Sebastiaan van Stijn
63c6c55ab4
go.mod: roll back github.com/containerd/cgroups to v1.0.4 release 
This was updated in 470d3ee057, but we
only needed the ebpf update. As nothing depends on this module anymore,
other than for the stats package (which didn't change in between), we
can (for now) roll it back to v1.0.4, and just force the newer ebpf
package.

Things rolled back (doesn't affect vendored code);

https://github.com/containerd/cgroups/compare/7083cd60b721..v1.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-25 10:00:37 +01:00
Sebastiaan van Stijn
3c1c0878e3
integration/client: update containerd version to v1.7.0-beta.0 
While the version isn't used (as it's replaced), let's keep it somewhat
in line with reality :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-25 09:29:03 +01:00
Sebastiaan van Stijn
ebd63adac2
integration/client: fix go.mod grouping 
go.mod doesn't always do a great job on keeping the dependencies grouped in the
right block; 2b60770c4b added an extra "require"
block, after which things went downward.

This patch is grouping them back in the right block to nudge it in the right
direction.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-25 09:22:36 +01:00
Juan Hoyos
8d868dadb7
Add ptrace readby and tracedby to default AppArmor profile 
Fixes https://github.com/containerd/containerd/issues/7695. The default profile allows processes within the container to trace others, but blocks reads/traces. This means that diagnostic facilities in processes can't easily collect crash/hang dumps. A usual workflow used by solutions like crashpad and similar projects is that the process that's unresponsive will spawn a process to collect diagnostic data using ptrace. seccomp-bpf, yama ptrace settings, and CAP_SYS_PTRACE already provide security mechanisms to reduce the scopes in which the API can be used. This enables reading from /proc/* files provided the tracer process passes all other checks.

Signed-off-by: Juan Hoyos <juan.s.hoyos@outlook.com>
 2022-11-23 15:01:32 -05:00
Fu Wei
d063186221
Merge pull request #7706 from austinvazquez/resolve-windows-workflow-warnings 
Resolve warnings in Windows GitHub Actions periodic workflows
 2022-11-23 16:18:37 +08:00
Austin Vazquez
8c035d3873 Resolve warnings in Windows GitHub Actions periodic workflows 
Upgrade actions/github-script from v3 to v6 to resolve Node.js 12
and `set-output` command warnings.
Upgrade google-github-actions/upload-cloud-storage from v0.8.0 to
v0.10.4 to resolve `set-output` command warnings.
Upgrade actions/checkout from v2 to v3 to resolve Node.js 12 warnings.
Remove references to `set-output` command from workflow.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2022-11-23 03:34:55 +00:00
Maksym Pavlenko
6d830d30ad
Merge pull request #7470 from lengrongfu/feat/sandbox_api_status 
Sandbox API: implement Controller.Status for SandboxAPI
 2022-11-22 18:11:57 -08:00
Maksym Pavlenko
ae0da7dc58 Use sandbox store to retrieve runtime info for sandboxed containers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:43:40 -08:00
Maksym Pavlenko
3ddaa34445 Retrieve sandbox creation time from store. 
All pause container object references must be removed
from sbserver. This is an implementation detail of
podsandbox package.

Added TODOs for remaining work.

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:43:36 -08:00
Maksym Pavlenko
4b32819823 Remove duplicated helpers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:40:36 -08:00
Maksym Pavlenko
3f331e7d13 Specify runtime configuration for sandbox shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:39:27 -08:00
Samuel Karp
7d3ca170fd
Merge pull request #7426 from samuelkarp/port-pr-5904-to-sbserver 2022-11-22 16:02:15 -08:00
Kazuyoshi Kato
722df11e92
Merge pull request #7677 from AdamKorcz/fuzz2 
fix for OSS-Fuzz infra changes
 2022-11-22 11:10:40 -08:00
Akihiro Suda
96a39ad53b
Merge pull request #7499 from Iceber/cleanup_shim_flag 
runtime/v2/shim: clean up the use of containerdBinary
 2022-11-22 22:01:23 +09:00
AdamKorcz
ed3a49c0e6 fix for OSS-Fuzz infra changes 
Signed-off-by: AdamKorcz <adam@adalogics.com>
 2022-11-22 10:18:28 +00:00
Samuel Karp
ac4af4df89
integration: enable CNI slow test for sbserver 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:37 -08:00
Samuel Karp
a74f7e902b
sbserver: save netns in sandbox metadata on create 
Port of b41d6f40bb to sbserver

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:37 -08:00
Samuel Karp
085d8e6334
integration: enable tests for sbserver 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:37 -08:00
Samuel Karp
1deaedd38a
sbserver: persist sandbox during partial teardown 
Port of 4f4aad057d to sbserver

