| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Synchronize the 'runc-docker' with the opencontainers variant. This
allows the common patch to be used once again, and we refresh our docker
specific patch to the new content.
Bumping runc to version v1.0.0-rc95-28-gbfcbc947, which comprises the following commits:
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
00119c85 integration: add repeated "runc update" test
d0f2c25f cgroup2: devices: replace all existing filters when attaching
98a3c0e4 cgroup2: devices: switch to emulator for cgroupv1 parity
dcc1cf7c devices: add emulator.Rules shorthand
54904516 libcontainer: fix integration failure in "make test"
c7c70ce8 *: clean t.Skip messages
a95237f8 libctr/cg/systemd: export rangeToBits
df0206a6 errcheck: utils
0c65f833 errcheck: signals
3b31e3ea errcheck: tty
b45fbd43 errcheck: libcontainer
463ee5e1 errcheck: libcontainer/nsenter
7e7ff872 errcheck: libcontainer/configs
a8995053 errcheck: libcontainer/integration
b93666eb libct/cg/fs2: setFreezer: wait until frozen
1069e4e9 libct/cg/fs2: optimize setFreezer more
5d193188 libct/cg/fs2: optimize setFreezer
8a7a374f VERSION: back to development
b9ee9c63 VERSION: release v1.0.0-rc95
0ca91f44 rootfs: add mount destination validation
c61f6062 libcontainer: honor seccomp defaultErrnoRet
d519da5e Dockerfile, Vagrantfile.centos7, .github: bats 1.3.0
bdad2859 Dockerfile, Vagrantfile.centos7: use go 1.16
f96530f2 EMERITUS: recognise previous maintainers
c73a6626 VERSION: back to development
2c7861bc VERSION: release v1.0.0-rc94
12e9cac9 Vagrantfile.fedora: set Delegate=yes
ac70a9a1 tests/int: run rootless_cgroup tests for v2+systemd
601cf582 tests/int/cgroups: don't check for hugetlb
40b97919 tests/int: enable/use requires cgroups_<ctrl>
44fcbfd6 tests/int/helpers: generalize require cgroups_freezer
353f2ad1 tests/int/update.bats: don't set cpuset in setup
4f8ccc5f libct/cg/sd/v2: call initPath from Path
0ed1f802 tests/int/helpers: rm old code
af2e03c5 ci/gha: bump shellcheck 0.7.1 -> 0.7.2
2d1bb91d ci/gha: bump shfmt 3.2.0 -> 3.2.4
a7feb423 libct/int: add TestFdLeaksSystemd
c7f847ed libct/cg/sd: use global dbus connection
99c5c504 libct/cg/sd: introduce and use getManagerProperty
0fabed76 libct/int/checkpoint_test: use kill(0) for pid check
7eb1405b libct/int/checkpoint_test: use waitProcess helper
72d7a824 libct/int/checkpoint_test: use t.Helper
bcca7968 libct/int: simplify/fix showing errors
524abc59 freezer: add delay after freeze
e1d842cf libct/intelrdt: fix unit test
541fc19e Makefile: allow overriding go command by environment
06a9ea36 script/release.sh: add -a to force rebuild
91b01682 Update golang.org/x/sys to add linux/ppc support
ee4612bc CI: enable Go 1.13 again
e2dd9220 go.mod: demote to Go 1.13
45f49e8f libcontainer: avoid using t.Cleanup
1a659bc6 Revert "Makefile: rm go 1.13 workaround"
abf12ce0 libc/cg: improve Manager docs
3f659467 libct/cg: make Set accept configs.Resources
af0710a0 libct/cg/sd/v2: fix Set argument
850b2c47 libct/cg/fscommon.OpenFile: speed up ro case
71a8aee8 cgroups/systemd: replace deprecated dbus functions
47ef9a10 libct/cg/sd: retry on dbus disconnect
6122bc8b Privatize NewUserSystemDbus
15fee989 libct/cg/sd: add renew dbus connection
bacfc2c2 libct/cg/sd: add isDbusError
cdbed6f0 libct/cg/sd: add dbus manager
9efd8466 libct/cg/fscommon.OpenFile: reverse checks order
0bee5e0b libct/cg/fs: add GetStats benchmark
7e7eb1c3 CI: update Fedora to 34
d3cee12a cloned_binary: switch from #error to #warning for SYS_memfd_create
23e3794d checkpoint: validate parent path
fcd7fe85 libct/cg/fs/freezer: make sure to thaw on failure
0216716c tests/int: add a case for cgroupv2 mount
5ffcc568 tests/int: use bfq test with rootless
ff692f28 Fix cgroup2 mount for rootless case
3826db19 libct/rootfs/mountCgroupV2: minor refactor
1e476578 libct/rootfs: introduce and use mountConfig
deb8a8dd libct/newInitConfig: nit
2192670a libct/configs/validate: validate mounts
1f1e91b1 libct/specconv: check mount destination is absolute
73f22e7f libcontainer/cgroups/systemd: replace use of deprecated dbus.New()
aa622723 tiny fix iterative checkpoint test case
ee3b563d Add cfs throttle stats to cgroup v2
6faed0e4 libct/int: use ok(t, err)
af3c5699 libct/int: remove unused code
7b802a7d libct/int: better test container names
9f3d7534 logging: enable file/line info if --debug is set
ef9922c2 libct/cg: don't return OOMKillCount error when rootless
5cdd9022 libct/cg/fs[2]: fix comments about m.rootless
31dd1e49 tests/int: add rootless + host pidns test case
a2050ea4 runc run: fix start for rootless + host pidns
2f1a3ed3 Fix vendored dependencies
d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0
f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach
928ef7af libct/nsenter: add json msg escaping
52390d68 Ignore kernel memory settings
b7c315ad vendor: bump containerd/console to 1.0.2
b6cdb8ae fix a typo
64bb59f5 nsenter: improve debug logging
6ce2d63a libct/init_linux: retry chdir to fix EPERM
c5029c00 tests: fix hello-world tarball name in testdata for arm64
289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1
4316df8b libcontainer/system: move userns utilities to separate package
e7fd383b libcontainer/system: un-export UIDMapInUserNS()
249356a1 libcontainer/system: remove unused GetParentNSeuid()
dc52ed25 libcontainer/user: remove outdated MAINTAINERS file
72ecf59c libcontainer/user: fix windows compile error
2515b0c2 libct/user: rm windows code
0596f6e1 libcontainer/devices/device_windows.go: rm
b1deba8c libcontainer/configs/config_windows_test.go: rm
f1586dbd libcontainer/configs/validate: make Validate() less DRY
4126b807 libcontainer/configs: add missing type for hooknames
48125179 go.mod: github.com/cilium/ebpf v0.4.0
44611630 docs/systemd: add
27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default
d748280a make release: build/include libseccomp
aa6da82c script/release.sh: fix shellcheck warnings
3eb46d89 ci: make static built binary available
f0dec0b4 libct/specconv/CreateCgroupConfig: nit
36fe3cc2 tests/int/cpt: fix lazy-pages flakiness
2dd62b3d libct/checkCriuFeatures: rm excessive debug
0e089002 tests/int/checkpoint: close lazy_r fd
b09030a5 tests/int/checkpoint: close fds in check_pipes
e63df1e6 tests/int: really randomize cgroup/unit names
6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE
adf733fa vendor: update go-systemd and godbus
f09a3e1b tests/int: don't set/use CGROUP_XXX variables
4ecff8d9 start: don't kill runc init too early
b1184302 libct/configs/validator: add some cgroup support
0f8d2b6b libct/cg/fs2.Stat: don't look for available controllers
85416b87 libct/cg/fs2.statPids: fall back directly
10f9a982 libct/cg/fs2/getPidsWithoutController: optimize
6121f8b6 libct/cg/fs2.Stat: always call statCpu
9455395b libct/cg/fs2/memory.Stat: add usage for root cgroup
a9c47fe7 libct/cg/fs[2]/getMemoryData[V2]: optimize
b99ca25a libct/cg/fs2/memory: fix swap reporting
79a8647b libct/int: add TestFdLeaks
b3be2b0b libct: close execFifo after start
08b52797 Make test specific to disassembleFilter function
7b3e0bcf Ensure the scratch pipe is read during ExportBPF
62f1f0e4 tests/int/checkpoint: check all logs for errors
346cb359 Revert "tests/checkpoint: show full log lazy pages cpt"
c9b3787b script/check-config.sh: add SELinux and AppArmor
5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities
e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
2726146b runc --debug: more tests
201d60c5 runc run/start/exec: fix init log forwarding race
c06f999b libct/logs/test: refactor
688ea99e runc init: fix double call to ConfigureLogs
dd6c8d76 main: cast Chmod argument to os.FileMode
69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner
0300299a tests/int/debug.bats: fixups
d38d1f9f libcontainer/logs: use int for Config.LogPipeFd
ac93746c libct/seccomp: rm IsEnabled
9b2f1e6f runc version: don't use seccomp.IsEnabled
c8e0486f Fix oss-fuzz build
d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER
997e8942 capabilities.Caps: use a map for capability-types
41f466d8 nsexec.c: fix formatting for netlink defines
522bd641 Fix checking C code formatting
1948b4ce cloned_binary.c: rm redundant comments
b67deb56 nsexec.c: rm a block
513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias
dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection
d6e89248 Fix build-tags in libcontainer/devices
f585cec7 libct/cg/v2: always enable TasksAccounting
8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight
74299a1c CI: cache ~/.vagrant.d/boxes
97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set
051646a3 tests: test nested bind mount restore
705b6cc7 Re-create mountpoints during restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating to the latest runc, which includes the following commits:
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
00119c85 integration: add repeated "runc update" test
d0f2c25f cgroup2: devices: replace all existing filters when attaching
98a3c0e4 cgroup2: devices: switch to emulator for cgroupv1 parity
dcc1cf7c devices: add emulator.Rules shorthand
54904516 libcontainer: fix integration failure in "make test"
c7c70ce8 *: clean t.Skip messages
a95237f8 libctr/cg/systemd: export rangeToBits
df0206a6 errcheck: utils
0c65f833 errcheck: signals
3b31e3ea errcheck: tty
b45fbd43 errcheck: libcontainer
463ee5e1 errcheck: libcontainer/nsenter
7e7ff872 errcheck: libcontainer/configs
a8995053 errcheck: libcontainer/integration
b93666eb libct/cg/fs2: setFreezer: wait until frozen
1069e4e9 libct/cg/fs2: optimize setFreezer more
5d193188 libct/cg/fs2: optimize setFreezer
8a7a374f VERSION: back to development
b9ee9c63 VERSION: release v1.0.0-rc95
0ca91f44 rootfs: add mount destination validation
c61f6062 libcontainer: honor seccomp defaultErrnoRet
d519da5e Dockerfile, Vagrantfile.centos7, .github: bats 1.3.0
bdad2859 Dockerfile, Vagrantfile.centos7: use go 1.16
f96530f2 EMERITUS: recognise previous maintainers
c73a6626 VERSION: back to development
2c7861bc VERSION: release v1.0.0-rc94
12e9cac9 Vagrantfile.fedora: set Delegate=yes
ac70a9a1 tests/int: run rootless_cgroup tests for v2+systemd
601cf582 tests/int/cgroups: don't check for hugetlb
40b97919 tests/int: enable/use requires cgroups_<ctrl>
44fcbfd6 tests/int/helpers: generalize require cgroups_freezer
353f2ad1 tests/int/update.bats: don't set cpuset in setup
4f8ccc5f libct/cg/sd/v2: call initPath from Path
0ed1f802 tests/int/helpers: rm old code
af2e03c5 ci/gha: bump shellcheck 0.7.1 -> 0.7.2
2d1bb91d ci/gha: bump shfmt 3.2.0 -> 3.2.4
a7feb423 libct/int: add TestFdLeaksSystemd
c7f847ed libct/cg/sd: use global dbus connection
99c5c504 libct/cg/sd: introduce and use getManagerProperty
0fabed76 libct/int/checkpoint_test: use kill(0) for pid check
7eb1405b libct/int/checkpoint_test: use waitProcess helper
72d7a824 libct/int/checkpoint_test: use t.Helper
bcca7968 libct/int: simplify/fix showing errors
524abc59 freezer: add delay after freeze
e1d842cf libct/intelrdt: fix unit test
541fc19e Makefile: allow overriding go command by environment
06a9ea36 script/release.sh: add -a to force rebuild
91b01682 Update golang.org/x/sys to add linux/ppc support
ee4612bc CI: enable Go 1.13 again
e2dd9220 go.mod: demote to Go 1.13
45f49e8f libcontainer: avoid using t.Cleanup
1a659bc6 Revert "Makefile: rm go 1.13 workaround"
abf12ce0 libc/cg: improve Manager docs
3f659467 libct/cg: make Set accept configs.Resources
af0710a0 libct/cg/sd/v2: fix Set argument
850b2c47 libct/cg/fscommon.OpenFile: speed up ro case
71a8aee8 cgroups/systemd: replace deprecated dbus functions
47ef9a10 libct/cg/sd: retry on dbus disconnect
6122bc8b Privatize NewUserSystemDbus
15fee989 libct/cg/sd: add renew dbus connection
bacfc2c2 libct/cg/sd: add isDbusError
cdbed6f0 libct/cg/sd: add dbus manager
9efd8466 libct/cg/fscommon.OpenFile: reverse checks order
0bee5e0b libct/cg/fs: add GetStats benchmark
7e7eb1c3 CI: update Fedora to 34
d3cee12a cloned_binary: switch from #error to #warning for SYS_memfd_create
23e3794d checkpoint: validate parent path
fcd7fe85 libct/cg/fs/freezer: make sure to thaw on failure
0216716c tests/int: add a case for cgroupv2 mount
5ffcc568 tests/int: use bfq test with rootless
ff692f28 Fix cgroup2 mount for rootless case
3826db19 libct/rootfs/mountCgroupV2: minor refactor
1e476578 libct/rootfs: introduce and use mountConfig
deb8a8dd libct/newInitConfig: nit
2192670a libct/configs/validate: validate mounts
1f1e91b1 libct/specconv: check mount destination is absolute
73f22e7f libcontainer/cgroups/systemd: replace use of deprecated dbus.New()
aa622723 tiny fix iterative checkpoint test case
ee3b563d Add cfs throttle stats to cgroup v2
6faed0e4 libct/int: use ok(t, err)
af3c5699 libct/int: remove unused code
7b802a7d libct/int: better test container names
9f3d7534 logging: enable file/line info if --debug is set
31dd1e49 tests/int: add rootless + host pidns test case
a2050ea4 runc run: fix start for rootless + host pidns
0f8d2b6b libct/cg/fs2.Stat: don't look for available controllers
85416b87 libct/cg/fs2.statPids: fall back directly
10f9a982 libct/cg/fs2/getPidsWithoutController: optimize
6121f8b6 libct/cg/fs2.Stat: always call statCpu
9455395b libct/cg/fs2/memory.Stat: add usage for root cgroup
a9c47fe7 libct/cg/fs[2]/getMemoryData[V2]: optimize
b99ca25a libct/cg/fs2/memory: fix swap reporting
c8e0486f Fix oss-fuzz build
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit dda5ae36b44c61e61439341ea3153e6be5cb015e.
