| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
Bumping image-tools to version v1.0.0-rc3-6-g11f9988, which comprises the following commits:
8899fa9 README: add summary of project status
c6e5a1b version: back to development
25e557a version: update to 1.0.0-rc3
e324098 update email in MAINTAINERS
c3f8284 Revert "Relax LGTMs"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping image-spec to version v1.0.2-144-g02efb9a, which comprises the following commits:
d6ce48a Add mediaType fields into example manifest & image index JSON references
bc44f5b Fixing charter link
02c5c05 implementations: adding the C and Rust libraries
a36b0c8 Handle multiple matching index entries
a3eee7d README.md: Remove link to OCI scope table The OCI scope table no-longer exists.
4533d3e schema: use Go's embed package instead of esc
d147780 .tool: remove lint tool, call linter directly
0e094f3 schema, specs-go: fix lint errors
d3cd202 *: switch to golangci-lint
4d865bc go: have the go.mod at top-level
0f6c001 Remove unneeded docker pull of pandoc image
de28903 Makefile: stale installation of glide was failing
3a46ac8 github: bring forward the versions of golang tested/built with
6ced3bd media-types: `.mediaType` is available in both OCI and Docker
3be64d9 version: bump main back to -dev
beccafd version: release 1.0.2
5b82148 specs-go: adding `mediaType` to the index and manifest structures
2eb4046 *.md: bring mediaType out of reserved status
e3885ce version: bump main back to -dev
67d2d56 version: release 1.0.2
dcdcb7f specs-go: adding `mediaType` to the index and manifest structures
5f31485 *.md: bring mediaType out of reserved status
3fee04b Adding ACR to implementations
8087946 Reflect docker dontation of distribution to CNCF
bd2fa25 Minor spelling correction
fc4df0a Fix very minor oversight in config example
0d98a6c Scope data verification to content consumers
83479d4 Clean up portability considerations
fccc435 Implementations MUST NOT populate data arbitrarily
2596ec0 Expand godoc for Data
58c082d Add note about portability concerns
ce281ce Add Embedded Data section
aaf8045 Define the data field
4f080a7 Add go.mod and pin dependencies
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We refresh our wget -> curl patch for context, but otherwise, no other
changes are required.
Bumping lxc to version lxc-4.0.12-8-g5ba5725cb, which comprises the following commits:
5ba5725cb cgroups: modify cgroup2 attach logic
1e4631641 ttys: ensure container_ttys= env variable is set correctly
8ef019a6c doc: Fix reverse allowlist/denylist in Japanese man page
f1c4a17e7 cgroups: log fd of newly created cgroup
f7446b4e1 cgroups: check that opened file descriptor is a cgroup filesystem
71ba7f656 doc: Fix reverse allowlist/denylist
f314419d1 lxc-checkconfig: Fix bashism
ca4c25c6e lxc-net: don't start by default inside lxc
7e37cc96b Release LXC 4.0.12
d678aa61e lxccontainer: allow xdev when creating the container dir
bc61d2354 github: Clear default ACL on /home
fb0e0b3dd github: add systemd-coredump
53e0d390c github: more detailed compilation instructions
db84a8b6b github: log system info
e9282b6a6 github: ensure system liblxc is wiped
ad8a3bd68 lxccontainer: properly wrap lxcapi_create()
bceb81cd2 build: simplify thread local storage handling
919da35b0 build: only enable LTO for regular builds
d0a1e9c44 lxccontainer: simplify partial file creation
62b5c0051 lxccontainer: improve create_partial()
bfe24cb6a lxccontainer: improve do_lxcapi_create()
1a5c236ac lxccontainer: improve do_lxcapi_save_config()
bae0d7196 conf: log termination status
4eb09aaad conf: improve userns_exec_mapped_root()
928943280 github: stop installing gnupg now that it's unused
7c70b0d14 lxc-download: Rely on HTTPS only
199d2077c Update README.md: Fix broken link (403 Forbidden)
0b6b230e3 attach: don't pointlessly call cgroup_init()
dbef704fb commands: log command during file descriptor retrieval
733f9c909 lxc-checkconfig.in: CONFIG_NF_NAT_IPV4 was removed from the kernel 2019-03-03
ce392e230 (trivial) Fix error message, failure was connect not bind
5628bff79 seccomp: close seccomp notifier fd in cleanup handler
1f2af83a9 seccomp: only guard seccomp notify behind HAVE_DECL_SECCOMP_NOTIFY_FD
9451303d5 api-extensions: don't advertise seccomp notify support if it's not compiled in
23d07c315 use 2 sysfs instances for sys:mixed
0dd3258bd Revert "api: ->save_config() doesn't need to create container dir"
93edd510a api: ->save_config() doesn't need to create container dir
28b2e04f1 cgroups: fix compiler warning
15515f9a3 Revert "initutils: use vfork() in lxc_container_init()"
41d2530d1 macro: ensure necessary io_uring flags are defined
fc4e948c9 autotools: Avoid multiple liblxc.so with --enable-pam
a616a311a build: refuse to compile with unsupported liburing version
93be4e512 tests: add lxc.proc.* test
d8027e49c tests: add lxc.sysctls.* test
6f580343e test: improve logging helpers
a10ff3418 conf: improve logging setting sysctl and /proc/<pid>/ parameters
334cf7beb conf: apply /proc/sys and /proc/<pid>/ parameters
1b74e01ad tests: include config.h
c36379431 build: move _FILE_OFFSET_BITS to common option
f24c234ee start: log signal name and number
4915c9112 process_utils: add signal_name() helper
78baec37d build: improve liburing support detection
1a102b310 mainloop: make ifdefs easier to follow
cf931928f Replace last occurence of 'which' with 'command -v'
