| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Pick commit https://github.com/containers/crun/commit/0aec82c2b686f0b1793deed43b46524fe2e8b5a7
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.14.3-8-g89d4446, which comprises the following commits:
5884fd4 linux: fix mount of file with recursive flags
b9e87e7 tests: test bind mounts of files
e81086b rpm: Use relative, not absolute, symbolic links
9079a6d release: enable parallel builds
1961d21 NEWS: tag 1.14.3
0860c0f crun: really drop version check
32b139f NEWS: tag 1.14.2
4532a38 crun: drop check for OCI version
de537a7 NEWS: tag 1.14.1
fdb41c3 linux: initialize options variable
31b08fc container: do not leak capabilities buffer
1716fde container: do not leak version_string
e72f3bc container: fix leak of mount_options_list
242bb34 cgroup: do not leak dirfd
deffa39 cgroup: fix leak of cpus/mems string buffer
3df8f0c Add force_no_cgroup & no_pivot arguments to make_context() Python function
b883e6c Make function arguments valid Python identifiers
e0027bc Add no_new_keyring argument to make_context() Python function
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
These two deps do not affect the build result and are not used,
remove them.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.14-19-g9d01392, which comprises the following commits:
3df8f0c Add force_no_cgroup & no_pivot arguments to make_context() Python function
b883e6c Make function arguments valid Python identifiers
e0027bc Add no_new_keyring argument to make_context() Python function
cb3ffb5 apparmor: Fix wrong determination whether crun is confined
adb912d linux: harden chdir()
f157e80 container: attempt to close all the files before execv(2)
ed1abf9 container: simplify statement
3aaadf3 ebpf: add fallback when bpf(2) fails with ENOSPC
f2ade60 ebpf: add fallback when bpf(2) fails
8b611f2 ebpf: try harder to bump RLIMIT_MEMLOCK
d88d77e build(deps): bump uraimo/run-on-arch-action from 2.6.0 to 2.7.1
f70fe0b cgroup, systemd: fix segfault if resources not specified
667e6eb NEWS: tag version 1.14
688f186 build(deps): bump actions/cache from 3 to 4
8d96f08 build: drop gcrypt dependency
5221ca8 seccomp: use blake3 instead of libgcrypt
6d9fa42 cpuset: don't clobber parent cgroup value
3873541 build: embed blake3 hashing function
4f1f3d4 seccomp: include default_errno_ret in cache digest
beb9565 utils: remove unneeded if statement
9306457 ebpf: do not require MEMLOCK for eBPF programs
87740ce linux: force umask(0)
5078ce6 apparmor: stack apparmor profiles if nnp and confined
c761349 NEWS: tag 1.13
cb53ac2 build(deps): bump actions/upload-artifact from 3 to 4
94a5950 cgroup: use "max" when pids limit < 0
3b819bc Improve error msg on idmap mounts
bace3a2 build(deps): bump github/codeql-action from 2 to 3
4ddf5e6 criu: remove unneeded if statement
8c27dea error: reset pointer after vasprintf failure
c5643c4 status: fix double free
ece4f9e utils: return a valid error if access fails
68a9487 list: initialize variable
ea27b13 libcrun: fix compile error without libseccomp and libcap
487ba3a fix checking of relative idmapped mount
49f439d ctx: drop no_subreaper bool
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.12-19-g90b21dd, which comprises the following commits:
49f439d ctx: drop no_subreaper bool
b5ad30f krun: fix use of uninitialized integer
7c5a32a criu: do not set CLOEXEC on fds to inherit
c9e23a8 criu: fix error return value
501aa98 handlers: Fix -Werror=unused-parameter build error for spin
c9014f8 src: use O_CLOEXEC with pipes
3ad89be src: use O_CLOEXEC for all open/openat calls
0f0d5be src: close std streams on exec
08b7d33 build(deps): bump uraimo/run-on-arch-action from 2.5.1 to 2.6.0
2ad31d4 linux: fix error string
ce429cb NEWS: tag 1.12
08d9fea preconfigure cpuset with required resources
a18356e README.md: update the correct Nix channel
da991db utils: try attr/<lsm>/* before attr/*
616aea7 feat: add spin handler
172bbd0 container: move dereference after check
2cc04ea systemd: fallback to system bus
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.11.2-7-gff2b74f, which comprises the following commits:
2cc04ea systemd: fallback to system bus
767ba88 Fix build without libcap
98d9cc9 systemd, cgroup: configure cgroups before joining them
ab0edee NEWS: tag 1.11.2
c965462 src: fix codespell error
267f2c5 make: fix clang-format
6e65f5e cgroup: fix crash on cgroup v1 without cpu resources
57e6f9c terminal: adopt ptsname_r POSIX specified return value
6674353 fix: remove the redundant header file
1084f95 NEWS: tag 1.11.1
4cbc9ad linux: force remount with mounts from parent
11f8d3d NEWS: tag 1.11
f8e4f4e cgroup: honor cpu burst
8b44699 systemd: set CPUQuota and CPUPeriod on the scope
5a0ede2 systemd, cgroupv1: set the cpuset data also on the scope
20bb4aa systemd, cgroupv2: set the cpuset data also on the scope
970d20e tests: fix ioprio test
3b874c2 linux: append tmpfs mode if missing for mounts
863008d init: add new function to check file mode
7c3393c cgroup: always use the user session for rootless
c60c9f2 Update nixpkgs
c053c83 NEWS: tag 1.10
2cc7390 linux: new mount option "copy-symlink"
33cabe6 tests: fix test name
9ee3460 linux: fix error propagation
53c28d9 utils: export safe_readlinkat
a549ce0 tests: skip ioprio tests as rootless
1466b7b linux: Fix -Wunused-result compiler warnings when run './configure' only
bdb95d6 features: export intelRDT status
e2f9853 update: support update of Intel RDT
05bc600 libcrun: support update of Intel RDT
41ae2a2 libcrun: plug Intel RDT support
52d5faa libcrun: add Intel RDT support functions
a7a1af9 container: fix early return
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.9.2-12-g8af8ee2, which comprises the following commits:
bdb95d6 features: export intelRDT status
e2f9853 update: support update of Intel RDT
05bc600 libcrun: support update of Intel RDT
41ae2a2 libcrun: plug Intel RDT support
52d5faa libcrun: add Intel RDT support functions
a7a1af9 container: fix early return
122f8ae linux: open mounts before setgroups if in a userns
64105d9 Use overlay and single nix derivation
35274d3 NEWS: tag 1.9.2
8f6b76f tests, podman: enable more tests
255268d Reset the inherited cpu affinity after moving to cgroup
745b6d9 tests, podman: run tests on overlay
f42e279 tests, podman: get more information on the environment
379b17c tests, podman: avoid deprecated options
bd251c9 rpm: do not special case krun man
fe4e15d build: install krun.1 only if krun is enabled
0cabf0c rpm: fix manpage installation
67ee730 Packit: notify @containers/packit-build team on failed tasks
1f2769e linux: fix fallback mechanism in a userns
a0b7e18 NEWS: tag 1.9.1
bb4e975 utils: partially rewrite improve error message patch
14afa8a utils: fix ignore ENOTSUP when chmod a symlink
0acb237 oci-validation,test: lock tap to @16.3.8
bbb1c87 tests: install device-mapper-devel
75dd83c podman, test: disable more tests failing in the CI
98db1d2 utils: improve error message for ensure_dir
57262a2 utils: ignore ENOTSUP when chmod a symlink
523eed3 linux: add new fallback when mount fails with EBUSY
2239c50 linux: teach MS_MOVE to do_mount
c9a1a12 Add man page for krun
8645d1a Fix CentOS 7 Build by Checking if FSOPEN_CLOEXEC exists
a538ac4 NEWS: tag 1.9
1e2f0c4 fix: correctly handle unknow signal string
41fa779 crun delete: call systemd's reset-failed
76b80ae fix random errors
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.8.7-32-gf8fa497, which comprises the following commits:
76b80ae fix random errors
d602fc0 build(deps): bump actions/checkout from 3 to 4
d348000 linux: fix check for oom_score_adj
382edc9 wasmer: inherit_stdout instead of capture
5057f98 wasmer: use latest wasix API
f60a903 linux: do not join already joined namespaces
46ef792 lua: fixed luarocks package directory structure
0e506e5 linux: add support for ridmap mount option
44e51fa linux: honor rbind
f6f92b8 utils: tighten check in check_fd_under_path()
58fa192 fix typos in comments
9e66109 linux + cgroup-systemd: fix error return values
668f5d5 features: Support mountExtensions
1836bed lua: rename variable to fix spelling
2779f02 linux: support arbitrary idmapped mounts
08def0a linux: move function definition forward
53a9996 NEWS: tag 1.8.7
a867e35 lua: fix missing dereference of pointer
c90c3ca cgroup-systemd: fix error return value
b6c8708 tests: Update expected features output
7c524e7 features: Fix annotations formatting
f0054ea src/libcrun: Mark we implement up to OCI 1.1.0
59e2b84 build(deps): bump uraimo/run-on-arch-action from 2.5.0 to 2.5.1
3a50988 use just enough arg_unused to silence -Wunused-parameter
9864f09 Packit: enable eln builds, enable wasmedge on all non-eln builds
cf72f8b container: fix error return value
88441d9 linux: simplify setns with pidfd
261a4fa mount_flags.c: regenerate
f9f4e06 mount_flags.perf: add get_mount_flags_from_wordlist
387d3ac packit: Build PRs into default packit COPRs
907d032 libcrun: handle SIGWINCH by resizing terminal_fd
57a252b nix: rename `default-nix` to `default-amd64.nix`
5224aa2 build-aux: simplify `release.sh`
a7102e8 github: simplify `release.yml`
8908248 Add support for riscv64 arch
31eeb19 cgroup: fix error return value
fec9b0f RPM: include criu dependencies
02ee7c4 linux: do not create error twice
c786d4c linux: simplify error handling
c972772 linux: do not write twice errors
74a3874 linux: use helper functions instead of custom read/write
35a0166 linux: define helper to ack on the sync socket
c3e518e libcrun: drop symbol for crun_make_error
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.8.6-11-gd7ee549, which comprises the following commits:
c786d4c linux: simplify error handling
c972772 linux: do not write twice errors
74a3874 linux: use helper functions instead of custom read/write
35a0166 linux: define helper to ack on the sync socket
c3e518e libcrun: drop symbol for crun_make_error
080e560 features: use exported function libcrun_make_error
5c2dedc Make the spec file parseable without copr_username defined
73f759f NEWS: tag 1.8.6
26ef1e0 linux: add sync before sending mounts
71c53b0 RPM: Set Epoch only for Copr builds
ee0e405 tests: install procps-ng for podman tests
6a3d7a7 Packit: initial enablement
58bb52c tests: fix cpu-weight-systemd test under a user manager
ee111ae tests: skip test_uid_tty if no tty is attached
74dd5f9 tests: use get_crun_path() in oci_features
b160e2c cgroup-resources: allow setting swap to 0
19cd8aa ps: fix segfault with pids=NULL
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.8.5-40-g56d9d9a, which comprises the following commits:
19cd8aa ps: fix segfault with pids=NULL
d006733 features: add wasm annotation
935f4fe tests: add test for oci_features
366af73 src/*: implement features
21b1733 Makefile.am: update clang-format command
9e5a749 libcrun: report when status file not found
84a6599 libcrun: crun_path_exists distinguish ENOENT
ef224f9 docs: remove module.wasm.image/variant=compat annotation
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Requires either libargp or argp-standalone.
Signed-off-by: Renato Caldas <renato@calgera.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.8.5-30-g7da99fb, which comprises the following commits:
ef224f9 docs: remove module.wasm.image/variant=compat annotation
38f29c2 ci, wasmedge: use --platform wasi/wasm
62e68e2 ci,wasmedge: use latest instead of rawhide
5c9dbca libcrun: return with no-op when io_priority is NULL
755b47a lua: added luarocks packing
1d5748e src: define symbol for /proc/self/timens_offsets
c56e556 src: replace /proc/sys/kernel/cap_last_cap with symbol
db9274f src: define PROC_SELF_CGROUP and use it
1eeba46 src: quote more strings
8ca1f68 build: add check for atomic_bool
e542666 build: add explicit check for atomic_int
43fc74c src: uniform the quoting style
3839e6e src: add missing quotes
0ca1f0b container: do proper cleanup on errors
ee3e6f6 tests: add tests for ioprio
63a4f97 src: fix macro check
e6306b8 tests: reorder includes
edfd0c9 container: support io_priority from the OCI specs
478f047 libocispec: sync
b6f80f7 NEWS: tag 1.8.5
a1f9b7d tests: update ubuntu to lunar
026f249 tests: update containerd
6494b69 cgroup: set the memory limit on the system scope
4d2d5b3 cgroup: move code to an utility function
c56c3c4 cgroups: fix creating cgroup under "domain threaded"
bbee4bc More informative error message for the case where dlopen fails
1ad17f8 Refactor: Restore serial settings for incorrect serial
087db89 scheduler: use definition from OCI
0135eb1 libocispec: update
76ed8df criu: fix memory leak
7a45ba8 ci: temporarily disable cri-o tests
a717db7 criu: fix segfault if CRIU_JOIN_NS_SUPPORT is defined
3f972e1 github: try not loading kernel modules
bca0b3b linux: check the PID is valid before kill(2)
62b149b tests: skip slow cri-o tests
7bbacf9 fix clang-format
c0eb006 src: make clang-format
6639649 lua: fix typo
906142d linux: do not precreate devs with euid > 0
f40d974 Improve whitespace in generated `crun spec`
ed25b47 tests/test_exec: don't fail on PIDs < 10000
909ae4d tests: abstract tests/init to get_init_path()
df8ee48 criu: check if the criu_join_ns_add function exists
5a8fa99 NEWS: tag 1.8.4
898ffb5 tests: fix idmap mount test
a2ac2b9 tests: install irqbalance
6b33ec5 tests: drop cri-o tests instead of deleting file
6824924 cgroup: workaround cpu quota/period issue with v1
fc276e6 cgroup: fix set quota to -1
58b394a build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
bf79b09 src: wire the runtime spec time namespace
bfa4f48 linux: create PID namespace as part of the last step
4320b5d libocispec: sync
39bf623 criu: drop loading unused functions
59f2beb NEWS: tag 1.8.3
ae18930 update: initialize the rt_scheduler only on cgroupv1
crun/rspec: update to 1.1.0-rc.2
1beaf68 CODEOWNER: Add Toru Komatsu(@utam0) to sync with MAINTAINERS
d46c8b2 schema: fix definition for ioPriority
504f70e Add I/O Priority Configuration for Process Group in Linux Containers
05563ea features: update Example
d89ef1e glossary: s/features document/Features structure/g
39bd2ef MAINTAINERS: add Toru Komatsu (utam0k)
f66aad4 Update ociVersion in config-linux.md example
206251f releases: use +dev as in-development suffix
8947849 spec: add scheduler entity
4ee185a version: v1.1.0-rc.2-dev
a5b4da4 version: release v1.1.0-rc.2
54f948c ChangeLog: Document changes since v1.1.0-rc.1
6152be4 schema: remove duplicate keys
9d7c878 Clarify I/O throttling differences between cgroup v1 and v2
b6980b0 schema: fix schema for timeOffsets
689874f Add `features.md` to formalize the `runc features` JSON
167ffb4 Add Go 1.20 support to CI
15d2a5a Switch Go linting to use golangci-lint
c9b5d0e Remove references to deprecated io/ioutil package
77c37f1 Update config-linux.md fix time_namespaces url error.
6c638b1 config: clarify Linux mount options
72efacb runtime: remove `When serialized in JSON, the format MUST adhere to the following pattern`
c42f9ae version: v1.1.0-rc.1-dev
3e013c2 version: release v1.1.0-rc.1
f790b68 ChangeLog: Document changes since v1.0.2
36bb632 Add support for time namespace
f225699 config: change prestart hook spec to match reality
d931d4b config-linux: add CFS bandwidth burst
9e658bc config-linux: add memory.checkBeforeUpdate
3565df5 config-linux: Clarify where device nodes can be created
a650533 config-linux: add support for rsvd hugetlb cgroup
crun/ispec: update to 1.1.0-rc.3
32036d8 Apply version change from #1050
f3f0906 Specify the content of the scratch blob
29a1380 Remove special guidance around wasm
2720969 Update descriptor.go
a68ca3e Remove artifact media type reference
428b1e5 releases: use +dev as in-development suffix
2f691e8 version: bump HEAD back to -dev
085b884 version: bump for release of v1.1.0-rc.3
fd45b6b Add scratch descriptor and scope layer limits
63b8bd0 Remove artifact manifest
23c4647 Define image manifest artifactType and guidance
5751791 Add Tianon as maintainer
f4fc83a Fix unused variable linting error
d09d13d Update Jon Johnson's email
4136bec descriptor schema: add missing data and artifactType definitions
729a03e manifest, specs-go/: provide guidance on SCRATCH config descriptor
31de013 manifest schema: add tests for the subject field
7a9efbd manifest schema: add the missing `subject` field
f2f1956 descriptor: clarify artifactType field must have compliant values
98f35df Update image spec and conversion to clarify groups
336b02c Require IANA mediaType for image config.mediaType and layers.mediaType
1f60184 Add Go 1.20 support
f99b121 Remove filtersApplied from image-spec
b5998ba specs-go/v1/*.go: align the deprecation style
6687119 Chore: fix go.mod - split direct/indirect dependencies
ccb86b9 mention deprecation in media-types.md
9b4e6c0 even fewer words
2cdbef2 Deprecate non-distributable layers
265874e Note an exception to the platform.os recommendation for wasi
0a97fe7 docs: Added artifact.md to docs and spec.md
293f064 Reverting json schema to well known value
crun/libocispec: update to -tip
b085839 runtime-spec: update
553cfb4 image-spec: update
384a230 runtime-spec: update
2c9fb39 libocispec: write _present tags together
dc7412b image-spec: update
2e11380 runtime-spec: update
e7b7344 rust: sync runtime-spec and image-spec
df3036c runtime-spec: sync
8a0ee41 image-spec: sync
70826dc clean: remove unwanted diff file
4d1d608 add redefine for stdin stdout stderr when using musl
02f231b Move header files under ocispec/
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* features_check was inherit twice and REQUIRED_DISTRO_FEATURES
was set twice as well but both with ?= so the 2nd one was ignored
* seccomp was added in:
commit b8f2edd39af6b7ac4461158b0d0382e88e93d6f1
Author: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Wed Jun 30 11:22:42 2021 -0400
Subject: crun: add seccomp distro features check
but there was already systemd from:
commit 144d1ae8973e8c67709d7b544dc53b80bf924754
Author: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Fri Apr 23 10:32:24 2021 -0400
Subject: crun: use REQUIRED_DISTRO_FEATURES to indicate systemd dependency
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.8.3-5-gd2ff390, which comprises the following commits:
59f2beb NEWS: tag 1.8.3
ae18930 update: initialize the rt_scheduler only on cgroupv1
5855e70 [1.8.2][CentOS 7] Missing `#include <linux/sched.h>`
a4393f2 docs: add a tryout example with podman
bf70c97 NEWS: tag 1.8.2
ba6c957 cgroup: cgroupfs attempt new sibling cgroup
74dc9b4 cgroup: libcrun_get_current_unified_cgroup can return relative path
b7b5265 cgroup: drop duplicated variable
11bdc13 linux: set label for pre-created devices
4b04b01 linux: refactor code in a new function
770ad48 linux: extend fsopen_mount to specify label
7578a1a wasm, wasmedge: add current directory to preopen paths
90dd7b7 test_mount: fix incorrect comment
51aba04 linux: readonlyPaths should inherit flags from parent mount
5ad1507 lua: add Lua bindings
5d54a85 scheduler: use sched_setattr
6a132c3 libcrun_container_create(): fix memory leak
6ba6a00 container: add custom annotation to specify the scheduler
5bdd930 cgroup: systemd initialize rt limits
8b18fc7 cgroup: add new function openat_with_alias
e914059 libcrun: add alias argument to function
a4aebb9 libcrun: new function write_cgroup_file_or_alias
d36c1a2 test: remove irqbalance tests
56a2550 cgroup: fallback to blkio.bfq files
34950dc crio: skip test
710d8dd libcrun: chown tty to the exec user
e067714 python: fix create() referencing container_run()
11d1baf build(deps): bump actions/upload-artifact from 2 to 3
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.8.1-3-ga09ab72, which comprises the following commits:
11d1baf build(deps): bump actions/upload-artifact from 2 to 3
f8a096b NEWS: tag 1.8.1
4748543 utils: drop magic number 4096
b022227 utils: use mempage size buffer to read /proc/mounts
2da0773 linux: always use direct mapping
6cdf51c container: delete cgroup on errors
fba646e cgroup: rmdir the entire systemd scope
3221684 crun.1.md: fix typo
31bcf8f crun.1.md: fix markup
5007784 build: delete .version file on make clean
46fbeee cgroup: reset systemd unit if start fails
7e7a4db cgroup: do not add default dependencies
4bd4c4e test: run codespell on the correct directory
8b46c45 src: run codespell
b841b71 Support passing an attribute to change the mount_context_type
2ca4233 test: fix path for crictl
ce66b2e Revert "Support passing an attribute to change the mount_context_type"
87b69c3 Support passing an attribute to change the mount_context_type
d23a94a krun: create /dev/sev as part of the OCI configuration
84092f6 handlers: add hook for exec
83f3ab2 handlers: rename exec_func to run_func
93a8e2f krun: always allow /dev/kvm
675e87c handlers: update uses modify_oci_configuration
1efd61a update: move json parsing to container
c9b230a handlers: provide cleanup function
bd22751 handlers: move cookie data under the same struct
71bf884 handlers: add new hook to modify the OCI configuration
b3e167d crun: set handler for all commands
f0f7b8c handlers: initialize handler in the parent process
cfec5ce NEWS: tag 1.8
957796e libcrun: remove unused intprops.h
8363deb linux: move PR_SET_DUMPABLE after userns creation
83de960 dist: do not include binary tests
188e0ce nix: add gcrypt dependency
f7c715d nix: remove protobuf dependency
765161c nix: refactor same command line
98898d2 nix: update image to nixos/nix:2.12.0
bcae634 Add support for ppc64le
9b287dd README.md: add CodeQL badge
ed7598d README.md: drop lgtm badges
1a61b4d utils: shrink read buffer if necessary
2a5cc1d nix: update packages
7d9fa03 tests, centos8-build: add safe.directory /crun
822ca4a utils: add utils to access /proc/$PID/fd/$FD paths
0554b0a utils: change initial size for buffer
742e8fc utils: reallocate only if needed
4e379c6 cgroup: support cpuset mounted with noprefix
58166e6 linux: set PR_SET_DUMPABLE
908bfc4 linux: mount cgroup ro on /sys bind mount fallback
cd1cf0b linux: add two new arguments to get_bind_mount
b84bde9 linux: mount the source cgroup if cgroupns=host
03d2969 linux: refactor out helper function
75f5c1a linux: fix error message
234d77c linux: precreate devices on the host
f23cd15 utils: add functions to read overflow IDs
85767be linux: remove duplicate slash
1e29136 linux: generalize fsopen_mount
a186e8a linux: add dirfd argument to get_bind_mount
7e42a18 linux: add infra to send devices mounts
a6c9453 linux: generalize receive_mounts
b0fe2e4 linux: refactor code in a separate function
05f1298 contrib, seccomp-notify-plugin: free args on error to prevent leak
a34dd94 cri-o,test: skip failing test unrelated to crun
78cf10f crun: fix clang format
278b9b4 src/crun.c: fix build without dlfcn.h
0ebf4e7 build(deps): bump uraimo/run-on-arch-action from 2.3.0 to 2.5.0
4832ca4 Don't clone self from read-only mount
9df7442 tests, wasmedge: copy libraries under /usr/lib64
2044720 tests, wasmedge-build: install which
6f0d03c tests, crio: skip checkpoint/restore tests
d406a97 tests, centos9-build: add safe.directory /crun
81b4ba0 tests, cri-o: add criu-libs rpm
ca41c80 cloned_binary: use cleanup_close
e1c3906 tests, cri-o: update go to 1.19
a83001b cgroups v1: fix legacy mode mount.
26fe138 utils: fix applying AppArmor profile
1cfaf54 tests: disable some CRI-O failing tests
5e3ef32 crun: write setgroups=deny when mapping a single uid/gid
da84be0 github: fix cri-o CI on cgroupv2
cdf7864 tests: disable test that requires io.bfq.weight
c54fc6f github: fix running on cgroupv2
0356bf4 NEWS: tag 1.7.2
d389308 criu: hardcode to libcriu version 2
3880f04 cgroup: always enable controller
258c237 crun: fix compile time check for CRIU
6ce11e8 copr: enable wasmedge on all active envs
ada59b2 tests: fix podman tests
d068462 NEWS: tag 1.7.1
9893e99 utils: Improve debug message
db08071 linux: include terminal \0 when copying mapping
67f58c6 utils: fix creating default userns
5689bd1 krun: disable libkrun's collection of env vars
6b8da56 krun: copy the OCI configuration file
92db973 configure.ac: do not link libcriu dynamically
f6a5109 criu: add check at runtime for the version
8c3fc12 criu: load libcriu dynamically
b3189ef src: run make clang-format
be6c22c fix timestamp format, tv_usec is microsecond not nanosecond
ff95309 copr: enable wasmedge on epel9
40f66c0 seccomp: initialize libgcrypt
9bff00a Add setlinebuf() when --debug and --log=file: are used.
cb6ae27 handlers: set selinux/apparmor profile
0efbe56 utils: change AppArmor profile for the current proc
f1f286a utils: change SELinux label for the current proc
a1cd1a6 handlers: use only the handler name if needed
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.7-6-gbebd67f, which comprises the following commits:
cb6ae27 handlers: set selinux/apparmor profile
0efbe56 utils: change AppArmor profile for the current proc
f1f286a utils: change SELinux label for the current proc
a1cd1a6 handlers: use only the handler name if needed
40d996e NEWS: tag 1.7
3239c52 container: do not leak container status
ab73033 utils: do not leak error
fe21bee cgroup: fix memory leak
10c1fcc handlers: add an alias field
92e67d7 wasm: check pointers before dereferencing
cc2ab3b copr: enable wasmedge support for f36 and higher
9c5ad48 container: rewrite argv when using a handler
a81b115 libcrun: propagate argc and argv
0a94c5b linux: create parent dir with 0755
5308c49 copr: crun-wasm subpackage
8743809 crun: automatically pick handler from argv0
ddb614b crio,test: skip unrelated seccomp notifier with *
6feeff4 wasmtime: add support for compiling .wat format
7b49b79 NEWS: fill data for old releases
baa98f4 container: use clone3 to join directly the target cgroup
37a438d cgroupfs: implement precreate cgroup
c4af47e cgroup: new interface to preload a cgroup
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.6-75-g4907f10, which comprises the following commits:
0e4cf20 container: pass the argv0 on errors with handlers
6da989c wasmtime: honor error message length
2f46f21 wasmtime: mark unused argument
baa98f4 container: use clone3 to join directly the target cgroup
2497b9b linux: add run.oci.pidfd_receiver=PATH annotation
37a438d cgroupfs: implement precreate cgroup
c4af47e cgroup: new interface to preload a cgroup
352d8ac criu: use a temporary error
3ebaba3 container: cache the bpf generated by seccomp
18abbfc Typos: a/an
e5d4c07 man: fix indentation for run.oci.handler=HANDLER
74d097b seccomp: use relative paths to open bpf
8cfcc8f seccomp: move copy bpf to seccomp
7a66ccc container: move open_seccomp_output to seccomp
a2de8fb seccomp: add functions to calculate checksum
6861b2a container: compute seccomp options earlier
dd310aa configure.ac: add check for libgcrypt
81d3b16 exec: set context
0cffffe crun: display rundir in --version output
882a054 wasm: inherit environment variables in the WasmEdge handler
1f71880 man: cleanup run.oci.handler and define krun and wasm
d474211 Refer to libocispec header files under ocispec/
5027629 build(deps): bump uraimo/run-on-arch-action from 2.2.1 to 2.3.0
fef6ce2 build(deps): bump github/codeql-action from 1 to 2
5837234 crun: open libcrun with dlopen
5f2464f build(deps): bump actions/cache from 2 to 3
ba0adeb build(deps): bump uraimo/run-on-arch-action from 2.2.0 to 2.2.1
5d2a536 build(deps): bump actions/upload-artifact from 2 to 3
a4ffe17 build(deps): bump actions/checkout from 2 to 3
108d9ec Check for github actions updates on weekly basis
9f2acfc cgroup: account for swap usage for checkBeforeUsage
6666dec list: remove yajl usage
6fdcb89 container: new API libcrun_write_json_containers_list
e1b32c7 update: remove yajl usage
270961f python: Fix argument type in container_delete
17f4e55 container: new API libcrun_container_update_from_values
1c681c1 python: Fix argument parsing in make_context
e666af1 crun: chown std streams before joining the user namespace
391df45 linux: reject sysctl kernel.domainname when OCI knob domainname is set
f94655c test: ack (none) as output of getdomainname
fdb26d0 cgroup: honor checkBeforeUpdate
8758f31 add support for setting the domainname
17ba516 libocispec update
7ea7617 systemd: create sub-cgroup on v1 as well
08bccc7 tests: update containerd to 1.6.8
978e719 Copr: Fix i386 builds
18cf2ef NEWS: tag 1.6
396ac88 seccomp: honor SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
074cd9a wasm: provide an integration test for crun with wasmedge support
399e5ea wasm: use wasmedge library soname in dlopen
3e34345 crun: reintroduce -V (uppercase) as an alias for --version
17337c4 seccomp: use helper process to send listener fd
f34ebf2 Copr: wasmtime support only for non-x86
df20997 crun: now -v prints the version
fdcf83a utils: wrap mmap and munmap
95744c8 utils: unify read process exit status
44c305f linux: move definition of syscall_clone to linux.h
d254d3e utils: run process with timeout restores sigmask
57df79b init mask
430dea1 container: drop intermediate userns feature
2e647e0 crio,CI: skip failing checkpoint and restore one container
8d0dfc3 podman,CI: skip top on priviledged container
ad9008b copr: depend on wasmtime-c-api for shared lib
Bumping runtime-spec to version v1.0.2-114-g494a5a6, which comprises the following commits:
4bcd065 seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
6be797c CODEOWNERS: sync with MAINTAINERS
9e658bc config-linux: add memory.checkBeforeUpdate
1924f6b GOVERNANCE: correct the Charter URL
744912b add domainname spec entity
0da1600 fix rfc link
b57ada5 maintainer updates as per #1101
e78a3c3 Add available `LinuxSeccompFlag`s
Bumping libocispec to latest, which comprises the following commits:
02f231b Move header files under ocispec/
39e1872 Make libocispec installable
6fd1d94 update runtime-spec to latest
1e37c8a rust, runtime: add domainname to spec
d59cc93 rust,runtime: add MountUidMapping and MountGidMapping
ac69f5a rust,runtime: add idle type to CPU
e9c21c1 rust,runtime: rename GidMapping,UidMapping to Linux{Uid/Gid}Mapping
8258e1d image-spec: update from upstream
b2e74e1 runtime-spec: update from upstream
ce973fd parser: allocate empty arrays
845aad5 runtime-spec: sync from upstream
1380666 image-spec: sync from upstream
9bb6aa9 src: fix regression
27763d8 runtime-spec: sync from upstream
8abb1b1 image-spec: update from upstream
2ea0d22 runtime-spec: update from upstream
cde73d8 yajl: update from upstream
fc57095 src: fix generated code indentation
e739a1c .github: set safe directory
f09f411 build: fix bashism in configure.ac
23ed5eb git: ignore newly added test binary to prevent untracked changes in crun
d15ed35 fix bug when contain null value in json
2a622ef image-spec: update from upstream
3dd60db runtime-spec: update from upstream
88241d7 sync: add CMT and MBM fields to Intel RDT
Bumping image-spec to version v1.1.0-rc2-12-g4df8887, which comprises the following commits:
867ce74 ArtifactType is optional, omit when empty
59780aa Add ArgsEscaped field to image config
3625ee3 doc: fix example in artifact.md
94f2431 version: bump main back to -dev
19a74bc version: release v1.1.0-rc2
0a97fe7 docs: Added artifact.md to docs and spec.md
c91663b Update RELEASES.md
0e7e0dd docs: Update release process docs with checklist
5d055a4 version: switch back to -dev
4728b6e version: bump for 1.1.0-rc1 release
a7ac485 Rename refers field to subject (#950)
4c15674 Use go install and full path to commands
ce50f1f Bump from Go 1.16 to 1.17
ca2e500 Embed Platform in Image
a865bc0 Fix whitespace consistency in config.md
da33ef0 Remove io/ioutil references
ed7e07b Add artifact to spec.md
bc9c4bd Update schema for mediaType validation (#933)
b04b320 Working Group Proposal for Reference Types
ba36edd Add regclient to implementations
ba3f174 Add maintainer nomination template
08825b8 Pinning version of golangci-lint to support 1.16
9747134 Move inactive maintainers to emeritus
0bd8a03 Add Brandon as maintainer
c7ca3ac Update URLs to https
874a191 Add Sajay as maintainer
6ffdc78 Move inactive maintainers to emeritus
d6ce48a Add mediaType fields into example manifest & image index JSON references
bc44f5b Fixing charter link
0895292 implementations: point to krustlet/oci-distribution
02c5c05 implementations: adding the C and Rust libraries
a36b0c8 Handle multiple matching index entries
a3eee7d README.md: Remove link to OCI scope table The OCI scope table no-longer exists.
4533d3e schema: use Go's embed package instead of esc
d147780 .tool: remove lint tool, call linter directly
0e094f3 schema, specs-go: fix lint errors
d3cd202 *: switch to golangci-lint
4d865bc go: have the go.mod at top-level
0f6c001 Remove unneeded docker pull of pandoc image
de28903 Makefile: stale installation of glide was failing
3a46ac8 github: bring forward the versions of golang tested/built with
6ced3bd media-types: `.mediaType` is available in both OCI and Docker
3be64d9 version: bump main back to -dev
beccafd version: release 1.0.2
5b82148 specs-go: adding `mediaType` to the index and manifest structures
2eb4046 *.md: bring mediaType out of reserved status
e3885ce version: bump main back to -dev
67d2d56 version: release 1.0.2
dcdcb7f specs-go: adding `mediaType` to the index and manifest structures
5f31485 *.md: bring mediaType out of reserved status
3fee04b Adding ACR to implementations
8087946 Reflect docker dontation of distribution to CNCF
bd2fa25 Minor spelling correction
fc4df0a Fix very minor oversight in config example
0d98a6c Scope data verification to content consumers
83479d4 Clean up portability considerations
fccc435 Implementations MUST NOT populate data arbitrarily
2596ec0 Expand godoc for Data
58c082d Add note about portability concerns
ce281ce Add Embedded Data section
aaf8045 Define the data field
4f080a7 Add go.mod and pin dependencies
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.5-41-gce7533a, which comprises the following commits:
ad9008b copr: depend on wasmtime-c-api for shared lib
972d595 krun: add support for krun-sev
e539aae tests: fix fedora rawhide mockbuild
559902d autobuild copr rpms with wasmtime support
d39f45d wasmtime: always grant filesystem capability for wrkdir inside container
b937322 wasmtime: inherit argv from handler argument instead of process
477ecc8 crun: restore will work on realpath
1083f9d tests,podman: skip push to local registry with authorization
29599a5 tests: disable login/logout tests
8ff3eba rpm/Makefile: Fix copr build (follow-up on #979)
f5244c7 rpm/Makefile: install all dependencies on mock environments
a37b06a rpm/Makefile: install git-core in tarball-prep
ab18c71 cgroup: change delegate cgroup after cgroupns creation
4716692 cgroup: add new function libcrun_cgroup_enter_finalize
9139896 tests: disable broken test
a45faa2 rpm/Makefile: autobuild rpms on podman-next copr
7ea284f src: make some error messages lower case
43f420a syntax-check: enable prohibit atoi and atof
9920e7b wasmer: move definitions earlier
54e2519 wasmer: drop not needed indentation
54fe445 wasmer: fix errors return code
86f9a5c syntax-check: enable prohibit always true header tests
a07112c syntax-check: enable no period at end of message check
2656de5 maint.mk: update from upstream gnulib
3df1458 linux: fix build with glibc 2.36
14b2102 pidfd: fallback on ENOSYS
fd01ef4 nix: allow to pass extra args to the runtime
a91e905 NEWS: tag 1.5
2c94290 nix: update nix dependencies
76ead7b wasm: add support for running containers using wasmtime
88e8710 python: unset LIBCRUN_RUN_OPTIONS_PREFORK for run
9ceba95 crun: move config_file* to container
639c98f cgroup: add fallback to io.weight
c75b58d wasm,wasmedge: drop support for experimental WasmEdgeProcess
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.4.5-74-gba3cb60, which comprises the following commits:
5af21e2 linux: fix idmap annotation
c75b58d wasm,wasmedge: drop support for experimental WasmEdgeProcess
22c6181 linux: fix creating devices in the rootfs
6f46ad5 chore(wasmedge): remove legacy option
0de6bb2 fix unknown type name 'uint64_t'
3a16555 linux: fallback to netlink to setup lo device
1a3f8f1 linux: use $PATH for newgidmap and newguidmap
74679c6 krun: use library soname in dlopen
0130f08 krun: limit the number of vCPUs to 8
2a4458d linux: fallback to tmpfs mount if umount fails
fd33331 artifacts, centos9-build: add libprotobuf-c-dev for protobuf headers
77f5c99 linux: devices mounts should have NOEXEC and NOSUID
c923cec tests: add wasmedge build test
33f900c fix(wasmedge): breaking changes in wasmedge c api
699757b test, podman: skip podman pod create --share-parent test
eb4ff94 handler: move notifer for phase HANDLER_CONFIGURE_AFTER_MOUNTS just after finalizing mounts
b02a68d linux: honor mount mappings
8d774c5 libocispec: sync from upstream
38f60b1 ci: re-enable and fix clang-format
d21594a *.c: clang-format
9ed3c1b mono: remove incorrect wasm headings from mono docs
c44937b tests: disable "podman kill paused container"
965129b test/check: fix wrong argument
17d1c16 cgroup: make target cgroup threaded if needed
77d2ac5 readme: show crun logo
2ebd7fc Adding crun logo SVG file
ec9ab49 container, exec: honor process user's uid while setting HOME env
d8a0c7f tests/podman/Dockerfile: build on fedora:35 and fedora:36
21de997 copy_recursive_fd_to_fd(): copy the whole file
3445f0f tests: add tests for covering '--pid-file' and '--no-new-privs' options
e48db34 mono: add documentation and tryout example
f8b85e8 windows/mono: bind mount windows dlls and runtime config from host
0df040d handler: add support for HANDLER_CONFIGURE_MOUNTS for handlers
6b3b4dc linux: add public api libcrun_container_do_bind_mount for adding ctr mounts
009430c windows: add mono based native dotnet handler
eb48a65 cri-o: bump golang to 1.18.1 for capnproto.org/go/capnp
6cc7b03 test: set /crun as safe directory on containers running the tests
2f13875 linux: create missing cwd
1e30424 cgroup: remove tun/tap from the default allow list
6904cf4 cgroup: add support for cpu.idle
2824e92 libocispec: sync from upstream
70deaf0 podman-tests: change default log-driver to k8s-file instead of journald
c381048 NEWS: tag 1.4.5
359e26d crun.1: regenerate
f0cd1a7 .github: fix CI
9998f00 linux: hooks inherit env if not specified
9e361c8 tests: specify the user in the form UID[:GID]
4a61eb1 github: fix CI
db77ef2 libcrun: fix typo
69289ce tests: add an environment variable
81ccd00 criu: add support for different manage cgroups modes
27b7fe5 tests: specify an additional capability to add to the process
cdbc357 tests: delete multiple containers
a39b07d podman: skip authenticated push
0ce2f2d exec: fix double free
5a528f4 docs: fix dependencies on RHEL/CentOS 8 section
cd93941 git-version-gen: fix version comparison
38256da tests: disable failing CRI-O tests
6521fcc NEWS: tag 1.4.4
1aeeed2 exec: --cap do not set inheritable capabilities
b847d14 spec: do not set inheritable capabilities
ca75d1f feat(terminal-receiver): make terminal interactive
ed6e424 remove duplicate "libtool" from install commands
d10fe74 linux: resolve symlinks in bind mounts
ba17004 tests, clang-check: install git
1a4fae9 rhcontainerbot/podman-next COPR autobuild
77df89b docs: update known issues with CRI and side-cars
164d753 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
crun: update runtimespec
Bumping runtime-spec to version v1.0.2-100-g8d0d6d4, which comprises the following commits:
0da1600 fix rfc link
9d1130d IDMapping field for mount point
fc985aa config-linux: update type of LinuxCPU.Idle to *int64
bc545ec schema: add cpu idle
1fef707 Update Windows CPU comments
600a8bd cgroup ownership: clarify that some files may not exist
b8dbce9 update idle type of LinuxCPU from *int64 to int64
9d363b3 config-linux: add idle option for container cgroup
b05eb53 typo: seccompFD -> seccompFd
0608c1f Switch to GitHub Actions, CODEOWNERS, etc.
f4ef391 specify cgroup ownership semantics
104385d config-linux: MAY reject an unfit cgroup
411082c add youki to implementations.md
6641127 alphabetize the implementation list.