binutils gold linker was fixed with:
https://git.openembedded.org/openembedded-core/commit/?id=d07d4d739ae17787017f771dd2068fda0e836722
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* just a work around for internal error in binutils-2.36 gold:
http://errors.yoctoproject.org/Errors/Details/580099/
CGO_ENABLED=1 x86_64-oe-linux-go build -trimpath -tags "seccomp seccomp netgo osusergo" -ldflags "-w -extldflags -static -X main.gitCommit="fce58ab2d5c488bc573d02712db476a6daa9a60c-dirty" -X main.version=1.0.0-rc93+dev " -o runc .
TOPDIR/tmp-glibc/work/core2-64-oe-linux/runc-opencontainers/1.0.0-rc93+gitAUTOINC+fce58ab2d5-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/11.0.1/ld: internal error in format_file_lineno, at ../../gold/dwarf_reader.cc:2278
collect2: error: ld returned 1 exit status
* it fails like this only together with gcc-11, with gcc-10.3 it
builds fine even with gold
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the SRCREV to include the following commits:
ef9922c2 libct/cg: don't return OOMKillCount error when rootless
5cdd9022 libct/cg/fs[2]: fix comments about m.rootless
2f1a3ed3 Fix vendored dependencies
d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0
f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach
928ef7af libct/nsenter: add json msg escaping
52390d68 Ignore kernel memory settings
b7c315ad vendor: bump containerd/console to 1.0.2
b6cdb8ae fix a typo
64bb59f5 nsenter: improve debug logging
6ce2d63a libct/init_linux: retry chdir to fix EPERM
c5029c00 tests: fix hello-world tarball name in testdata for arm64
289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1
4316df8b libcontainer/system: move userns utilities to separate package
e7fd383b libcontainer/system: un-export UIDMapInUserNS()
249356a1 libcontainer/system: remove unused GetParentNSeuid()
dc52ed25 libcontainer/user: remove outdated MAINTAINERS file
72ecf59c libcontainer/user: fix windows compile error
2515b0c2 libct/user: rm windows code
0596f6e1 libcontainer/devices/device_windows.go: rm
b1deba8c libcontainer/configs/config_windows_test.go: rm
f1586dbd libcontainer/configs/validate: make Validate() less DRY
4126b807 libcontainer/configs: add missing type for hooknames
48125179 go.mod: github.com/cilium/ebpf v0.4.0
44611630 docs/systemd: add
27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default
d748280a make release: build/include libseccomp
aa6da82c script/release.sh: fix shellcheck warnings
3eb46d89 ci: make static built binary available
f0dec0b4 libct/specconv/CreateCgroupConfig: nit
36fe3cc2 tests/int/cpt: fix lazy-pages flakiness
2dd62b3d libct/checkCriuFeatures: rm excessive debug
0e089002 tests/int/checkpoint: close lazy_r fd
b09030a5 tests/int/checkpoint: close fds in check_pipes
e63df1e6 tests/int: really randomize cgroup/unit names
6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE
adf733fa vendor: update go-systemd and godbus
f09a3e1b tests/int: don't set/use CGROUP_XXX variables
4ecff8d9 start: don't kill runc init too early
b1184302 libct/configs/validator: add some cgroup support
79a8647b libct/int: add TestFdLeaks
b3be2b0b libct: close execFifo after start
08b52797 Make test specific to disassembleFilter function
7b3e0bcf Ensure the scratch pipe is read during ExportBPF
62f1f0e4 tests/int/checkpoint: check all logs for errors
346cb359 Revert "tests/checkpoint: show full log lazy pages cpt"
c9b3787b script/check-config.sh: add SELinux and AppArmor
5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities
e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
2726146b runc --debug: more tests
201d60c5 runc run/start/exec: fix init log forwarding race
c06f999b libct/logs/test: refactor
688ea99e runc init: fix double call to ConfigureLogs
dd6c8d76 main: cast Chmod argument to os.FileMode
69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner
0300299a tests/int/debug.bats: fixups
d38d1f9f libcontainer/logs: use int for Config.LogPipeFd
ac93746c libct/seccomp: rm IsEnabled
9b2f1e6f runc version: don't use seccomp.IsEnabled
d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER
997e8942 capabilities.Caps: use a map for capability-types
41f466d8 nsexec.c: fix formatting for netlink defines
522bd641 Fix checking C code formatting
1948b4ce cloned_binary.c: rm redundant comments
b67deb56 nsexec.c: rm a block
513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias
dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection
d6e89248 Fix build-tags in libcontainer/devices
f585cec7 libct/cg/v2: always enable TasksAccounting
8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight
74299a1c CI: cache ~/.vagrant.d/boxes
97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set
051646a3 tests: test nested bind mount restore
705b6cc7 Re-create mountpoints during restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
runc can be built with both selinux and seccomp tags. These tags
are a requirement for proper operation with some frameworks (like
k3s).
So we add checks for the appropriate distro features and then
automatically add them to the build tags, allowing us a coordinated
enabling of the functionality.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When using podman (or other seccomp enabled container runtimes),
you will get an OCI container startup error if runc hasn't been
built with seccomp.
Adding a distro feature to runc and to the README to make it easier
to coordinate the support.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to the next -rc, which comprises the following commits:
1e0016cf Show error stack trace if --debug is set
5c0342ba libcontainer: fix bad conversion from syscall.Errno to error
a9e99b6d ci/gha/fedora: retry vagrant up
f26768a8 VERSION: back to development
12644e61 VERSION: release 1.0.0~rc93
c348b982 tests/rootless.sh: fix/ignore shellcheck warnings
11437593 tests/rootless.sh: use set -e -u -o pipefail
5ab05884 ci: untangle getting test images
bc175ba4 tests/helpers.bash: rm GOPATH
dc025792 ci/gha: bump golangci-lint to v1.36
4d3a8d5e .golangci.yml: add
76ae1f5c libct/cg/fs/freezer: fix freezing race
c4bc3b08 Remove "PatchAndLoad" stub as it's not used without seccomp enabled
6ddfaa5e cgroupfs: cpuset: fix broken build
ca422896 Makefile: add -trimpath go build flag
d89c9629 Fix typo in README
b1195b76 ci: test with golang 1.16-rc1
164e0adb tests/int/spec.bats: fix for go 1.16
4160d743 seccomp: add enosys unit tests
8bd19cd5 tests: add seccomp -ENOSYS integration test
7a8d7162 seccomp: prepend -ENOSYS stub to all filters
2be806d1 libcontainer/configs: improve CommandHook unit tests
f4d153b0 Fix int overflow in test on 32 bit system
4e98eec1 libct/cg: demote "systemd is too old" to debug
c7357aad libct/cg/ebpf/testDeviceFilter: rm verbose logging
6a9f5ac9 libct/cg/fs: fix a linter warning
63c44e27 libct/cg/fs: getPageUsageByNUMA: rewrite/optimize
e9248dd5 cgroup: fix panic in parse memory.numa_stat
426aa416 libct/int/TestExecInTTY: skip
c30cd3cd libct/int/TestExecInTTY: fix error reporting
dac0c1e3 console.ClearONLCR: move it back
ab27e12c Implement GetStat for cpuset cgroup.
867ba38e events: simplify some conversion functions
8ce51611 GHA: tune timeouts for VM jobs
510e404e make shfmt: run for all script/* files
90d02ecc Vagrantfile.centos7: clean up after bats install
a91210f4 gha: use ssh -tt to have a tty
1f4a3b1e gha: don't check commits on push
4a30ada4 gha: cache docker layers to speed up make runcimage
58c31003 README: rm travis badge
a21e57d7 tests/int/hooks.bats: skip earlier
657a24ce libct/cg/TestGetHugePageSizeImpl: only log errors
3394e374 libct/cg/sd/TestRangeToBits: be less verbose
230a46b7 systemd: fix rootful-in-userns regression
c751ba3f systemd: show more helpful error
a35cad3b libct/cg/sd/v2: warn about old systemd
03b512e5 libc/cg: convert r.CPU.Cpus/Mems to systemd props
eee425f5 libct/cg/sd/systemdVersion: don't return error
5de00ad9 tests/int/multi-arch.bash: fix for busybox
b3cf4831 script/check-config.sh: fix IOSCHED_CFQ CFQ_GROUP_IOSCHED
1a00cd8f script/check-config.sh: fix MEMCG_SWAP_ENABLED
ecb9d73c script/check-config.sh: fix NF_NAT_NEEDED
483abaac script/check-config.sh: fix NF_NAT_IPV4
91eba84a script/check-config.sh: support for cgroupv2
25987d03 libcontainer/intelrdt: adjust the file mode
c8e89b8d Remove script/install-vagrant.sh
06a684d6 libct/int/TestExecInTTY: repeat the test 300 times
fedaa2ab TestExecInTTY: simplify, improve error reporting
719d70d2 setupIO: simplify code
24c05b71 tty: fix ClearONLCR race
039c47ab libcontainer: signalAllProcesses(): log warning when failing to thaw
18972177 libcontainer: move capabilities to separate package
692fab09 libct/checkProcMounts: optimize
72f46389 libct: add TODO about os.ErrProcessDone
d7df3018 libct: suppress bogus "unable to terminate" warnings
637f82d6 runc run: resolve tmpfs mount dest in container scope
d64c3afe tests/int/mount.bats: reformat
a2c9866e tests/int/mounts.bats: cleanup
9f2153c6 libct/cgroups/fs/cpuset: don't use MkdirAll
c85cd2b3 libct/cg/fs/cpuset: don't parse mountinfo
c0e14b8b libct/cg/fs.getCgroupRoot: reuse (cached) cgroup mountinfo
ed70dfa7 libct/cgroups/v1_utils: implement mountinfo cache
17a0dc31 README: add note about not using runc directly
4bc2aab9 README: add links to misc docs
2dc1bf91 ci: move Fedora 33 and CentOS 7 tests to gha
e431fe60 ci: move misc validate tasks from travis to gha
7ecba232 ci: move cross compile check from travis to gha
8ccd39a9 ci: move commit length check from travis to gha
1125ae78 tests/events.bats: unify duplicated code
27268b1a tests/int/cwd: add test case for cwd not owned by runc
d869d05a libctr/init_linux: reorder chdir
8bd3b878 test: add case for GH #2086
cb3dd9d8 libct/configs/validate: test for bind-mounted netns
8e8661e1 libct/configs/validate/sysctl: fix repeated netns checks
2dce0699 libct/configs/validate: fix host netns check
2143b368 libct/int/execin_tty: do help debug a flake
e709b8ab libctl/cgroups/fscommon: close fd
325a74dd libcontainer/intelrdt: rm init() from intelrdt.go
cb269306 remove "selinux" build tag (Always compile SELinux support)
552a1c7b remove "apparmor" build tag (Always compile AppArmor support)
48b8eb09 checkProcMount: add /proc/slabinfo to whitelist
1909051b libct/int/execin_tty: help debug a flake
97929295 libct/intelrdt: fix a staticcheck warning
6437086e libct/addCriu*Mount: fix gosimple warning
d0b59548 libct/checkCriuFeatures: fix gosimple linter warning
3de5c514 libct/int: don't hardcode CAP_NET_ADMIN
3387422b libct/int: fix "simple" linter warnings
11680cd2 libct: fix "unused" linter warning
a99ecc9e libct/cg/utils: silence a linter warning
3c9b03fd libct/cg/fscommon: log openat2 init failures
6bda4600 libcontainer/cgroups/fscommon: add openat2 support
31b0151f move blkio stat gathering to loop
990a6c57 cgroups: update blkio GetStats
be56333f bats: update to 1.2.1
f15c4cca Update umoci to 0.4.6
4344bd8f Dockerfile: use binary criu release
3aead32e nsenter: hard-code memfd_create(2) syscall numbers
5d1b0268 .github/workflows/validate: nits
7cd062d7 libct/cgroup/utils: fix GetCgroupMounts(all=true)
4fc2de77 libcontainer/devices: remove "Device" prefix from types
677baf22 libcontainer: isolate libcontainer/devices
de80aae4 recvtty: fix errcheck linter warnings
6b41b463 recvtty: fix waiting for both goroutines
4bbfd2e1 recvtty: use ioutil.Discard
c1ef0cf6 ci: add integration+unit tests to github actions
fce8dd4d tests/int/tty.bats: increase timeout
c6ed1854 ci: add shellcheck to github actions
27835a9e Makefile: move shellcheck out of validate
33bda24a ci: move verify-deps from travis to github actions
c60f23b3 ci: add shfmt to github actions
717a73b3 ci: renamed golangci-lint to validate
06b204e5 Makefile: move shfmt out of validate, add -w
7856c340 Dockerfile: bump criu to 3.15
ee1bdb80 vendor: github.com/cilium/ebpf v0.2.0
f0d5e839 Dockefile: fix path to skopeo repo
d9010b0e integration: update README to link to bats-core
3f2f06df Move cgroup v2 out of experimental
f62ad4a0 libcontainer/intelrdt: rename CAT and MBA enabled flags
620f4c5c libcontainer/intelrdt: fix CMT feature check
896da0b9 docs: terminals: modify the example of Pass-Through mode.
4690064f update vendor
9403afd7 CI: Fedora 33: print kernel version, systemd version, and rootfs type
0a097615 CI: update Fedora to 33
41aa7640 linux: drop MS_REC for readonly remount
a4e6955e linux: fix remount readonly in a user namespace
2e968a83 libct/cg/sd/v2: "support" (ignore) memory.oom.group
c013be56 libct/cg/sd/v2: support memory.* / Memory* unified
13afa58d libct/cg/sd/v2: support cpuset.* / Allowed*
5be8b97a libct/cg/sd/v2: support cpu.weight / CPUWeight
390a98f3 runc update: support unified resources
ab80eb32 libct/cg/sd/v2: support cpu.max unified resource
7f24098d tests/int: move check_cpu* to helpers
fd5226d0 libct/cg/sd: add defCPUQuotaPeriod
0cb8bf67 Initial v2 resources.unified systemd support
ed548376 tests/int/update.bats: add checks for runc status
d0991db2 tests/int/cgroups.bats: reformatting
a66a8238 ci: pin shfmt to v3.2.0
2ceb9719 tests/integration: rm excessive run use
e32716d3 tests/int: simplify teardown_running_container
c114919f tests/int: fix "runc exec --preserve-fds"
7b8c4e98 shfmt mounts.bats to pass `make validate`
ac5ec5e3 libcontainer/integration: fix unit test
f5c345c3 test: add "runc run --no-pivot must not expose bare /proc"
17de6f80 vendor: bump mountinfo to v0.4.0
70538b39 Update bash completion to support systemd-cgroup
933c4d31 libcontainer/intelrdt: privatize IntelRdtManager and its fields
2c004a10 libcontainer/intelrdt: introduce NewManager()
abcc1aae fix some typos about libcontainer
939ad4e3 don't panic when /sys/fs/cgroup is missing for rootless
7613c718 Update bash completion to support new capabilities
b8bf5728 rootfs: handle nested procfs mounts for MS_MOVE
5903b0ce libcontainer/intelrdt: remove 'omitempty' property from CMT and MBM counters
0253a08d CI: add shfmt for sh files
ff9852c4 *.sh: use shfmt
069fddfa CI: add shfmt for bats
fc8c7797 tests/integration/*.bats: reformat with shfmt
0aa0fae3 Kill all processes in cgroup even if init process Wait fails
978fa6e9 Fixing some lint issues
f0fdde79 libct/cg/systemd/v1: fix err check in enableKmem
c1bba720 libct/cg/systemd/v1: do not use c.Path
fa47f958 libct/int/newTemplateConfig: add systemd support
9135d99c libct/int/newTemplateConfig: add userns param
73d93eeb libct/int: make newTemplateConfig argument a struct
fb4c27c4 Fix mount error when chmod RO tmpfs
002c92f1 libct/cg.WriteCgroupProc: use fscommon.OpenFile
c95e6900 libct/cg/fs*: use fscommon.OpenFile
d55729f1 libct/cg/fs/blkio: use fscommon.OpenFile
0228226e libcontainer/cgroups/fscommon: introduce OpenFile
b4483305 Add error message
e25b8cfc libct/cg/utils: use fscommon.ReadFile
6bae53f5 libct/cg/fs2: use fscommon.ReadFile
2588e6f1 libct/cg/fs/cpuset: use fscommon.ReadFile
1d20cf49 libct/cg/fs/cpuacct: use fscommon.ReadFile
9e78b66e libct/cg/systemd/v1.enableKmem: use fscommon.ReadFile
31634436 libct/cg/fs2.CreateCgroupPath: use fscommon.*File
b7092d84 libct/cg/fs.setKernelMemory: use fscommon.WriteFile
619de977 libct/cg/fscommon_test: rm cgroups dependency
ede8a86e Convert root path to absolute path on create command
e8eb8000 fix some linting issues
fcf210d6 Fix goreport warnings of ineffassign and misspell
644c107e libcontainer/intelrdt: modify the incorrect file mode
87412ee4 vendor: bump mountinfo v0.3.1
28b452bf libcontainer: unconvert
b3a8b074 libcontainer: prefer bytes.TrimSpace() over strings.TrimSpace()
3d5dec2f libcontainer: remove the unused variable from spec
b76652fb libcontainer: remove `removePath` from cgroups
faaecac7 libcontainer: remove loadConfig which is the unused function
c6ac3c4b libcontainer/system: remove deprecated GetProcessStartTime
3eb469b0 libcontainer: remove redundant strings.Join()
bc9a7bda setFreezer: explicitly return nil
2a644a7d CI: add golangci-lint via github actions
360981ae libct/cgroups: rewrite getHugePageSizeFromFilenames
819fd683 go.mod: sirupsen/logrus v1.7.0
0eb66c95 go.mod: github.com/containerd/console v1.0.1
8bf21672 use string-concatenation instead of sprintf for simple cases
a4d5e8a2 libcontainer/ignoreTerminateError: ignore SIGKILL
dc424591 libct/(*initProcess).start: fix removing cgroups on error
8699596d libct/(*setnsProcess).Start: use retErr
38447895 libct/cgroups/systemd: eliminate runc/systemd race
6c83d23f libcontainer/cgroups/fscommon: improve doc
31f0f5b7 libct/cg/fscommon.GetCgroupParamUint: improve
e76ac1c0 libct/cg/fscommon.GetCgroupParamString: use ReadFile
aac4d1f5 libct/cg/fscommon/GetCgroupParamKeyValue: nits
d167be29 libct/cgroups/fs2/statHugeTlb: error message nits
2c70d238 libct/intelrdt: add TestFindIntelRdtMountpointDir
ab2b5dfa libcontainer/cgroups: use const for templates
b7c446b3 checkpoint: setPageServer: use net.SplitHostPort instead of strings.Split
f1c1fdf9 libcontainer/intelrdt: use moby/sys/mountinfo
4929c05a tests/int: add cgroupv2 unified resources tests
6e2159be tests/int/cgroups: make sure to rm containers
b006f4a1 libct/cgroups: support Cgroups.Resources.Unified
8ceae9f7 libct/cgroups/GetHugePageSize: use Readdirnames
9aff7aae libct/utils: add GetHugePageSize benchmark
30601efa tests/int/spec.bats: simplify
6c21de38 tests/int/spec: only run once for rootless
186a38ba tests/int: whitespace cleanup
792d2c3b tests/int/cgroups.bats: rm unused code
908b7076 tests/int/*.bats: make sure to delete containers
1c3af275 libcontainer: newContainerCapList() refactor to reduce duplicated code
8820a145 libcontainer: initialize slices with length
f5c96b74 libcontainer: remove unneeded sprintf and intermediate variable
b9e26ad8 libcontainer: remove workaround for RHEL6 kernels
373811ba libcontainer: rename cap variable as it collides with built-in
074e67ad Makefile: fix vendor and verify-dependencies
2ccefa63 restore: tell CRIU to use existing namespaces
71c10e3c vendor: github.com/moby/sys/mountinfo v0.2.0
ba8687fc tests/int/helpers: fix indentation
fdb0590c tests/int/helpers: simplify set_cgroup_mount_writable
74b57fea fscommon.WriteFile: simplify error message
a3f91b98 vendor: bump runtime-spec
b682e8cf vendor: bump fileutils to v0.5.0
d1d13d9a tests/int/checkpoint: don't hide stderr
627074d0 tests/int/checkpoint: rm useless code
bca5f24c tests/int/checkpoint.bats: fix showing logs on fail
ce24d603 Add integration tests for cgroup devices
8297ae45 Makefile: fix DESTDIR handling
dd3e0da3 tests/int/dev.bats: fixes for new busybox
bcd30954 tests/int: fix runc exec --preserve-fds
ba0246da libcontainer: Store state.json before sync procRun
cbb0a793 Make sure signalAllProcesses is invoked in the function of destroy
940e1547 cgroupv1/systemd: (re)use m.paths
f075084a cgroupv1/systemd: rework Apply/joinCgroups
fad92bbf cgroupv1/Apply: do not overuse d.path/getSubsystemPath
0445fd60 Since no kernels support direct labeling of /dev/mqueue remove label
bfb4ea1b Remove check for apparmor_parser in apparmor.IsEnabled()
a63f99fc Add support for umask
42d9a6b4 tty.bats: add test cases when stdin is not a tty
b79cb048 runc run/exec: fix terminal wrt stdin redirection
b8efb020 tests/int/delete.bats: fix shellcheck warnings
28204ce7 tests/int/delete: rm useless code
34b4b106 tests/int: alt fix for shellcheck SC2034
d34f1c81 CI: add shellcheck of bats files
f36fb46b tests/int/*bats: ignore SC2016
598d8b73 tests/int/checkpoint.bats: ignore SC2206
08766b98 tests/int/*bats: fix/ignore shellcheck SC2046
4ba4baea tests/int/*bats: fix shellcheck SC2086, SC2006
b02ca2dc tests/int: fix shellcheck warning SC2002
3b80850e tests/int/update.bats: fix a shellcheck warning
612d0790 tests/int/update.bats: fix a shellcheck warning
82836d24 tests/int/cgroups.bats: fix a shellcheck warning
4b8ff6a1 tests/int/checkpoint.bats: ignore some shellcheck warnings
ce50e1da test/int/spec.bats: simplify setup/teardown
699fdf89 tests/int/mount.bats: fix a check
85a30698 test/int/hooks.bats: fix here-doc
9a699e1a Skip redundant setup for /dev/ptmx when specified explicitly in the OCI spec.
0709202d Remove runc default devices that overlap with spec devices.
6249136a add libseccomp version to `runc --version`
1d85333a add runtime.Version() to `runc --version`
1e9f8059 cleancode: adjust and make it more readability
335f0806 tests/int/delete: cgroupv1 with sub-cgroups removal case
19be8e5b libct/cgroups.RemovePaths: speedup
3f14242e libct/cgroups: move RemovePath from fs2
254d23b9 libc/cgroups: empty map in RemovePaths
bf8bb477 Modify from space to tab
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to the next rc of runc, which comprises the following commits:
1e0016cf Show error stack trace if --debug is set
5c0342ba libcontainer: fix bad conversion from syscall.Errno to error
a9e99b6d ci/gha/fedora: retry vagrant up
f26768a8 VERSION: back to development
12644e61 VERSION: release 1.0.0~rc93
c348b982 tests/rootless.sh: fix/ignore shellcheck warnings
11437593 tests/rootless.sh: use set -e -u -o pipefail
5ab05884 ci: untangle getting test images
bc175ba4 tests/helpers.bash: rm GOPATH
dc025792 ci/gha: bump golangci-lint to v1.36
4d3a8d5e .golangci.yml: add
76ae1f5c libct/cg/fs/freezer: fix freezing race
c4bc3b08 Remove "PatchAndLoad" stub as it's not used without seccomp enabled
6ddfaa5e cgroupfs: cpuset: fix broken build
ca422896 Makefile: add -trimpath go build flag
d89c9629 Fix typo in README
b1195b76 ci: test with golang 1.16-rc1
164e0adb tests/int/spec.bats: fix for go 1.16
4160d743 seccomp: add enosys unit tests
8bd19cd5 tests: add seccomp -ENOSYS integration test
7a8d7162 seccomp: prepend -ENOSYS stub to all filters
2be806d1 libcontainer/configs: improve CommandHook unit tests
f4d153b0 Fix int overflow in test on 32 bit system
4e98eec1 libct/cg: demote "systemd is too old" to debug
c7357aad libct/cg/ebpf/testDeviceFilter: rm verbose logging
6a9f5ac9 libct/cg/fs: fix a linter warning
63c44e27 libct/cg/fs: getPageUsageByNUMA: rewrite/optimize
e9248dd5 cgroup: fix panic in parse memory.numa_stat
426aa416 libct/int/TestExecInTTY: skip
c30cd3cd libct/int/TestExecInTTY: fix error reporting
dac0c1e3 console.ClearONLCR: move it back
ab27e12c Implement GetStat for cpuset cgroup.
867ba38e events: simplify some conversion functions
8ce51611 GHA: tune timeouts for VM jobs
510e404e make shfmt: run for all script/* files
90d02ecc Vagrantfile.centos7: clean up after bats install
a91210f4 gha: use ssh -tt to have a tty
1f4a3b1e gha: don't check commits on push
4a30ada4 gha: cache docker layers to speed up make runcimage
58c31003 README: rm travis badge
a21e57d7 tests/int/hooks.bats: skip earlier
657a24ce libct/cg/TestGetHugePageSizeImpl: only log errors
3394e374 libct/cg/sd/TestRangeToBits: be less verbose
230a46b7 systemd: fix rootful-in-userns regression
c751ba3f systemd: show more helpful error
a35cad3b libct/cg/sd/v2: warn about old systemd
03b512e5 libc/cg: convert r.CPU.Cpus/Mems to systemd props
eee425f5 libct/cg/sd/systemdVersion: don't return error
5de00ad9 tests/int/multi-arch.bash: fix for busybox
b3cf4831 script/check-config.sh: fix IOSCHED_CFQ CFQ_GROUP_IOSCHED
1a00cd8f script/check-config.sh: fix MEMCG_SWAP_ENABLED
ecb9d73c script/check-config.sh: fix NF_NAT_NEEDED
483abaac script/check-config.sh: fix NF_NAT_IPV4
91eba84a script/check-config.sh: support for cgroupv2
25987d03 libcontainer/intelrdt: adjust the file mode
c8e89b8d Remove script/install-vagrant.sh
06a684d6 libct/int/TestExecInTTY: repeat the test 300 times
fedaa2ab TestExecInTTY: simplify, improve error reporting
719d70d2 setupIO: simplify code
24c05b71 tty: fix ClearONLCR race
039c47ab libcontainer: signalAllProcesses(): log warning when failing to thaw
18972177 libcontainer: move capabilities to separate package
692fab09 libct/checkProcMounts: optimize
72f46389 libct: add TODO about os.ErrProcessDone
d7df3018 libct: suppress bogus "unable to terminate" warnings
637f82d6 runc run: resolve tmpfs mount dest in container scope
d64c3afe tests/int/mount.bats: reformat
a2c9866e tests/int/mounts.bats: cleanup
9f2153c6 libct/cgroups/fs/cpuset: don't use MkdirAll
c85cd2b3 libct/cg/fs/cpuset: don't parse mountinfo
c0e14b8b libct/cg/fs.getCgroupRoot: reuse (cached) cgroup mountinfo
ed70dfa7 libct/cgroups/v1_utils: implement mountinfo cache
17a0dc31 README: add note about not using runc directly
4bc2aab9 README: add links to misc docs
2dc1bf91 ci: move Fedora 33 and CentOS 7 tests to gha
e431fe60 ci: move misc validate tasks from travis to gha
7ecba232 ci: move cross compile check from travis to gha
8ccd39a9 ci: move commit length check from travis to gha
1125ae78 tests/events.bats: unify duplicated code
27268b1a tests/int/cwd: add test case for cwd not owned by runc
d869d05a libctr/init_linux: reorder chdir
8bd3b878 test: add case for GH #2086
cb3dd9d8 libct/configs/validate: test for bind-mounted netns
8e8661e1 libct/configs/validate/sysctl: fix repeated netns checks
2dce0699 libct/configs/validate: fix host netns check
2143b368 libct/int/execin_tty: do help debug a flake
e709b8ab libctl/cgroups/fscommon: close fd
325a74dd libcontainer/intelrdt: rm init() from intelrdt.go
cb269306 remove "selinux" build tag (Always compile SELinux support)
552a1c7b remove "apparmor" build tag (Always compile AppArmor support)
48b8eb09 checkProcMount: add /proc/slabinfo to whitelist
1909051b libct/int/execin_tty: help debug a flake
97929295 libct/intelrdt: fix a staticcheck warning
6437086e libct/addCriu*Mount: fix gosimple warning
d0b59548 libct/checkCriuFeatures: fix gosimple linter warning
3de5c514 libct/int: don't hardcode CAP_NET_ADMIN
3387422b libct/int: fix "simple" linter warnings
11680cd2 libct: fix "unused" linter warning
a99ecc9e libct/cg/utils: silence a linter warning
3c9b03fd libct/cg/fscommon: log openat2 init failures
6bda4600 libcontainer/cgroups/fscommon: add openat2 support
31b0151f move blkio stat gathering to loop
990a6c57 cgroups: update blkio GetStats
be56333f bats: update to 1.2.1
f15c4cca Update umoci to 0.4.6
4344bd8f Dockerfile: use binary criu release
3aead32e nsenter: hard-code memfd_create(2) syscall numbers
5d1b0268 .github/workflows/validate: nits
7cd062d7 libct/cgroup/utils: fix GetCgroupMounts(all=true)
4fc2de77 libcontainer/devices: remove "Device" prefix from types
677baf22 libcontainer: isolate libcontainer/devices
de80aae4 recvtty: fix errcheck linter warnings
6b41b463 recvtty: fix waiting for both goroutines
4bbfd2e1 recvtty: use ioutil.Discard
c1ef0cf6 ci: add integration+unit tests to github actions
fce8dd4d tests/int/tty.bats: increase timeout
c6ed1854 ci: add shellcheck to github actions
27835a9e Makefile: move shellcheck out of validate
33bda24a ci: move verify-deps from travis to github actions
c60f23b3 ci: add shfmt to github actions
717a73b3 ci: renamed golangci-lint to validate
06b204e5 Makefile: move shfmt out of validate, add -w
7856c340 Dockerfile: bump criu to 3.15
ee1bdb80 vendor: github.com/cilium/ebpf v0.2.0
f0d5e839 Dockefile: fix path to skopeo repo
d9010b0e integration: update README to link to bats-core
3f2f06df Move cgroup v2 out of experimental
f62ad4a0 libcontainer/intelrdt: rename CAT and MBA enabled flags
620f4c5c libcontainer/intelrdt: fix CMT feature check
896da0b9 docs: terminals: modify the example of Pass-Through mode.
4690064f update vendor
9403afd7 CI: Fedora 33: print kernel version, systemd version, and rootfs type
0a097615 CI: update Fedora to 33
41aa7640 linux: drop MS_REC for readonly remount
a4e6955e linux: fix remount readonly in a user namespace
2e968a83 libct/cg/sd/v2: "support" (ignore) memory.oom.group
c013be56 libct/cg/sd/v2: support memory.* / Memory* unified
13afa58d libct/cg/sd/v2: support cpuset.* / Allowed*
5be8b97a libct/cg/sd/v2: support cpu.weight / CPUWeight
390a98f3 runc update: support unified resources
ab80eb32 libct/cg/sd/v2: support cpu.max unified resource
7f24098d tests/int: move check_cpu* to helpers
fd5226d0 libct/cg/sd: add defCPUQuotaPeriod
0cb8bf67 Initial v2 resources.unified systemd support
ed548376 tests/int/update.bats: add checks for runc status
d0991db2 tests/int/cgroups.bats: reformatting
a66a8238 ci: pin shfmt to v3.2.0
2ceb9719 tests/integration: rm excessive run use
e32716d3 tests/int: simplify teardown_running_container
c114919f tests/int: fix "runc exec --preserve-fds"
7b8c4e98 shfmt mounts.bats to pass `make validate`
ac5ec5e3 libcontainer/integration: fix unit test
f5c345c3 test: add "runc run --no-pivot must not expose bare /proc"
17de6f80 vendor: bump mountinfo to v0.4.0
70538b39 Update bash completion to support systemd-cgroup
933c4d31 libcontainer/intelrdt: privatize IntelRdtManager and its fields
2c004a10 libcontainer/intelrdt: introduce NewManager()
abcc1aae fix some typos about libcontainer
939ad4e3 don't panic when /sys/fs/cgroup is missing for rootless
7613c718 Update bash completion to support new capabilities
b8bf5728 rootfs: handle nested procfs mounts for MS_MOVE
5903b0ce libcontainer/intelrdt: remove 'omitempty' property from CMT and MBM counters
0253a08d CI: add shfmt for sh files
ff9852c4 *.sh: use shfmt
069fddfa CI: add shfmt for bats
fc8c7797 tests/integration/*.bats: reformat with shfmt
0aa0fae3 Kill all processes in cgroup even if init process Wait fails
978fa6e9 Fixing some lint issues
f0fdde79 libct/cg/systemd/v1: fix err check in enableKmem
c1bba720 libct/cg/systemd/v1: do not use c.Path
fa47f958 libct/int/newTemplateConfig: add systemd support
9135d99c libct/int/newTemplateConfig: add userns param
73d93eeb libct/int: make newTemplateConfig argument a struct
fb4c27c4 Fix mount error when chmod RO tmpfs
002c92f1 libct/cg.WriteCgroupProc: use fscommon.OpenFile
c95e6900 libct/cg/fs*: use fscommon.OpenFile
d55729f1 libct/cg/fs/blkio: use fscommon.OpenFile
0228226e libcontainer/cgroups/fscommon: introduce OpenFile
b4483305 Add error message
e25b8cfc libct/cg/utils: use fscommon.ReadFile
6bae53f5 libct/cg/fs2: use fscommon.ReadFile
2588e6f1 libct/cg/fs/cpuset: use fscommon.ReadFile
1d20cf49 libct/cg/fs/cpuacct: use fscommon.ReadFile
9e78b66e libct/cg/systemd/v1.enableKmem: use fscommon.ReadFile
31634436 libct/cg/fs2.CreateCgroupPath: use fscommon.*File
b7092d84 libct/cg/fs.setKernelMemory: use fscommon.WriteFile
619de977 libct/cg/fscommon_test: rm cgroups dependency
ede8a86e Convert root path to absolute path on create command
e8eb8000 fix some linting issues
fcf210d6 Fix goreport warnings of ineffassign and misspell
644c107e libcontainer/intelrdt: modify the incorrect file mode
87412ee4 vendor: bump mountinfo v0.3.1
28b452bf libcontainer: unconvert
b3a8b074 libcontainer: prefer bytes.TrimSpace() over strings.TrimSpace()
3d5dec2f libcontainer: remove the unused variable from spec
b76652fb libcontainer: remove `removePath` from cgroups
faaecac7 libcontainer: remove loadConfig which is the unused function
c6ac3c4b libcontainer/system: remove deprecated GetProcessStartTime
3eb469b0 libcontainer: remove redundant strings.Join()
bc9a7bda setFreezer: explicitly return nil
2a644a7d CI: add golangci-lint via github actions
360981ae libct/cgroups: rewrite getHugePageSizeFromFilenames
819fd683 go.mod: sirupsen/logrus v1.7.0
0eb66c95 go.mod: github.com/containerd/console v1.0.1
8bf21672 use string-concatenation instead of sprintf for simple cases
a4d5e8a2 libcontainer/ignoreTerminateError: ignore SIGKILL
dc424591 libct/(*initProcess).start: fix removing cgroups on error
8699596d libct/(*setnsProcess).Start: use retErr
38447895 libct/cgroups/systemd: eliminate runc/systemd race
6c83d23f libcontainer/cgroups/fscommon: improve doc
31f0f5b7 libct/cg/fscommon.GetCgroupParamUint: improve
e76ac1c0 libct/cg/fscommon.GetCgroupParamString: use ReadFile
aac4d1f5 libct/cg/fscommon/GetCgroupParamKeyValue: nits
d167be29 libct/cgroups/fs2/statHugeTlb: error message nits
2c70d238 libct/intelrdt: add TestFindIntelRdtMountpointDir
ab2b5dfa libcontainer/cgroups: use const for templates
b7c446b3 checkpoint: setPageServer: use net.SplitHostPort instead of strings.Split
f1c1fdf9 libcontainer/intelrdt: use moby/sys/mountinfo
4929c05a tests/int: add cgroupv2 unified resources tests
6e2159be tests/int/cgroups: make sure to rm containers
b006f4a1 libct/cgroups: support Cgroups.Resources.Unified
8ceae9f7 libct/cgroups/GetHugePageSize: use Readdirnames
9aff7aae libct/utils: add GetHugePageSize benchmark
30601efa tests/int/spec.bats: simplify
6c21de38 tests/int/spec: only run once for rootless
186a38ba tests/int: whitespace cleanup
792d2c3b tests/int/cgroups.bats: rm unused code
908b7076 tests/int/*.bats: make sure to delete containers
1c3af275 libcontainer: newContainerCapList() refactor to reduce duplicated code
8820a145 libcontainer: initialize slices with length
f5c96b74 libcontainer: remove unneeded sprintf and intermediate variable
b9e26ad8 libcontainer: remove workaround for RHEL6 kernels
373811ba libcontainer: rename cap variable as it collides with built-in
074e67ad Makefile: fix vendor and verify-dependencies
2ccefa63 restore: tell CRIU to use existing namespaces
71c10e3c vendor: github.com/moby/sys/mountinfo v0.2.0
ba8687fc tests/int/helpers: fix indentation
fdb0590c tests/int/helpers: simplify set_cgroup_mount_writable
74b57fea fscommon.WriteFile: simplify error message
a3f91b98 vendor: bump runtime-spec
b682e8cf vendor: bump fileutils to v0.5.0
d1d13d9a tests/int/checkpoint: don't hide stderr
627074d0 tests/int/checkpoint: rm useless code
bca5f24c tests/int/checkpoint.bats: fix showing logs on fail
ce24d603 Add integration tests for cgroup devices
8297ae45 Makefile: fix DESTDIR handling
dd3e0da3 tests/int/dev.bats: fixes for new busybox
bcd30954 tests/int: fix runc exec --preserve-fds
ba0246da libcontainer: Store state.json before sync procRun
cbb0a793 Make sure signalAllProcesses is invoked in the function of destroy
940e1547 cgroupv1/systemd: (re)use m.paths
f075084a cgroupv1/systemd: rework Apply/joinCgroups
fad92bbf cgroupv1/Apply: do not overuse d.path/getSubsystemPath
0445fd60 Since no kernels support direct labeling of /dev/mqueue remove label
bfb4ea1b Remove check for apparmor_parser in apparmor.IsEnabled()
a63f99fc Add support for umask
42d9a6b4 tty.bats: add test cases when stdin is not a tty
b79cb048 runc run/exec: fix terminal wrt stdin redirection
b8efb020 tests/int/delete.bats: fix shellcheck warnings
28204ce7 tests/int/delete: rm useless code
34b4b106 tests/int: alt fix for shellcheck SC2034
d34f1c81 CI: add shellcheck of bats files
f36fb46b tests/int/*bats: ignore SC2016
598d8b73 tests/int/checkpoint.bats: ignore SC2206
08766b98 tests/int/*bats: fix/ignore shellcheck SC2046
4ba4baea tests/int/*bats: fix shellcheck SC2086, SC2006
b02ca2dc tests/int: fix shellcheck warning SC2002
3b80850e tests/int/update.bats: fix a shellcheck warning
612d0790 tests/int/update.bats: fix a shellcheck warning
82836d24 tests/int/cgroups.bats: fix a shellcheck warning
4b8ff6a1 tests/int/checkpoint.bats: ignore some shellcheck warnings
ce50e1da test/int/spec.bats: simplify setup/teardown
699fdf89 tests/int/mount.bats: fix a check
85a30698 test/int/hooks.bats: fix here-doc
9a699e1a Skip redundant setup for /dev/ptmx when specified explicitly in the OCI spec.
0709202d Remove runc default devices that overlap with spec devices.
6249136a add libseccomp version to `runc --version`
1d85333a add runtime.Version() to `runc --version`
1e9f8059 cleancode: adjust and make it more readability
335f0806 tests/int/delete: cgroupv1 with sub-cgroups removal case
19be8e5b libct/cgroups.RemovePaths: speedup
3f14242e libct/cgroups: move RemovePath from fs2
254d23b9 libc/cgroups: empty map in RemovePaths
bf8bb477 Modify from space to tab
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches for new context, drop CVE patch that has been integrated
into the main repository.
The following changes are part of this refresh:
49a73463 Merge pull request #2547 from kolyshkin/moar-v2-tests
9ada2e6d Merge pull request #2539 from kolyshkin/ext-pidns-nits
b70de388 Merge pull request #2540 from kolyshkin/unify-test-inval-cgroup
0509b5ba Merge pull request #2553 from AkihiroSuda/support-kernel59-caps
6dfbe9b8 support CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
54c53b10 Merge pull request #2533 from XiaodongLoong/fix_cgMode_redundant
a2d1f85b Merge pull request #2542 from AkihiroSuda/go1.15
4c71a68c upgrade Go to 1.15
dedadbf9 Merge pull request #2545 from kolyshkin/go-mod-vendor
809dc640 Merge pull request #2548 from kolyshkin/int-cr-fix
7f64fb47 use criu cgroup mode const from go-criu
5026bfab tests/int: fix error handling and logging
2de0b5aa libct/integration: enable some tests for cgroupv2
985bd24f Makefile: fix go vet/fmt
a340fa9b Merge pull request #2543 from mrunalp/release_1.0.0-rc92
1ff1bf34 VERSION: back to development
ff819c7e VERSION: release 1.0.0-rc92
f6688549 Merge pull request #2499 from kolyshkin/find-cgroup-mountpoint-fastpath
234d15ec Merge pull request #2520 from thaJeztah/bump_runtime_spec
78d02e85 Merge pull request #2534 from adrianreber/go-criu-4-1-0
637d54b7 cgroups/fs tests: unify TestInvalid*Cgroup*
e54d1e47 libct: initialize inheritFD in place
8b973997 libct: criuNsToKey doesn't have to be a method
3de3112c Merge pull request #2525 from adrianreber/external-pidns
6f4616dd Pass location of CRIU binary to go-criu
267b7148 Upgrade go-criu to 4.1.0
d6f5641c Merge pull request #2507 from kolyshkin/alt-to-2497
46243fce Merge pull request #2500 from kolyshkin/fs-apply
e0c0b0cf libct/cgroups/GetCgroupRoot: make it faster
901dccf0 vendor: update runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6
97b02cf9 Merge pull request #2531 from JFHwang/gomod_update
59352963 Update go.mod
67169a9d merge branch 'pr-2529'
95a59bf2 devices: correctly check device types
09e103b0 Tell CRIU to use an external pid namespace if necessary
610c5ad7 Factor out checkpointing with external namespace code
d65df61d Merge pull request #2521 from zvier/master
92e2175d cleancode: clean code for utils_linux.go
86d9399c Merge pull request #2524 from adrianreber/fix-travis
b7683d6b Fix .travis.yml warnings
f8749ba0 merge branch 'pr-2509'
f9850afa Merge pull request #2518 from XiaodongLoong/redundant_chroot_param
af283b3f remove redundant the parameter of chroot function
b7d8f3bf Merge pull request #2516 from ide-rea/fix-typo
47fbafb7 Merge pull request #2510 from kolyshkin/criu-el7
76b05e6d fix small typo
cf1273ab Merge pull request #2498 from kolyshkin/v1-code-cleanups
545ebdd1 Merge pull request #2511 from kolyshkin/fedora-dnf-fix
fbf047bf Merge pull request #2501 from XiaodongLoong/systemderror-fix
f57bb2fe fix TestPidsSystemd and TestRunWithKernelMemorySystemd test error
ce54a9d4 Merge pull request #2514 from rhatdan/windows
6d5125f8 tests/int/checkpoint: don't remove readonly flag
9806eb55 Merge pull request #2513 from lsm5/custom-PREFIX-in-Makefile
d78ee471 Allow libcontainer/configs to be imported on Windows
5517d1d7 Merge pull request #2505 from XiaodongLoong/redundant-copy-src
ffe9f0b0 Vagrantfile.centos7: do not ignore script failures
bc1a9c11 allow customizable PREFIX variable
a73ce38d cgroupv1/FindCgroupMountpoint: add a fast path
c27b8e7f tests/fedora32: retry dnf
92f49821 tests/centos7: add criu
98c7c01d tests/int/checkpoint: require cgroupns
c1adc99a cgroup/fs: rework Apply()
417f5ff4 tests/int/checkpoint: fds and pids cleanup
819fcc68 merge branch 'pr-2495'
2a322e91 cgroupv1: remove subsystemSet.Get()
daf30cb7 cgroups/fs: rm getSubsystems
2e225799 libct/cgroups/fs.GetStats: drop PathExists check
11fb9496 cgroups/fs: rm Remove method from controllers
30dc54a9 Merge pull request #2503 from giuseppe/cgroup-fixes
3f811318 Merge pull request #2490 from kolyshkin/dev-opt
32034481 cgroup, systemd: cleanup cgroups
46a304b5 Merge pull request #2502 from tjucoder/master
e638eda0 Merge pull request #2496 from kolyshkin/freeze-nits
a4cb88f3 redundant souce code copy There is a docker -v flag for test in Makefile
2deaeab0 cgroup: store the result of IsRunningSystemd
ab35cfe2 make sure pty.Close() will be called and fix comment
62a30709 cgroups/fs/path: optimize
46b26bc0 cgroups/fs/Freeze: simplify
cd479f9d cgroupv1/freezer: don't use subsystemSet.Get()
3cb1909c Merge pull request #2493 from thaJeztah/bump_ebpf
108ee85b libct/cgroups: add SkipDevices to Resources
f49adb52 vendor: update cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775
6f5edda9 merge branch 'pr-2491'
d0e92896 VERSION: back to development
24a3cf88 VERSION: release 1.0.0-rc91
1b94395c Merge pull request #2476 from kolyshkin/cpt-err-log
834c4573 Merge pull request #2482 from kinvolk/alban/integration-tests
327284eb integration tests: fix typo in README.md
0fa097fc merge branch 'pr-2481'
dff7685c Merge pull request #2459 from tedyu/linux-cont-set-cfg
e643db6e Merge pull request #2479 from haircommander/fix-systemd-version
04806abd nsenter: fix repeat close() operations
9748b487 Merge pull request #2229 from RenaudWasTaken/create-container
861afa75 Add integration tests for the new runc hooks
2f7bdf9d Tests the new Hook
6a0f64e7 systemd: add unit tests for systemdVersion
6369e388 systemd: parse systemdVersion in more situations
819c40b3 Merge pull request #2478 from kolyshkin/get-pids
89516d17 libct/cgroups/readProcsFile: ret errorr if scan failed
406298fd Merge pull request #2466 from kolyshkin/systemd-cpu-quota-period
12a7c8fc Merge pull request #2411 from kolyshkin/v1-specific
ccdd7576 Add the CreateRuntime, CreateContainer and StartContainer Hooks
e232a71a tests/int/checkpoint: fix checks, add logs
a6ddabd6 tests/int/checkpoint: whitespace cleanups
e751a168 cgroups/systemd: add setting CPUQuotaPeriod prop
8c5a19f7 libct/cgroups/fs: rename some files
cec5ae7c libct/cgroupv1/getCgroupMountsHelper: minor nit
0626c150 libct/cgroupv1: fix TestGetCgroupMounts test cases
0681d456 libct/cgroups/utils: move cgroup v1 code to separate file
7db2d3e1 libcontainer/cgroups: rm FindCgroupMountpointDir
d244b405 libct/cgroups: improve ParseCgroupFile docs
5785aabc libct/cgroups: make isSubsystemAvailable v1-specific
d5c57dce libct/criuApplyCgroups: don't set cgroup paths for v2
52b56bc2 libc/criuSwrk: remove applyCgroups param
142d0f2d libct/cgroups/utils: make FindCgroupMountpoint* v1-specific
44b75e76 libct/cgroups: separate getCgroupMountsV1
82d2fa4e Merge pull request #2453 from AkihiroSuda/vagrant-centos7
3834222d libct/cgroups/utils: getControllerPath return err for v2
55c77cb9 Merge pull request #2472 from kolyshkin/paths-nits
dd2426d0 libct/cgroups: fix m.paths map access
a77d7b1d libct: don't use GetPaths
5b247e73 Merge pull request #2338 from lifubang/systemdcgroupv2
c76af1d2 Merge pull request #2470 from katarzyna-z/kk-fix-numa-stats
601fa557 Merge pull request #2414 from kolyshkin/criu-notif
71e63de4 Fix #2469 omit memory.numa_stat when not available
fdc48376 Merge pull request #2458 from kolyshkin/cpu-quota-II
3ddb913a Merge pull request #2467 from mrunalp/save_state_atomic
ed9d93e2 Merge pull request #2455 from AkihiroSuda/docs-cgroup2
a4a306d2 Write state.json atomically
499357d6 add Vagrantfile.centos7
262ef563 update.bats: support systemd <= 226
1f366c6a tests/rootless.sh: fix executing bats in non-root PATH
6246bb11 spec.bats: avoid using `git -C`
bd236e50 integration: skip checkpoint tests if criu binary not found
b2163040 Merge pull request #2454 from AkihiroSuda/ci-fix-rt
1b03e725 tests/int/update: more cpu period/quota cases
a92b0327 cgroups/systemd: fix set CPU quota if period is unset
1832bf0b tests/int/update: add cpu-quota -1 tests
7c2b2349 tests/integration/update: enable cpu quota for v2
32746fb3 update: do not overwrite old cpu quota/period
4189cb65 cgroups: remove cgroup.Resources.CpuMax
8b964677 cgroups/systemd: unify adding CpuQuota
2ce20ed1 cgroups/systemd: simplify gen*ResourcesProperties
9d275d32 Set configs back when intelrdt configs cannot be set
4be54355 add integration test for ps/kill after the container stopped
1b97c04f merge branch 'pr-2445'
2a046695 merge branch 'pr-2446'
79fe41d3 Replace sed with jq for more readable json manipulation in tests
13865704 add cgroup v2 documentation
10d1e1ed test "update rt period and runtime": fix up runtime and period
0853956d Merge pull request #2452 from AkihiroSuda/silence-criu-not-found
13020202 Merge pull request #2449 from katarzyna-z/kk-fix-2440
9087f2e8 fix path error in systemd when stopped
4ad326a3 silence "which: no criu"
92f831bf Fix #2440 omit cpuacct.usage_all when not available
d1ba8e39 (*initProcess).start: rm second Apply
dbe5acad Merge pull request #2439 from kolyshkin/int-noswap
332a8458 Merge pull request #2443 from kolyshkin/kmem-fixup
0f7ffbeb Merge pull request #2416 from AkihiroSuda/exec-join-init-cgroup
a30f2556 merge branch 'pr-2018'
c91fe9ae cgroup2: exec: join the cgroup of the init process on EBUSY
ed1f14af tests/int/events: skip oom test if no swap
755b1016 test/int/update: simplify mem+swap presence check
8d943633 test/int/update: simplify mem+swap checks
e664e732 merge branch 'pr-2442'
2679754a Merge pull request #2441 from kolyshkin/check-cpushares
3fe6e045 cgroupv1/systemd.Set: don't enable kernel memory acct
3249e237 cgroupv1: check cpu shares in place
774a9e76 Merge pull request #2420 from tedyu/criu-proc-wait
3ba3d9b1 Wait for criuProcess once
0f3d6bec Remove pullapprove integration
64dbdb86 Merge pull request #2437 from kolyshkin/remove-faster
a78e21b5 tests/int/delete.bats: fixups
0ac92aab cgroups/fs2: make removeCgroupPath faster
4f0bdafc Merge pull request #2412 from lifubang/removecgpath
a891fee8 Merge pull request #2434 from kolyshkin/cpu-quota-fix-minimal
be546787 cgroupv1: minimal fix for cpu quota regression
82fa1941 remove cgroup path recursively in cgroup v2
1f737eeb Merge pull request #2426 from kolyshkin/mem-swap-unlim
7673bee6 Merge pull request #2395 from lifubang/updateCgroupv2
68391c0e use lazy-pages ready notification for criu >= 3.15
7ab13298 libct/criuNotifications: simplify switch
3c6e8ac4 cgroupv2: set mem+swap to max if mem set to max
27515719 add testcase for enable all supported controllers in cgroupv2
a67dab0a Revert "CreateCgroupPath: only enable needed controllers"
3c8da9da Merge pull request #2422 from kolyshkin/criu-j
d57f5bb2 cgroupv1: don't ignore MemorySwap if Memory==-1
21cb2360 merge branch 'pr-2427'
6a6ba0c0 Merge pull request #2423 from kolyshkin/systemd-v2-pids-max
8cd84e35 Merge pull request #2333 from opencontainers/add-cii-badge
59897367 cgroups/systemd: allow to set -1 as pids.limit
95413ecd tests/int/update: add cgroupv1 systemd CPU checks
06d7c1d2 systemd+cgroupv1: fix updating CPUQuotaPerSecUSec
7abd93d1 tests/integration/update.bats: more systemd checks
e4a84bea cgroupv2+systemd: set MemoryLow
4fc9fa05 tests/int: simplify check_systemd_value use
716079f9 Merge pull request #2406 from cyphar/devices-cgroup-header
5b601c66 README.md: fix a dead link
cd4b71c2 Merge pull request #2409 from adrianreber/go-criu-4-0-0
28cd9d9c Merge pull request #2419 from tianon/buildmode-arch-toggle
9a808dd0 Merge pull request #2424 from giuseppe/errno-ret
944e0570 Update to latest go-criu (4.0.2)
41aa1966 libcontainer: honor seccomp errnoRet
510c79f9 vendor: update runtime-specs to 237cc4f519e
236ec045 Dockerfile: speed up criu build
be66519c Remove "-buildmode=pie" from platforms that don't support it
b207d578 Merge pull request #2418 from AkihiroSuda/fix-bad-rebase-2413
2fa3c286 fix "libcontainer/cgroups/fs/cpuset.go:63:14: undefined: fmt"
f369199f Merge pull request #2413 from JFHwang/2392-spec-check
53a46497 Merge pull request #2401 from kolyshkin/fs-cpuset-mountinfo
825e91ad Merge pull request #2341 from kolyshkin/test-cpt-lazy
67fac528 Merge pull request #2410 from lifubang/swap0patch
5aa0601a validateProcessSpec: prevent SEGV when config is valid json, but invalid.
