github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
9,017 Commits 3 Branches 2 Tags 112 MiB
f8538b5e12
Commit Graph

9017 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lantao Liu
808b223536 Fix race and panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-28 01:27:13 -07:00
Lantao Liu
9bd49c98c6 No UTS namespace for hostnetwork. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-27 15:07:36 -07:00
Lantao Liu
8777224600
Merge pull request #1099 from Random-Liu/do-not-kill-if-cancelled 
Do not SIGKILL container if container stop is cancelled.
 2019-03-27 14:55:18 -07:00
Lantao Liu
8be5a1e1ad
Merge pull request #1094 from crosbymichael/oci-opts 
Replace runtime-tools with containerd's opts for spec generation
 2019-03-27 14:54:08 -07:00
Maksym Pavlenko
87289a0c62 devmapper: implement Usage 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2019-03-27 14:50:12 -07:00
Maksym Pavlenko
010b4da36f devmapper: implement dmsetup status 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2019-03-27 14:26:07 -07:00
Michael Crosby
5eddc1a2cc Use container'd oci opts for spec generation 
This bumps the containerd and sys packages in CRI

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Remove runtime-tools

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Update tests for oci opts package

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-03-27 16:57:04 -04:00
Lantao Liu
1a0228d520 Do not SIGKILL container if container stop is cancelled. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-27 00:49:41 -07:00
Justin
90a7da8625
Merge pull request #3128 from jhowardmsft/jjh/ci 
Windows: appveyor: Build shim binary from Microsoft/hcsshim repo
 2019-03-26 09:14:54 -07:00
John Howard
8710940165 Windows: Build shim binary from Microsoft/hcsshim 
Signed-off-by: John Howard <jhoward@microsoft.com>

This is part of a phased update to remove the existing Windows shim
code from the containerd repo, and instead use the one from Microsoft/hcsshim.
 2019-03-25 15:52:12 -07:00
Lantao Liu
eb27e526f5
Merge pull request #1096 from Random-Liu/finish-runtime-annotations 
Cleanup pod annotation test and only support wildcard
 2019-03-25 14:12:38 -07:00
Lantao Liu
238658719f Cleanup pod annotation test and only support tailing wildcard. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-25 12:54:34 -07:00
John Howard
e16e995939 Vendor Microsoft/hcsshim@8abdbb82 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2019-03-25 11:11:37 -07:00
Derek McGowan
68c44f8cc8
Merge pull request #3122 from stefanberger/descriptor_annotations.pr 
Extend adaptImage function with annotations case
 2019-03-22 14:28:15 -07:00
Stefan Berger
5d50b9c2bb Extend adaptImage function with annotations case 
Extend the adaptImage function with a case for handling the annotations
so they can be used in the filter adaptors for fieldpaths.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2019-03-22 14:56:26 -04:00
Michael Crosby
9b882c44f8
Merge pull request #3000 from stefanberger/descriptor_annotations.pr 
Add missing annotations map to Descriptor for gRPC transfer
 2019-03-22 14:05:44 -04:00
Phil Estes
8ea28ff564
Merge pull request #3117 from crosbymichael/exec-load 
Fastpath opt and ExecProcess loading
 2019-03-22 13:20:51 -04:00
Michael Crosby
388c8a1760 Fastpath opt and ExecProcess loading 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-03-22 12:08:43 -04:00
Michael Crosby
fc44aa810c
Merge pull request #3119 from jterry75/windows_lcow_vmgroup_access 
Update Windows lcow differ to set NT VIRTUAL MACHINE\Virtual Machines SID
 2019-03-22 12:07:17 -04:00
Michael Crosby
24beaece37
Merge pull request #3120 from jhowardmsft/jjh/create-data-root-with-permissions 
Windows: Root/state create with right ACL and in right place
 2019-03-22 12:06:39 -04:00
Lantao Liu
bb58b1dbb0
Merge pull request #1084 from harche/passthrough_annotations 
Add support for passing sandbox annotations to runtime
 2019-03-22 00:00:08 -07:00
John Howard
a849664519 Windows:ProgramFiles to ProgramData 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2019-03-21 18:50:01 -07:00
John Howard
6034c1950a Windows:Create root/state with ACL 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2019-03-21 18:47:34 -07:00
Justin Terry (VM)
7361b19875 Update Windows lcow differ to set NT VIRTUAL MACHINE\Virtual Machines SID 
For LCOW using the Virtual Machines SID for the shared read-only layers
improves overall performance avoiding the need to set per VM access at runtime.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-03-21 14:53:43 -07:00
Justin Terry (VM)
4c9b5ef8ea Update vendor github.com/Microsoft/go-winio 
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-03-21 14:12:41 -07:00
Jack Baines
d15832a4c2 Address review comments 
-Fix whitespace on imports
-Fix test case naming

Signed-off-by: Jack Baines <jack.baines@uk.ibm.com>
 2019-03-21 15:59:49 +00:00
Phil Estes
ceba56893a
Merge pull request #3104 from AkihiroSuda/split-contentserver 
decouple api.ContentServer implementation package from bbolt dependency
 2019-03-21 10:10:26 -04:00
Harshal Patil
effd82227c Add support for passing sandbox annotations to runtime 
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
 2019-03-21 14:38:14 +05:30
Michael Crosby
9bd6b0932e
Merge pull request #3111 from thaJeztah/whitelist_statx 
seccomp: whitelist statx syscall
 2019-03-20 10:48:18 -05:00
Sebastiaan van Stijn
8f8fd3c3a8
seccomp: whitelist statx syscall 
This whitelists the statx syscall; libseccomp-2.3.3 or up
is needed for this, older seccomp versions will ignore this.

Equivalent of https://github.com/moby/moby/pull/36417

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-03-20 11:59:02 +01:00
Jack Baines
908b771086 Add code to return message field of returned registry errors 
Docker registries return errors in a know format so this change now checks for these
errors and returns the message field. If the error is not in the expected format fall
back to the original behaviour.

https://github.com/containerd/containerd/issues/3076

Signed-off-by: Jack Baines <jack.baines@uk.ibm.com>
 2019-03-19 21:05:36 +00:00
Phil Estes
9ab4c8cbcc
Merge pull request #3108 from alculquicondor/fix/import 
Allow to import an image for the default platform only.
 2019-03-19 13:29:57 -04:00
Michael Crosby
0cbbd0f68b
Merge pull request #3107 from avikivity/3105 
seccomp: whitelist io_pgetevents
 2019-03-19 10:55:00 -05:00
Aldo Culquicondor
9a8727cf09 Allow to import an image for the default platform only. 
Add `all-platforms` option to `ctr images import`.

Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2019-03-19 11:25:57 -04:00
Avi Kivity
4506eb45bf seccomp: whitelist io_pgetevents 
io_pgetevents() is a new Linux system call, similar to the already-whitelisted
io_getevents(). It has no security implications. Whitelist it so applications can
use the new system call.

Fixes #3105.

Signed-off-by: Avi Kivity <avi@scylladb.com>
 2019-03-19 11:56:32 +02:00
Akihiro Suda
f3ff95ab72 decouple api.ContentServer implementation package from bbolt dependency 
For moby/buildkit#886

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2019-03-19 16:09:45 +09:00
Phil Estes
b90eeadafa
Merge pull request #3102 from Ace-Tang/arg_usage 
ctr: fix image cmd ArgsUsage
 2019-03-18 08:37:18 -07:00
Ace-Tang
14a050688d ctr: fix image cmd ArgsUsage 
ctr image list/check 's ArgsUsage should be filter, not ref

Signed-off-by: Ace-Tang <aceapril@126.com>
 2019-03-18 21:11:34 +08:00
Michael Crosby
c60a5fd190
Merge pull request #3099 from crosbymichael/export-caps 
Add additional capability handling opts
 2019-03-15 13:09:45 -05:00
Michael Crosby
bdd84abf05 Add additional capability handling opts 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-03-15 12:31:41 -04:00
Michael Crosby
ef45e4f021
Merge pull request #3046 from linxiulei/fix_shim_socket 
Shorten the unix socket path for shim
 2019-03-15 09:10:47 -05:00
Eric Lin
a631796fda horten the unix socket path for shim 
Use sha256 hash to shorten the unix socket path to satisfy the
length limitation of abstract socket path

This commit also backports the feature storing address path to
a file from v2 to keep compatibility

Fixes #3032

Signed-off-by: Eric Lin <linxiulei@gmail.com>
 2019-03-15 11:58:30 +08:00
Derek McGowan
63d7a9ca8d
Merge pull request #3096 from thaJeztah/override_package_name 
Makefile: allow overriding package name
 2019-03-14 15:58:21 -07:00
Michael Crosby
3bba2d478d
Merge pull request #3093 from tiborvass/nvidia-export 
contrib/nvidia: export helper binary path and list of Nvidia capabilities
 2019-03-14 17:24:13 -05:00
Lantao Liu
8672929207
Merge pull request #1090 from mikebrow/filter-masks-when-privileged 
Add test for filtering container create masks when privileged
 2019-03-14 14:01:38 -07:00
Lantao Liu
0937e87ccc
Merge pull request #1092 from Random-Liu/set-runtime-handler-default 
Set default "" to extra runtime handler.
 2019-03-14 13:51:39 -07:00
Lantao Liu
bb4260cecb Set default "" to extra runtime handler. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-14 13:10:15 -07:00
Mike Brown
bf4e7a885c test filtering of container create masks when privileged 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-03-14 08:17:56 -05:00
Sebastiaan van Stijn
b858cfb41b
Makefile: allow overriding package name 
With this patch applied, the package-name in the `--version` output can be overridden;

    make PACKAGE=containerd.io binaries

    ./bin/containerd --version
    containerd containerd.io v1.2.0-329-ga15b6e20.m a15b6e2097c48b632dbdc63254bad4c62b69e709.m

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-03-14 11:38:13 +01:00
Lantao Liu
9c9bf1d7a1
Merge pull request #1069 from tallclair/runtimehandler-setup 
Expose environment variables for configuring an additional runtime handler
 2019-03-14 00:22:42 -07:00