84251a4 specs-go: export LinuxBlockIODevice
3f30167 schema: make with golang 1.16
34a7544 schema: update README.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.4.3-4-g3b3061a, which comprises the following commits:
77df89b docs: update known issues with CRI and side-cars
164d753 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars
61c9600 NEWS: tag 1.4.3
040c59f chore(utils): add pointer casts to avoid C++ permissive mode
16850e4 build: fix bashism in configure.ac
e094499 test: fix CI
22284a9 tests: add codespell tests
37f13e3 crun.1.md: fix typo
8fca8bf tests: add fuzzing for idmapped mounts option
abfdf1f fuzzing: move chdir to Dockerfile
d935d0a linux: move parsing to separate function
5c7165a centos9: enable only needed repo
160e626 centos8: enable only needed repo
648b132 tests: add tests for idmapped mounts
916c5cd tests: add check for file ownership
934e19a tests: add feature check for idmapped mounts
bf06c8c linux: support options to idmap
e1ee353 test, container-delete: ignore warn for cgroupv1 when cgroup cleanup fails
4355edc test: add a test for crun delete
cdc4f6a utils, rmdir-all: transfer ownership and responsiblity of fd to rmdir_all_fd
bb5bc67 linux: open source bind mount in the host
df2fecd cgroup-destory: terminate infinite loop and relay error back to callee
44d7816 cgroup-destroy: bump delay while deleting from 0.1ms to 10ms
ec9fa1c Remove ignored arguments
9854c71 Fix compilation error with seccomp
58d33b8 crio-tests: skip userns tests with auto annotation
b3301ad crio-tests: use golang 1.17.6
192ff3e cri-o: remove locking to a specific commit in CI and use master
f6fbc8f NEWS: tag 1.4.2
4029e63 utils: check for dup error
83668f1 linux: create_missing_devs creates /dev/console
0b09d62 utils: always create trailing file
5c47eac container: ignore EROFS when chowning std stream files
8ff9652 linux: validate sysctls before applying them
2f5be74 python: fix build
da28cf1 container: attempt find_executable after setresuid
9646fde utils: drop const from find_executable
8026135 NEWS: tag 1.4.1
8711fbd utils: add a len argument to get_current_timestamp
b5987ee utils: add printf attribute to xasprintf
e9ba4ae libcrun: add printf attribute to error functions
2ca2d06 utils: add attribute malloc to x.*alloc.* functions
ece4431 utils: add the sentinel attribute to append_paths
bb57968 cgroup: do not lookup string twice
d74c5e4 wasm: add docs and example for using crun wasm support on kubernetes
78384da tests/oci-validation: optimize build
c7aac36 Revert "oci-validation: checkout last working commit for runtime-tools"
4cd65c3 utils: drop check for invalid path
90c6b1f tests/fuzzing/run-tests.sh: fix
e65f285 ci: add shellcheck job
b1c520c tests/*/*.sh: add set -e, fix shellcheck warns
1613f4e tests/cri-o: don't remove non-existing files
ff3e33b tests/fuzzing: nits
28c5f89 tests/oci-validation: rename script to run-tests.sh
2bf7a93 tests/*/*.sh: rm redundant cd
a51137c ci/gha: skip installing deps if Dockefile is used
209fe89 ci/gha: don't start docker
9174557 .github/workflows/test.yaml: nits
b97d397 errors: use printf compiler annotation
f12a5ac linux: fix lookup for namespace
acc5f87 linux: skip setns_with_pidfd with explicit paths
5f924cb container: allow delete while in created state
cc70b0a container: merge two if blocks
6aff973 cgroups: skip setting cpu limits if shares==0
5930bfa cgroup: append the sd error message in the error
c9f0b16 gha: simplify deps install
08b621f tests/podman: exclude --ip6 test case
1da6b96 Fix some typos found by codespell
fd6da89 src: rename libcrun_container_kill_all to libcrun_container_killall
dfd5dae libcrun: unexport str2sig
21a8daf libcrun: let libcrun_container_kill* accept a string
dd80179 libcrun: unexport append_paths
eada263 tests: skip sd_notify tests without systemd
8ead30f ci: enable codeql analysis
3a1da09 .github: fix ci build
a834e9b .github: test --enable-shared
95b482f src: export some symbols used by crun
7f37f2e src/libcrun/linux.c:425:77: error: 'OPEN_TREE_CLOEXEC' undeclared (first use in this function); did you mean 'OPEN_TREE_CLONE'?
3daded0 NEWS: tag 1.4
a400e8b libocispec: sync from upstream
76271c9 cgroup: initialize status
d583bdc utils: fix path check
2b74dc1 handler: add support for running handlers on kubernetes with containerd
9b25f52 tests: extend checkpoint/restore test with pre-dump
587d0b2 tests: add memhog command to init
fb2a7ed docs: add pre-copy migration options to the man page
0683fec checkpoint: add pre-dump support
7ecb4b0 handlers, wasm: add lost support for run.oci.handler=wasm
020ee61 tests: add tests for CPUShares/CPUWeight on systemd
58b8879 state: export systemd scope
3adb2d5 tests: allow to override cgroup manager
bcbc72d cgroup-systemd: update CPUShares/CPUWeight
2ba3106 cgroup: add custom update_resources
2d7a495 update: fix shares file name
ec70d28 cgroup-systemd: set CPUWeight/CPUShares on the scope cgroup
4012668 cgroup-resources: move CONVERT_SHARES_TO_CGROUPS_V2 to function
77318e4 cgroup: add function to write to the files
6457228 tests: add CRI-O integration tests to the CI
d6ab372 configure.ac: mark unused variable
cb4152d ebpf: fix build on 32 bits arches
2eafdff cgroup: ignore swap limit if it is not enabled
62e84d8 nix: lock nix version to last working release
1efb0f9 linux: fix join cgroup v1
f72414e crun, spec: allow override file name
5231a30 utils: retry openat2 on EAGAIN
782fb02 crun: load custom handlers
e6fda97 build: define CRUN_LIBDIR
af950dd handlers: support load from .so files
6d093a0 handlers: split each handler to its own file
46fb105 utils: remove hardcoded check for wasm
8f9337e crun, libcrun: move handlers behind an interface
fd0e171 handler: split libcrun_configure_wasm
4eb1f03 container: move custom handlers code to new file
2063305 wasmedge: The wasmedge.h is moved to wasmedge/wasmedge.h
2b4dfef container, handler: close files marked with O_CLOEXEC
4898342 linux, exec: try setns with pidfd
a14ae9e linux: move join namespaces to a new function
a32286c linux, exec: use CLONE_INTO_CGROUP
cb5bf95 linux: use clone3 if available
0e2eda2 tests: fail fuzzing test on crashes
74a21ed ebpf: handle missing access string
c1127a3 container: propagate close for ready-fd
c9c89c6 container: wait_process accepts a struct
9bf58f2 container: replace sprintf with snprintf
3191e49 container: drop argument for write_container_status
91b47f6 container: replace same failure code with a goto
b5405fc linux: improve detection of /dev target
dcc87a3 cgroup: move errors check to helper
0af034d cgroup: hide create/destroy behind a struct
f95e56a cgroup: move cgroupfs code to new file
98e4e46 cgroup: move cgroup setup code to new file
c3119e7 cgroup: move more functions to cgroup-utils
0272dae cgroup: move setting resources to new file
80925dc cgroup: move some functions to a new file
9c014c6 cgroup: rearrange code
24f6b40 cgroup: quote file names
ed31849 cgroup: separate each cleanup to a different function
d9eba41 cgroup: drop argument from libcrun_cgroup_destroy
f47d933 cgroup: split systemd code to a new file
aed4362 cgroup: drop unused function
384cf2a cgroup: drop usage of raw paths
1f313a8 libcrun: new function libcrun_container_read_pids
ce7dedf cgroup: move returned data to different struct
e2670b4 cgroup: drop argument delegate_cgroup
22d9dcb cgroup: drop argument systemd_subgroup
a0d4d9f cgroup: drop unused argument create_if_missing
dc135cf cgroup: drop cgroup_mode argument
4dcbf43 cgroup: remove unused argument
16db42f libcrun: unexport unused functions
4b18425 Also run clang-format on *.c files in tests/
abdeabf container: allow libcrun_run_linux_container to call final _exit() for handlers