7fc291fd Replace formatted errors when unneeded
9ad1beb4 never write empty string to memory.swap.max
dc9a7879 cgroups: add copyright header to devices.Emulator implementation
3f1e8869 Merge pull request #2391 from cyphar/devices-cgroup
2db3240f libct/cgroups: rm GetClosestMountpointAncestor
f1603526 libct/cgroup: prep to rm GetClosestMountpointAncestor
85d4264d Merge pull request #2390 from lifubang/threadedordomain
4b71877f Merge pull request #2292 from Creatone/creatone/extend-intelrdt
41855317 Merge pull request #2271 from katarzyna-z/kk-cpuacct-usage-all
fe0669b2 don't enable threaded mode by default
ba6eb282 tests: add integration test for paused-and-updated containers
4438eaa5 tests: add integration test for devices transition rules
b810da14 cgroups: systemd: make use of Device*= properties
afe83489 cgroupv1: devices: use minimal transition rules with devices.Emulator
2353ffec cgroups: implement a devices cgroupv1 emulator
24388be7 configs: use different types for .Devices and .Resources.Devices
60e21ec2 specconv: remove default /dev/console access
b2bec980 cgroup: devices: eradicate the Allow/Deny lists
859a780d cgroups: add GetFreezerState() helper to Manager
a79fa7ca contrib: recvtty: add --no-stdin flag
df3d7f67 Merge pull request #2393 from kolyshkin/criu-pi
58bf0835 Merge pull request #2400 from kolyshkin/bats-1.2.0
17aee8c4 Dockerfile: bump bats to 1.2.0
2b9a36ee Merge pull request #2398 from pkagrawal/master
867c9f5b Merge pull request #2386 from kolyshkin/gordian-knot
ca1d135b runc checkpoint: fix --status-fd to accept fd
4aa91014 Honor spec.Process.NoNewPrivileges in specconv.CreateLibcontainerConfig
f0daf651 Vagrantfile: use criu from stable repo
714c91e9 Simplify cgroup path handing in v2 via unified API
2c8d668e Merge pull request #2387 from kolyshkin/g-knot-prepare
1d143562 libct/cgroups/fs: access m.paths under lock
51e1a084 libct/cgroups/systemd/v1: privatize v1 manager
d827e323 libct/cgroups/systemd/v1: add NewLegacyManager
fc620fdf libct/cgroups/fs: privatize Manager and its fields
5935bf8c libct/cgroups/fs: introduce NewManager()
24f945e0 libct/cgroups/systemd/v2: return a public interface
63854b0e newSetnsProcess: reuse state.CgroupPaths
9a3e6326 notify: simplify usage
6621af89 merge branch 'pr-2381'
828e4ad8 epbf: update github.com/cilium/ebpf
b18a9650 test: update devicefilter tests
128cb60f ebpf: fix big endian issue for s390x
2b31437c Merge pull request #2281 from AkihiroSuda/rootless-systemd
47a73431 Merge pull request #2373 from kolyshkin/logging-nits
492cfd8b Merge pull request #2352 from lifubang/eventsv2
bf15cc99 cgroup v2: support rootless systemd
657407ff fix runc events error in cgroup v2
64416d34 Merge pull request #2382 from thaJeztah/bump_selinux
b48bbdd0 vendor: opencontainers/selinux v1.5.1, update deprecated uses
407e9f9d Add reading of information from cpuacct.usage_all
a57358e0 Merge pull request #2370 from lifubang/swap0
96310f04 Merge pull request #2377 from thaJeztah/ticks_simplify
402d645c Simplify ticks, as the value is a constant
a0ddd02b Merge pull request #2378 from thaJeztah/bump_logrus
12ba2a73 Merge pull request #2380 from thaJeztah/userns_sync_once
9df0b5e2 libcontainer: RunningInUserNS() use sync.Once
e8bece65 vendor: sirupsen/logrus v1.6.0
609ba79f Merge pull request #2371 from kolyshkin/criu314
6161d255 Merge pull request #2375 from tedyu/wait-lazy-close
a70f3546 let runc disable swap in cgroup v2
db29dce0 Close fd in case fd.Write() returns error
f6439a84 Merge pull request #2372 from thaJeztah/improve_error_readability
1b84a21c Don't print errors twice
64ca5481 libcontainer: simplify error message
2adfd20a libcontainer: don't double-quote errors
c52a598d Remove fatalf()
d2061ee5 Vagrantfile: install less packages
e9e31f70 Vagrantfile: use criu 3.14 from testing
9634a80c Dockerfile: bump criu to version π (3.14)
dd8d48ed Merge pull request #2358 from kolyshkin/fs2-nit
c3b0b13f cgroups/fs2: don't always parse /proc/self/cgroup
051d6705 Merge pull request #2363 from AkihiroSuda/vagrant-f32
85c44b19 Vagrantfile: use Fedora 32
c18485ad Merge pull request #2359 from cyphar/terminal-docs-subreaper
0a4dcc02 Merge pull request #2331 from lifubang/StartTransientUnit
eea0fbfe docs: terminals: mention subreaper requirement
bfa1b2aa check that StartTransientUnit and StopUnit succeeds
80e2d1f1 Merge pull request #2357 from kolyshkin/makefile-2
a1f007e0 Merge pull request #2340 from AkihiroSuda/fix-2339
772d0909 Makefile: rm RELEASE_DIR and SHELL
731947d5 Makefile: fix/clean install-man
df72e898 Makefile: rm uninstall* targets
a036e890 Makefile: add -mod=vendor to go test
2fe9e31a Makefile: don't use -mod=vendor if GO111MODULE=off
19ba7688 Makefile: test, localtest: no need to invoke make
fc54f6d7 Makefile: rm $(SOURCES), mark targets as PHONY
b7dadf0f Makefile: rm $(allpackages)
60c647e3 fs2: fix cgroup.subtree_control EPERM on rootless + add CI
53fb4a5e Merge pull request #2342 from kolyshkin/vagrant-rm-ct
799d9481 intelrdt: Add Cache Monitoring Technology stats
b19f9cec Merge pull request #2343 from lifubang/updateSystemdScope
0fd8d468 Merge pull request #2318 from lifubang/linuxResources
baa20026 Merge pull request #2327 from kolyshkin/cpt-err
084144a6 travis: run vagrant tests on the host
634e51b5 Merge pull request #2335 from kolyshkin/cgroupv2-cpt
10ba72a6 add integration test for runc update with systemd
49ca1fd0 Merge pull request #2347 from kolyshkin/v2-allow-all-devs
78ff2797 Merge pull request #2334 from kolyshkin/makefile
c420a3ec Merge pull request #2324 from kolyshkin/criu-freezer
5b4bff96 Merge pull request #2336 from kolyshkin/bats-core-2
44024426 Merge pull request #2330 from KentaTada/use-linuxnamespace-const
fbeed522 Makefile: add -mod=vendor
1fe709a0 Makefile: use $(FOO) not ${FOO}
d09a6ea9 Makefile: split long lines
64ec3557 Makefile: abstract go build flags
55d5c99c libct/mountToRootfs: rm useless code
20959b16 libcontainer/integration/checkpoint_test: simplify
1d4ccc8e fix data inconsistent when runc update in systemd driven cgroup v1
7682a2b2 fix data inconsistent when runc update in systemd driven cgroup v2
dbe44cbb merge branch 'pr-2348'
fb99bbc7 merge branch 'pr-2326'
44747953 libcontainer: use x/sys/unix instead of the hardcoded value
d4bc7c10 Dockerfile: use bats-core
32d52a0f tests/checkpoint: enable for Fedora 31 / cgroup v2
9280e356 checkpoint/restore: fix cgroupv2 handling
00a2844a tests/checkpoint: add simple c/r test for cgroupns
75a92ea6 cgroupv2: allow to set EnableAllDevices=true
cdce577d Merge pull request #2332 from kolyshkin/cgroupv2-cr
7376bdc1 Fix reference to badge
d5e68ceb tests/checkpoint.bats: fix test hang/failure
bf172ef4 tests/checkpoint.bats: consolidate requires checks
e216457e tests/checkpoint.bats: simplify status checks
69d599dd tests/checkpoint.bats: fix $? checks
46be7b61 Merge pull request #2299 from kolyshkin/fs2-init-ctrl
5c2a9782 Add CII Badge to README
5b38ef71 Merge pull request #2320 from kolyshkin/vgr
ab276b1c cgroups/fs2/Destroy: use Remove, ignore ENOENT
992d5cad travis: enable fs2 driver test on fedora
4b4bc995 CreateCgroupPath: only enable needed controllers
bb47e358 cgroup/systemd: reorganize
de113415 cgroups/fs2/CreateCgroupPath: nit
b5c1949f cgroups/fs2/CreateCgroupPath: reinstate check
813cb3eb cgroupv2: fix fs2 cgroup init
60eaed2e cgroupv2: move sanity path check to common code
dbeff894 cgroupv2/systemd: privatize UnifiedManager
88c13c07 cgroupv2: use SecureJoin in systemd driver
9c80cd67 cgroupv2: rm legacy Paths from systemd driver
b6cc3975 travis: rm BUILDTAGS
5f0424c9 Vagrantfile: rm disabling weak deps
cd5f4fd9 Merge pull request #2325 from kolyshkin/nits-2
3006db2b checkpoint: don't print error if --pre-dump is set
3de86133 libcontainer: use consts of Namespace from runtime-spec
480bca91 cgroups/fs2: move type decl to beginning
353e9177 cgroups/fs2: do not use securejoin
9ae21e8d MAINTAINERS: add Kir Kolyshkin
58f970a0 cgroups/fscommon: use errors.Is
af6b9e7f nit: do not use syscall package
b3a481eb libcontainer: fix Checkpoint wrt cgroupv2
bf0a8e17 Merge pull request #2322 from lifubang/forceCgroupNS
d0f9b9ce default join cgroup namespace in runc example
e4981c91 merge branch 'pr-2317'
d2a9c5da using default allowed devices when linux resources is null
7a978e35 Defer netns.Close() after error check
9f6a2d4d Merge pull request #2305 from kolyshkin/fs2-fix-default
191def70 Merge pull request #2308 from kolyshkin/exec-no-tty
d1e4c7b8 intelrdt: add mbm stats
56aca5aa Merge pull request #2295 from kolyshkin/integration-cgroups
5c6216b1 Merge pull request #2278 from iwankgb/memory.numa_stats
84583eb1 Enable integration tests in cgroupv2 env
0965c970 tests/integration: disable swap tests for v2
483f9a0c tests/integration: add some cgroup v2 tests
3dfa5434 tests/integration/update.bats: simplify file creation
b8b46419 tests/integration: rm kmem from upgrade tests
ba3ee7fe tests/integration/update.bats: rm obsoleted comment
3f6a31b7 tests/integration: simplify cgroup paths init
3ae93580 tests/integration: check_cgroup_value: simplify
13431e0e Merge pull request #2312 from tedyu/cgrp-path-rollback
614bb966 cgroupv2/systemd: Properly remove intermediate directory
939bed2a runc exec: don't enable terminal unless -t is set
ccbb3364 Merge pull request #2304 from AkihiroSuda/travis-do-not-ignore-cgroup2-failures
d65ba5fa Merge pull request #2303 from KentaTada/remove-unneeded-syscall-import
ea36045f cgroupv2: fix fs2 driver default path
16d21e2d travis: move `cgroup-v2` out of `allow_failures`
e58a406b libcontainer: remove unneeded import
7fa13b27 intelrdt: change parseCpuInfoFile to return struct
9a93b737 Merge pull request #2288 from kolyshkin/mem-swap
7fe0a98e Exposing memory.numa_stats
5c15da9e Merge pull request #2300 from kolyshkin/fix-max
568cd62f cgroupv2: only treat -1 as "max"
c86be8a2 cgroupv2: fix setting MemorySwap
d3fdacb9 Merge pull request #2296 from KentaTada/update-readme-for-go1.13
a4bbc39d Merge pull request #2297 from giuseppe/cgroups-use-newstats
8b7ac5f4 libcontainer: use cgroups.NewStats
d5e91b1c Merge pull request #2289 from AkihiroSuda/fix-TestGetContainerStateAfterUpdate
0c7a9c02 Merge pull request #2294 from tklauser/unused-consts
6cda0eac Merge pull request #2293 from tedyu/restore-svr-close
f8f03700 README.md: update Go version to build
21d7bb95 Close criuServer so that even if CRIU crashes or unexpectedly exits, runc will not hang
