forked from containerd/containerd
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[pull] master from containerd:master #54
Open
pull
wants to merge
636
commits into
fahedouch:master
Choose a base branch
from
containerd:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Shiming Zhang <[email protected]>
runtime/v1: Add lock for ListPids
Optimize content/local/store.Writer backoff
ci: upload junit formatted test results
Signed-off-by: Maksym Pavlenko <[email protected]>
To ease code readability Signed-off-by: Maksym Pavlenko <[email protected]>
This has some problems, namely that it gets confused as to what workflow run to add results to. Related issue: EnricoMi/publish-unit-test-result-action#12 This seems to be a shortcoming of the github API: https://github.community/t/specify-check-suite-when-creating-a-checkrun/118380/7 Signed-off-by: Brian Goff <[email protected]>
Remove junit test result processor
Deleting a non-empty namespace fails with > namespace must be empty: failed precondition This change improves the error message by listing the types of the objects in the namespace that prevent deletion. Signed-off-by: Kazuyoshi Kato <[email protected]>
Signed-off-by: Samuel Karp <[email protected]>
fork/exec can fail and log a warning like this in containerd's log: failed to clean up after shim disconnected error=": fork/exec /usr/local/bin/containerd-shim-[my-shim]: no such file or directory" id=test namespace=default Passing the bundle path on the command line allows the shim delete command to run successfully. Signed-off-by: Samuel Karp <[email protected]>
freebsd: runtime support
Signed-off-by: Samuel Karp <[email protected]>
Signed-off-by: Iceber Gu <[email protected]>
Runtime cleanup
metadata: improve deleting a non-empty namespace's error message
Signed-off-by: Samuel Karp <[email protected]>
Signed-off-by: Samuel Karp <[email protected]>
Current implementation of seccomp.IsEnabled (rooted in runc) is not too good. First, it parses the whole /proc/self/status, adding each key: value pair into the map (lots of allocations and future work for garbage collector), when using a single key from that map. Second, the presence of "Seccomp" key in /proc/self/status merely means that kernel option CONFIG_SECCOMP is set, but there is a need to _also_ check for CONFIG_SECCOMP_FILTER (the code for which exists but never executed in case /proc/self/status has Seccomp key). Replace all this with a single call to prctl; see the long comment in the code for details. While at it, improve the IsEnabled documentation. NOTE historically, parsing /proc/self/status was added after a concern was raised in opencontainers/runc#471 that prctl(PR_GET_SECCOMP, ...) can result in the calling process being killed with SIGKILL. This is a valid concern, so the new code here does not use PR_GET_SECCOMP at all. Signed-off-by: Kir Kolyshkin <[email protected]>
It does not make sense to check if seccomp is supported by the kernel more than once per runtime, so let's use sync.Once to speed it up. A quick benchmark (old implementation, before this commit, after): BenchmarkIsEnabledOld-4 37183 27971 ns/op BenchmarkIsEnabled-4 1252161 947 ns/op BenchmarkIsEnabledOnce-4 666274008 2.14 ns/op Signed-off-by: Kir Kolyshkin <[email protected]>
full diff: google/uuid@v1.1.2...v1.2.0 I did not switch to us the `uuid.NewString()` function; we are not currently using `uuid.New()`, probably because it can `panic` in case an invalid UUID is produced; in stead we are using `uuid.NewRandom()`, which is equivalent, but returns an error instead. Changes: - v1.2.0: Add NewString() This release introduces the NewString() function which is the equivalent of uuid.New().String(). - v1.1.5: Syntactic cleanup There are no code changes. A missing period was add to a godoc comment and the linter was told to not complain that the results of hash.Write() are ignored (the function cannot fail) - v1.1.4: Further error optimizations Do not allocate memory for errors (it is only one word) - v1.1.3: Optimize error reporting Optimize length of time it takes to discover an input is bad by no longer using fmt.Errorf, which is quite slow. It now uses a custom error type that formats the string when the Error method is called rather than when generating the error. Signed-off-by: Sebastiaan van Stijn <[email protected]>
freebsd: add zfs to the default plugins
runtime/shim: check the namespace flag first
go.mod: github.com/google/uuid v1.2.0
Commit writable WCOW layers as read-only parent layers
full diff: containerd/fifo@115abcc...v1.0.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
Includes updated protos with the gogo/protobuf fixes for CVE-2021-3121 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Shiming Zhang <[email protected]>
Similar to other deferred cleanup operations, teardownPodNetwork should use a different context as the original context may have expired, otherwise CNI wouldn't been invoked, leading to leak of network resources, e.g. IP addresses. Signed-off-by: Quan Tian <[email protected]>
Clarify error scope and create variable for deferring cleanup Signed-off-by: Derek McGowan <[email protected]>
…1.8.2 Update opencontainers/selinux to v1.8.2
Revert diff/walking error change
Signed-off-by: Davanum Srinivas <[email protected]>
update integration/client go.sum
Fix cleanup context of teardownPodNetwork
Signed-off-by: Mike Brown <[email protected]>
adds explanation for seccomp unset/unconfined default vs runtime default
Signed-off-by: Adelina Tuvenie <[email protected]>
Enable cri-integration in Windows Periodic Tests
Due to a change in Go, the go.mod file cannot declare a version of Go above the installed `go version`; until the default Go version in GitHub actions virt environments is 1.16, we have to install 1.16 before running the project checks now. Signed-off-by: Phil Estes <[email protected]>
Add proper Go version before project checks
FHS mandates manpages should go to /usr/share/man (or /usr/local/share/man, for site local installations) -- /usr/man was an fallout of some ancient Unices that haven't been fully FHS conformant and usually just a symlink to /usr/share/man, if existing at all. Distros sometimes need to override this (eg. MVCC installs), therefore go the 30+ years common practise way and introduce MANDIR environment variable. Since it's a subdir under the prefix for general constant and machine architecture independ data -- which in turn also sometimes wants to be overridden by distros, it shall be derived from DATADIR variable. Signed-off-by: Enrico Weigelt, metux IT consult <[email protected]>
Makefile: FHS conformant manpage installation pathes
Signed-off-by: Kohei Tokunaga <[email protected]>
Allow to pass --no-cgroups option to nvidia-container-cli
The current release of gotestsum is missing timestamps in the junit data, which makes it difficult to import in an external system later. gotestyourself/gotestsum@012a85e includes the necessary changes to add the timestamp for the test run to the junit output. Signed-off-by: Brian Goff <[email protected]>
Update gotestsum to add timestamps to junit output
Signed-off-by: Jiaming Xu <[email protected]> address feedbacks
Signed-off-by: Kitt Hsu <[email protected]>
ctr flags of container rootfs propagation
Currently the shimv2 debug is only enabled when containerd is, specifically, on debug mode. However, it should be enabled whenever the CRI runtime is on debug *or any other lower* mode, as in trace mode. Signed-off-by: Fabiano Fidêncio <[email protected]>
Signed-off-by: Kohei Tokunaga <[email protected]>
v1.38.0 is used by Kubernetes since kubernetes/kubernetes#100488. Signed-off-by: Kazuyoshi Kato <[email protected]>
google.golang.org/grpc doesn't work with protobuf v1.3.5. Signed-off-by: Kazuyoshi Kato <[email protected]>
Signed-off-by: Kazuyoshi Kato <[email protected]>
runtime,v2: Enable debug when containerd is on debug+ log level
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )