github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
10,639 Commits 3 Branches 2 Tags 112 MiB
f8a155ff8a
Commit Graph

10639 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kazuyoshi Kato
f8a155ff8a
Merge pull request #6955 from Iceber/update_metadata_schema_comment 
fix comments on metadata schema and update namespace doc
 2022-05-19 15:20:42 -07:00
Kazuyoshi Kato
868c7c3fa8
Merge pull request #6956 from my-git9/mygit2 
adjust format in comment
 2022-05-19 14:44:12 -07:00
Kazuyoshi Kato
6c1782107f
Merge pull request #6957 from kzys/zstd-bench 
Restore decompression benchmarks
 2022-05-19 13:50:01 -07:00
Iceber Gu
b69182c71d add note that a namespace cannot be named "version" 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2022-05-19 22:53:21 +08:00
Iceber Gu
8d95f2b599 fix comments on metadata schema 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2022-05-19 22:52:51 +08:00
Fu Wei
798ff6202f
Merge pull request #6960 from my-git9/mygit3 
cmd/ctr/commands/content: fix typo in fetch command usage
 2022-05-19 22:05:28 +08:00
xin.li
8ec1fc70d9 adjust format 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2022-05-19 17:31:26 +08:00
Kazuyoshi Kato
a42688639c Restore decompression benchmarks 
The benchmarks were deleted in #2640 but we could use that to evaluate
zstd further.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-05-18 18:25:11 +00:00
xin.li
8494f7f117 adjust format in comment 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2022-05-19 00:24:56 +08:00
Phil Estes
405fba75dd
Merge pull request #6950 from AllenZMC/fix 
fix some confusing typos
 2022-05-18 11:47:29 +02:00
Phil Estes
1f9ae758cc
Merge pull request #6952 from my-git9/mygit1 
update doc url about k8s
 2022-05-18 11:46:24 +02:00
xin.li
4da4a88796 update doc url 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2022-05-18 09:18:45 +08:00
AllenZMC
eaec6530d7 fix some confusing typos 
Signed-off-by: AllenZMC <zhongming.chang@daocloud.io>
 2022-05-17 23:53:36 +08:00
Kazuyoshi Kato
42c6be80e3
Merge pull request #6946 from TBBle/separate-windows-test-results 
Separate windows-2019 and windows-2022 test results
 2022-05-16 13:33:17 -07:00
Paul "TBBle" Hampson
65150600d8 Separate windows-2019 and windows-2022 test results 
This fixes the problem that only one upload is kept per artifact name.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
 2022-05-15 22:00:30 +10:00
Phil Estes
e217c83e8c
Merge pull request #6910 from wllenyj/debug 
shim: fix debug flag not working
 2022-05-14 19:53:19 +01:00
Derek McGowan
b9bffd1f38
Merge pull request #6938 from psschwei/fix-parallel 
Reverts removal of parallel run from critest
 2022-05-12 12:51:26 -07:00
Phil Estes
133978f893
Merge pull request #6932 from lucacome/bump-otel-deps 
Bump OpenTelemetry dependencies
 2022-05-12 19:28:35 +01:00
Paul S. Schweigert
7300296cb6
reverts removal of parallel run from critest 
Signed-off-by: Paul S. Schweigert <paulschw@us.ibm.com>

As discussed in https://github.com/containerd/containerd/issues/6903,
running ginkgo tests in parallel while trying to skip wasn't working.
However, now that
https://github.com/kubernetes-sigs/cri-tools/pull/930 has fixed the
issue upstream, we can revert back to running our tests in parallel
with the skip.
 2022-05-12 13:41:55 -04:00
Akihiro Suda
14af2bdfa3
Merge pull request #6934 from thaJeztah/bump_runc 
update runc binary and vendor to v1.1.2
 2022-05-13 02:17:05 +09:00
Phil Estes
9aa6725078
Merge pull request #6923 from thaJeztah/no_tun 
oci: WithDefaultUnixDevices(): remove tun/tap from the default devices
 2022-05-12 14:00:27 +01:00
Sebastiaan van Stijn
c4ce13a282
vendor: github.com/opencontainers/runc v1.1.2 
no changes in vendored code

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-05-12 13:40:43 +02:00
Sebastiaan van Stijn
25858d621f
update runc binary to v1.1.2 
This is the second patch release of the runc 1.1 release branch. It
fixes CVE-2022-29162, a minor security issue (which appears to not be
exploitable) related to process capabilities.