1ec5939b4 Replace deprecated backticks with $() construct
fdfb4a13d Replace 'which' with 'command -v' in tests too
71743e811 start: check event loop type before closing fd
f69e6b4d3 mainloop: make sure that descr->ring is allocated
1a8895855 Replace 'which' with 'command -v'
9219277cc build: add io-uring-event-loop option
d04eb166c build: add static libcap to output
bc51048b7 confile: don't use path_simplify() on lxc.{execute,init}.cmd
48728e988 conf: add cgroup2, cgroup2:ro, cgroup2:force, cgroup2:ro:force options
4d3aad49d AUTHORS: Update to point to git history
e328a988e conf: handle kernels without or not using SMT
d40b0deb4 doc: fix typo in English lxc.container.conf(5)
49fab27fc doc: Add lxc.sched.core to Japanese lxc.container.conf(5)
1ad1cab80 doc: add loglevels to ja and ko common options
1505f0780 conf: make it more obvious how auto-mount flags are defined
429233cf0 criu: support restoring containers with pre-created veth devices
48e079bf3 Release LXC 4.0.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping umoci to version v0.4.7-70-gfa8e9f8, which comprises the following commits:
c67586e build(deps): bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
88aaeca fuzz: always use golang:latest
37b9db4 build(deps): bump golang from 1.17.4 to 1.17.5
09ff9d5 build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
86eb281 build(deps): bump golang from 1.17.3 to 1.17.4
610dabf oci: protect against mediatype confusion attacks (CVE-2021-41190)
9b17e05 oci: gc: fix tests to correctly use the right media-types
38c20f1 ci: fix fresh builds
220b0c0 build(deps): bump github.com/opencontainers/image-spec
732d36d build(deps): bump golang from 1.17.2 to 1.17.3
58f3a37 mutator: .Config() should return ispec.Image vs. ImageConfig
001bbd4 ci: update main branch name
7bebba6 ci: osx: only try to unlink parallel if installed
a0d54ce build(deps): bump golang from 1.17.1 to 1.17.2
72ec924 *: use new protobuf package
09d1d79 build(deps): bump github.com/golang/protobuf from 1.5.0 to 1.5.2
88243cd build(deps): bump github.com/rootless-containers/proto
12270d3 build(deps): bump github.com/opencontainers/runc
056236a *: make codecov slightly less annoying
18fdf79 build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0
6f84bbb build(deps): bump github.com/cyphar/filepath-securejoin
0b4d52f build(deps): bump github.com/apex/log from 1.4.0 to 1.9.0
ac6ba6c build(deps): bump github.com/klauspost/pgzip from 1.2.4 to 1.2.5
9cd570d build(deps): bump golang from 1.14 to 1.17.1
26e57a2 gha: enable dependabot
65932cd ci: hardcode Go version used for linting
17111a6 *: use go1.17-friendly go:build tags
f6c2e79 codecov: drop explicit env.CODECOV_TOKEN
f80d8e2 ci: use codecov-action
785ed73 fix(Makefile): avoid usage of which
97099f1 mutate: implement an AddExisting() API
5adbd99 oci: casext: walk: do not attempt to recurse into un-parseable blobs
aad89ed oci: cas: add StatBlob to CAS interface
7091cd1 ci: switch to GitHub Actions
3ceb144 Add 2 fuzzers
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping skopeo to version v1.6.1-10-g3e2defd6, which comprises the following commits:
52002728 Update github.com/containerd/containerd
0ad25b2d Bump github.com/containers/image/v5 from 5.19.1 to 5.20.0
8cbfcc82 do not recommend upgrading all packages
370be7e7 Improve a comment in the 010-inspect.bats test
73edfb82 Move to v1.7.0-dev
49084d2c Bump to v1.6.1
23183072 Work around systemd-resolved's handling of .invalid domains
3be97ce2 Beautify a few calls
49d9fa9f Only look for the layer digests in the Layers field.
77363128 Don't expect the config blob to be listed in (skopeo inspect)
0f363498 Cirrus: Use updated VM images
27b77f2b Bump c/common to v0.47.4
de714082 tests: skip sif test on RHEL
697ef595 Bump to v1.6.1-dev
e4b79d77 Release v1.6.0
162bbab3 Bump version of containers/image and containers/common
004519f1 Improve the documentation of boolean flags
9db60ec0 Document where various fields of (skopeo inspect) come from
cb74933b Improve the documentation of the argument to (skopeo inspect)
7f4db3db Update vendor of containers/storage and containers/common
a4476c35 add a SIF systemtest
042f4816 Update vendor of containers/common
bd8ed664 Github workflow: Fix yaml syntax
b51707d5 Bump github.com/containers/storage from 1.38.0 to 1.38.1
bb49923a prompt-less signing via passphrase file
cd58349b Github-workflow: Report both failures and errors
2858904e Run codespell on code
923c58a8 Update the vendor of containers/common
1bf18b7e Bump github.com/containers/storage from 1.37.0 to 1.38.0
d32c56b4 Update github.com/containerd/containerd to 1.5.9
6007e792 Fix the pseudo-version of github.com/opencontainers/image-spec
5aa06a51 Update github.com/opencontainers/runc to v1.0.3
f6a84289 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0
c5b45c6c Bump github.com/docker/docker
c582c484 Add option to preserve digests on copy
2046bfda Add option to preserve digests on copy
e7dc5e79 proxy: Also bump compatible semver
3606b2d1 proxy: Add a GetFullConfig method
5c82c772 Update github.com/containerd/containerd to v1.5.8
37d801c9 Update opencontainers/image-spec
d9401546 Add an option to allow copying image indexes alone
4dcd28df Use a dynamic temp dir for test
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Podman now installs the systemd service and socket by default, so
we can drop our custom installation of those elements, otherwise the
build is unchanged.
