| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.3.0-rc.1-171-gb1722d79, which comprises the following commits:
da909478 deps: bump cgroups to v0.0.3, fix tests
f24aa06e libct: State: ensure Resources is not nil
1b39997e Preventing containers from being unable to be deleted
d22a4211 libct/configs: stop using deprecated id
b25bcaa8 libct/configs: fix/improve deprecation notices
a10d338e libct/configs: add package docstring
8d180e96 Add support for Linux Network Devices
889c7b27 update runtime-spec
ed5df5f9 libcontainer/configs package doc
0b01dccf runc update: handle duplicated devs properly
7696402d runc update: support per-device weight and iops
99a4f198 build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17
31d141e2 build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0
8b0e7511 build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5
04be81b6 fix rootfs propagation mode
995a39a4 ci: add scheduled run of GHA CI
74209b73 ci/gha: allow to run jobs manually
62e6ab6d gha/ci: allow validate/all-done to succeed for non-PRs
b39bd105 ci/gha: fix exclusion rules
b206a015 deps: bump opencontainers/cgroups to v0.0.2
ae00c2bd tests/int: simplify using check_cpu_quota
fbf1a320 build(deps): bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1
5cdfeea7 CHANGELOG: forward-port entries from 1.3.0
0623ea10 build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
c1958d88 build(deps): bump golangci/golangci-lint-action from 7 to 8
9f86496c ci: Check for exclude/replace directives
67b8a685 go.mod: Delete exclude directives
b0aa863f ci: bump golangci-lint to v2.1
d920a722 build(deps): bump github.com/seccomp/libseccomp-golang
8e3ee502 ci/cross-i386: retry adding ppa
c12c99b7 runc: embed version from VERSION file
d54eaaf2 runc --version: use a function
3e3e0482 ci: upgrade to criu-4.1-2 in Fedora
58c3ab77 rootfs: improve error messages for bind-mount vfs flag setting
30302a28 mount: add string representation of mount flags
87ae2f84 Unify and fix rootless key setup
b520f750 ci: install newer criu for almalinux-8
d7285e46 Fix "invalid workflow file" github actions error
5f4d3f36 libct/apparmor: don't use vars for public functions
08ebbfc8 tests/cmd/remap-rootfs: fix mips builds
1d78cb21 Completely remove --criu option
c8991936 ci: add check for toolchain in go.mod
e34c1a04 CHANGELOG: Port 1.2.x changes
c5ab4b6e runc pause/unpause/ps: get rid of excessive warning
fda034c9 pause: refactor
75a4546b go.mod: rm toolchain
0a9639e3 build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
c5e0ece4 build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0
19c65154 tests: Add env var tests
09501d96 libct: Override HOME if its set to the empty string
bb5aa116 build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0
bf386464 libct: we should set envs after we are in the jail of the container
4a0e282b test: check whether runc set a correct default home env or not
7fdec327 Use any instead of interface{}
17570625 Use for range over integers
f64edc4d ps: use slices.Contains
ef5acfab libct/configs: use slices.Delete
0fc2338d libct/specconv: use maps.Clone
7a58d823 .golanci-extra: disable staticcheck QF1008
0b536265 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
5cfd1a62 build(deps): bump bats-core/bats-action from 3.0.0 to 3.0.1
131bdac1 tests/int/selinux: test keyring security label
c735c073 tests/integration/selinux: collect user_avc as well
491326cd int/linux: add/use Recvfrom
e655abc0 int/linux: add/use Dup3, Open, Openat
c690b66d int/linux: add/use Exec
431b8bb4 int/linux: add/use Getwd
8cc1eb37 Introduce and use internal/linux
b68cbdff criu: Add time namespace to container config after checkpoint/restore
127e8e68 ci: bump to golangci-lint v2.0
9b3ccc19 libct/intelrdt: fix staticcheck ST1020 warnings
30f8acab Fix staticcheck ST1020/ST1021 warnings
9510ffb6 Fix a few staticcheck QF1001 warnings
6405725c libct: fix staticcheck QF1006 warning
fdb69163 notify_socket.go: fix staticcheck warning
4622bb87 build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6
a638f133 .golangci.yml: add nolintlint, fix found issues
d00c3be9 ci: bump codespell to v2.4.1, fix some typos
65e0f2b7 libct/int: use destroyContainer
1aebfa3e libct/int: don't use _ = runContainerOk
f55400dc .github: Improve issue template description
bac33825 build(deps): bump github.com/opencontainers/selinux
6a3f8ea3 skip read /proc/filesystems if process_label is null
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
We've only had one type of runc for a while, this is another step
in the direction of moving to just 'runc' versus the old runc-<foo>
variants
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit updates the container recipes to the OE core UNPACKDIR
changes.
- We drop references to WORKDIR
- We adjust destsuffix fetches to use BB_GIT_DEFAULT_DESTSUFFIX
instead of 'git'
- Update our GOPATH references to use UNPACKDIR
- Drop S = assignemnts where possible
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With:
https://lists.openembedded.org/g/bitbake-devel/message/17508
there are many WARNINGs from this layer will cover src_uri.inc files
in next commit.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.3.0-rc.1-40-g25d47644, which comprises the following commits:
bac33825 build(deps): bump github.com/opencontainers/selinux
bc96bc85 libct/seccomp: use maps and slices pkgs
370733b7 libct/cap: rm mapKeys, use maps.Keys, slices.Sorted
3a33b6a3 Make state.json 25% smaller
9c5e687b libct: Use chown(uid, -1) to not change the gid
d31e6b87 ci: bump bats to v0.11.0
8e653e40 script/setup_host_fedora.sh: use bash arrays
a76a1361 script/setup_host_fedora.sh: remove -p from mkdir
af386d1d tests/int: rm some "shellcheck disable" annotations
b48dd651 ci: bump shellcheck to v0.10.0
6e5ffb7c Makefile: bump shfmt to v3.11.0
53931553 libct: log a warning on join session keyring failure
9aeb7905 tests/int/selinux: fix skip message
5ac77ed6 libct/int: add/use needUserNS helper
1d9bea53 .cirrus.yml: install less dependencies
1afa1b86 signals: replace unix.Kill with process.Signal
346c80d7 libct: replace unix.Kill with os.Process.Signal
135552e5 CI: migrate Vagrant + Cirrus to Lima + GHA
d5fe5303 build(deps): bump golang.org/x/net from 0.36.0 to 0.37.0
000cdef7 build(deps): bump golang.org/x/sys from 0.30.0 to 0.31.0
79e9cf53 doc: update spec-conformance.md
12c2e21f build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0
05e83fc6 deps: bump go-criu to v7
5d6e7e12 VERSION: back to development
a00ce11e VERSION: release v1.3.0-rc.1
10ca66bf runc exec: implement CPU affinity
d92dd226 performance improvement: setup signal notify in a new go routine
a75076b4 Switch to opencontainers/cgroups
6e01e850 CHANGELOG: fwd port 1.2.1 to 1.2.5 changes
537a2276 build(deps): bump github.com/opencontainers/runtime-spec
c43ea7d6 exeseal: do not use F_SEAL_FUTURE_WRITE
1d047e44 expose criu options for link remap and skip in flight
559bd4eb libcontainer: rename dmz -> exeseal
ad09197e libct: don't send config to nsexec when joining an existing timens
74619689 test: exec into a container with private time ns
28475f12 Retry direct unix package calls if observing EINTR
4e0f7a20 libct/cg/dev: remove specconv dependency
69792827 libct/cg: don't use utils.CleanPath
5e1dcdf5 libct/cg: add internal/path.Inner
271aa88e libct/cg/fs2: rm _defaultDirPath
7bebe68c libct/cg: stop using utils.ProcThreadSelf
42449786 CI: gha: rm ubuntu-20.04
79a4ac05 deps: bump cilium/ebpf to v0.17.3
8db6ffbe libc/utils: simplify CleanPath
26cfe142 release: explicitly set --keyserver in release signing scripts
0e3b5d5b build: bump libseccomp to v2.5.6
d237bc46 .cirrus.yml: use Go 1.24
16d73367 Require Go 1.23.x, drop Go 1.22 support
87420749 CI: add Go 1.24, drop go1.22
99f9ed94 runc exec: fix setting process.Scheduler
b9114d91 runc exec: fix setting process.ioPriority
73849e79 libct: simplify Caps inheritance
049a5f76 libct/cap: allow New(nil)
f26ec922 libct: rm Rootless* properties from initConfig
2a86c357 libct: document initConfig and friends
13277b20 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0
4b87c7d4 Fixups for newProcess
8fbdb7e7 setupIO: optimize
c4eb0c61 libct: createExecFifo: optimize
5d2e2445 execProcess: move some code to newProcess
c283ed10 tests/int: add hooks argv[0] test
8529591c build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
746a5c23 libcontainer/configs/validate: improve rootlessEUIDMount
055041e8 libct: use strings.CutPrefix where possible
259b71c0 libct/utils: stripRoot: rm useless HasPrefix
ecf74300 libct/cg/fscommon: GetCgroupParam*: unify
ef983f51 libct/cg/fscommon: ParseKeyValue: stricter check
d83d533b libct/cg/fscommon: GetValueByKey: use strings.CutPrefix
f1348712 libct/cg/fscommon: ParseKeyValue: use strings.Cut
e9855bda libct/cg/fscommon: use strings.Cut in RDMA parser
930cd494 libct/cg/fs2: use strings.Cut in parsePSIData
40ce69cc libct/cg/fs2: use strings.Cut in setUnified
037668e5 libct/cg/fs2: simplify parseCgroupFromReader
075cea3a libcontainer/cgroups/fs: some refactoring
4271ecf7 libct/cg/fs: refactor getCpusetStat
bfcd479c libct/cg/fs: getPercpuUsage: rm TODO
871d9186 exec: improve getSubCgroupPaths
7149781f exec: use strings.Cut to parse --cgroup
ec9b0b5f runc list: use standard os/user
52f702af libct: earlier Rootless vs AdditionalGroups check
7dc24868 libct: switch to numeric UID/GID/groups
b55167e0 tests/int/exec --user: check default HOME
ccb589bd libc/int/userns: add build tag to C file
d84388ae libct/cg/sd: set the DeviceAllow property before DevicePolicy
a274d275 build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
54fa0c55 capabilities: be more graceful in resetting ambient
f414b534 CI: fix criu-dev compile
8e5bb0d8 deps: roll back to cilium/ebpf v0.16.0
6c9ddcc6 libct: switch from libct/devices to libct/cgroups/devices/config
200f5631 libct/devices: move config to libct/cg/devices/config
70e500e7 deps: update to github.com/cyphar/filepath-securejoin@v0.4.1
24ec764a build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4
33315a05 libcontainer: if close_range fails, fall back to the old way
111e8dcc libcontainer: Use MaxInt32 as the last FD to match kernel size semantics
7b26da9e libcontainer: Prevent startup hang when CloseExecFrom errors
9af79522 build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3
a50e6872 tests/int: simplify assignments
a22ea827 tests/int/hooks_so: don't hardcode soname
1890af6d support cgroup v1 mounted with noprefix
af929228 RELEASES: add formal release policy for runc
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The changes carried in runc-docker are no longer required, and if
they become relevant again, they don't belong in the base recipe.
