github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
3eda46af12
containerd/pkg/cri/server
History
Akihiro Suda 3eda46af12
oci: fix additional GIDs 
Test suite:
```yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: test-no-option
  annotations:
    description: "Equivalent of `docker run` (no option)"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]']
---
apiVersion: v1
kind: Pod
metadata:
  name: test-group-add-1-group-add-1234
  annotations:
    description: "Equivalent of `docker run --group-add 1 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]']
  securityContext:
    supplementalGroups: [1, 1234]
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234
  annotations:
    description: "Equivalent of `docker run --user 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]']
  securityContext:
    runAsUser: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-1234
  annotations:
    description: "Equivalent of `docker run --user 1234:1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]']
  securityContext:
    runAsUser: 1234
    runAsGroup: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-group-add-1234
  annotations:
    description: "Equivalent of `docker run --user 1234 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]']
  securityContext:
    runAsUser: 1234
    supplementalGroups: [1234]
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-02-10 15:53:00 +09:00
..
bandwidth Reused errdefs for error 2023-01-02 21:39:20 +08:00
testing update go-cni/for cni update fixing plugins that don't respond with version 2022-06-01 17:20:18 -05:00
blockio_linux.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
blockio_stub_linux.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
cni_conf_syncer.go cri: mkdir /etc/cni with 0755, not 0700 2023-01-29 07:49:36 +09:00
container_attach.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_checkpoint.go Set grpc code for unimplemented cri-api methods 2022-09-22 07:24:48 +00:00
container_create_linux_test.go cri: Verify userns container config is consisten with sandbox 2022-12-30 15:07:54 -03:00
container_create_linux.go oci: fix additional GIDs 2023-02-10 15:53:00 +09:00
container_create_other_test.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
container_create_other.go Add capability for snapshotters to declare support for UID remapping 2022-12-21 15:08:28 -03:00
container_create_test.go oci: Add WithDomainname 2022-12-26 04:03:45 -05:00
container_create_windows_test.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
container_create_windows.go Have separate spec builder for each platform 2023-01-11 13:12:25 -08:00
container_create.go Enable dupword linter 2023-01-03 12:47:16 -08:00
container_events.go Add Evented PLEG support to sandbox server 2022-12-08 19:31:36 +00:00
container_exec.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_execsync_test.go Implicitly discard the input to drain the reader 2022-06-06 09:57:13 -07:00
container_execsync.go Implicitly discard the input to drain the reader 2022-06-06 09:57:13 -07:00
container_list_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_list.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_log_reopen.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_remove_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_remove.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
container_start_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_start.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
container_stats_list_linux_test.go Use github.com/containerd/cgroups/v3 to remove gogo 2022-11-14 21:07:48 +00:00
container_stats_list_linux.go Refactor usageNanoCores be to used for all OSes 2022-07-19 16:49:08 -07:00
container_stats_list_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
container_stats_list_test.go Refactor usageNanoCores be to used for all OSes 2022-07-19 16:49:08 -07:00
container_stats_list_windows.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
container_stats_list.go remove unneeded nolint-comments (nolintlint), disable deprecated linters 2022-10-12 14:41:01 +02:00
container_stats.go remove unneeded nolint-comments (nolintlint), disable deprecated linters 2022-10-12 14:41:01 +02:00
container_status_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_status.go ContainerStatus to return container resources 2022-08-24 19:08:06 +00:00
container_stop_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
container_stop.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
container_update_resources_linux_test.go cri: Fix TestUpdateOCILinuxResource for host w/o swap controller 2023-01-10 15:41:04 +01:00
container_update_resources_linux.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_update_resources_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
container_update_resources_windows.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
container_update_resources.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
events_test.go Fix tests 2022-04-22 15:41:05 +00:00
events.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