Bumping libpod to version v4.0.1-11-g717edd7b8, which comprises the following commits:
0f626c377 Bump to v4.0.3-dev
342c82593 Bump to v4.0.2
bd5ff1c32 Update release notes for v4.0.2
791c8c347 Revert "use GetRuntimeDir() from c/common"
cc4a70c80 Revert "Option --url and --connection should imply --remote."
ca980c2e0 Option --url and --connection should imply --remote.
cfcc0d639 Bump to v4.0.2-dev
c8b9a2e3e Bump to v4.0.1
b1ffa822f Update release notes for v4.0.1
de9f22805 Fix a potential flake in volume plugins tests
697dd2890 Propagate $CONTAINERS_CONF to conmon
c559e4e6f tests: Remove inaccurate comment
3718d096b System tests: show one-line config overview
e1d5c812d provide better error on invalid flag
2b85f62a2 use GetRuntimeDir() from c/common
82f4760de kube: honor --build=false and make --build=true by default
e356dfe06 system tests: cleanup networks on teardown
71b0909f2 Remove the runtime lock
ee7cf3cc2 Don't log errors on removing volumes inuse, if container --volumes-from
eb9fe52a5 kube: honor mount propagation mode
a0c34d64a Load ip_tables modules at boot
e8d7e580a Cirrus: Disable F34 aka prior-fedora testing
7b106f5b6 Cirrus: Update VM Images for 4.0 release
d59749d64 Bump to v4.0.1-dev
49f8da727 Bump to v4.0.0
84c8870ac Release notes for v4.0.0 final
15cb91855 Fix lint
ae9ad416a Fix manifest 4.0 Endpoints Branch forced 4.0 only endpoints
1a8c715f1 Introduce podman machine init --root=t|f and podman machine set --root=t|f
f71dfcb5d Initial implementation of mac forwarding using a privileged docker sock claim helper
2128236da ignition: propagate proxy settings from a host into a vm
809da6b0b Update to podman4 copr stream
bd8ac0017 Unify ls --filter docs for networks and pods
77e51e188 e2e: merge after/since image-filter tests
8ad29421e podman network: add documentation for netavark
f35e03ec8 create: Fix key=value annotation in the flag output
22cfa9860 enable netavark specific tests
d77b4f92c Fix checkpoint/restore pod tests
a72e22160 Make sure building with relative paths work correctly.
975d79aed Add 409 response to swagger godoc
421b7466c Fix images since/after tests
04badc2c9 Changes of docker descriptions
09708bee9 Fix images since/after tests
35a4f32be Changes of docker descriptions
629d86445 Temporarily pull machine images from side repo
a6fbfd47c Cirrus: TODO: netavark/aardvark release branches
e5644bbf1 Cirrus: Expand netavark testing to include rootless
1656a2335 Cirrus: Minor - limit release task applicability
afb39f2e4 Cirrus: Add [CI:BUILD] magic that only builds
926c3b08a CI: fix nightly builds
1e3115cf4 Cirrus: Log netavark/aardvark binary build info.
66a3be370 Cirrus: Add netavark/aardvark system test task
6b0d4d915 Cirrus: Also download aardvark-dns binary
b63f61f5c Cirrus: Add e2e task w/ upstream netavark
6a3de9351 Revert minimum API change
9688a462e netavark e2e tests
92790e98c Bump to v4.0.0-dev
d7d79ce81 Bump to v4.0.0-RC5
5356e36b8 Update release notes for v4.0.0-RC5
77ca2498e Modify /etc/resolv.conf when connecting/disconnecting
f8cd4df1b Do not set the network config dir to cni plugin dir
d0fccbbbb Show API doc for several versions
e7998b122 [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.
6d01b6dd6 fix: Multiplication of durations
ed60f8908 move rootless netns slirp4netns process to systemd user.slice
7e37c608f compat: endpoint /build must set header content type as application/json in reponse
9aee36b76 Cleanup: remove obsolete/misleading bug workaround
b1b9a0d7a tests: retrofit healthcheck system tests
74cba33c7 healthcheck, libpod: Read healthcheck event output from os pipe
7ec63f092 Fix: Do not print error when parsing journald log fails
d62a0204d Bump github.com/buger/goterm from 1.0.1 to 1.0.4
bcd5f5ead append podman dns search domain
b1bf91a22 Podman pod create --share-parent vs --share=cgroup
85c0fe7dc System tests: revert emergency skip of checkpoint tests
71d151449 Add version guard to libpod API endpoints
345413540 [v4.0] Bump c/common to v0.47.4
7499496f3 idmap should be able to be specified along with other options
e47a3bec9 Vendor in containers/buildah v1.24.1
cad3eb78b Bump to v4.0.0-dev
0c9648136 Bump to v4.0.0-RC4
c1618042f Disable failing E2E test
70623790d Revert "Move each search dns to its own line"
48f10e1d0 Move each search dns to its own line
938d5152c Update release notes for v4.0.0-RC4
99968002f Document `schema` values in the `--url` flag
6d747dca2 podman image scp syntax correction
e0cbcdc33 system prune: remove all networks
8f3f0710f Only change network fields if they were actually changed by the user
fb6fca806 docs: clarify rootless net stats
cad6459b6 Fix size to match Docker selection
06821627f libpod: enforce noexec,nosuid,nodev for /dev/shm
44cd232be Clarify remote client means Mac and Windows
9d3bcb587 libpod: report slirp4netns network stats
f65b62c98 Add notes to "--oom-kill-disable" not supported on cgroups V2
178cccbf9 Fix use of infra image to clarify default