This is the first part of the change, we drop runc-docker + patches
and update runc-opencontainers to RPROVIDE runc-docker in case there
are referenced that we don't know about. There shouldn't be any,
since virtual-runc has been the RPROVIDE of choice for some time.
We keep runc-opencontainers for now, since there may be alternate
runc implementations in the future. In about a year, we'll unify
the .inc and .bb if no new implementations have been proposed.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.2.0-149-g610aa88a, which comprises the following commits:
06f1e076 libct: speedup process.Env handling
6171da60 libct/configs: add HookList.SetDefaultEnv
c49b8916 tests: add test to check StartContainer hook env
390641d1 libct/int: improve TestExecInEnvironment
9a545947 libct/int: add BenchmarkExecInBigEnv
a69d289f build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2
061483b6 build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
48ad17f4 build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
83350c24 libct/system: rm Fexecve
c0abf76e Update README.md
f8483049 build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1
57462491 libct/configs/validate: add IOPriority.Class validation
7334ee01 libct/configs: rm IOPrioClassMapping
5d3942ee libct: unify IOPriority setting
ec465d39 utils: simplify newProcess
2dc3ea4b libct: simplify setIOPriority/setupScheduler calls
93091e6a libct: don't pass SpecState to init unless needed
8afeb583 libct: add/use configs.HasHook
171c4149 refactor init and setns process
5855ba53 build(deps): bump github.com/cilium/ebpf from 0.17.0 to 0.17.1
e809db84 build(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.0
c2b11a63 build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
71327d7f build(deps): bump github.com/cyphar/filepath-securejoin
af929228 RELEASES: add formal release policy for runc
21c0968b remove broken fuzzer from oss-fuzz build script
9468986a ci: use a specific ubuntu version
e845f4be ci: bump golangci-lint to v1.62
705382ac build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0
394f4c3b Re-add tun/tap to default device rules
b15fcc1b keyring: update @kolyshkin key expiry
5a838ccb tests/cmd/sd-helper: switch from configs to cgroups
a56f85f8 libct/*: switch from configs to cgroups
04041f21 libct/cgroups/*: switch from configs to cgroups
ae477f15 libct/configs: move cgroup stuff to libct/cgroups
85c7c99d libct/cg/fs2: fix some revive linter warnings
66fe7db3 Move test helper binaries
47dc1858 Add runc_nocriu build tag
c487840f Remove main package dependency on criurpc
2f1b6626 deps: update to github.com/cyphar/filepath-securejoin@v0.3.5
c0044c7a cgroup: ebpf: make unexpected errors in haveBpfProgReplace louder
9bc6753d cgroups: ebpf: also check for ebpf.ErrNotSupported
dea0e04d cgroups: ebpf: use link.Anchor to check for BPF_F_REPLACE support
d5694eed build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0
ec7e90b3 build(deps): bump golang.org/x/sys from 0.27.0 to 0.28.0
66969827 Switch to github.com/moby/sys/capability v0.4.0
fe73f1a9 libct/cap: switch to lazy init
cdee1b38 libct/cap: preallocate slices
b7da1673 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
fffc165d tests: add test for 'weird' external namespace joining
fadc55eb nsenter: implement a two-stage join for setns
a97d7cb2 nsenter: refuse to join unknown namespaces
49bee5c4 cfmt: use the Linux { a, b } decl style
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.2.0-69-gb7da1673, which comprises the following commits:
b7da1673 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
119111a0 libct/cg: add test for remove a non-existent dir in a ro mount point
068d7da7 Revert "Temporary set vagrant to 2.4.1-1"
ac435895 memfd-bind: elaborate kernel requirements for overlayfs protection
ba3d026e libct/cg: RemovePath: improve comments
12e06a7c libct/cg: RemovePath: simplify logic
db59489b runc delete: fix for rootless cgroup + ro cgroupfs
ca4a7a86 build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
43af111e MAINTAINERS: move dqminh and hqhq to EMERITUS
ec5e7eb7 build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
9cb59b46 ci: rm "skip on CentOS 7" kludges
5000f169 Temporary set vagrant to 2.4.1-1
b9dfb22d readme: drop unused memfd-bind reference
aa505bfa memfd-bind: mention that overlayfs obviates the need for it
9bc42d61 dmz: overlay: set xino=off to disable dmesg spam
9ce7392b Vagrantfile.fedora: bump Fedora to 41
609e9a51 Vagrantfile.fedora: stop using dnf shell
80c46d31 build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0
5586d7ca libct: rm obsoleted comment
f9fd70b7 CHANGELOG: add (forward-port) v1.1.15 changes
8cc73754 libct: fix a comment
ee1bced1 script/check-config.sh: add OVERLAY_FS check
c8f5d033 docs: remove prompt symbols from shell snippets
871057d8 drop runc-dmz solution according to overlay solution
34a92855 test join other container userns with selinux enabled
c78f3f2e libct/nsenter: become root after joining userns
1e674098 libct/int: add exec benchmark
cb201487 libct/int: use testing.TB for utils
4df7b1b1 build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0
cbb9b309 ci: use Go 1.23
732806e2 runc update: fix updating swap for cgroup v2
cb9f3d6d libct/cg: improve ConvertMemorySwapToCgroupV2Value
69b3be76 build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0
eb2ff52a libct: rm x/sys/execabs usage
f20f273a build(deps): bump github.com/opencontainers/selinux
139789f1 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
93db63ab build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
af024b6c build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2
42f96305 VERSION: back to development
0b9fa21b VERSION: release v1.2.0
568231cc Revert "increase memory.max in cgroups.bats"
e6699266 fix an error caused by fd reuse race when starting runc init
515f09f7 dmz: use overlayfs to write-protect /proc/self/exe if possible
8cfbccb6 tests: integration: add helper to check if we're in a userns
54ef07d8 tests/int: skip "update memory vs CheckBeforeUpdate" on EL9
ff775363 tests/int: rm centos-7 exclusion
76a821fa tests/int: update info about EL9 kernel
b5bdf592 libct: rm initWaiter
9fa324c4 dmz: cloned binary: set +x permissions when creating regular tmpfile
324fcea4 Terminate execution for criu that does not meet version requirements
eff6f049 libct/cap: no need to load capabilities
9b60a93c libcontainer/userns: migrate to github.com/moby/sys/userns
1623cde1 go: update github.com/cyphar/filepath-securejoin to v0.3.4
4fdd5616 memfd-bind: more specific doc URL
9e554587 memfd-bind: fixup systemd unit file and README
13a6f560 runc run: fix mount leak
b096459a vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
f55957de build(deps): bump bats-core/bats-action from 2.1.1 to 3.0.0
bb2bd38d change go minimum version in README
faffe1b9 replace strings.SplitN with strings.Cut
1be06760 libcontainer/cgroups/fs: remove todo since strings.Fields performs well
7a449109 libct/README: simplify example, rm inheritable caps
0de19533 runc spec, libct/int: do not add ambient capabilities
3e3f9603 runc exec --cap: do not add capabilities to ambient
5b161e04 update bats-action to 2.1.1
35f999dd remove installation of unused bats support libs
10c951e3 add ErrCgroupNotExist
319e133c go.mod: Use toolchain 1.22.4
8671a7db ci: update to setup bats action from bats-core
30f8f51e runc create/run: warn on rootless + shared pidns + no cgroup
21c61165 tests/int: log when teardown starts
b1449fd5 libct: use Namespaces.IsPrivate more
d8844e29 tests: integration: add setgid mkdirall test
066b109e vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2
646efe70 utils: mkdirall: mask silently ignored mode bits to match os.MkdirAll
457e1ffa tests: add regression test for CVE-2019-19921 / CVE-2023-27561
216175a9 Upgrade Cilium's eBPF library version to 0.16
a31efe70 libct/seccomp/patchbpf: use binary.NativeEndian
429e06a5 libct: Signal: honor RootlessCgroups
dd827f7b utils: switch to securejoin.MkdirAllHandle
1d308c7d vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1
5ab5ef3d deps: update to golang.org/x/sys@v0.22
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.2.0-69-gb7da1673, which comprises the following commits:
b7da1673 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
119111a0 libct/cg: add test for remove a non-existent dir in a ro mount point
068d7da7 Revert "Temporary set vagrant to 2.4.1-1"
ac435895 memfd-bind: elaborate kernel requirements for overlayfs protection
ba3d026e libct/cg: RemovePath: improve comments
12e06a7c libct/cg: RemovePath: simplify logic
db59489b runc delete: fix for rootless cgroup + ro cgroupfs
ca4a7a86 build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
43af111e MAINTAINERS: move dqminh and hqhq to EMERITUS
ec5e7eb7 build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
9cb59b46 ci: rm "skip on CentOS 7" kludges
5000f169 Temporary set vagrant to 2.4.1-1
b9dfb22d readme: drop unused memfd-bind reference
aa505bfa memfd-bind: mention that overlayfs obviates the need for it
9bc42d61 dmz: overlay: set xino=off to disable dmesg spam
9ce7392b Vagrantfile.fedora: bump Fedora to 41
609e9a51 Vagrantfile.fedora: stop using dnf shell
80c46d31 build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0
5586d7ca libct: rm obsoleted comment
f9fd70b7 CHANGELOG: add (forward-port) v1.1.15 changes
8cc73754 libct: fix a comment
ee1bced1 script/check-config.sh: add OVERLAY_FS check
c8f5d033 docs: remove prompt symbols from shell snippets
871057d8 drop runc-dmz solution according to overlay solution
34a92855 test join other container userns with selinux enabled
c78f3f2e libct/nsenter: become root after joining userns
1e674098 libct/int: add exec benchmark
cb201487 libct/int: use testing.TB for utils
4df7b1b1 build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0
cbb9b309 ci: use Go 1.23
732806e2 runc update: fix updating swap for cgroup v2
cb9f3d6d libct/cg: improve ConvertMemorySwapToCgroupV2Value
69b3be76 build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0
eb2ff52a libct: rm x/sys/execabs usage
f20f273a build(deps): bump github.com/opencontainers/selinux
139789f1 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
93db63ab build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
af024b6c build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2
42f96305 VERSION: back to development
0b9fa21b VERSION: release v1.2.0
568231cc Revert "increase memory.max in cgroups.bats"
e6699266 fix an error caused by fd reuse race when starting runc init
515f09f7 dmz: use overlayfs to write-protect /proc/self/exe if possible
8cfbccb6 tests: integration: add helper to check if we're in a userns
54ef07d8 tests/int: skip "update memory vs CheckBeforeUpdate" on EL9
ff775363 tests/int: rm centos-7 exclusion
76a821fa tests/int: update info about EL9 kernel
b5bdf592 libct: rm initWaiter
9fa324c4 dmz: cloned binary: set +x permissions when creating regular tmpfile
324fcea4 Terminate execution for criu that does not meet version requirements
eff6f049 libct/cap: no need to load capabilities
9b60a93c libcontainer/userns: migrate to github.com/moby/sys/userns
1623cde1 go: update github.com/cyphar/filepath-securejoin to v0.3.4
4fdd5616 memfd-bind: more specific doc URL
9e554587 memfd-bind: fixup systemd unit file and README
13a6f560 runc run: fix mount leak
b096459a vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
f55957de build(deps): bump bats-core/bats-action from 2.1.1 to 3.0.0
bb2bd38d change go minimum version in README
faffe1b9 replace strings.SplitN with strings.Cut
1be06760 libcontainer/cgroups/fs: remove todo since strings.Fields performs well
7a449109 libct/README: simplify example, rm inheritable caps
0de19533 runc spec, libct/int: do not add ambient capabilities
3e3f9603 runc exec --cap: do not add capabilities to ambient
5b161e04 update bats-action to 2.1.1
35f999dd remove installation of unused bats support libs
10c951e3 add ErrCgroupNotExist
319e133c go.mod: Use toolchain 1.22.4
8671a7db ci: update to setup bats action from bats-core
30f8f51e runc create/run: warn on rootless + shared pidns + no cgroup
21c61165 tests/int: log when teardown starts
b1449fd5 libct: use Namespaces.IsPrivate more
d8844e29 tests: integration: add setgid mkdirall test
066b109e vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2
646efe70 utils: mkdirall: mask silently ignored mode bits to match os.MkdirAll
457e1ffa tests: add regression test for CVE-2019-19921 / CVE-2023-27561
216175a9 Upgrade Cilium's eBPF library version to 0.16
a31efe70 libct/seccomp/patchbpf: use binary.NativeEndian
429e06a5 libct: Signal: honor RootlessCgroups
dd827f7b utils: switch to securejoin.MkdirAllHandle
1d308c7d vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1
5ab5ef3d deps: update to golang.org/x/sys@v0.22
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Like docker, there is runc / OCI check-config.sh script that
is useful when determining if your kernel is properly
configured.