fuzz.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
helpers_linux_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
helpers_linux.go cri: Simplify parseUsernsIDs() 2022-12-30 16:49:28 -03:00
helpers_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
helpers_selinux_linux_test.go move up to CRI v1 and support v1alpha in parallel 2021-06-28 09:34:12 -05:00
helpers_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
helpers_windows.go Remove redundant build tags 2021-08-05 22:27:46 -07:00
helpers.go pkg/cri: optimize slice initialization 2023-01-24 20:46:20 +01:00
image_list_test.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
image_list.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
image_pull_test.go Export remote snapshotter label handler 2023-02-01 23:03:23 +09:00
image_pull.go Export remote snapshotter label handler 2023-02-01 23:03:23 +09:00
image_remove.go Add a thin wrapper around otel Span object 2022-11-11 01:28:27 +00:00
image_status_test.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
image_status.go Add a thin wrapper around otel Span object 2022-11-11 01:28:27 +00:00
imagefs_info_test.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
imagefs_info.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
instrumented_service.go Enable dupword linter 2023-01-03 12:47:16 -08:00
list_metric_descriptors.go Update to cri-api v0.26.0-beta.0 2022-11-18 21:13:34 +00:00
list_pod_sandbox_metrics.go Update to cri-api v0.26.0-beta.0 2022-11-18 21:13:34 +00:00
metrics.go add network plugin metrics 2022-12-23 09:23:56 +00:00
nri-api_other.go chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
nri-api_windows.go chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
nri-api.go chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
rdt_linux.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
rdt_stub_linux.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
restart.go CRI: Add host networking helper 2022-12-14 01:47:22 -08:00
sandbox_list_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
sandbox_list.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
sandbox_portforward_linux.go CRI: Add host networking helper 2022-12-14 01:47:22 -08:00
sandbox_portforward_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
sandbox_portforward_windows.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
sandbox_portforward.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
sandbox_remove.go Add container event support to containerd 2022-12-08 19:30:39 +00:00
sandbox_run_linux_test.go cri: Support pods with user namespaces 2022-12-21 17:56:56 -03:00
sandbox_run_linux.go Move WithMounts to specs 2023-01-11 13:03:59 -08:00
sandbox_run_other_test.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
sandbox_run_other.go Add capability for snapshotters to declare support for UID remapping 2022-12-21 15:08:28 -03:00
sandbox_run_test.go cri/server: Disable tests on FreeBSD 2022-06-09 18:54:10 -07:00
sandbox_run_windows_test.go cri: add pod uid annotation 2022-11-19 01:12:02 +01:00
sandbox_run_windows.go Add capability for snapshotters to declare support for UID remapping 2022-12-21 15:08:28 -03:00
sandbox_run.go Merge pull request #7679 from kinvolk/rata/userns-stateless-pods 2022-12-29 14:08:24 -06:00
sandbox_stats_linux.go Use github.com/containerd/cgroups/v3 to remove gogo 2022-11-14 21:07:48 +00:00
sandbox_stats_list.go remove unneeded nolint-comments (nolintlint), disable deprecated linters 2022-10-12 14:41:01 +02:00
sandbox_stats_other.go Cleanup build constraints 2022-12-08 09:36:20 -08:00
sandbox_stats_windows.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
sandbox_stats.go remove unneeded nolint-comments (nolintlint), disable deprecated linters 2022-10-12 14:41:01 +02:00
sandbox_status_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
sandbox_status.go CRI: Add host networking helper 2022-12-14 01:47:22 -08:00
sandbox_stop_test.go Use t.Run for /pkg/cri tests 2022-05-29 18:32:09 -07:00
sandbox_stop.go add network plugin metrics 2022-12-23 09:23:56 +00:00
service_linux.go CRI: Comment cleanup/misc fixes 2023-01-02 18:55:31 -08:00
service_other.go CRI: Comment cleanup/misc fixes 2023-01-02 18:55:31 -08:00
service_test.go Copy FuzzCRI from cncf/cncf-fuzzing 2022-06-27 22:54:25 +00:00
service_windows.go CRI: Comment cleanup/misc fixes 2023-01-02 18:55:31 -08:00
service.go Merge pull request #7165 from zouyee/nit 2022-12-22 14:09:29 -08:00
snapshots.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
status.go Replace golang.org/x/net/context with std library 2022-02-22 02:27:05 +08:00
streaming_test.go Move cri server packages under pkg/cri 2020-10-07 13:09:37 -07:00
streaming.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
test_config.go Copy FuzzCRI from cncf/cncf-fuzzing 2022-06-27 22:54:25 +00:00
update_runtime_config_test.go test: use T.TempDir to create temporary test directory 2022-03-15 14:03:50 +08:00
update_runtime_config.go add network plugin metrics 2022-12-23 09:23:56 +00:00
version.go Copy cri-api v1alpha2 from v0.25.4 to containerd internal directory 2022-11-18 21:09:43 +00:00