97c8bdfeb Adapt podman images ls filters docs to be aligned with prune filters docs
49076ba87 ignition, machine: delegate cpu,io cgroup controllers to machine's default users
0c9a8ac07 pkg/bindings/images.Build(): slashify "dockerfile" values, too
3b565bacf Remove mention of IPv6 portfwd from release notes
10a966a2a Bump to v4.0.0-dev
9b441c0dd Bump to v4.0.0-RC3
f5dfe026d Update release notes for v4.0.0-RC3
ebf5ad50e Fix Cirrus destination branch
e64e6500d volume: add support for non-volatile upperdir,workdir for overlay volumes
a928d39d0 github: label issues based on os fix regex
525bdc377 github: label issues based on os
4c26a3a5c Cirrus: Fix get_ci_vm.sh initial setup
d455bb879 System tests: emergency skip of checkpoint tests
6961d9120 network create: allow multiple subnets
86547cc24 Update troubleshooting.md
24dc02064 Fix sort ordering of filters
63b1557a2 Unify podman prune filter description: volumes, networks, system
4a4d86d40 Bump Buildah to v1.24.0
6336e1ff1 rootless: drop permission check for devices
77cd38d40 switch podman image scp from depending on machinectl to just os/exec
ab22a688d Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0
991652988 Bump github.com/containers/storage from 1.38.0 to 1.38.1
9073b56a3 change location of where make outputs podman binary on osx
72ddacdbe Github workflow: Fix parsing of GraphQL response JSON
6df245c6e Github-workflow: Fix YAML syntax
44a87229b Update godoc, swagger using wrong struct
e4636ebdc Makefile: install targets independent of build
42e1c2981 [CI:DOCS] Fix typos and improve language
7cdb00a45 CI: enable rootless-remote system tests
98739237e pkg/specgen/generate/security: fix error message
29e89da1a Github workflow: Send e-mail on job error
0d42d9f8d Github workflow: Update Cirrus-cron GraphQL query
dbfe79757 remote build: set rootless oci isolation correctly
8099a61b6 [CI:DOCS] Fix typos and improve language
80a5295d4 Fix handling of duplicate matches on id expansion
1cddd6397 Show correct default values or show none
e252b3b4f exec: retry rm -rf on ENOTEMPTY and EBUSY
2f371cb12 container create: do not check for network dns support
75e6994d4 libpod: fix leaking fd
f6e36a649 libpod: fix connection leak
e68d188f6 [CI:DOCS] fix typo subpordinate
aff6a5af8 Fix filter description and unify filters docs for containers/images prune
7938f32c5 Remove unused param and clean API handlers
e834297b3 Restore machine start logic that was hanging
c81a616ca Bump to v4.0.0-dev
71238d3cc Bump to v4.0.0-RC2
b29640c78 Final release notes for v4.0.0-rc2
5736649eb Run codespell on code
f6bb60087 Update release notes for Podman v4.0.0
653da8fe8 Fix #2 for compat commit handling of --changes
9d815707e Fix nil pointer dereference for configmap optional
0b5136c7c Make error message matching in 030-run.bats less fragile
9241b4e34 Don't explicitly check for crun|runc in package information
2947ded7a Don't segfault if an image layer has no creation timestamp
1c0fdba4f compat: remove hardcoded index from load images output report
9df31cfb7 compat: images/load must be able to load tar with multiple images
47df14af5 System tests: fix for new systemd on rawhide
ee039b740 Remove rootless_networking option from containers.conf
e22b9889d vendor c/psgo@v1.7.2
1f85244ab Engine.Remote from containers.conf
2c492be00 vendor: bump c/common and other vendors
7046e7804 rootless: report correctly the error
2d0b5ebb5 Implement API forwarding for podman machine on Windows
4693fc6db Implement env parsing on Windows
c674d3cc7 Handle changes in docker compat mode
dbaaef5c4 Show package version when running on alpine
b9a2d8698 Handlers for `generate systemd` with custom dependencies
abcd29239 APIv2 tests: followup to recent log test
4b384e08a Add IndexConfigs to compat /info endpoint
a0165a64b Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
af6a43fa4 apiv2 test: add regression test for #12904
4d1c327ed SECURITY.md: fix the project name
c0e072346 rename --cni-config-dir to --network-config-dir
7e30531f2 compat attach: fix write on closed channel
774271c38 upgrade all dependencies
38fbc8af1 Revert "Cirrus: Temporarily disable OSX Cross task"
4adf457ff Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
bd09b7aa7 bump go module to version 4
f23e8ca67 [NO NEW TESTS NEEDED] add builddeps to copr template
471a4356b CI: rootless user: also create in some root tests
c8124b88a [WIP] Tests for podman image scp (the sudo form)
141de8686 Revamp Libpod state strings for Docker compat
860463d97 Cirrus: Temporarily disable OSX Cross task
06ad51c83 update c/common to latest
10d969ff1 Use PODMAN_USERNS environment variable when running as a service
6bca61e0f Unify the method of parsing filters in cmd
3c2a5947c fix default branch links
d6e55577c [CI:DOCS] fix default branch links
bb3097cd0 [CI:DOCS] Unprivileged native overlayfs is now supported
ab8a50848 [CI:DOCS] Fix typo in --env
420303b94 Recursively copy cert files.