We can package it in a -check package, and install it to
a similar location as the docker variant.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.2.0-rc.3-3-gf9f57641, which comprises the following commits:
429e06a5 libct: Signal: honor RootlessCgroups
961b8031 VERSION: back to development
45471bc9 VERSION: release v1.2.0-rc.3
6c24b2e8 changelog: update to include 1.1.14 notes
63c29081 rootfs: try to scope MkdirAll to stay inside the rootfs
767bc008 Makefile: Don't read COMMIT, BUILDTAG, EXTRA_BUILDTAGS from env vars
2cd24a4d ci/gha: add all-done jobs
cc2078cc Makefile: Add EXTRA_VERSION
f76489f0 mv contrib/cmd tests/cmd (except memfd-bind)
f4cc3d83 Revert "allow overriding VERSION value in Makefile"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.2.0-rc.2-44-g376e875f, which comprises the following commits:
cc2078cc Makefile: Add EXTRA_VERSION
f4cc3d83 Revert "allow overriding VERSION value in Makefile"
606257c6 Bump golangci-lint to v1.60, fix new warnings
adedeb99 ci/gha: add Go 1.23, drop 1.21
be539412 ensure we can download the specific version's go
a7c8d86f tests/int: fix "cpu burst" failure on new kernels
b437ed30 tests/int: check_{systemd,cgroup}_value: better log
2c398bb4 libct/int/seccomp_test: simplify exit code checks
171304c8 docs/systemd: fix a broken link
1410a698 rootfs: consolidate mountpoint creation logic
6fc2733a document build prerequsites for different platforms
15ec295b ci/gha: bump golangci-lint to v1.59
bb2db7b4 libct: drop error from (*Container).currentState return
c8395b6e Enable govet nilness, fix an issue
a5e660ca seccomp-notify.bats: add fcntl to the important syscall list
e7848482 Revert "libcontainer: seccomp: pass around *os.File for notifyfd"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.2.0-rc.2-21-g3778ae60, which comprises the following commits:
309a6d91 ci/gha: add go-fix job
a5e660ca seccomp-notify.bats: add fcntl to the important syscall list
e7848482 Revert "libcontainer: seccomp: pass around *os.File for notifyfd"
b18d052b ci/cirrus: switch from CentOS to Almalinux
8b1c0f7e CHANGELOG.md: dedup v1.2.0-rc.2 notes
6980adb6 libct/userns: implement RunningInUserNS with sync.OnceValue
b3b31ff2 libct/userns: make fuzzer Linux-only, and remove stub for uidMapInUserNS
5b09a712 libct/userns: change RunningInUserNS to a wrapper instead of an alias
30b530ca libct/userns: split userns detection from internal userns code
c1421339 remove pre-go1.17 build-tags
5ea76254 VERSION: back to development
f2d2ee5e VERSION: release 1.2.0-rc.2
ee601b87 MAINTAINERS_GUIDE: rm chief maintainer role
d6563f6b MAINTAINERS: move crosbymichael to EMERITUS
ad976aa1 put the changelog of v1.1.13 after v1.2.0-rc.1
4e2d7c0a update changelog after v1.1.13 released
2cb46c6e script/keyring_validate.sh: fix a typo
d6e427e1 runc exec: avoid stuttering in error messages
a6d46ed1 runc exec: improve options parsing
42cea2ec libct: don't allow to start second init process
e3e10725 libct: fix locking in Start/Run/Exec
304a4c0f libct: createExecFifo: rm unneeded os.Stat
e7294527 try to delete exec fifo file when failure in creation
1c505fff Revert "Set temporary single CPU affinity..."
f8f1bc9a Vagrantfile.fedora: bump to F40
77190360 libct/cg: write unified resources line by line
40dd884a MAINTAINERS: add Rodrigo Campos
3019e842 libct/cg: use clear built-in
b7fdd524 libct: use slices package
a1e87f8d libct: rm eaccess
6b2eb52f go.mod,README: require Go 1.21
17380da2 Dockerfile: switch to Go 1.22 and Debian 12
a3302f20 ci: switch to go 1.22 as main version
e660ef61 libct/nsenter: stop blacklisting go 1.22+
24c2d28d fix a debug msg for user ns in nsexec
3083bd44 tests/cgroups: separate cgroup v2 swap test
4209439b libct/cg/fs/v2: ignore setting swap in some cases
dbb011ec tests/int/helpers: fix cgroups_swap check for v2
8626c717 tests/int: fixup find statements
e530b2a6 tests/int/update: fix v2 swap check
024c2711 make trimpath optional
760105ab script/*: fix gpg usage wrt keyboxd
67f6c37b ci/gha: switch to ubuntu 24.04
40bb9c46 ci/cirrus: rm centos stream 8
48c4e733 ci: workaround for centos stream 8 being EOLed
5c5ebe77 tests/int/scheduler: require smp
b24fc9d2 ci: pin codespell
584afc67 libct/system: ClearRlimitNofileCache for go 1.23
b74b33c4 Dockerfile: bump Debian to 12, Go to 1.21
d697725a libct/cg/dev: fix TestSetV1Allow panic
177c7d4f Fix codespell warnings
a35f7d80 fix comments for ClearRlimitNofileCache
6ab3d8ad vendor: golang.org/x/net@v0.24.0
f8052066 libct/cg/fs: fix setting rt_period vs rt_runtime
e5e8f336 .cirrus.yml: rm FIXME from rootless fs on CentOS 7
36be6d05 libct/int: checkpoint test: skip pre-dump if not avail
e42d981d libct/int: rm double logging in checkpoint_test
62a31465 libct/int/cpt: simplify test pre-check
e676dac5 libct/criu: simplify checkCriuFeatures
f6a8c9b8 libct: checkCriuFeatures: return underlying error
4ea0bf88 update/add some tests for rlimit
da68c8e3 libct: clean cached rlimit nofile in go runtime
a853a826 runc exec: setupRlimits after syscall.rlimit.init() completed
f452f667 ci/gha: bump golangci-lint-action from 5 to 6
bac50646 libct: fix a comment
dbd0c334 libct/system: rm Execv
9d9273c9 allow overriding VERSION value in Makefile
75e02193 use go mod instead of go get in spec.bats
b032fead libct/cg/fs: don't write cpu_burst twice on ENOENT
6bf1d3ad tests/int/tty: increase the timeout
8732eada Vagrantfile.fedora: bump Fedora to 39
d63018c2 ci/gha: bump golangci-lint to v1.57
0eb8bb5f Format sources with gofumpt v0.6
6bcc7361 ci/gha: bump golangci/golangci-lint-action to v5
baba55e2 ci/actuated: re-enable CRIU tests
f6b7167b tests/int/checkpoint: add requires criu_feature_xxx
e5c82f00 tests/int/checkpoint: rm double logging
00238f5d CI: add actuated-arm64
758b2e2b helpers.bats: cgroups_cpu_burst: check kernel version
d618c6fe cgroups.bats: check cgroups_io_weight
053f6a0d seccomp_syscall_test1: use ftruncate instead of kcmp
30dc98f5 CI: run apt with -y
4f3319b5 libct: decouple libct/cg/devices
afc23e33 Set temporary single CPU affinity before cgroup cpuset transition.