This is a similar bug to the ones found and fixed in Docker and
containerd recently (CVE-2022-24769).

- A bug was found in runc where runc exec --cap executed processes with
  non-empty inheritable Linux process capabilities, creating an atypical Linux
  environment. For more information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
- runc spec no longer sets any inheritable capabilities in the created
  example OCI spec (config.json) file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-05-12 13:38:56 +02:00
Luca Comellini
c1140aef65
Bump OpenTelemetry dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-05-11 18:03:09 -07:00
Phil Estes
e85b5a0b81
Merge pull request #6926 from thaJeztah/bump_golang_1.18.2 
update golang to 1.18.2, 1.17.10
 2022-05-11 18:38:21 +01:00
wllenyj
f710505f4a shim: fix debug flag not working 
As we know, shim starts twice. The first time we execute the shim with the
`start` arguments, the `-debug` argument is passed to the shim
process correctly. But the second time we execute shim, the debug flag
is ignored.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-05-11 22:09:12 +08:00
Phil Estes
eb39aace3c
Merge pull request #6925 from AkihiroSuda/fedora36 
CI: update Fedora to 36
 2022-05-11 14:13:33 +01:00
Sebastiaan van Stijn
72cd3b4764
update golang to 1.18.2, 1.17.10 
go1.18.2 (released 2022-05-10) includes security fixes to the syscall package,
as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509,
go/types, net/http/httptest, reflect, and sync/atomic packages. See the Go 1.18.2
milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.18.2+label%3ACherryPickApproved

Full diff: http://github.com/golang/go/compare/go1.18.1...go1.18.2

Includes fixes for:

- CVE-2022-29526 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526);
  (description at https://go.dev/issue/52313).

go1.17.10 (released 2022-05-10) includes security fixes to the syscall package,
as well as bug fixes to the compiler, runtime, and the crypto/x509 and net/http/httptest
packages. See the Go 1.17.10 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.10+label%3ACherryPickApproved

Full diff: http://github.com/golang/go/compare/go1.17.9...go1.17.10

Includes fixes for:

- CVE-2022-29526 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526);
  (description at https://go.dev/issue/52313).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-05-11 15:06:59 +02:00
Akihiro Suda
f5b7a4b3d5
CI: update Fedora to 36 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2022-05-11 11:47:16 +09:00
Sebastiaan van Stijn
a3ac156007
oci: WithDefaultUnixDevices(): remove tun/tap from the default devices 
A container should not have access to tun/tap device, unless it is explicitly
specified in configuration.

This device was already removed from docker's default, and runc's default;

- 2ce40b6ad7
- 9c4570a958

Per the commit message in runc, this should also fix these messages;

> Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory

coming from systemd on every container start, when the systemd cgroup driver
is used, and the system runs an old (< v240) version of systemd
(the message was presumably eliminated by [1]).

[1]: d5aecba6e0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-05-11 00:31:59 +02:00
Derek McGowan
6067aeb6fd
Merge pull request #6916 from helsaawy/he/binaryprocessor-wait 
Add `Wait` to `binaryProcessor`
 2022-05-10 09:02:26 -07:00
Akihiro Suda
dc7cd2b7ec
Merge pull request #6905 from dcantah/bump-k8s-0.24 
go.mod: Bump k8s deps to v0.24.0
 2022-05-10 11:46:26 +09:00
Akihiro Suda
bd2c006545
Merge pull request #6915 from estesp/cirrus-git-fix 
(Vagrant CI) Enable git commands due to git CVE fix
 2022-05-10 08:18:45 +09:00
Hamza El-Saawy
ad8b87ba23 Add Wait to binaryProcessor 
Add exported `Wait(ctx context.Context) error` interface that waits on
the underlying command (or context cancellation) and returns the error.