8a7e70919 Refactor manifest list operations
350765e79 Add rpkg template for COPR autobuild
607cb80bf Fix cgroup mode handling in api server
a15dfb364 Standardize on capatalized Cgroups
13917dfab test/system: podman run update /etc/hosts
14940a067 Remove two GetImages functions from API
72ab66d88 Use fully-qualified device name in CDI test
968deb7c2 Use new CDI API
96be2bb3d troubleshooting links to main branch
bf3734ad5 Podman Build use absolute filepath
699683010 Prohibit --uid/gid map and --pod for container create/run
a4cef5435 podman container rm: remove pod
ece768ff9 Manual fixes for PR #12642:
92e787521 podman build enable --all-platforms and --unsetenv
fa6405c3c use events_logfile_path from containers.conf for events log.
f257d9839 Podman Pod Create --sysctl support
b7fe25dc2 Wait for podman stop to complete
194d14ca2 libpod: fix check for systemd session
8dc2464b0 libpod: refine check for empty pod cgroup
b24063582 fix buildah-bud test diff
85f9cf390 upgrade test: check that network backend is cni
918890a4d use netns package from c/common
0151e10b6 update buildah to latest and use new network stack
858b21064 podman image scp: implement --quiet
495884b31 use libnetwork from c/common
fde6ad637 Add --noout option to prevent the output of ids
5aedcb364 remote events: convert TimeNano properly
47374aac8 Bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0
485305a5f vendor latest c/common
6e208c222 add additional fields to podman machine ls --json
6fa077750 buildah bud tests: skip failing tests
83b0fb469 Fix permission on secrets directory
8f2358eea Add podman rm --depend
f04465bfe fix host.containers.internal entry for macvlan networks
6d5ad9c11 It takes some time to start a VM
c085fb3c9 Pretty Print output of podman machine ls --format json
19a475906 Use the InfraImage defined in containers.conf
799078216 Cirrus: Freshen VM images
0e4e5cf99 Revert "Cirrus: Temp. ignore gitlab task failures"
a95c01e0e pkg: use PROXY_VARS from c/common
a8b02cf4b ignition: add support from setting SSL_CERT_FILE
5c363ff27 ignition: propogate HTTP proxy variables from host to remote
18785450e Bump to v4.0.0-dev
9d26c1abb Bump to v4.0.0-RC1
508f9b76e System tests: fix RHEL8 gating tests
b7380a7c3 vendor c/common
01ba2531b Remove dead RuntimeOption functions
0933f6c0b Update docker cli message for case where user creates directory
4dc5a5b15 Don't add env if optional and not found
a8a3e8bc9 Fix type-o in podman.wxs
37c0b27b6 [CI:DOCS] fixes indentation of example pod yaml
7dada6d49 Prevent double decoding of storage options
f68890815 Emergency system-test fixes
1941d45e3 add OCI Runtime name to errors
2a524fcae fix healthcheck timeouts and ut8 coercion
4191616cc Don't rename pod if container has the same name
13f3fd255 Set volume NeedsCopyUp to false iff data was copied up
7a24be6ad Fix CI
680923743 correct typo words in docs
64df41755 Change Tests to ignore missing containers when removing --all
79c5b73ed test/e2e/pod_initcontainers: fix a flake
cf7fc3695 test/e2e/run: don't use date +%N on Alpine
2e0d3e9ea Support all volume mounts for rootless containers
32e845028 Fix wrong 'podman search --format' placeholder
0c6ae3ab2 Fix Container List API call to return mount info
76a944b14 fix misleading comment regarding default value of cpu period [NO NEW TESTS NEEDED]
c496001d0 add --ip6 flag to podman create/run
116a276e8 legacy events: also set exitCode
f6a3eddd2 Don't initialize the global RNG with GinkgoRandomSeed() in e2e tests
90e74e794 Avoid collisions on RemoteSocket paths
ee146a9ab Refactor remote socket path determination in tests
a8e223faf fix doc
2ff5644bf test/system: podman run image with filesystem permission
fc65b0f73 test/system: podman run with log-opt option
1e3434d11 Update swagger documentation
6630e5cf6 Make it possible to select the volume driver
a3326e23d Check the mount type for future compatibility
8e7eeaa4d Implement virtfs volumes for podman machine
ec32430a0 [CI:DOCS] Add example of cpus to init command
a2687783d prefix imageId with sha256: in containers list test for compat API ImageId
289270375 Pod Security Option support
f21744939 ignition: add certs from current user into the machine while init
410082f25 docs: sort swagger operations alpabetically
7117d5605 .service file removal on failure
803defbe5 Introduce Windows WSL implementation of podman machine
f6d00ea6e podman image scp never enter podman user NS
e8c06fac9 Allow users to add host user accounts to /etc/passwd
1aa4e4d4d container creation: don't apply reserved annotations from image
cbcab4342 [CI:DOCS] clarify `io.podman.annotations.seccomp`
d669dbfb9 Error out early if system does not support pre-copy checkpointing
b746b2256 Update go-criu to v5.3.0
cb4f498e4 [CI:DOCS] docs: document rootless userns mappings
3ac5999f8 Switch to a new installer approach using a path manipulation helper
207823eb0 e2e: Add dev/shm checkpoint/restore test
f3d485d4d Enable checkpoint/restore for /dev/shm
2d7dbda41 Update github.com/checkpoint-restore/checkpointctl
af1dbbfb7 Always run passwd management code when DB value is nil
a5e49d966 Warn on use of --kernel-memory
04dbbd96b support hosts without /etc/hosts
20ce6e5c6 Podman run --passwd
fca66b6cb ci: force scratch build for crun
64ce6949f Use hosts public ip address in rootless containers
b1f5e861b compat: image normalization: handle sha256 prefix
89ee302a9 specgen: honor userns=auto from containers.conf
bb096c3bf [CI:DOCS] Small checkpoint/restore man page fixes
1ddb49c66 [CI:DOCS] Explicitly mention that checkpointing systemd containers might fail
3570c38ff vendor: update containers/storage
48cb44651 build: fix test for subid 4
46a094a7a test: add --rm to podman run commands
af6bcd086 fix(generate): fix up podman generate kube missing env field bug
a1ebde118 legacy events: also set Action="die"
a837984c4 rootless: include the args in the debug message
5cbc6b62d apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
12d762f8e image rm: allow for force-remove infra images
6423174c6 tests: adjust old build test to expect exit code
28018ce60 Test for checkpoint specific inspect fields
bc3389e21 Add more checkpoint/restore information to 'inspect'
f566d8b8e build: relay exitcode from imagebuildah to registry
e88c21366 Removed .service file for healthchecks
a86495ea6 Set machine timezone
459e78414 MovePauseProcessToScope do not seed everytime
f241efb17 bindings rmi test: clarify behavior
03a3fc37f bump cobra to 1.3.0
6cde9255f .github: revert to the old template
4243ca93a oci: configure the devices cgroup with default devices
3b6510da6 kill: fix output
5392ff51c e2e: search flake: skip test on registry.redhat.io
7b51acd4c APIv2 tests: fail on syntax/logic errors
51a4bef2e Show --external containers even without --all option
0a2eb7b18 apiv2 tests: refactor complicated curls
888c778ee fix network id handling
afdb4dc22 Update Windows Install Doc
52b12fe98 Fixes #12063 Add docker compatible output after image build.