3e678c08 Remove unused consts testScopeWait and testSliceWait
e4363b03 Merge pull request #2291 from kolyshkin/errors-unwrap-v2
ec8c6950 Merge pull request #2235 from Zyqsempai/add-hugetlb-controller-to-cgroupv2
b2272b2c libcontainer: use errors.Is() and errors.As()
c39f87a4 Revert "Merge pull request #2280 from kolyshkin/errors-unwrap"
4540b596 Fix TestGetContainerStateAfterUpdate on cgroup v2
0c6659ac Merge pull request #2261 from AkihiroSuda/vagrant-kvm
f8e13885 Merge pull request #2280 from kolyshkin/errors-unwrap
6ca9d8e6 Merge pull request #2283 from tedyu/runc-path-in-prefix
b26e4f27 Merge pull request #2284 from tedyu/criu-svr-close
e3e26caf Merge pull request #2276 from kolyshkin/criu-v2
22a2c9a4 Merge pull request #2282 from kolyshkin/cgroupv2-getpaths
49896ab0 Avoid double close of criuServer
d02fc484 isPathInPrefixList return value should be reverted
8d7977ee libct/isPaused: don't use GetPaths from v2 code
12e156f0 libct.isPaused: use errors.Unwrap
272c83e1 libct/cgroups: use errors.Unwrap
bd737f1e libct/cgroups/fs: use errors.Unwrap
d2dfc635 libct/cgroups/fs2: use errors.Unwrap
e4e35b8d libct/cgroups/fscommon.WriteFile: use errors.Unwrap
66778b3c libct/setKernelMemory: use errors.Unwrap
b8eed86e vagrant: switch from VirtualBox to KVM + increase HW resources
fc840f19 cgroupv2: don't use GetCgroupMounts for criu c/r
9ec5b03e Merge pull request #2259 from adrianreber/v2-test
8221d999 Merge pull request #2279 from masters-of-cats/freezer
92a3f80e Merge pull request #2203 from mrunalp/systemd_conn_cleanup
2abc6a36 Actually check for syscall.ENODEV when checking if a container is paused
3e99aa36 Fix checkpoint/restore tests on Fedora 31
9a0184b1 cgroup2: use CRIU's new freezer v2 support
d05e5728 systemd: Lazy initialize the systemd dbus connection
33c6125d systemd: Export IsSystemdRunning() function
4a9e1747 Merge pull request #2234 from thaJeztah/debian_buster
dca34a04 Dockerfile: switch to "buster" variant (current stable)
48bf88c4 Dockerfile: prevent busting build-cache for busybox rootfs
a5963876 Dockerfile: sort dependencies, and cleanup apt cache
c4821c2b Dockerfile: set DEBIAN_FRONTEND=noninteractive
201152a9 Dockerfile: use build-args to allow overriding versions
8df45c89 Merge pull request #2268 from AkihiroSuda/vendor-20200325
ad6d577a travis: run `make verify-dependencies` with Go 1.14.x
dfc1b0cd update vendor
f1eea905 Merge pull request #2275 from kolyshkin/scan-nits
53ad1d51 Merge pull request #2256 from kolyshkin/mountinfo-alt
75ff40cd Merge pull request #2273 from kolyshkin/v2-untangle
aab2c8ba libcontainer/intelrdt: optimize parseCpuInfoFile
0af5cd20 Nit: fix use of bufio.Scanner.Err
d4a6a1d9 Merge pull request #2258 from masters-of-cats/eintr-retry
b45db5d3 libcontainer/cgroup: obsolete Get*Cgroup for v2
a949e4f2 cgroupv2: UnifiedManager.Apply: simplify
5406833a cgroupv2/systemd: add getv2Path
cebef0ee Merge pull request #2272 from kolyshkin/cgroupv2-max
ec1f957b cgroupv2: don't use getSubsystemPath in Apply
6905b721 cgroupv2: use "max" for negative values
96596cbb Merge pull request #2270 from kolyshkin/systemd-no-kmem
a675b5eb cgroupv2: don't try to set kmem for systemd case
be51398a Merge pull request #2193 from milkwine/fix-readSync
a7ee31fa Merge pull request #2260 from adrianreber/leave-running
7de5db3d Merge pull request #2263 from kolyshkin/nits
cc183ca6 Merge pull request #2242 from AkihiroSuda/vendor-systemd
4e6d8a0f Merge pull request #2267 from tedyu/runner-destroy
3087d43b Merge pull request #1826 from jingxiaolu/fix_specconv_process_nil
07bd2809 Merge pull request #2257 from kolyshkin/no-signal
0a7762c6 Avoid duplicate calls to runner#destroy
1797622f Merge pull request #2264 from kolyshkin/dockerfile
dd7b3461 libct/msMoveRoot: benefit from GetMounts filter
fc4357a8 libct/msMoveRoot: rm redundant filepath.Abs() calls
dce0de89 getParentMount: benefit from GetMounts filter
81d8452e libct/TestFactoryNewTmpfs: benefit from GetMounts
c7ab2c03 libcontainer: switch to moby/sys/mountinfo package
3147c320 Switch to golang 1.13, drop unsupported versions
88a02447 Dockerfile: add -f to curl
a572216f libcontainer/intelrdt: rm fmt.Sprintf
5542a2c7 libcontainer/cgroups: GetAllPids: optimize
12dc475d libcontainer: simplify createCgroupsv2Path
648295be Skip test for cgroups v2
f34eb2c0 Retry writing to cgroup files on EINTR error
87712d28 checkpoint: remove error message with --leave-running
34d47176 fix readSync
0e062a78 Remove signalmap, use unix.SignalNum
939cd0b7 Merge pull request #1737 from wking/remove-procConsole-comment
88474967 Merge pull request #1974 from openSUSE/unreachable-code
525b9f31 Merge pull request #2248 from AkihiroSuda/fix-cgroupv2-conversion
492d525e vendor: update go-systemd and godbus
981dbef5 Merge pull request #2226 from avagin/runsc-restore-cmd-wait
a15d2c3c merge branch 'pr-2073'
9167393c merge branch 'pr-2254'
89c108b1 Makefile: add selinux and apparmor build tags
69f6f32f README, travis.yml: rm ambient tag
8615da6f Merge pull request #1999 from lifubang/rootlesspath
167e33ca Merge pull request #1807 from giuseppe/notify-no-block
25fd4a67 sd-notify: do not hang when NOTIFY_SOCKET is used with create
aa269315 cgroup2: add CpuMax conversion
64e9a979 cgroup2: fix conversion
b477a159 Remove unreachable code paths
7d6e091f fix error when there is --root and XDG_RUNTIME_DIR env
0ff53526 Merge pull request #2252 from pkagrawal/2251-fix
71dfb559 Merge pull request #2238 from tedyu/init-proc-err-ret
89a87adb Changed hugetlb pagesizes info source
d804611d Added failcnt stats
62cfad97 specconv: add a test case to check null spec.Process
5b2b138d Synchronize the call to linuxContainer.Signal()
957da1f9 Use named error return for initProcess#start
bbaba4c0 Merge pull request #2228 from cpuguy83/no_whiches
2864bf46 Merge pull request #1877 from KentaTada/add-rootless-testpath-in-makefile
777f97d8 Run verify-dependencies only on go1.x
83f9b889 Don't add git utils to go.mod in CI
f7edcc3a Remove refrences to vndr
a08ab87f Make CI script to verify that vendor is in sync
df583b4c Fix file permissions for mounts.bats
38273546 Update spec test to use go.mod
69e8fb2a Add support for GO Modules
fc5759cf Merge pull request #2222 from cyphar/update-travis
af3a81e4 Add rootless testpath in Makefile
6503438f Merge pull request #2212 from Zyqsempai/2211-convert-blkio-weight-properly
c4730fa6 Merge pull request #2230 from thaJeztah/update_selinux_v1.3.1
42bfdf5f Use "command -v" shell builtin instead of "which"
93e5c4d3 merge branch 'pr-2232'
b6657fc3 Merge pull request #2231 from thaJeztah/nominate_akihiro
d8953334 vendor: update opencontainers/selinux v1.3.3
22e00ddc vendor: update golang.org/x/sys 52ab431487773bc9dd1b0766228b1cf3944126bf
c295a633 vendor: update opencontainers/selinux v1.3.1
3b7e32fe Merge pull request #2210 from Zyqsempai/2164-remove-deprecated-systemd-resources
7f37afa8 Added HugeTlb controller for cgroupv2
98de8426 libcontainer: dual-license nsenter/cloned_binary.c
bc43c4bd MAINTAINERS: add Akihiro Suda to maintainers
688cf6d4 merge branch 'pr-2223'
0f32b03d merge branch 'pr-2192'
13b1603f Merge pull request #2224 from kolyshkin/systemd-props
4b8134f6 Convert blkioWeight to io.weight properly
1cd71dfd systemd properties: support for *Sec values
2a81236e Document using annotations to set systemd props
4c5c3fb9 Support for setting systemd properties via annotations
81ef5024 Merge pull request #2213 from Zyqsempai/2166-convert-cpu-weight-poperly
7c439cc6 Added conversion for cpu.weight v2
269ea385 restore: fix a race condition in process.Wait()
f27c4e15 Fix the value corresponding to rlimitmap [key]
dc7d0bfa travis: update configuration
3b992087 Fix skip message for cgroupv2
e6555cc0 merge branch 'pr-2184'
e0385902 README.md: modify the explanation of make flags
ff107ee0 merge branch 'pr-2190'
7d23d1e1 Update README.md
0061cad8 Adding .pdf of audit
2b5730a5 Merge pull request #2221 from inductor/feature/fix_path_security
e4c4935a Merge pull request #2217 from cyphar/release-rc10
ed4a3e9b Apply review
c8ba9853 Fix path for security report line
e4de2b25 VERSION: back to development
dc9208a3 VERSION: update to 1.0.0~rc10
2fc03cc1 Merge pull request #2207 from cyphar/fix-double-volume-attack
3291d66b rootfs: do not permit /proc mounts to non-directories
f6fb7a03 merge branch 'pr-2133'
5b96f314 Exchanged deprecated systemd resources with the appropriate for cgroupv2
cf9b7c33 Fix MAJ:MIN io.stat parsing order
709377ca Merge pull request #2198 from AkihiroSuda/criu-master
55f8c254 temporarily disable CRIU tests
5c20ea14 fix merging #2177 and #2169
5cc0deaf Merge pull request #2169 from AkihiroSuda/split-fs
2b52db75 Merge pull request #2177 from devimc/topic/libcontainer/kata-containers
a88592a6 Merge pull request #2185 from liggitt/exec-race
8541d9cf Fix race checking for process exit and waiting for exec fifo
52951a7c Fix race in tty integration test with slow startup
8ddd8920 libcontainer: add method to get cgroup config from cgroup Manager
cd7c59d0 libcontainer: export createCgroupConfig
7496a968 merge branch 'pr-2086'
201b0637 merge branch 'pr-2141'
e1b5af06 Merge pull request #2161 from AkihiroSuda/makefile-overrride-docker
ec49f98d fs2: support legacy device spec (to pass CI)
88e8350d cgroup2: split fs2 from fs
5e636953 merge branch 'pr-2174'
8bb10af4 Merge pull request #2165 from AkihiroSuda/travis-f31
41a20b58 Expose network interfaces via runc events
48b055c4 Makefile: allow overriding `docker` command
c35c2c9c merge branch 'pr-2172'
42690e68 Make event types public
2186cfa3 Merge pull request #2168 from AkihiroSuda/ebpf-fix-rlimit
faf1e44e cgroup2: ebpf: increase RLIM_MEMLOCK to avoid BPF_PROG_LOAD error
46def4cc Merge pull request #2154 from jpeach/2008-remove-static-build-tag
b133feae Merge pull request #2145 from AkihiroSuda/ebpf
ccd4436f .travis.yml: add Fedora 31 vagrant box (for cgroup2)
faf673ee cgroup2: port over eBPF device controller from crun
e57a7740 Merge pull request #2149 from AkihiroSuda/cgroup2-ps
d239ca84 Merge pull request #2148 from AkihiroSuda/cg2-ignore-cpuset-when-no-config
03cf145f Merge pull request #2159 from AkihiroSuda/cgroup2-mount-in-userns
f04fb998 Merge pull request #2160 from AkihiroSuda/cgroup2-no-proc-cgroups
74a3fe5d cgroup2: do not parse /proc/cgroups
9c81440f cgroup2: allow mounting /sys/fs/cgroup in UserNS without unsharing CgroupNS
13919f5d Remove the static_build build tag.