cde1d090 libcontainer: force apps to think fips is enabled/disabled for testing
6b1f7308 tests/integration: Fix remount on debian testing
5052c075 tests/integration/mounts_sshfs.bats: Fix test on debian testing
e4bf49ff runc update: distinguish nil from zero
afcb9c2e add a test case for runc update cpu burst
5194bd8d VERSION: back to development
275e6d85 VERSION: release v1.2.0-rc.1
fc3e04dc changelog: update to include all new changes since 1.1.0
b47fb3fd changelog: sync changelog entries up to runc 1.1.12
d4b670fc changelog: mention key breaking changes for mount options
851e3882 ci/test: exclude some runc_nodmz jobs
e377e168 [hotfix] nsenter: refuse to build with Go 1.22 on glibc
ac31da6b ci/cross-i386: pin Go to 1.21.x
bfbd0305 Add I/O priority
ccc500c4 seccomp: patchbpf: always include native architecture in stub
b288abea seccomp: patchbpf: rename nativeArch -> linuxAuditArch
ab6788d3 Remove dependabot ignore
cdccf6d6 build: update libseccomp to v2.5.5
da79b616 fix runc-dmz bin path error in Makefile
37581ad3 dmz: remove SELinux special-casing
eefc6ae2 features: implement returning potentiallyUnsafeConfigAnnotations list
606251ab build(deps): bump github.com/opencontainers/runtime-spec
bb5673f2 build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0
7ab66b18 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
6056ed2d build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0
fc76b136 Makefile: Fix runc-dmz removal
46b72107 contrib/cmd/memfd-bind: Mention runc-dmz needs RUNC_DMZ=true
1dae66f7 libct/dmz: Require RUNC_DMZ=true to opt-in
935d586b build(deps): bump tim-actions/get-pr-commits from 1.3.0 to 1.3.1
86360598 tests/int: fix flaky kill tests
82499d42 Fixed spelling mistake in the Makefile at .PHONY vendor
93e37723 ci/golangci-lint: add checks permission
302b2e89 tests/int: use gawk where needed
3a9859bd libct/nsenter: rm unused include
ea140db7 libct/nsenter: rm unused code
27cbabd0 build(deps): bump golangci/golangci-lint-action from 3 to 4
afd90f44 build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
97632a6d build(deps): bump github.com/containerd/console from 1.0.3 to 1.0.4
174940a7 build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
a596a055 update go version to 1.21 in cirrus ci
bc4a869d test: no execve error msg synced to parent process
d0750587 close the sync pipe explicitly in exec
0bc4732c test for execve error without runc-dmz
35aa63ea never send procError after the socket closed
d8edada9 init: don't special-case logrus fds
ee73091a libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
89c93ddf cgroup: plug leaks of /sys/fs/cgroup handle
f2f16213 init: close internal fds before execve
8e1cd2f5 init: verify after chdir that cwd is inside the container
7094efb1 init: use *os.File for passed file descriptors
093c83e1 keyring: update AkihiroSuda key expiry
34eceb21 keyring: update cyphar@cyphar.com key expiry
fe95a2a0 tests/integration: Test exec failures
8afeccc8 libct/dmz: Print execve() errors
b1e3c3c7 build(deps): bump golang.org/x/net from 0.19.0 to 0.20.0
2a473a76 Add CONFIG_NETFILTER_XT_MATCH_COMMENT to check
e1e3ca02 build(deps): bump golang.org/x/sys from 0.15.0 to 0.16.0
68438ba2 fix scheduler validate
55c9d6bf we have implemented idmapped-mounts with no limitations
e90d8cb8 we have supported rsvd hugetlb cgroup
a7c3e07c libct: Improve error msg when idmap is not supported
43306be3 build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
5a4f5217 script/check-config.sh: check CONFIG_BLK_CGROUP_IOCOST
d87366f0 scripts/check-config: fix kernel version checks
7f65cc75 script/check-config.sh: check CONFIG_CHECKPOINT_RESTORE
6aa4c1a1 script/check-config: disable colors
b94b5590 scripts/check-config: don't check MEMCG_SWAP on newer kernels
3f4a73d6 TestCheckpoint: skip on ErrCriuMissingFeatures
c8113085 remove remap-rootfs bin when running make clean
0bbb7e9f move the target 'clean' next to 'all'
d08ba9ca fix a (u|g)IDMappings type value convertion error
7b655782 build(deps): bump actions/upload-artifact from 3 to 4
482e5637 configs: make id mappings int64 to better handle 32-bit
fa93c8b0 tests: mounts: add some tests to check mount ordering
3b57e45c mount: add support for ridmap and idmap
7795ca46 specconv: handle recursive attribute clearing more consistently
cdff09ab rootfs: fix 'can we mount on top of /proc' check
8e8b136c tree-wide: use /proc/thread-self for thread-local state
a04d88ec vendor: update to github.com/moby/sys/mountinfo@v0.7.1
5ae88daf idmap: allow arbitrary idmap mounts regardless of userns configuration
ba0b5e26 libcontainer: remove all mount logic from nsexec
ebcef3e6 specconv: temporarily allow userns path and mapping if they match
e66ba70f build(deps): bump actions/setup-go from 4 to 5
c045886f tests: remap rootfs for userns tests
6fa8d068 integration: add mega-test for joining namespaces
e6fb7fe5 nsexec: allow timens to work with non-rootless userns
09822c3d configs: disallow ambiguous userns and timens configurations
3bab7e92 configs: clean up error messages for Host[UG]ID
9387eac3 init: don't pre-flight-check the set[ug]id arguments
1912d598 *: actually support joining a userns with a new container
88411747 tests: integration: fix spurious SC203[01] shellcheck errors
c25493fc build(deps): bump golang.org/x/net from 0.17.0 to 0.19.0
b2782965 build(deps): bump golang.org/x/sys
a6f40817 libct: Destroy: don't proceed in case of errors
ab3cd8d7 runc delete, container.Destroy: kill all processes
7396ca90 runc delete: do not ignore error from destroy
d3d7f7d8 libct/cg: improve cgroup removal logic
29283bb7 runc delete -f: fix for no pidns + no init case
dcf1b731 runc kill: fix sending KILL to non-pidns container
542cce01 libct: Signal: slight refactor
d9f2a24a libct: replace runType with hasInit
94505a04 *: introduce pidfd-socket flag
3bde5111 fix some unit test error after bump ebpf to 0.12.3
b2f7614a bump github.com/cilium/ebpf from 0.12.2 to 0.12.3
823636c3 ci/cirrus: disable selinux-dmz kludge for centos-stream-8
9d8fa6d6 libcontainer: dmz: fix "go get" builds
669f4dbe configs: validate: add validation for bind-mount fsflags
4bf8b555 libct: Remove old comment
87bd7846 Add dmz-vs-selinux kludge and a way to disable it
393c7a81 README: fix reference to memfd-bind
b39781b0 tests/int: add selinux test case
b2539a7d libct/cg: skip TestWriteCgroupFileHandlesInterrupt on CentOS 7
a2f7c6ad internal/testutil: create, add SkipOnCentOS
2c9598c8 libct/cgroups.OpenFile: clean "file" argument
98511bb4 linux: Support setting execution domain via linux personality
6d279220 tests/int: fix flaky "runc run with tmpfs perm"
104b8dc9 libct/cg: add swapOnlyUsage in MemoryStats
7c71a227 rootfs: remove --no-mount-fallback and finally fix MS_REMOUNT
153865d0 tests/int: fix teardown in mounts_sshfs.bats
7f5daa88 libct/cg/fs.Set: fix error message
5ea7c60f tests/int: fix cgroup tests
bbf8eff8 tests/int: fix "runc run (hugetlb limits)"
d60d17a6 build(deps): bump github.com/cilium/ebpf from 0.12.1 to 0.12.2
9cd5d6cd libct/cg: remove retry on EINTR in
54d38c61 build(deps): bump github.com/cilium/ebpf from 0.12.0 to 0.12.1
f944d7b6 ci/gha: fix downloading Release.key
b6a0c483 libct/dmz: Support compiling on all arches
4a7d3ae5 libct/cg: support hugetlb rsvd
aec0dc7d build(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.0
6f7266c3 libcontainer: drop system.Setxid
2860708d build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0
b8f75f39 Makefile: move .PHONY to before each target
bdf78b44 libct/cg/dev: add sync.Once to test case
46bfcac8 Makefile: avoid calling sub-make
961d0f12 Makefile: make verify-dmz-arch less talkative
fa8f3817 ci: skip TestPodSkipDevicesUpdate on CentOS 7
927a5836 build(deps): bump golang.org/x/net from 0.15.0 to 0.16.0
0ab58aa2 build(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0
730bc844 Fix directory perms vs umask for tmpcopyup
770728e1 Support `process.scheduler`
efbebb39 libct: rename root to stateDir in struct Container
c89faacc libc: rm _LIBCONTAINER_STATEDIR
6538e6d0 libct: fix a typo
109dcadd fix two typos
f755c808 libct/cg/stats: support misc for cgroup v2
2e2ecf29 libct: use chmod instead of umask
4b3b7e99 docs/spec-conformance: update
531e29e1 script/lib.sh: set GOARM=5 for armel, GOARM=6 for armhf
90606665 docs: clarify the supported architectures (No MIPS)
9976be86 libct/dmz: Move comment out of the Makefile rule
90f5da65 libct/dmz: Reduce the binary size using nolibc
8da42aae sync: split init config (stream) and synchronisation (seqpacket) pipes
ccc76713 sync: rename procResume -> procHooksDone
99469eba Handle kmem.limit_in_bytes removal
90c8d36a dmz: use sendfile(2) when cloning /proc/self/exe
f8348f64 tests: integration: add runc-dmz smoke tests
6be763ee tests: integration: fix capability setting for CAP_DAC_OVERRIDE
b9a4727f contrib: memfd-bind: add helper for memfd-sealed-bind trick
dac41717 runc-dmz: reduce memfd binary cloning cost with small C binary
e089db3b dmz: add fallbacks to handle noexec for O_TMPFILE and mktemp()
0e9a3358 nsexec: migrate memfd /proc/self/exe logic to Go code
321aa20c scripts: add proper 386 and amd64 target triples and builds
d9ea71bf deprecate libcontainer/user
ca32014a migrate libcontainer/user to github.com/moby/sys/user
65a1074c increase memory.max in cgroups.bats
b17c6f23 validator: Relax warning for not abs mount dst path
c378602b libct/specconv: remove redundant nil check
c7ad2749 build(deps): bump github.com/cyphar/filepath-securejoin
e1584831 libct/cg: add CFS bandwidth burst for CPU
1fe9447f build(deps): bump golang.org/x/net from 0.14.0 to 0.15.0
2d0cd0b3 build(deps): bump actions/checkout from 3 to 4
d8e9ed3e libcontainer/userns: simplify, and separate from "user" package.