65d5a2b68 pause scope: don't use the global math/rand RNG
ef325bc8c specgen: check that networks are only set with bridge
094e1d70d container restore/import: store networks from db
3e9af2029 play kube add support for multiple networks
535818414 support advanced network configuration via cli
d072167fe Add new networks format to spegecen
46938bbf8 fix incorrect swagger doc for network dis/connect
4791595b5 network connect allow ip, ipv6 and mac address
9ce6b6413 network db: add new strucutre to container create
4e8ad039c remove unneeded return value from c.Networks()
5490be67b network db rewrite: migrate existing settings
5f1f62f0b network ls: show networks in deterministic order
5a071d9f5 Bump github.com/docker/docker
1fff76c3c pprof flakes: bump timeout to 20 seconds
50501f49a Add secret list --filter to cli
8cb93ac10 Cirrus: Temp. ignore gitlab task failures
81a0a7984 compat build: adhere to q/quiet
5bbcfaf4a Make XRegistryAuthHeader and XRegistryConfigHeader private
3cfefa124 Remove the authfile parameter of MakeXRegistryAuthHeader
d79414c54 Simplify the header decision in pkg/bindings/images.Build a bit
f9be32627 Remove the authfile parameter of MakeXRegistryConfigHeader
935dcbb00 Remove no-longer-useful name variables
0e29b8975 Consolidate creation of SystemContext with auth.json into a helper
fe1230ef7 Remove pkg/auth.Header
3725a34cb Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)
78dd79752 Turn headerAuth into MakeXRegistryAuthHeader
d073b1275 Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)
8155fb565 Turn headerConfig into MakeXRegistryConfigHeader
29f408871 Move the auth file creation to GetCredentials
9d56ebb61 Consolidate the error handling path in GetCredentials
da86a2328 Only look up HTTP header values once in GetCredentials
1589d70bc Use Header.Values in GetCredentials.has
2946e8349 Beautify GetCredentials.has a bit
1ecc6ba72 Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeader
6f1a26b04 Simplify parseSingleAuthHeader
7674f2f76 Simplify the interface of parseSingleAuthHeader
2aeb690d3 Don't return a header name from auth.GetCredentials
491951d66 Fix normalizeAuthFileKey to use the correct semantics
1b6bf9713 Rename normalize and a few variables
d29a4a6d1 Add TestHeaderGetCredentialsRoundtrip
ad7e5e34f Add tests for auth.Header
5a5aa6009 Improve TestAuthConfigsToAuthFile
ff003928b Add unit tests for singleAuthHeader
b162d8868 Add unit tests for multiAuthHeader
bc191ca7d fix e2e test missing network cleanup
99bc00421 pprof CI flakes: enforce 5 seconds grace period
1d781ccbe [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563)
593d0907c --hostname should be set when using --pod new:foobar
a63035be2 Cirrus: Use cached swagger binary
6d19ecadc inotify: make sure to remove files
18854f566 System tests: remove rm_pause_image()
b526a0ccd specgen: honor empty args for entrypoint
2d517b687 generate systemd: support entrypoint JSON strings
6c05961ba Bump github.com/uber/jaeger-client-go
d7f6f4e88 remove runlabel test for global opts
0999245e4 utils: reintroduce moveToCgroup
99e9fcdb6 autocopr: distro conditionals for containers-common
d87a9b788 vendor c/image/v5@main
2130d1853 Update vendor or containers/common moving pkg/cgroups there
7d0fd175f volume: apply exact permission of target directory without adding extra 0111
851349345 Cirrus: Remove remnants of nix-based static build
d35aa3f29 Refactor podman pods to report.Formatter
3753347d6 rootless netns: resolve all path components for resolv.conf
eee3a42b7 tests: clean up FIXMEs and noise
207065ce9 fix remote run/start flake
6d7e6d744 e2e: fix pprof flakes
c91fb244c Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
76f5100be vendor c/common@main
527fd3c0f Escape trailing slash in install directory location so the closing quote is not escaped
e89a62602 centos 9 stream cannot use %autochangelog
7d22cc88e Refactor podman system to report.Formatter [NO NEW TESTS NEEDED]
8e0532623 add spec file for automated copr builds
c9ad1da51 Add restart-sec option to systemd generate
2e132d1d4 Fix documentation of (podman image save --compress --uncompressed)
952046ffd Improve documentation of (podman image save --format)
7d331d35d Add support for configmap volumes to play kube
bd9f8815e cmd, push: use the configured compression format
aafbaa497 [CI:DOCS] logformatter: fix corner case with links
ecd48325f UPdate vendor of image-spec and containers/storage
fe1cdab59 vendor: update containers/common
babc69367 Update doc to explictly mention using ed25519 in ssh keys
61792de36 Refactor podman image command output
6cb25b3d1 Manual fixes
eb1212bed Same thing, with BeNumerically("==", x)
c0a8814fb Use HaveLen(x) instead of Expect(len(y)).To(Equal(x))
92f9e1176 Same thing, for BeNumerically("==", 0)
7c6123f8e Use BeEmpty() instead of len(x).To(Equal(0))
c67649546 Same as previous, for assertions other than Equal()
478f2da5d e2e tests: a little more minor cleanup
8d6d9df40 compat API: push: report size of manifest
2683ecbbc compat: images/json
a0e696411 Add ashley-cui, lsm5 and floutoc to owners