This fixes a race condition between `.wait()` and `.Err error`:
https://github.com/containerd/containerd/issues/6914

Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
 2022-05-09 17:15:00 -04:00
Phil Estes
d9fc5f4b00
Enable git commands due to git CVE fix 
Add /vagrant to "safe directory" global git config so Vagrant runs work
properly again.

Signed-off-by: Phil Estes <estesp@amazon.com>
 2022-05-09 15:42:33 -04:00
Derek McGowan
1e749e5f04
Merge pull request #6912 from aznashwan/windows-ci-junit-outfile 
Pass explicit JUnit outfile to critest.exe in Windows workflow.
 2022-05-09 12:19:50 -07:00
Nashwan Azhari
09c2c2a753 Pass explicit JUnit outfile to critest.exe in Windows workflow. 
Following kubernetes-sigs/cri-tools#910 the Ginkgo reporters are left
configured with default settings and thus do not generate a JUnit report
file unless we explicitly pass a path for the outfile in the Windows
workflow when calling critest.exe.

Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
 2022-05-09 19:42:22 +03:00
Kazuyoshi Kato
68d9d462c9
Merge pull request #6894 from psschwei/update-critools 
Update critools to v1.24
 2022-05-06 14:08:04 -07:00
Daniel Canter
d1c49781ed go.mod: Bump k8s deps to v0.24.0 
This ends up bumping the prometheus client as well.

Signed-off-by: Daniel Canter <dcanter@microsoft.com>
 2022-05-06 13:37:15 -07:00
Phil Estes
0887262987
Merge pull request #6904 from ginglis13/devmapper-docs 
devmapper docs: small fixes
 2022-05-06 21:29:58 +01:00
Gavin Inglis
c721c8e274 devmapper docs: small fixes 
Signed-off-by: Gavin Inglis <giinglis@amazon.com>
 2022-05-06 18:34:06 +00:00
Paul S. Schweigert
bb11c9d24f
update critools to v1.24 
Signed-off-by: Paul S. Schweigert <paulschw@us.ibm.com>
 2022-05-06 13:28:41 -04:00
Mike Brown
459179360a
Merge pull request #6900 from mikebrow/fix-for-empty-report-dir 
move report dir option to end of line for vagrant cri tests
 2022-05-05 18:32:16 -05:00
Mike Brown
8a2e8cd8de move report dir option to eol 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2022-05-05 22:21:51 +00:00
Akihiro Suda
1acd56e927
Merge pull request #6892 from dmcgowan/kubernetes-release-table 
Update Kubernetes version matrix in release docs
 2022-05-05 23:37:45 +09:00
Derek McGowan
af24e3871a
Update Kubernetes version matrix in release docs 
Allow specifying specific versions of containerd for Kubernetes releases
and clarify recommendations and support policy.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-05-04 22:50:14 -07:00
Derek McGowan
885468815e
Merge pull request #6889 from kzys/pull-restart-test 
Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy
 2022-05-04 10:35:39 -07:00
Kazuyoshi Kato
7a834516f6 Share images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy 
These tests are launching containerd and pulling busybox there, while
other tests are using busybox from TestMain().

This commit shares busybox at least between TestRestartMonitor and
TestRestartMonitorWithOnFailurePolicy to reduce the chance of
throttling from ghcr.io.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-05-04 16:50:19 +00:00
Derek McGowan
e7b6f2fb2e
Merge pull request #6890 from mikebrow/update-readme-for-k8s-info 
containerd 1.6.4 k8s 1.24 readme announce
 2022-05-03 22:13:26 -07:00
Mike Brown
cedb7d3bd7
containerd 1.6.4 k8s 1.24 readme announce 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2022-05-03 21:07:35 -07:00