2d177df container, exec: refactor to new function
d78dff2 container: attempt chdir twice
c9052f2 container: make chdir error clearer
78cf48b linux: use sd_notify_barrier if available
0fa6447 libocispec: sync with recent commits
40e4736 utils: move safe_openat fallback to separate function
82d2170 mounts: handle paths with multiple slashes
79699be utils: write_file truncates existing files
ef37d51 linux: Enter specified cgroup namespace
a36bcdd tests: disable podman unuseful test
53f2615 .github: use a bind mount for /var dirs
5566520 tests: add build test for centos:stream9
940705f tests, centos8: use centos:stream8
0e99990 Change podman branch to fix CI
1575f2f Add file-locks checkpoint/restore option
d7029af linux: replace mounts lookup with gperf hashing
5511255 linux: support more recursive options
2dbce9b linux: use bool for is_user_ns
827b873 linux: new mount option "idmap"
02938ac linux: add function to send mounts from the host
b5fc60e linux: provide cleanup private data callback
a5a2ca5 linux: generalize opening mounts earlier
4523486 linux: silence warning
a01a03a tests: update podman
3c6d57d wasmedge: fix error message if VM fails to get valid result object
b48b654 crun: show if version supports wasm with configured runtime
365dc57 linux: new mount option "rro"
85c5bc9 linux: fix a race when saving external descriptors
825108e wasm: add support for wasmedge runtime
33e75d0 fix build error on ubuntu
e1c7293 clang-check: refactor to suppress -Wunused-but-set-variable where needed
575c4a6 ci: use latest docker with seccomp profiles supporting clone3
8e5757a NEWS: tag 1.3
685078a tests: temporarily switch to fedora:34
9ea94e9 wasm: allow wasi modules to read args from config
76759f1 fix status.h compile error in C++
952913b wasm: replace printf while relaying output to stdout with safe_write
152a3fc linux: bind mount the current cgroup path
ce211c5 linux: fix mounting cgroup2 with --net=host
e31ab81 wasm: add support for annotation module.wasm.image/variant=compat
2559696 wasm: add documentation
7407be1 wasm: add support to natively build and run wasm workload and wasm containers
6d046d6 oci-validation: checkout last working commit for runtime-tools
eeae045 cgroup: fix race condition when enabling controllers
fd7b3cb criu: do not override external_descriptors
979f6f0 criu: save the new descriptors after restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
These changes are the result of running the convert-spdx-licenses.py
oe-core script.
There's no impact to the build, but we will avoid issues when
interacting with core QA by the alignment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
runtime-spec has moved to main instead of master, so we tweak our branch
name to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.2-16-g718b94e, which comprises the following commits:
979f6f0 criu: save the new descriptors after restore
cab3d52 crun: chown std streams
c68c4ce crun.1.md: fix formatting
62e9ba0 test: bump base and ubuntu to 1.16 for containerd tests
07303d8 exec: support --cgroup
9c96ca4 libcrun: allow to specify sub-cgroup for exec
e32af6c cgroup: allow to create missing dirs
baa786c exec: use new function
6d70af2 exec: new function libcrun_container_exec_with_options
97c2eac tests: add userns to sd_notify_proxy test
4f6c8e0 NEWS: tag 1.2
aee580f exec: fix containers being wrongly reported as paused
762269c test/criu: enable external ipc,uts,time namespaces
e334260 criu: Add support for shared ipc,uts,time ns
1353be8 configure: convert indentation to tabs
44bb0b2 artifacts: add libprotobuf-c-dev for protobuf headers
5b341a1 NEWS: tag 1.1
55d293c .github: add libprotobuf-c-dev
2162435 criu: store external descriptors as JSON string
9c7d928 .github: check tests leave the working dir clean
d99bb51 .github: report make check failures
0d64e1d linux: fix fix-test-mount-symlink-not-existing test
7260dc8 tests: fix number of tests
b0d64b6 tests: skip caps tests if rootless
a538e4e tests: disable exec_additional_gids when rootless
b055575 criu: fix save of external descriptors
c0f5460 criu: use has_prefix instead of strncmp
0fa5a11 criu: use write_file instead of open+write
1604c54 criu: drop \n from error messages
a967d78 criu: fix fd leak
f624c93 tests: disable unrelated failing Podman tests
ee35311 utils: add new function safe_readlinkat
ef24f0c README.md: ./configure.sh → ./configure
3e82d10 tests: add test for c/r with ext namespace
2257680 tests_utils: drop unused variable
f41c979 tests: drop unused imports
be18607 criu: Add support for external PID namespace
4810ac6 exec: refuse paused container/cgroup
7d35659 cgroup: drop cgroup_mode arg from libcrun_cgroup_is_container_paused
44377aa container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing
bc0b3d1 utils: retry openat2 on EAGAIN
8a70bcd cgroup: use cgroup.kill if available
c819e9c tests: update Podman to 3.3.0
74543d3 linux: silence two false positives reported by lgtm
c1798ad status: check for owner before using it
5399935 utils: NUL terminate readlinkat buffer
2557c81 NEWS: tag 1.0
dad6ef2 crun.1: regenerate
2199d10 tests: update containerd version
We also bump the oci/image/runtime spec SRCREVs to ensure that we have
all the source dependencies up to date.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'autogen.sh' script of crun was fetching dependencies that we
already have in our SRC_URI. We want the OE git fetcher to manage
the source, not scripts in the source of a package.
We grab the two lines out of autogen.sh that we need, and use them
directly in the configure_prepend.
We also add yajl to the source code dependencies as the package
DEPENDS is not enough as crun is explicitly building source that
looks for the yajl code.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 0.21-15-g360f5d0, which comprises the following commits:
2199d10 tests: update containerd version
1798d5a cgroup: chown cgroup to root
b5cdeb5 cgroupv1: add support for setting memory.use_hierarchy
7cfdf09 Makefile.am: link libcrun to $(FOUND_LIBS)
d4d1825 linux: treat pidfd_open EINVAL as ESRCH
62149b3 Update nixpkgs
ac00581 Dockerfile: delete file
c4c3cdf NEWS: release 0.21
69bd7dc Doc: cgroups v2 and RT processes unsupported
6397998 krun/kvm: crun should silently/gracefully switch to krun when needed.
92499bd container: wrap execv in retry-on-eintr
b04a335 cgroup: lookup pids controller as well
448494e README.md: drop travis badge
1bbf562 Reflect #696 in crun's manpage
e836219 rpm: fix license
2b88faa status: add fields for owner and created timestamp
b07c389 criu: fix error check
09401bb linux: fix unitialized variable
b222968 cgroup: fix a memory leak
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
We need to change our branch to avoid parse errors.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Since seccomp depends on libseccomp, and seccomp is only available
when the distro feature is enabled, we add the same dependency and
distro feature check to this recipe.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 0.20.1-7-g7ef74c9, which comprises the following commits:
b07c389 criu: fix error check
09401bb linux: fix unitialized variable
b222968 cgroup: fix a memory leak
1182975 cgroup: honor memory swappiness set to 0
38271d1 NEWS: tag 0.20.1
923447b container: ignore resetting keyring SELinux label
b26493f Dockerfile: install required python3-jinja2 package
0d42f11 NEWS: tag 0.20
9042ac5 seccomp: drop SECCOMP_FILTER_FLAG_LOG by default
0f4156f cgroup: Refactor libcrun-cgroup-destory to support picking subsystems dynamically and clean custom controllers.