65109494b remove ARTIFACT_DIR and ArtifactPath
3ac1b9bc0 Image caches: allow overriding cache dir
5ac66e2aa Rename CrioRoot as just Root
3ff47748d Fix possible rootless netns cleanup race
db3a4c070 [NO NEW TESTS NEEDED] Refactor podman container command output
4e63f9192 Hostname in `spec.hostname` should be passed to infra ctr init opt
0afaf7837 container, cgroup: detect pid termination
e2b344728 top: parse ps(1) args correctly
6673ff78d podman, push: expose --compression-format
9ce7ade8c e2e: yet more cleanup of BeTrue/BeFalse
f415b3055 Ensure the generated NodePort values are unique
a948ecbb9 Allow containerPortsToServicePorts to fail
ec686d68d Don't use the global math/rand RNG for service ports
d48c00418 Move a comment to the relevant place
8eb0be0a2 a few more manual BeTrue cleanups
f7cbb1d84 Convert strings.Contains() to Expect(ContainSubstring)
12787963b e2e tests: more cleanup of BeTrue()s
5a56f4094 Implement 'podman run --blkio-weight-device'
9a10e2124 systemd: replace multi-user with default.target
5bdd571b1 compat API: allow enforcing short-names resolution to Docker Hub
0ddb09448 Fixed the containerfile not found during remote build.
c80a2e449 podman-remote: prevent leaking secret into image
e7204178e podman-remote: copy secret to contextdir is absolute path on host
bfcaf538b api: allow build api to accept secrets
931c08157 Only open save output file with WRONLY
f330c197b List /etc/containers/certs.d as default for --cert-path
b63d69640 e2e tests: enable golint
697ff213d fix: parsing of HostConfig.Mounts for container create
2e50514ad Move the chown to after the ADDs
cbda62d1b fix: error reporting for archive endpoint
d5c3cc949 Bindings test: emit GIT_COMMIT, for links in logs
bc3c5be2f checkpoint do not modify XDG_RUNTIME_DIR
e648122b2 libpod: improve heuristic to detect cgroup
a66f40b4d libpod, inspect: export cgroup path
b25b33030 stats: get the memory limit from the spec
84e81252f compat: Add compatiblity with Docker/Moby API for scenarios where build fails
c7ebaeee0 libpod: leave thread locked on errors
eb3708a52 Find and fix empty Expect()s
df6aa6730 Unset SocketLabel after system finishes checkpointing
c034147fe Remove StringInSlice(), part 2
2fcb39586 Remove StringInSlice(), part 1
cd59721de e2e test cleanup, continued
533636395 Update basic_networking.md
5cf2683bf Warn on failing to update container status
a4e4b8d92 oci: ack crun output when container is not there
08558b27f oci: exit gracefully if container is already dead
dd80635df Support env variables based on ConfigMaps sent in payload
0d1aaf080 image lookup: do not match *any* tags
566b78dd0 generate systemd: add --start-timeout flag
49d63ad5c Oops! Manual edits to broken tests
97ab9176f e2e tests: clean up antihelpful BeTrue()s
aa301225a Cirrus: Strip out static nix build
9c8fb5cc0 Rename pod on generate of container
2ab28140d [CI:DOCS] Update notes on java TZ in man page
73e95d1c3 Bump github.com/containers/image/v5 from 5.16.1 to 5.17.0
044edbb9c Fix netavark error handling and teardown issue
13ee1788f swagger: add layers to build api docs
022273c19 compat: add layer caching compatiblity for non podman clients
f564c9a34 Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
a8b3c67b9 Add note about volume with unprivileged container
d173ebc06 Add EXPOSE e2e test
02be831ce Support EXPOSE with port ranges
ab56a7c4b compat: Add subnet mask behind IP address to match Docker API
d06899769 [CI:DOCS] Add java TZ note to run manpage
44b240470 Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6
21629b050 podman-remote does not support signature-policy
ced0ffbe8 Add tests for restore runtime verification
c76caba36 Use same runtime to restore a container as during checkpointing
8198e96f3 Force iptables driver for netavark tests
501643c8b Make sure netavark output is logged to the syslog
6011149ca filter: use filepath.Match to maintain consistency with other pattern matching in podman
c03b6b54f Semiperiodic cleanup of obsolete Skip()s
a3664269b [CI:DOCS]upload a translation file
b2623ceb4 api/handlers: Add checkpoint/restore FileLocks
84021cfdc test: Update error string for --file-locks test
22ef7b620 fix duplicated logs command
19400ec0d Bump github.com/docker/docker
7f96a8d2d Bump k8s.io/api from 0.22.3 to 0.22.4
0dae50f1d Do not store the exit command in container config
7098463e7 Add test for checkpoint/restore with --file-locks
6d23ea60d Add --file-locks checkpoint/restore option
7f52bd843 Cirrus: Bump Fedora to release 35
3ee2d2367 Cirrus: Partially revert catatonit --force install
226be65bd Revert "Cirrus: Temp. disable prior-fedora testing"
5bd43fbea Cirrus: Workaround log_driver=journald setting
f3021f3f6 Cirrus: Fix bindings test hang b/c logging config mismatch
155a443a9 Cirrus: Timeout bindings test after 30m
3aa7076ff Cirrus: Log more things in bindings and unit tests
d6d1ce980 Minor Makefile fix
62d6b6bf7 rootless netns, one netns per libpod tmp dir
2e5d3e8fb Introduce Address type to be used in secondary IPv4 and IPv6 inspect data structure.