5f05b96e build(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0
937ca107 Fix File to Close
e8525238 tests/int: add a test for host mntns vs hooks
41778ddc Fix for host mount ns containers
fe6f33b2 build(deps): bump tim-actions/commit-message-checker-with-regex
0f3eeb9b tests/int: add failed hooks tests
cadf0a14 tests/int: rename hooks.bats to hooks_so.bats
6a4870e4 libct: better errors for hooks
f62f0bdf Remove nolint annotations for unix errno comparisons
17e7e230 ci/gha: bump golangci-lint to v1.54
b3e97214 Add issue reference to nolint annotation
cc7e607a features: Expose idmap support
671e211e vendor: Update runtime-spec to expose mountExtensions
b22073c5 ci/gha: add job timeouts
1f25724a configs: fix idmapped mounts json field names
8aa97ad3 nsexec: remove cgroupns special-casing
5c7839b5 rootfs: use empty src for MS_REMOUNT
20b95f23 libcontainer: seccomp: pass around *os.File for notifyfd
f81ef149 libcontainer: sync: cleanup synchronisation code
c6e7b1a8 libct: initProcess.start: fix sync logic
b0c7ce51 makefile: quote TESTFLAGS when passing to containerised make
aa5f4c11 tests: add several timens tests
9acfd7b1 timens: minor cleanups
46d6089f ci/gha: re-enable go caching
5741ea23 ci: add go 1.21, remove go 1.19
ec2ffae5 libct: Allow rel paths for idmap mounts
19d26a65 Revert "libct/validator: Error out on non-abs paths"
61a454cc build(deps): bump golang.org/x/net from 0.13.0 to 0.14.0
883aef78 libct/init: unify init, fix its error logic
789a73db init.go: move logger setup to StartInitialization
0d890ad6 nsenter: cloned_binary: use MFD_EXEC and F_SEAL_EXEC
b999376f nsenter: cloned_binary: remove bindfd logic entirely
38676931 criu: do not add log file into error message
c77aaa3f criu checkpoint/restore: print errors from criu log
e4478e9f criuSwrk: simplify switch
cb981e51 libct: move criu-related stuff to separate file
f88a7654 ci: fix flaky test "update memory vs CheckBeforeUpdate"
5c6b334c ci: fix TestOpenat2 when no systemd is used
962019d6 ci: fix TestNilResources when systemd not available
cfc801b7 Fix running tests under Docker/Podman and cgroup v2
ebc2e7c4 Support time namespace
83137c68 add a test case about missing stricky bit
6092a4b4 fix some file mode bits missing when doing mount syscall
06882888 contrib/fs-idmap: Move logic to a new function
855c5a0e contrib/fs-idmap: Don't hardcode sleep path
882e5fe3 contrib/fs-idmap: Check exactly 2 args are received
821d0018 contrib/fs-idmap: Remove not needed flags
7d2becdf libct/cg/fs2: use `file` + `anon` + `swap` for usage
99340bb0 contrib/fs-idmap: Reap childs
c537cb3d build(deps): bump golang.org/x/net from 0.12.0 to 0.13.0
70f4e46e utils: use close_range(2) to close leftover file descriptors
57f31c68 libct/nsenter: Show better errors for idmap mounts
701dff79 libct/cg/sd: use systemd v240+ new MAJOR:* syntax
da780e4d Fix bind mounts of filesystems with certain options set
237acdd8 add some important announcements in unreleased section
c875ea85 use the length of UIDMappings/GIDMappings to check whether empty or not
d9494fc6 CHANGELOG: forward-port 1.1.6-1.1.8 changes
11b6c9b6 build(deps): bump github.com/opencontainers/runtime-spec
a3785c88 Remove idmapFD field for mountEntry
46ada59b Use an *int for srcFD
c47f58c4 Capitalize [UG]idMappings as [UG]IDMappings
f92057aa tests/int: update set_cgroups_path doc
19f76b66 tests/int/ps: enable for rootless
867ee905 docs: Update spec conformance for idmap mounts
b460dc39 tests/integration: Add tests for idmap mounts
fda12ab1 Support idmap mounts on volumes
98317c16 ci: bump golangci-lint, remove fixed exception
fe4528b1 libcontainer: Just print the mountFds slice len on errors
73b64970 libcontainer: Add mountFds struct
0172016a libcontainer: Add generic parseFdsFromEnv()
f5814a10 libcontainer: Add generic sendFdsSources()
96bd4875 nsenter: Add idmap helpers
5166164d nsexec: Add generic receive_sources()
4b668a82 Switch setupUserNamespace() to use the toConfigIDMap() helper
fbf183c6 Add uid and gid mappings to mounts
83418f88 build(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0
2c844977 build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0
881e92a3 libct/validator: Error out on non-abs paths
45c75ac7 build(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0
017d6996 libct/nsenter: namespace the bindfd shuffle
3b191ff7 libct/nsenter: set FD_CLOEXEC on received fd
8f671781 libct/nsenter: refactor ipc funcs for reusability
890dceee libct/nsenter: annotate write_log() prototype
35fddfd2 chore(libct/nsenter): extract utility code
37732d1e MAINTAINERS: add Li Fu Bang
ad040b1c tests/int/delete: make sure runc delete removes failed unit
58a811f6 tests/int: add/use "requires systemd_vNNN"
43564a7b runc delete: call systemd's reset-failed
91b4cd25 libct/cg/sd: remove logging from resetFailedUnit
dacb3aaa tests/int/cgroups: remove useless/wrong setting
5cdf7671 libct/cg: IsCgroup2UnifiedMode: don't panic
5e53e659 ci: bump shellcheck to 0.9.0, fix new SC2016 warnings
a57d94d3 build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
9fa8b9de Fix tmpfs mode opts when dir already exists
eb55472e Fix integration tests failure when calling "ip"
a52efc1f build(deps): bump golang.org/x/net from 0.10.0 to 0.11.0
e3627658 .codespellrc: update for 2.2.5
c9209fd2 ci/gha: don't skip rootless+systemd on ubuntu 22.04
1aa7ca80 libct/cg/stats: support PSI for cgroup v2
bc390b2e build(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0
73b5dc02 docs/systemd: fix a broken link
62963fef libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
0ac3376c go.mod: runtime-spec v1.1.0-rc.3
78d31a49 ci/cirrus: enable rootless tests on cs9
41e04aa6 tests/int: rename a variable
e83ca519 tests/int/cgroups: filter out rdma
31e3c229 build(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
7d09ba10 libct: implement support for cgroup.kill
f8ad20f5 runc kill: drop -a option
9583b3d1 libct: move killing logic to container.Signal
2a7dcbbb libct: fix shared pidns detection
5b8f8712 libct: signalAllProcesses: remove child reaping
e0e8d9c8 tests/int/kill: add kill -a with host pidns test
67bc4bc2 tests/rootless.sh: drop set -x
fed0b124 tests/int: increase num retries for oom tests
5929b019 ci/gha: add space-at-eol check, fix existing issues
511c7614 man/runc: fixes
bb4dbbc4 ci/cirrus: limit numcpu
650efb2c Fix Vagrant caching
b9d2d8d8 build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
7e481ee2 libct/int: remove logger from init
eba31a7c libct/StartInitialization: rename returned error
4f0a7e78 libct/init: call Init from containerInit
72657eac libct: move StartInitialization
2a347045 build(deps): bump tim-actions/get-pr-commits from 1.2.0 to 1.3.0
62cc13ea gha: disable setup-go cache for golangci job
083e9789 ci/gha: rm actions/cache from validate/deps job
da5cdfed ci/gha: fix cross-i386
b32655d2 ci/gha: rm kludges for cross-i386 job
f6c393da features: graduate from experimental
6beb3c6a go.mod: runtime-spec v1.1.0-rc.2
882a2cc8 build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
02afa9f1 build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
a60933bb libct/rootfs: introduce and use mountEntry
976748e8 libct: add mountViaFDs, simplify mount
5a177463 deps: bump urfave/cli
20e38fb2 init: do not print environment variable value
5f6aafb3 libct: document process.LogLevel field
defb1cc7 libct/cg/dev: optimize and test findDeviceGroup
13091eee ci: bump bats 1.8.2 -> 1.9.0
a1920009 Vagrantfile.fedora: bump to 38
33b6ec29 ci/cirrus: use vagrant from hashicorp repo
14d6c7df runc.keyring: add Akihiro Suda
d7208f59 libct/cg/sd: use systemd version when generating dev props
cfc3c6da scripts: keyring validate: print some more information
a7583103 runc.keyring: add Kolyshkin
42a10919 runc-kill(8): amend the --all description
fe278b9c libct: fix a race with systemd removal
056ec0ca keyring: add Aleksa's <cyphar@cyphar.com> signing key
0c9c60aa keyring: add Aleksa's <asarai@suse.com> signing key
22538f89 keyring: verify runc.keyring has legitimate maintainer keys
957bccfe scripts: release: add verification checks for signing keys
87214947 release: add runc.keyring file and script
d9230602 Implement to set a domainname
6053aea4 Fix undefined behavior. Do not accept setjmp return value as variable.
953e1cc4 ci/gha: switch to or add ubuntu 22.04
439673d5 build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0
fd1a79ff ci/cirrus: improve host_info
873d7bb3 ci/cirrus: use Go 1.19.x not 1.19
611bbacb libct/cg: add misc controller to v1 drivers
9b71787b tests/int: fix some checks
9dbb9f90 ci: bump bats 1.3.0 -> 1.8.2
a6e95c53 build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
fd5debf3 libct/cg: rm GetInitCgroup[Path]
1034cfa8 build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
ed9651bc libct/cg/sd: support setting cpu.idle via systemd
b5ecad7b tests/int/update: test bad cpu.idle values
3ffbd4c8 tests/int: fix update cpu.idle failure on CS9
509b312c libct/cg/sd/v2: unifiedResToSystemdProps nit
82bc89cd runc run: refuse a non-empty cgroup
1d18743f libct/cg/sd: reset-failed and retry startUnit on UnitExists
c2533420 libct/cg/sd: ignore UnitExists only for Apply(-1)
c6e8cb79 libct/cg/sd: refactor startUnit
9f32ce6a CHANGELOG: forward-port 1.1.4 and 1.1.5 changes
73acc77b libct/cg: rm EnterPid
4ff49046 Makefile: add verify-changelog as release dependency
b2fc0a58 verify-changelog: allow non-ASCII
370e3be2 tests/int/mounts: only check non-shadowed mounts
a37109ce tests/int/mount: fix issues with ro cgroup test
8293ef2e tests/int: test for CAP_DAC_OVERRIDE
8491d334 Fix runc run "permission denied" when rootless
99a337f6 Dockefile: bump go go 1.20
da98076c mountToRootfs: minor refactor
54e20217 libctr/cgroups: don't take init's cgroup into account
a7a836ef libct/cg/dev: skip flaky test of CentOS 7
65df6b91 fix wrong notes for `const MaxNameLen`
9d45ae8d tests: Fix fuzzer location in oss-fuzz config
0d72adf9 Prohibit /proc and /sys to be symlinks
8f0d0c4d build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
cecb039d nsexec: retry unshare on EINVAL
e3cf217c build(deps): bump actions/setup-go from 3 to 4
a7046b83 build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
df4eae45 rootless: fix /sys/fs/cgroup mounts
afeffb7e .github/ISSUE_TEMPLATE/config.yml: fix contact links
7d940bdf Add `.github/ISSUE_TEMPLATE/config.yml`
6b41f8ed build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
6faef164 build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0
7b4c3fc1 Add support for umask when exec container
f2e71b08 libct/int: make TestFdLeaks more robust
be7e0394 libct/int: wording nits
7c75e84e libc/int: add/use runContainerOk wrapper
97ea1255 Fix runc crushes when parsing invalid JSON
b3b0bde6 build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
2e44a202 Makefile: fix typo in LDFLAGS_STATIC
92a4ccb8 specconv: avoid mapping "acl" to MS_POSIXACL
2adeb6f9 nsexec: Remove bogus kill to stage_2_pid
4d0a60ca tests: Fix weird error on centos-9
2ca3d230 nsexec: Add debug logs to send mount sources
e412b4e8 docs: add docs/spec-conformance.md
787fcf09 go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.1
fbfc6afe tests: add tests for capabilities
bc8d6e3b build(deps): bump github.com/opencontainers/selinux
0e1346fe build(deps): bump golang.org/x/net from 0.5.0 to 0.6.0
42dffaaa Dockerfile: fix build wrt new git
14e3ce9e build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0
1bb6209a tests/int: test for /dev/null owner regression
7e5e017d libcontainer: skip chown of /dev/null caused by fd redirection
5ecd40b9 Add Go 1.20, require Go 1.19, drop Go 1.18
81ca678f Disable clang-format
81c379fa support SCHED_IDLE for runc cgroupfs
5ce511d6 nsexec: Check for errors in write_log()
3fbc5ba7 ci: add tests/int/get-images.sh check
6d28928c Explicitly pin busybox and debian downloads
e29e57b5 libcontainer: configs: ensure can build on darwin
cc63d074 build(deps): bump github.com/cilium/ebpf from 0.9.3 to 0.10.0
6676f980 tests/integration/get-images.sh: fix busybox.tar.xz URL
eacada76 build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0
0ac98807 libct/cg/sd: stop using regex, fix systemdVersionAtoi
b44da4c0 libct: validateID: stop using regexp
15677e7b ci: fix delete.bats for GHA
c4aa452b tests/int/checkpoint: fix lazy migration flakiness
68352878 man/runc-restore: describe restore into different cgroup
d4582ae2 tests/int: add "--manage-cgroups-mode ignore" test
e8cf8783 libct/criuApplyCgroups: add a TODO
3438ef30 restore: fix --manage-cgroups-mode ignore on cgroup v2
212d25e8 checkpoint/restore: add --manage-cgroups-mode ignore
ff3b4f3b restore: fix ignoring --manage-cgroups-mode
4f2af605 build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
19a9d9fc tests/int: use runc features in seccomp flags test
ac04154f seccomp: set SPEC_ALLOW by default
076745a4 runc features: add seccomp filter flags
ab848089 types/features: fix docstrings
8e9128ff Vagrantfile.fedora: upgrade Fedora to 37
9fc707e7 Fixed init state error variable
067ca8f5 notify_socket.go: use sd_notify_barrier mechanism
ee88b900 notify_socket.go: avoid use of bytes.Buffer
313723fd fix libcontainer example
9f383793 build(deps): bump golang.org/x/net from 0.1.0 to 0.2.0
467dd234 build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0
e0d3c3e0 build(deps): bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0
783f9ffe runc checkpoint: destroy only on success
79aedac1 go.mod: golang.org/x/*: use tagged versions
6462e9de runc update: implement memory.checkBeforeUpdate
56edc41c ci: bump shfmt to 3.5.1, simplify CI setup
18f8f482 Fix comment of signalAllProcesses for process wait due to sigkill
2cd05e44 libct/seccomp/patchbpf: rm duplicated code
fbce47a6 deps: bump github.com/checkpoint-restore/go-criu to 6.3.0
b265d128 libct/seccomp: enable binary tree optimization
65840f64 tests/int/seccomp: fix flags test on ARM
6bf2c3b6 ci/gha: use v3 tag for actions/cache
a04363c1 build(deps): bump actions/cache from 3.0.10 to 3.0.11
4a8750d9 tests/int: add a "update cpuset cpus range via v2 unified map" test
77cae9ad cgroups: cpuset: fix byte order while parsing cpuset range to bits
462e719c Fixes inability to use /dev/null when inside a container
04389ae9 libcontainer/cgroups: return concrete types
ae53cde3 cirrus-ci: install EPEL on CentOS 7 conditionally
8584900e build(deps): bump actions/cache from 3.0.9 to 3.0.10
1be5d45d build(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.9.3
79a5c110 build(deps): bump actions/cache from 3.0.8 to 3.0.9
da9126f7 build(deps): bump github.com/opencontainers/selinux
7189ba8d build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0
491713e8 cirrus-ci: enable EPEL for CentOS 7
4e65118d tests/int/helpers: gawk -> awk
0ffb49db tests/int: suppress bogus error
6fce0a1c build(deps): bump github.com/checkpoint-restore/go-criu/v6
e965e10c tests/int: do not set inheritable capabilities
29a28848 Add check for CONFIG_CGROUP_BPF in check-config.sh
746f4580 deps: bump go-criu to v6
45041985 build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0
26dc55ef seccomp: fix flag test to actually check the value
c7dc8b1f libct/seccomp/patchbpf: support SPEC_ALLOW
8206f5b2 build(deps): bump actions/cache from 3.0.7 to 3.0.8
58b1374f Fix failed exec after systemctl daemon-reload
df9e32bc ci: fix for codespell 2.2
b7dcdcec Add go 1.19, require go 1.18, drop go 1.17
0f4bf2c8 ci/gha: bump golangci-lint to 1.48
45cc290f libct: fixes for godoc 1.19
bf8d7c71 build(deps): bump actions/cache from 3.0.5 to 3.0.7
589a9d50 ci/gha: fix cross-386 job vs go 1.19
450dd3e2 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
6d00bf6c build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
ea0bd782 libct/intelrdt: check if available iff configured
56daf36b libct/intelrdt: skip remove unless configured
c156bde7 libct/intelrdt: elide parsing mountinfo
9f107489 libct/intelrdt: skip reading /proc/cpuinfo
13674f43 libct/intelrdt: delete IsMBAScEnabled()
d9a3acb9 build(deps): bump github.com/cilium/ebpf from 0.9.0 to 0.9.1
58ea21da seccomp: add support for flags
c152e831 go.mod: update runtime-spec
4fd4af5b CI: workaround CentOS Stream 9 criu issue
5fd3d09e build(deps): bump actions/cache from 3.0.4 to 3.0.5
66bf3718 tests: replace local hello world bundle with busybox bundle
e119db7a tests: enable seccomp default action tests on arm
d2a5acd2 CHANGELOG.md: forward-port 1.1.x changes
957d97bc Fix error from runc run on noexec fs
086ddb15 Vagrantfile.fedora: upgrade Fedora to 36
35e6c3bf libct/nsenter: switch to sane_kill()
7481c3c9 ci: bump golangci-lint to 1.46
66625701 libct: fix staticcheck warning
d370e3c0 libct: fix mounting via wrong proc fd
c0be1aa2 export blockIODevice
56fcc938 Switch to newer v0.10.0 release of libseccomp-golang
cc0feb4b build(deps): bump actions/cache from 3.0.2 to 3.0.4
5ed3fdff build(deps): bump github.com/moby/sys/mountinfo from 0.6.1 to 0.6.2
343951a2 cgroups: systemd: skip adding device paths that don't exist
03a210d0 libcontainer: relax getenv_int sanity check
72ad2099 docs/cgroup-v2.md: update the distro list
65f41d57 vendor: bump urfave/cli, add urfave_cli_no_docs tag
e0406b4b vendor: bump cilium/ebpf to v0.9.0
6b96cbdd ci: improve shellcheck job
e1d04cdf script/seccomp.sh: check tarball sha256
fbafaf31 ci: drop docker layer caching from release job
f7b07fd5 Dockerfile,scripts/release: bump libseccomp to v2.5.4
6a79271c seccomp: patchbpf: minor cleanups
be6488a5 seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
0ca0bb9f libct/cg/sd: check dbus.ErrClosed instead of isDbusError
47e09976 libct/cg/dev: privatize some functions
b6967fa8 Decouple cgroup devices handling
25f18562 libct/cg/sd: factor out devices.go
d1601160 libct: use `unix.Getwd` instead of `os.Getwd` to avoid symlink
cab38885 go.mod: golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5
a14cc405 release: add riscv64 binary
1d7b2971 libct/seccomp: add riscv64
dafcacb5 Makefile: set CGO_ENABLED=1 when needed
21e32d47 Makefile: add support for static PIE
ab5c60d0 Makefile: fix GO_BUILDMODE setting
f2f6e599 Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
f0f1b5f9 Dockerfile: don't use crossbuild-essential-*
476aa18a Dockerfile: rm dpkg --add-architecture lines
d542ad65 Dockerfile: nit
98fe566c runc: do not set inheritable capabilities
009e627c Vagrantfile.fedora: fix build wrt new git
4d3e52f2 tests/int: fix a bad typo
2ce40b6a Remove tun/tap from the default device rules
68427f33 libct/seccomp/config: add missing KillThread, KillProcess
df2bc138 vendor: bump seccomp/libseccomp-golang to f33da4d
29a56b52 fix deprecated ActKill
9c710564 vendor: bump urfave/cli to v1.22.6
fa83a17c ci/gha: convert lint-extra from a job to a step
de25777a build(deps): bump github.com/moby/sys/mountinfo from 0.6.0 to 0.6.1
d73579ca build(deps): bump actions/cache from 3.0.1 to 3.0.2
66be704d ci/gha: remove stable: when installing Go
b6eb9476 build(deps): bump actions/upload-artifact from 2 to 3
9d2268b9 build(deps): bump actions/setup-go from 2 to 3
b76b6b93 Allow mounting of /proc/sys/kernel/ns_last_pid
67e06706 ci/gha: limit jobs permissions
7260bae6 build(deps): bump actions/cache from 2 to 3.0.1
ae6cb653 man/*sh: fix shellcheck warnings, add to shellcheck
cacc8237 ci: add call to check-config.sh
5d1ef78c script/check-config.sh: enable set -u, fix issues
d66498e7 script/check-config.sh: fix remaining shellcheck warnings
baa06227 script/check-config.sh: fix SC2166 warnings
dc73d236 script/check-config.sh: fix wrap_color usage
6b16d005 shfmt: add more files
01f30162 ci/gha: run on main branch
d77f898f build(deps): bump github.com/opencontainers/selinux
52229286 libct/specconv: use a local variable in CreateCgroupConfig()
d0c89dfa libct/cg: IsCgroup2HybridMode: don't panic
82bc042d build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
d620a401 tests/int: remove $ROOTLESS, use $EUID
d330f94b tests/int/update.bats: fix extra reqs
a2123baf tests/int: replace CGROUP_UNIFIED with CGROUP_V{1,2}
25ef852a tests/int: use = in test for strings comparison
102b8abd libct: rm BaseContainer and Container interfaces
6a3fe161 libcontainer: remove LinuxFactory
6a29787b libct/factory: make some methods functions
8358a0ec libct: StartInitialization: decouple from factory
a78c9a01 libct: remove Factory interface
71bc308b libct/New: remove options argument
b6514469 libct: remove TmpfsRoot
87cf5d20 CI/cirrus: add centos-stream-9
a0f8847e Drop go 1.16
5211cc3f Add / switch to Go 1.18
7cec81e0 libct: suppress strings.Title deprecation warning
fcab941e ci: switch to golangci-lint 1.45
3618079c README.md: add cirrus-ci badge
f309a69a README,libct/README: fix pkg.go.dev badges
48006d00 libct/configs/validate: rootlessEUIDMount: speedup
a99f82ad tests: Add comment to clarify intent of seccomp-notify tests
9f9acd1a tests: Improve name of seccomp notify test
728571c1 tests/int: runc delete: fix flake, enable for rootless
f7637def ci: use golangci-lint-action v3, GO_VERSION
f7d46134 ci: bump golangci-lint to v1.44
89733cd0 Format sources using gofumpt 0.2.1
a43485c9 build(deps): bump actions/checkout from 2 to 3
1a935208 libct/cg/sd: simplify DetectUserDbusSessionBusAddress