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:36 -08:00
Kazuyoshi Kato
20cb9a9fd8
Merge pull request #7693 from hoyosjs/juhoyosa/enable-ptrace-proc-vm-apis 
Add process_vm read and write calls to default seccomp profile
 2022-11-21 12:02:42 -08:00
Kazuyoshi Kato
49251e4de6
Merge pull request #7707 from austinvazquez/resolve-scorecards-workflow-warnings 
Resolve Scorecards GitHub Actions workflow warnings
 2022-11-21 10:48:32 -08:00
Austin Vazquez
5a7c108ba4 Resolve Scorecards GitHub Actions workflow warnings 
Allow actions/checkout in scorecards workflow to use v3.1.0 commit.
Resolves `save-state` command usage warnings.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2022-11-21 16:21:57 +00:00
Phil Estes
99acefaad9
Merge pull request #7697 from inspektor-gadget/qasim/add-sandbox-uid-annotation 
cri: add pod uid annotation
 2022-11-21 10:54:20 -05:00
Phil Estes
de73676e9b
Merge pull request #7699 from yanggangtony/client-with-conn 
Missed out `platform interface` when reused the conn for Client.
 2022-11-21 10:52:10 -05:00
Samuel Karp
59f210d8ba
Merge pull request #7700 from jellor/remove-rollback 2022-11-20 23:13:49 -08:00
Samuel Karp
e5f13e81ab
Merge pull request #7704 from thaJeztah/bump_deps 2022-11-20 23:11:07 -08:00
Samuel Karp
0ad110ae10
Merge pull request #7705 from thaJeztah/update_md2man 2022-11-20 23:00:58 -08:00
Sebastiaan van Stijn
b7b185c92f
update github.com/cpuguy83/go-md2man/v2 to v2.0.2 
no significant updates, just keeping up with latest version

full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.1...v2.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 22:52:50 +01:00
Sebastiaan van Stijn
bd912bbee0
go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2 
Same commit, but now tagged

diff: https://github.com/matttproud/golang_protobuf_extensions/compare/c182affec369...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 22:21:42 +01:00
Sebastiaan van Stijn
5f23daeb26
go.mod: github.com/moby/sys/sequential v0.5.0 
Same commit, but now tagged

diff: https://github.com/moby/sys/compare/b22ba8a69b30...sequential/v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 22:20:47 +01:00
Sebastiaan van Stijn
763ec7c862
go.mod: github.com/cpuguy83/go-md2man/v2 v2.0.2 
it's an indirect dependency, but updating allows us to drop another
dependency.

full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 22:19:43 +01:00
Sebastiaan van Stijn
0f616e3549
go.mod: github.com/AdaLogics/go-fuzz-headers v0.0.0-20221118232415-3345c89a7c72 
full diff: 443f56ff4b...3345c89a7c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 21:59:44 +01:00
Sebastiaan van Stijn
df4d07352d
go.mod: golang.org/x/sys v0.2.0 
full diff: https://github.com/golang/sys/compare/v0.1.0...v0.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 21:58:02 +01:00
Sebastiaan van Stijn
4e68634ef0
go.mod: github.com/sirupsen/logrus v1.9.0 
full diff: https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 21:53:29 +01:00
Akihiro Suda
b9f79d3018
Merge pull request #7703 from yanggangtony/fsnotify 
Fsnotify bump and change code
 2022-11-20 19:50:54 +09:00
Fu Wei
c1c81857bf
Merge pull request #7683 from yanggangtony/build-md 
fix build containerd in centos9
 2022-11-20 13:12:27 +08:00
Phil Estes
9b0c83eda6
Merge pull request #7701 from yanggangtony/bumo-urfave-cli 
Bump urfave-cli to v1.22.10
 2022-11-19 21:35:18 -05:00
yanggang
579c7f43de
Change fsnotify event status condition. 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-20 09:43:54 +08:00
yanggang
2cea525eee
Bump fsnotify to v1.6.0 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-20 09:37:37 +08:00
yanggang
73c6db881b
Bump urfave-cli to v1.22.10 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-19 15:13:27 +08:00
guodong
bf777a70b1 remove duplicated tx rollback 
Signed-off-by: guodong <guodong9211@gmail.com>
 2022-11-19 13:57:55 +08:00
Fu Wei
8e787543de
Merge pull request #7685 from sofat1989/mainrunserially 
can set up the network serially by CNI plugins
 2022-11-19 12:33:40 +08:00
yanggang
70b65062c7
Missed out platform interface when reused the conn for Client. 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-19 11:01:19 +08:00
Qasim Sarfraz
0c4d32c131 cri: add pod uid annotation 
Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2022-11-19 01:12:02 +01:00