d6be344 cgroup: ignore devices errors in a userns
6e187fb cgroup: do not join empty controller
badb23d seccomp: report correct action in error message
5201956 container: apply SELinux label to keyring
4b664e9 linux: attempt to open existing dev file first
dd1c419 libocispec: sync from upstream
5f74e2a Makefile.am: make sure libocispec uses main branch
f0c76e1 utils: close_range fallbacks to close on EPERM
1596ab1 Update crun manual with recently added flags
1d84d62 Fix type for LinuxDeviceCgroup.linux.resources.devices.allow in default Spec
62d251d container: call prestart hooks before rootfs is RO
48bc33d Exec: Add --process-label and --apparmor to allow modifying selinux_label and apparmor_profile
0e53e87 Exec: Add --no-new-privs to and adhere if noNewPriviledges is false in basespec config
2de8b43 Fix SIGSEGV for rootless container caused by case when def->linux is defined but def->linux->cgroups_path is NULL
54e77c2 Add support for spec --bundle
ae11886 cgroup: fix regression in mode detection
194b72d kill: fix race condition with pidfd_open
2910d9b cgroup: add custom annotation run.oci.delegate-cgroup
407eef9 cgroup: drop argument from function
0485de6 cgroup: report error if the cgroup path was set
bf5020a cgroup: improve error message
a131715 cgroup: fix recursive cleanup
6e95060 cgroup: kill procs in cgroup on EBUSY
0274d6f tests: disable go modules
1272eaf tests: skip podman create --pull
04f1a6a container: read the error from the init process
29afcd6 Update README.md
9863a8e Update README.md
55f5ed5 utils: use /proc/self/fd to open unix socket
fa40930 contrib: fix warning from the rust compiler
1535fed NEWS: tag 0.19.1
227e0be spec: add cgroup ns if on cgroup v2
3fbe777 libcrun: add const to spec_file
eb34661 libcrun: annotate cgroup_mode < 0 checks
92bcc81 tests: add fuzzing tests
af3509d cgroup: support array of strings
9effaeb On exec, honor additional_gids from the process spec, not the container definition
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
The upstream project has moved from master to main, so we adjust
our recipe accordingly.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
crun has renamed master -> main, so we adjust our fetching to
match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
crun has a hard dependency on systemd, we need to add it to the
recipe to avoid failing package QA checks.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of this update to crun, we now much run autogen.sh before
running configure.
Otherwise, these are incremental changes and comprise the following
commits:
9effaeb On exec, honor additional_gids from the process spec, not the container definition
c25a2db tests: add explicit python3-pip dependency
e67a756 NEWS: tag 0.19
18c0274 gitignore: update
471a7b8 libocispec: update from upstream
f642968 tests: fix check for cgroup v2
3e7fa1d linux: always remount bind mounts
78aeac9 linux: ignore unknown capabilities
f11d742 Add linuxdevicecgroup to maintain parity with runc spec
9aa382b cgroup: skip parsing empty file
d9c9fd0 container: initialize tmp_err
00371ae src: initialize statx struct
2e88d19 src: initialize first_arg
5e4efb7 seccomp: always NUL terminate lowercase_arch
7812572 tests: add test for seccomp listener
f80e98d init: add check for seccomp listener
5d9010b init: fix check for nargs
5a627f4 seccomp: support notify listener
c3361c1 status: use function to convert from yajl errors
873b62d container: use new error function for hooks JSON
14083ab error: new function to convert from yajl errors
6e19235 linux: pass own pid to container process
8fd3320 contrib: new tool to test seccomp notifications
8722858 crun: always use absolute path for the bundle
ae9ea92 container: improve OOM error message
919aac9 utils: receive fd detect closed connection
a52e480 cgroup: new function to detect OOM
2e37d2a sync-libocispec
75ad96b Let autogen.sh generate m4
14c260f libcrun_warn if newuidmap/newgidmap invoke fails
5598401 README.md: drop pids limit comparison
9ea6857 github: add fuzzing test
0fd03ba tests: add container image for fuzzing libcrun
bbd5c7d fuzzer: reap child processes
c7350ef tests: add more fuzzing tests
816f95b fuzzer: merge two tests
effa508 linux: cleanup zombie on errors
b32f1eb linux: release only on error
5ca72f5 status: attempt open again on interrupts
9b5d4c1 Added static analysis Adding clang compilation Fixing comparison of integers of different signs
3b199ef Update GNUmakefile
dcd1a34 linux: label the tmpfs for masked directories
edf7f15 seccomp: check if the action supports errnoRet
bc222b6 seccomp: fail if no default action specified
0c5b920 seccomp: honor default errno value
92c0afe yajl: support static link of containers/yajl
f3d920d src: fix unitialized variable
7d89a02 src: add error check
765971c status: fix memory leak on error
31274d8 utils: fix check for fd
62d1c4d tests: add test to feed honggfuzz
ab75091 ebpf: return the program instead of NULL
8b16552 src: check if seccomp is defined
f721efb container: fix error ownership
4472e35 container: allow config from memory
6b369b8 container: fix memory leak
0fede0f container: initialize variable
2b6c0b6 container: fix dereference of def->linux if NULL
1dd9b5b container: check for def->process before deref
1b1a691 fix: cross-compiling for Android
b25cb2d tests: add device access test
86251b0 ebpf: handle access(dev_name, F_OK) call correctly
e2d79dc fix: access violate if ret < -2
4f35406 cgroup: read controllers from /proc/self/cgroup
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to the release, which pulls in the
808420e release: distribute CHECKSUMS file
c2b0064 build-aux: provide arm build without systemd
7cc03f7 .gitignore: update file
f5274bd NEWS: tag 0.18
94e8364 src: add missing definitions
baed691 libocispec: sync from upstream
8d0ebf6 Add arm64 static binary build
b66d5d9 tests: fix make check in a user namespace
e10205e linux: remove temporary mount logic
7819f4c linux: use targetfd for move_mount
891cd3c linux: use safe_openat for masked/readonly paths
6c5577f linux: use new function
9aa264d utils: add function to safely create and open
436daef src: add function to cleanup container struct
c955ece src: pull function out
7bd51a0 build: check for linux/openat2.h
dcb1914 utils: add function to remove initial slashes
a1c958c utils: memoize check result
25c6f07 container: rename function to get_root_in_the_userns
f08bd31 src: fix leak of the descriptors buffer
df88061 tests: disable more Podman flaky tests
052bab7 utils: set HOME to root if the user not found
efe35f1 linux: ignore ENOSYS on keyctl
1b65163 tests: enable asan sanitizer
a0f322a tests: build init always statically
a656698 configure.ac: allow to disable dl support
6adb26b tests: disable hooks_stdin for oci-validation
06199c7 tests: update to podman 3.0
bc888b9 tests: disable podman pull test
f1373f9 tests: install crun under /usr/bin
257f442 Fix permission error when using both user namespaces & NOTIFY_SOCKET
617a212 cgroup: skip +cpu on EINVAL in cgroup root
b6ac8de linux: use safe_openat for tmpcopyup
2d1f910 utils: avoid reopening the root during lookup
3ce74e8 utils: fix symlink lookup
cbb67ae container: set working directory for libkrun
df01709 seccomp: custom annotation to load raw bpf
b229dca linux: refactor allocate_tmp_mounts
68bb50f linux: disable temporary mounts with [r]slave
d6ae36b libocispec: update from upstream
487e792 github: enable clang-format checks
61d6844 src: run make clang-format
1d559d0 clang-format: change ColumnLimit to 0
643d05b linux: disable temporary mounts with [r]shared
de6082f cgroup: fix conversion from blkio to io
1db8312 Update nix pin with `make nixpkgs`
540444c Makefile.am: crun depends on libocispec.la
1df96e5 linux: fix build without CLONE_NEWCGROUP
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We bump crun, and its dependency repositories to their latest
revisions.
Along with the code changes, we have a new systemd dependency
(or the build fails), and the License was incorrectly set to
GPLv3 previously, and we correct it to v2 as part of this update.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
Create the initial recipe to provide crun as an alternative OCI runtime
provider.
This currently has a depdenency on seccomp, but it would be nice if we
can make that optional in the future to avoid pulling in all of
meta-security as a dependency.
Example:
% skopeo copy docker://busybox oci:busybox-oci:latest
% mkdir busybox-bundle
% oci-image-tool create --ref platform.os=linux busybox-oci busybox-bundle
% cd busybox-bundle/
% rm config.json
% runc spec
% runc run foo
^D
% crun run foo
^D
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