11895cd0 libct/cg/sd: escape dbus address value
38c21694 tests/integration/helpers: set -u
c8c3e852 tests: fix checks for non-existent variables
99d5c023 tests/int/{root,list}.bats: ALT_ROOT fixups in teardown
7da77d80 tests/int: don't add --root if $ROOT is not set
9e2a0463 tests/int: fix runc_spec for set -u
ab9609db build(deps): bump github.com/godbus/dbus/v5 from 5.0.6 to 5.1.0
8c04b981 libct/cg/sd/v2: fix ENOENT on cgroup delegation
01f00e1f ensure the path is a sub-cgroup path
40b00886 loadFactory: remove
d1fca8e5 list: report error when non-existent --root is specified
2b07e751 reviseRootDir: skip default values, add validation
899342b5 main: improve XDG_RUNTIME_DIR handling
eb2f08dc checkpoint,restore,list: don't call fatal
36786c36 list, utils: remove redundant code
1d5c3310 configs/validate: looser validation for RDT
0f0f1f61 build(deps): bump github.com/cilium/ebpf from 0.8.0 to 0.8.1
be00ae07 ci: shellcheck: update to 0.8.0, fix/suppress new warnings
0b74e49d runc run/exec: ignore SIGURG
24ab543f build(deps): bump github.com/moby/sys/mountinfo from 0.5.0 to 0.6.0
dbd990d5 libct: rm intelrtd.Manager interface, NewIntelRdtManager
85932850 libct: rm TestGetContainerStats, mockIntelRdtManager
9258eac0 libct/start: use execabs for newuidmap lookup
39bd7b72 libct: Container, Factory: rm newuidmap/newgidmap
0d215150 libct: remove Validator interface
630c0d7e libct: Container, Factory: rm InitPath, InitArgs
376c9886 libct/specconv: improve checkPropertyName
d37a9726 libct/specconv: test nits
58c1ff39 signals: fix signal name debug print
0767b782 build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0
7346dda3 libcontainer: remove "pausing" state
18e28626 libct/nsenter: fix extra runc re-exec on tmpfs
6e1d476a runc: remove --criu option
485e6c84 Fix some revive warnings
bb6a8388 libct: initContainer: rename Id -> ID
1b14d974 libct/configs: rm Windows TODO
76c398f8 libct/README: rm Cgroupfs
0fec1c2d libct: Mount: rm {Pre,Post}mountCmds
dffb8db7 libct: handleCriuConfigurationFile: use utils.SearchLabels
3d86d31b libct/utils: SearchLabels: optimize
1a3ee496 list: use Info(), fix race with delete
095929b1 list: getContainers: less indentation
cb364108 build(deps): bump github.com/cilium/ebpf from 0.7.0 to 0.8.0
146c8c0c libct: fixStdioPermissions: ignore EROFS
18c4760a libct: fixStdioPermissions: skip chown if not needed
b7fdb688 libct: fixStdioPermissions: minor refactoring
2eb6ac53 CHANGELOG: add #3306
e4d23d50 CHANGELOG.md: nit
5e201e7c libct/intelrdt: explain why mountinfo is required
c45eed9a libct/specconv: rm empty key from mountPropagationMapping
b5cb4056 ci: add go 1.18beta1
907aefd4 libct: StartInitialization: fix %w related warning
024adbb1 libct: Create: rm unneeded chown
edeb3b37 libct/intelrdt: faster init if rdt is unsupported
6c6b14e0 libct/intelrdt: remove findMountpointDir test
02e961bc libct/intelrdt: wrap Root in sync.Once
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
As of commit cc4ec43a2b657fb4c58429ab14f1edc2473c1327 [go: Drop fork
of unpack code, mandate GO_SRCURI_DESTSUFFIX] we require this
variable in our go recipes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
As of commit cc4ec43a2b657fb4c58429ab14f1edc2473c1327 [go: Drop fork
of unpack code, mandate GO_SRCURI_DESTSUFFIX] we require this
variable in our go recipes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.12-14-ge8bb71e1, which comprises the following commits:
6379b58d libcontainer: force apps to think fips is enabled/disabled for testing
265e7371 Vagrantfile.fedora: bump Fedora to 39
59056a02 silence security false positives from golang/net
452bf88e build: update libseccomp to v2.5.5
3fada6ec tests/int: fix flaky "runc run with tmpfs perm"
aae41a4b Fix integration tests failure when calling "ip"
82a8b979 update go version to 1.21 in cirrus ci
03271050 ci/gha/cross-i386: pin Go to 1.21
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.12-2-ga9833ff3, which comprises the following commits:
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
d0b1a374 keyring: update AkihiroSuda key expiry
d561e5da keyring: update cyphar@cyphar.com key expiry
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.12-2-ga9833ff3, which comprises the following commits:
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
d0b1a374 keyring: update AkihiroSuda key expiry
d561e5da keyring: update cyphar@cyphar.com key expiry
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.11-2-g452f520c, which comprises the following commits:
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
617db785 configs: make id mappings int64 to better handle 32-bit
e65d4cac specconv: temporarily allow userns path and mapping if they match
2dd8368e integration: add mega-test for joining namespaces
8f8cb455 configs: disallow ambiguous userns and timens configurations
0c8e2cc6 *: actually support joining a userns with a new container
87792ce0 libct/cg: add swapOnlyUsage in MemoryStats
32a26a71 build(deps): bump github.com/cyphar/filepath-securejoin
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
b426e9b7 libct/cgroups.OpenFile: clean "file" argument
8214e634 libct/cg: support hugetlb rsvd
f8be7009 [1.1] tests/int/helpers: add get_cgroup_path
1f66027a ci/gha: fix downloading Release.key
5a5b2cc3 Fix directory perms vs umask for tmpcopyup
b365458f fix a typo in cloned_binary.c: re-use -> reuse
8f66c9fb fix two typos
016b2b42 Handle kmem.limit_in_bytes removal
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.11-2-g452f520c, which comprises the following commits:
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
617db785 configs: make id mappings int64 to better handle 32-bit
e65d4cac specconv: temporarily allow userns path and mapping if they match
2dd8368e integration: add mega-test for joining namespaces
8f8cb455 configs: disallow ambiguous userns and timens configurations
0c8e2cc6 *: actually support joining a userns with a new container
87792ce0 libct/cg: add swapOnlyUsage in MemoryStats
32a26a71 build(deps): bump github.com/cyphar/filepath-securejoin
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.10-2-gf3446b1e, which comprises the following commits:
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
b426e9b7 libct/cgroups.OpenFile: clean "file" argument
8214e634 libct/cg: support hugetlb rsvd
f8be7009 [1.1] tests/int/helpers: add get_cgroup_path
1f66027a ci/gha: fix downloading Release.key
5a5b2cc3 Fix directory perms vs umask for tmpcopyup
b365458f fix a typo in cloned_binary.c: re-use -> reuse
8f66c9fb fix two typos
016b2b42 Handle kmem.limit_in_bytes removal
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.9-2-g26a98ea2, which comprises the following commits:
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
f44190e0 libct/intelrdt: check if available iff configured
6cf9ac15 libct/intelrdt: skip remove unless configured
4796f49c libct/intelrdt: elide parsing mountinfo
6a7a6a57 libct/intelrdt: skip reading /proc/cpuinfo
7c83dbe6 libct/intelrdt: delete IsMBAScEnabled()
5ebcfa62 [1.1] libct: rm intelrtd.Manager interface, NewIntelRdtManager
69473d0a libct: rm TestGetContainerStats, mockIntelRdtManager
dfdc7d07 libct/intelrdt: explain why mountinfo is required
5ba1b8ec libct/intelrdt: faster init if rdt is unsupported
a5407b9a libct/intelrdt: remove findMountpointDir test
dc8d0cc1 libct/intelrdt: wrap Root in sync.Once
929d04fc libct/cg/fs2: use `file` + `anon` + `swap` for usage
bdbfe042 ci: bump golangci-lint, remove fixed exception
d398ad2a gha: disable setup-go cache for golangci job
5888c55d ci/gha: rm actions/cache from validate/deps job
a47c15b4 build(deps): bump actions/setup-go from 3 to 4
44a53f08 ci: fix TestOpenat2 when no systemd is used
cff41a89 ci: fix TestNilResources when systemd not available
37405ca0 Fix running tests under Docker/Podman and cgroup v2
1c524242 [1.1] ci/gha: rm unsup Go 1.19.x, add 1.21.x
ac310917 ci/cirrus: improve host_info
ecccc432 [1.1] ci/cirrus: use Go 1.19.x not 1.19
bb2401ee [1.1] ci/cirrus: use Go 1.20
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.9-2-g26a98ea2, which comprises the following commits:
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
f44190e0 libct/intelrdt: check if available iff configured
6cf9ac15 libct/intelrdt: skip remove unless configured
4796f49c libct/intelrdt: elide parsing mountinfo
6a7a6a57 libct/intelrdt: skip reading /proc/cpuinfo
7c83dbe6 libct/intelrdt: delete IsMBAScEnabled()
5ebcfa62 [1.1] libct: rm intelrtd.Manager interface, NewIntelRdtManager
69473d0a libct: rm TestGetContainerStats, mockIntelRdtManager
dfdc7d07 libct/intelrdt: explain why mountinfo is required
5ba1b8ec libct/intelrdt: faster init if rdt is unsupported
a5407b9a libct/intelrdt: remove findMountpointDir test
dc8d0cc1 libct/intelrdt: wrap Root in sync.Once
929d04fc libct/cg/fs2: use `file` + `anon` + `swap` for usage
bdbfe042 ci: bump golangci-lint, remove fixed exception
d398ad2a gha: disable setup-go cache for golangci job
5888c55d ci/gha: rm actions/cache from validate/deps job
a47c15b4 build(deps): bump actions/setup-go from 3 to 4
44a53f08 ci: fix TestOpenat2 when no systemd is used
cff41a89 ci: fix TestNilResources when systemd not available
37405ca0 Fix running tests under Docker/Podman and cgroup v2
1c524242 [1.1] ci/gha: rm unsup Go 1.19.x, add 1.21.x
ac310917 ci/cirrus: improve host_info
ecccc432 [1.1] ci/cirrus: use Go 1.19.x not 1.19
bb2401ee [1.1] ci/cirrus: use Go 1.20
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.8-7-gaa68c400, which comprises the following commits:
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
7c36375a Update github actions packages in validate workflow
1fa89476 VERSION: back to development
82f18fe0 VERSION: release 1.1.8
ef6491ec tests/int/delete: make sure runc delete removes failed unit
ebdd4fa6 [1.1] tests/int: add "requires systemd_vNNN"
1188c5a1 runc delete: call systemd's reset-failed
71e76007 libct/cg/sd: remove logging from resetFailedUnit
3a4b3af6 tests/int/cgroups: remove useless/wrong setting
6bc3f22a libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.8-7-gaa68c400, which comprises the following commits:
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
7c36375a Update github actions packages in validate workflow
1fa89476 VERSION: back to development
82f18fe0 VERSION: release 1.1.8
ef6491ec tests/int/delete: make sure runc delete removes failed unit
ebdd4fa6 [1.1] tests/int: add "requires systemd_vNNN"
1188c5a1 runc delete: call systemd's reset-failed
