This changeset:
- adds `mount` subcommand to `ctr snapshot`
- adds `snapshot-name` flag for specifying target snapshot name in both `mount`
and `prepare` snapshot subcommands
Signed-off-by: Sunny Gogoi <me@darkowlzz.space>
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.PR_SET_CHILD_SUBREAPER
unix.PR_GET_CHILD_SUBREAPER instead of locally defining them.
Also fix the package name form 'osutils' to 'sys' in the package level
comment.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Replace cases where a tar specified name is joined to a directory
with root path to bound name to path.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
For the standard make target, there is no need to build the protoc
plugin binary. This can be built automatically in response to the `make
protos` target.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Since we now have a common set of error definitions, mapped to existing
error codes, we no longer need the specialized error codes used for
interaction with linux processes. The main issue was that string
matching was being used to map these to useful error codes. With this
change, we use errors defined in the `errdefs` package, which map
cleanly to GRPC error codes and are recoverable on either side of the
request.
The main focus of this PR was in removin these from the shim. We may
need follow ups to ensure error codes are preserved by the `Tasks`
service.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Ensure symlinks cannot be used to breakout of unpack directory.
Evaluate absolute symlinks as scoped to unpack directory.
Allow symlinks which point outside the root to be created.
Scope all resolution of symlinks to the unpack directory.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: rajasec <rajasec79@gmail.com>
Updating the usage and errors for ctr run command
Signed-off-by: rajasec <rajasec79@gmail.com>
Updating the usage of run command
Signed-off-by: rajasec <rajasec79@gmail.com>
Reverting back the imports
Signed-off-by: rajasec <rajasec79@gmail.com>
Often the socket is put into the directory /run/containerd.
When this directory does not exist, it gets created with the
default uid/gid and permission 0660. When the user has specified
a uid or gid, this should be used to set the ownership of that
parent directory and the permissions should be 0770. This worked
in a previous version of containerd but regressed after a refactor.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