c4d8e168 Merge pull request #2140 from crosbymichael/fs-unified
792af40d Merge pull request #1929 from kkallday/patch-1
8790f243 Merge pull request #2147 from AkihiroSuda/iov2-remove-v1-code
2cd9ba23 Merge pull request #2146 from AkihiroSuda/doc-not-prod-ready
dbd771e4 cgroup2: implement `runc ps`
9996cf7d README.md: clarify cgroup2 support is not ready for production
d918e7f4 cpuset_v2: skip Apply when no limit is specified
033936ef io_v2.go: remove blkio v1 code
a610a848 criu: Ensure other users cannot read c/r files
4e370170 Merge pull request #2139 from rst0git/desc-permisions
b28f58f3 Set unified mountpoint in find mnt func
f017e0f9 checkpoint: Set descriptors.json file mode to 0600
c1485a1e merge branch 'pr-2134'
1b8a1eee merge branch 'pr-2132'
ba16a38b Merge pull request #2135 from mrueg/security
4be50fe3 SECURITY: Add Security Policy
2111613c VERSION: back to development
d736ef14 VERSION: update to 1.0.0-rc9
cad42f6e Merge pull request #2130 from cyphar/apparmor-verify-procfs
d463f648 *: verify that operations on /proc/... are on procfs
9aef5044 vendor: update github.com/opencontainers/selinux
28e58a0f Support different field counts of cpuaact.stats
e63b797f Handle ENODEV when accessing the freezer.state file
84373aaa Add SCMP_ACT_LOG as a valid Seccomp action (#1951)
3e425f80 Merge pull request #2129 from crosbymichael/proc-mount
331692ba Only allow proc mount if it is procfs
7507c64f Merge pull request #2041 from jburianek/notify-socket-permissions
bf27c2f8 Merge pull request #2126 from flynn/fix-nsenter-unsupported
af7b6547 libcontainer/nsenter: Don't import C in non-cgo file
6c055520 Merge pull request #2125 from giuseppe/mount-cgroups
267490e3 Merge pull request #2010 from lifubang/checkpointrootless
e7a87dd2 Merge pull request #2098 from adrianreber/master
718a566e cgroup: support mount of cgroup2
a6606a7a Merge pull request #2029 from thaJeztah/bump_dependencies
115d4b9e bump golang/protobuf v1.0.0
85c02f3f bump coreos/go-systemd v19, godbus/dbus v5.0.1
21498b8e bump mrunalp/fileutils 7d4729fb36185a7c1719923406c9d40e54fb93c7
eb86f603 bump syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2
1150ce9c bump urfave/cli v1.20.0
8e4f645f bump docker/go-units v0.3.3
0fc06623 bump cyphar/filepath-securejoin v0.2.2
414a39de bump containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f
de24d733 bump github.com/pkg/errors 0.8.1
4be3c48e Reformat vendor.conf and pin all deps by git-sha
0fd4342a Merge pull request #2028 from thaJeztah/bump_golang_versions
92ac8e3f Merge pull request #2113 from giuseppe/cgroupv2
524cb7c3 libcontainer: add systemd.UnifiedManager
ec111368 libcontainer, cgroups: rename systemd.Manager to LegacyManager
1932917b libcontainer: add initial support for cgroups v2
92d851e0 Merge pull request #2123 from carlosedp/riscv64
4316e4d0 Bump x/sys and update syscall to start Risc-V support
51f2a861 Merge pull request #2122 from AkihiroSuda/cleanup
0bc069d7 nsenter: fix clang-tidy warning
b225ef58 nsenter: minor clean up
dd075602 Merge pull request #2120 from rhatdan/master
e4aa7342 Rename cgroups_windows.go to cgroups_unsupported.go
c61c7370 Merge pull request #2103 from sipsma/cgnil
68d73f0a Merge pull request #2107 from sashayakovtseva/public-get-devices
f061842f Merge pull request #2119 from KentaTada/fix-proc-settings
c740965a libcontainer: update masked paths of /proc
3525edde Merge pull request #2117 from filbranden/detection1
f7b65885 Merge pull request #2116 from filbranden/running1
518c8558 Remove libcontainer detection for systemd features
4ca00773 Update vendored dependencies to remove go-systemd/util
588f040a Avoid the dependency on cgo through go-systemd/util package
afc24792 Make get devices function public
9c822e48 cgroups/fs: check nil pointers in cgroup manager
1712af0e man: fix man-pages
2e943784 Merge pull request #2094 from sipsma/2093-nodotudev
44f9ec13 Merge pull request #2089 from anx-astocker/master
f08cdaee Skip searching /dev/.udev for device nodes.
808e809f doc: First process in container needs `Init: true`
80d35c7c Merge pull request #2082 from AkihiroSuda/blkio-kernel50
dd8b9b14 Merge pull request #2081 from AkihiroSuda/criu312
9ae79017 Merge pull request #2080 from zhlhahaha/pr_id
5e0e67d7 fix permission denied
351bfb4b integration: remove blkio.weight (unavailable in kernel 5.0)
7e678625 Bump CRIU to 3.12
68cc1a77 Update busybox source and fix runc exec bug
6cccc176 Merge pull request #2075 from KentaTada/fix-bash-completion
371d13c9 Update bash completion for v1.0.0 release
f4982d86 Merge pull request #2074 from odinuge/dep/libseccomp-golang
652297c7 Update dependency libseccomp-golang
7a9ffa89 Change the permissions of the notify listener socket to rwx for everyone
e7831f2a Update to Go 1.12 and drop obsolete versions
2e8efc1b add prompt when rootless users have no read access to runc bin
472fe623 criu image path permission error in rootless checkpoint
056909bd Adds note about user ns for rootless containers
d71b3f53 libcontainer/sync: Drop procConsole transaction from comments
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add a new PACKAGECONFIG, static, which when enabled will build
runc as static. Default to enable it.
We need this because we should allow users to build runc as not
static so that when docker's cgroup driver is set to systemd,
we don't get error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the go-lang container recipes were first created there were issues
with strip and the resulting binaries. As such, strip was inhibited for
the various packages.
This variable is now set in the default classes, and tests show that
strip works on the binaries (saving up to 2M on disk for some binaries)
with no runtime issues found.
So we drop our explicit set of the inhibit and let the build proceed
by the defaults.
If issues are found, we can re-enable the setting or bbappends can
turn it back on for builds showing issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Updating both the pure opencontainers runc and the docker opencontainers
variants to -rc8.
We track the tip of master for opencontainers and for docker we match
the -ce and moby -rc8 commit hashes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
runc shouldn't be RRECOMMENDing docker, since it is already
a RDEPENDS of docker. If we have this RRECOMMEND, you cannot
easily vary the docker and docker-ce packages with this runc
variant.
We could restore this RRECOMMEND in the future if a virtual/docker
dependency is introduced.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.
Changes in runc since
6635b4f0 merge branch 'cve-2019-5736'
0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
dd023c45 merge branch 'pr-1972'
Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
If we're building runc-opencontainers it's likely that we're not using
docker.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
docker/k8s and other components have been refreshed to the 18.09 release
tags. So we update runc to keep in sync.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
This requires libseccomp from meta-security so it is not enabled by default.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The upstream Makefile now calls `$(GO)` instead of just `go` so this patch isn't
needed anymore.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
go 1.9.x was triggering linkage errors on some build hosts due to
missing symbols.
| tmp/work/core2-64-poky-linux/runc-docker/1.0.0-rc5+gitAUTOINC+4fc53a81fb-r0/recipe-sysroot/usr/lib/../lib/libc.a(dl-reloc-static-pie.o): In function `elf_mac:
| /usr/src/debug/glibc/2.27-r0/git/sysdeps/x86_64/dl-machine.h:59: undefined reference to `_DYNAMIC'
| tmp/work/core2-64-poky-linux/runc-docker/1.0.0-rc5+gitAUTOINC+4fc53a81fb-r0/recipe-sysroot/usr/lib/../lib/libc.a(dl-reloc-static-pie.o): In function `elf_get:
| /usr/src/debug/glibc/2.27-r0/git/elf/get-dynamic-info.h:48: undefined reference to `_DYNAMIC'
By ensuring that our sysroot provided go binary and build flags make
it into the build enviroment we can build properly with 1.9 and 1.10
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The runc makefile now uses $(GO) universally, but sets the variable
as GO := go by default. This means that the host go will be used
instead of our recipe sysroot variant.
A simple export of the variable is not enough in all cases (due
to Make assignments), so both export it AND pass it directly to the
oe_make call.
This fixes docker-runc builds on ARM64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uprev both variants of runc to v1.0.0-rc5.
We drop patches that have made it into the upstream runc, and we also
refresh the context of of two others.
The docker and opencontainers variants are virtually identical, but
we keep the two variants for now to protect against any future forks
in the support.
The runc-docker SRCREV comes from the docker-ce 18.04 logged commit,
while runc-opencontainers is updated to the tip of the master branch.
Runtime tested with docker on x86-64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The runc-docker has all the code in it to properly run a stop hook if
you use it in the foreground. It doesn't work in the back ground
because there is no way for a golang application to fork a child exit
out of the parent process because all the golang threads stay with the
parent.
This patch has three parts that happen ONLY when $SIGUSR1_PARENT_PID
is set.
1) At the point where runc start would normally exit, it closes
stdin/stdout/stderr so it would be possible to daemonize "runc start ...".
2) The code to send a SIGUSR1 to the parent process was added. The
idea being that a parent process would simply exit at that point
because it was blocking until runc performed everything it was
required to perform.
3) The code was copied which performs the normal the signal handling
block which is used for the foreground operation of runc.
-- More information --
When you use "runc run " it is running in the "foreground", in the
sense it takes over your existing terminal.
The runc-docker doesn't have a way to start it with "runc run&" where
you can send it to the background and have everything work. With this
commit, it does allow you to do that and have all the stop hooks fire
at the time what ever runc started exits.
Lets take a quick look at what "runc run" does today:
* Starts a whole pile of threads
* Sets up all name spaces
* Starts child process for container and leaves it paused at image activation
* runs start hooks
* executes "continue" for container process
* waits for container app to exit
* executes stop hooks
Now lets look at "runc create/start" does today:
runc create
* Starts a whole pile of threads
* Sets up all name spaces
* Starts child process for container and leaves it paused at image activation
* exits -- [ NOTE: this is our problem! ]
runc start
* runs start hooks
* executes "continue" for continue process
At this point when the container app exits nothing is waiting for it
to run any kind of hooks.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Ricardo Salveti <ricardo@opensourcefoundries.com> pointed out that
runc-docker was not getting a proper PV due to the use of SRCREV
in the variable.
By switching to SRCPV, we get the right PV for both variants of
runc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
The go bbclass already inherits goarch.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
This variable isn't picked up by the runc Makefile anyway as it isn't exported.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
The "vendor/src" symlink is already created in do_compile in runc.inc.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
The recvtty demo/reference application has cross compilation issues when
targeting aarch64 platforms. As it is just a demo application and is not usually
used, we can just patch the Makefile to disable building this application.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
These variables are now set correctly by go.bbclass in oe-core. Changing them to
point at the native sysroot just leads to build errors in some cases, for
example when the target and host have matching GOARCH but not matching c
libraries.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The makefiles for both providers of runc need to be patched in similar ways to
ensure that we use the binaries from go-cross and not go-native.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
This patch hasn't been used in a long time.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
These fixes are needed due to updates to go.bbclass in oe-core. See commit
01a8d4537012ad93dc8510e9b762acdc8c4536c7 for more information.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently in the oe-core the go.bbclass changed and requires the
defition of the GO_IMPORT variable. This was intended to simplify how
the compilation works with go packages and it is still a work in
progress.
This patch set makes the recipes compatible to generate the same end
result as before using the new go.bbclass from oe-core.
Any patches that were included in the recipes had to have the paths
adjusted because the new go.bbclass manipulates the notion of S to be
S + "src" + "$GO_IMPORT" internally for the purpose of unpack, patch
and compile.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
This allows for setting up a detached session where you do not want to
set the terminal to false in the config.json. More or less this is a
runtime override.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Uprev to pick up latest changes in docker-runc.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Continue work to use go infra in oe-core instead of the support for go
previously found in meta-virt. This is a 1:1 drop in replacement and
removes one more go piece from meta-virt in favor of the common
support found in oe-core.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Rather than explicit go-cross DEPENDS, we can inherit go.bbclass and
pick up them automatically.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since there are two implementations of runc and containerd that may
not always be in sync, the docker variant, and the opencontainers
variable, we create a virtual/* namespace for these components.
Anything requiring runc or containerd should set a preferred provider
to get the desired/tested variant.
We set the default provider to the docker variants, since they are
the primary use case for these components.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment we only use runc in conjunction with docker. In order to
allow docker to function correctly we need to use the version
specified in docker's vendor.conf file. Uprev runc to this version.
NOTE that the docker folks have actually forked runc and I have used
this fork as the SRC_URI. I could have chosen instead to use the old
SRC_URI along with the fork point commit as the SRCREV, and then
applied the 2 commits the docker team have added beyond the fork. I
opted instead to use the fork such that 'docker info' would not
complain about a version mismatch. This also makes it easier to google
for issues since the commit ID matches.
NOTE when we eventually have more users of runc we will have to
determine a strategy to either have them all use the same version or
allow for multiple versions of runc on the system. This is also true
for containerd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since we are building a cross tool which produces something which is
ARCH specific we should stick to the <toolname>-cross-<arch> naming
convention. A variant of this patch has been floating around for a
while but with the changes around per recipe sysroots, distributed
builds, shared builds... we are best served to adopt this convention
now.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