71e76007 libct/cg/sd: remove logging from resetFailedUnit
3a4b3af6 tests/int/cgroups: remove useless/wrong setting
6bc3f22a libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fixes:
ld: --no-dynamic-linker: unknown option
* you might need to clean the build for updated LDFLAGS to be corectly re-configured
* lld and bfd are fine:
$ ld.gold --help | grep dynamic-linker
-I PROGRAM, --dynamic-linker PROGRAM
$ ld.bfd --help | grep dynamic-linker
-I PROGRAM, --dynamic-linker PROGRAM
--no-dynamic-linker Produce an executable with no program interpreter header
$ ld.lld --help | grep dynamic-linker
--dynamic-linker=<value>
--no-dynamic-linker Inhibit output of .interp section
* not sure where this came from only place where I see --no-dynamic-linker
in runc-opencontainers WORKDIR is:
aarch64-oe-linux/13.1.1/plugin/include/config/aarch64/aarch64-linux.h: %{static-pie:-Bstatic -pie --no-dynamic-linker -z text} \
aarch64-oe-linux/13.1.1/plugin/include/aarch64-linux.h: %{static-pie:-Bstatic -pie --no-dynamic-linker -z text} \
so my guess is:
923ae4da Makefile: add support for static PIE
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.7-37-gca73c9fd, which comprises the following commits:
0d93d7d1 release: add riscv64 binary
9164fe17 libct/seccomp: add riscv64
ed47e31a Makefile: set CGO_ENABLED=1 when needed
923ae4da Makefile: add support for static PIE
2abca872 Makefile: fix GO_BUILDMODE setting
120ec5bd Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
b9940113 Dockerfile: don't use crossbuild-essential-*
028fc57a Dockerfile: rm dpkg --add-architecture lines
4449ce84 Dockerfile: nit
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
02e065ef docs/systemd: fix a broken link
9af462e4 Fix tmpfs mode opts when dir already exists
7d1bdc7d .codespellrc: update for 2.2.5
8397943e man/runc: fixes
f9da684d tests/int: increase num retries for oom tests
7fa912ed ci/cirrus: limit numcpu
e9c1ca08 Fix Vagrant caching
e2265a92 ci: bump bats 1.8.2 -> 1.9.0
bbddb6bd Vagrantfile.fedora: bump to 38
27b86b4c ci/cirrus: use vagrant from hashicorp repo
98a1b76c tests/int: fix some checks
1eadcede ci: bump bats 1.3.0 -> 1.8.2
63af8b00 init: do not print environment variable value
404ea7ab libct: fix a race with systemd removal
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
We refresh one patch for context changes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.7-37-gca73c9fd, which comprises the following commits:
0d93d7d1 release: add riscv64 binary
9164fe17 libct/seccomp: add riscv64
ed47e31a Makefile: set CGO_ENABLED=1 when needed
923ae4da Makefile: add support for static PIE
2abca872 Makefile: fix GO_BUILDMODE setting
120ec5bd Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
b9940113 Dockerfile: don't use crossbuild-essential-*
028fc57a Dockerfile: rm dpkg --add-architecture lines
4449ce84 Dockerfile: nit
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
02e065ef docs/systemd: fix a broken link
9af462e4 Fix tmpfs mode opts when dir already exists
7d1bdc7d .codespellrc: update for 2.2.5
8397943e man/runc: fixes
f9da684d tests/int: increase num retries for oom tests
7fa912ed ci/cirrus: limit numcpu
e9c1ca08 Fix Vagrant caching
e2265a92 ci: bump bats 1.8.2 -> 1.9.0
bbddb6bd Vagrantfile.fedora: bump to 38
27b86b4c ci/cirrus: use vagrant from hashicorp repo
98a1b76c tests/int: fix some checks
1eadcede ci: bump bats 1.3.0 -> 1.8.2
63af8b00 init: do not print environment variable value
404ea7ab libct: fix a race with systemd removal
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.7-2-gb6109acd, which comprises the following commits:
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
c1063b1c runc.keyring: add Akihiro Suda
b0fae8c4 scripts: keyring validate: print some more information
79a52b43 libct/cg/sd: use systemd version when generating dev props
6a806d4d runc.keyring: add Kolyshkin
b6f686f2 keyring: add Aleksa's <cyphar@cyphar.com> signing key
63355bf8 keyring: add Aleksa's <asarai@suse.com> signing key
3bdb63bf keyring: verify runc.keyring has legitimate maintainer keys
853d5e38 scripts: release: add verification checks for signing keys
bd1d5370 release: add runc.keyring file and script
7cd72cc3 VERSION: go back to development
0f48801a VERSION: release 1.1.6
e4ce94e2 libct/cg: add misc controller to v1 drivers
10cfd816 libctr/cgroups: don't take init's cgroup into account
d30d240b tests/int: test for CAP_DAC_OVERRIDE
840b9539 Fix runc run "permission denied" when rootless
165d2323 tests/int: add a "update cpuset cpus range via v2 unified map" test
26a58fdb cgroups: cpuset: fix byte order while parsing cpuset range to bits
8d9d1d25 libct/int: make TestFdLeaks more robust
b66d6d56 libct/int: wording nits
ddbb6d41 libc/int: add/use runContainerOk wrapper
3531cc2d ci: add call to check-config.sh
ed9a0e1d ci/gha: bump actions/cache to v3
7683e508 ci/gha: switch to Go 1.19.x for validate
568d4407 ci/gha: bump golangci-lint to 1.48
1f9e36c0 libct: fixes for godoc 1.19
50f06554 ci: bump golangci-lint to 1.46
77472ef6 libct: fix staticcheck warning
9994fe3f libct: suppress strings.Title deprecation warning
403ea1f0 ci/gha: convert lint-extra from a job to a step
d2c83bdf ci/gha: switch to Go 1.18.x for validate
03a631df ci: switch to golangci-lint 1.45
e5a5522a Add supported Go releases (1.19, 1.20)
3ce12483 Dockerfile: fix build wrt new git
bac06cf6 ci/gha: remove stable: when installing Go
e74040e0 build(deps): bump actions/setup-go from 2 to 3
55462355 Require Go 1.17, bump x/sys and x/net
3ce9c1e2 tests: Fix weird error on centos-9
abd6adde ci: bump shfmt to 3.5.1, simplify CI setup
1a4bf049 man/*sh: fix shellcheck warnings, add to shellcheck
9201794a script/check-config.sh: fix remaining shellcheck warnings
8b976428 shfmt: add more files
b0fbd2f8 script/check-config.sh: fix SC2166 warnings
7f8cb3d6 script/check-config.sh: fix wrap_color usage
f6562f19 [1.1] libct/cg/dev: skip flaky test of CentOS 7
12f2f03f [1.1] runc run: refuse a non-empty cgroup for systemd driver
e618ec36 libct/cg/sd: reset-failed and retry startUnit on UnitExists
931b9bf3 libct/cg/sd: ignore UnitExists only for Apply(-1)
b46ac860 libct/cg/sd: refactor startUnit
822623b6 CHANGELOG.md: move 1.1.5 CVEs to Security section
54cfb25d Makefile: add verify-changelog as release dependency
7b3ac330 verify-changelog: allow non-ASCII
37e586ab CHANGELOG: fix a typo
de0c2277 [1.1] CHANGELOG: fix 1.1.5 git compare link
1fe2ec53 tests/int/mounts: only check non-shadowed mounts
9b8ebe4d tests/int/mount: fix issues with ro cgroup test
17a2d451 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.7-2-gb6109acd, which comprises the following commits:
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
c1063b1c runc.keyring: add Akihiro Suda
b0fae8c4 scripts: keyring validate: print some more information
79a52b43 libct/cg/sd: use systemd version when generating dev props
6a806d4d runc.keyring: add Kolyshkin
b6f686f2 keyring: add Aleksa's <cyphar@cyphar.com> signing key
63355bf8 keyring: add Aleksa's <asarai@suse.com> signing key
3bdb63bf keyring: verify runc.keyring has legitimate maintainer keys
853d5e38 scripts: release: add verification checks for signing keys
bd1d5370 release: add runc.keyring file and script
7cd72cc3 VERSION: go back to development
0f48801a VERSION: release 1.1.6
e4ce94e2 libct/cg: add misc controller to v1 drivers
10cfd816 libctr/cgroups: don't take init's cgroup into account
d30d240b tests/int: test for CAP_DAC_OVERRIDE
840b9539 Fix runc run "permission denied" when rootless
165d2323 tests/int: add a "update cpuset cpus range via v2 unified map" test
26a58fdb cgroups: cpuset: fix byte order while parsing cpuset range to bits
8d9d1d25 libct/int: make TestFdLeaks more robust
b66d6d56 libct/int: wording nits
ddbb6d41 libc/int: add/use runContainerOk wrapper
3531cc2d ci: add call to check-config.sh
ed9a0e1d ci/gha: bump actions/cache to v3
7683e508 ci/gha: switch to Go 1.19.x for validate
568d4407 ci/gha: bump golangci-lint to 1.48
1f9e36c0 libct: fixes for godoc 1.19
50f06554 ci: bump golangci-lint to 1.46
77472ef6 libct: fix staticcheck warning
9994fe3f libct: suppress strings.Title deprecation warning
403ea1f0 ci/gha: convert lint-extra from a job to a step
d2c83bdf ci/gha: switch to Go 1.18.x for validate
03a631df ci: switch to golangci-lint 1.45
e5a5522a Add supported Go releases (1.19, 1.20)
3ce12483 Dockerfile: fix build wrt new git
bac06cf6 ci/gha: remove stable: when installing Go
e74040e0 build(deps): bump actions/setup-go from 2 to 3
55462355 Require Go 1.17, bump x/sys and x/net
3ce9c1e2 tests: Fix weird error on centos-9
abd6adde ci: bump shfmt to 3.5.1, simplify CI setup
1a4bf049 man/*sh: fix shellcheck warnings, add to shellcheck
9201794a script/check-config.sh: fix remaining shellcheck warnings
8b976428 shfmt: add more files
b0fbd2f8 script/check-config.sh: fix SC2166 warnings
7f8cb3d6 script/check-config.sh: fix wrap_color usage
f6562f19 [1.1] libct/cg/dev: skip flaky test of CentOS 7
12f2f03f [1.1] runc run: refuse a non-empty cgroup for systemd driver
e618ec36 libct/cg/sd: reset-failed and retry startUnit on UnitExists
931b9bf3 libct/cg/sd: ignore UnitExists only for Apply(-1)
b46ac860 libct/cg/sd: refactor startUnit
822623b6 CHANGELOG.md: move 1.1.5 CVEs to Security section
54cfb25d Makefile: add verify-changelog as release dependency
7b3ac330 verify-changelog: allow non-ASCII
37e586ab CHANGELOG: fix a typo
de0c2277 [1.1] CHANGELOG: fix 1.1.5 git compare link
1fe2ec53 tests/int/mounts: only check non-shadowed mounts
9b8ebe4d tests/int/mount: fix issues with ro cgroup test
17a2d451 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.4-10-gbd4d05c0, which comprises the following commits:
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
3b958289 Fixes inability to use /dev/null when inside a container
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.4-10-gbd4d05c0, which comprises the following commits:
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
3b958289 Fixes inability to use /dev/null when inside a container
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the insane.bbclass upstream-status check hasn't been made
default, users of meta-virtualization may have it enabled in their
distros .. so the effect is the same. We must have this tracking
tag in out patches.
This is a bulk update to add the tag and silence the QA message.
As packages get updated, the normal/routine process of checking
the patches will continue, and the status fields may (or may not)
get more useful.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