e83d36665 volumes: add new option idmap
fceecc3a5 remote checkpoint/restore: more fixes
6f6a6925b fix CI
010bee04c fix: take absolute path for dd on apple silicon
d6c18902e System tests: new checkpoint tests
3073543fd rootless: use catatonit to maintain user+mnt namespace
cb9de1007 rootless: drop strerror(errno) calls
084e32336 rootless: reuse existing open_namespace function
277d52686 rootless: use auto cleanup functions
ee6271113 utils: use podman-pause-$RANDOM.scope name
e367f4614 hack/bats: deal with new bin helpers
422dc5e69 Change error message for compatibility with docker
97c6403a1 rename libpod nettypes fields
8ca300ae9 podman machine start wait for ssh
33ec8c669 fix remote checkpoint/restore
44d1618dd Add --unsetenv & --unsetenv-all to remove def environment variables
364b242b7 Set config environment variables early in Podman init
63ef7135d journald logs: keep reading until the journal's end
014cc4b9d secret: honor custom target for secrets with run
5df883e87 bindings: reuse context for API requests
295d87bb0 podman machine improve port forwarding
c21259bf8 Network test: fix podman-remote-rootless corner case
c050f05cc filter: add basic pattern matching for label keys
c8790bfbb cirrus: force-install catatonit
5934e4c9b infra container: replace pause with catatonit
58cf0d462 Revert "add kubernetes pause"
d28b39a90 Added test for checkpoint/restore --print-stats
914f4c890 Update man pages for checkpoint/restore --print-stats
80e56fa12 Added optional container restore statistics
6202e8102 Added optional container checkpointing statistics
062c88771 Error logs --follow if events-backend != journald, event-logger=journald
9226ccb59 Enable 'podman run --memory-swappiness=0'
164c42b48 Fix network mode in play kube
b1c002342 Always create working directory when using compat API
f517510bc play kube: don't force-pull infra image
ac38eca3f Podman Image SCP transfer patch
6762d5e23 --authfile command line argument for image sign command.
f35d7f4dc Cirrus: Temp. disable prior-fedora testing
0b60b191d Cirrus: Update to Ubuntu 21.10
3af19917a Add failing run test for netavark
fe90a45e0 Add flag to overwrite network backend from config
9f4d63f91 libpod: create /etc/mtab safely
8041d44c9 Add network backend to podman info
b2f7430b6 Add more netavark tests
1c88f741a select network backend based on config
3fe0c4917 Fix RUST_LOG envar for netavark
4febe5576 netavark IPAM assignment
eaae29462 netavark network interface
12c62b92f Make networking code reusable
c43b81f9a Fix flake in upgrade tests
73e1cdfe9 export adding id-specifier code to setContainerNameForTemplate
980c47aaa VOLUME must be declared after RUN chown command
3690532b3 network reload return error if we cannot reload ports
27de152b5 network reload without ports should not reload ports
a55fdbb49 Print headers for system connection ls
6236be4ff [CI:DOCS] Add CI check for SEE ALSO in man pages
1ef66d6d7 podman load: support downloading files
2720156fa Add links to all SEE ALSO sections
df0666436 pod create: read infra image from containers.conf
9877280f5 rootless: adjust error message
216e2cb36 Fix rootless networking with userns and ports
faf450ea1 support health checks from image configs
6ee3b33d3 change from run to create in 250-systemd.bats
d0b502fce Exclude already built sources for static build
72cf38968 shm_lock: Handle ENOSPC better in AllocateSemaphore
8a9da7698 Fix Zsh completion command documentation
555e21557 Match .c files in Makefile
65609f338 Add Static Build download instructions to README
7225ddb5b Add links to podman build,run, create see also
2ed31f9f1 Minor test tweaks
8b7b0b7ca pod create: read network mode from config
5fbc67f20 Bump Catatonit up to v0.1.7
e907f095b test connection add
338eb9d75 system: Adds support for removing all named destination via --all
6444f2402 pod/container create: resolve conflicts of generated names
f3fab1e17 podman-generate-kube - remove empty structs from YAML
4e8bf8be4 Add some information about disabling SELinux when using system volumes
02f67181a Fix swagger definition for the new mac address type
5c0351cc6 Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
3e1940a8e Test to check for presence of 'stats-dump' in exported checkpoints
6b8fc3bd1 Add 'stats-dump' file to exported checkpoint
ffa5ed0e0 Podman Image SCP rootful to rootless transfer
7f433df7e rename rootless cni ns to rootless netns
58f8c3d74 mount full XDG_RUNTIME_DIR in rootless cni ns
6fee827c7 Bump github.com/checkpoint-restore/go-criu/v5 from 5.1.0 to 5.2.0
756dda298 Keep error semantics intact
614c6f597 Fix rootless cni netns cleanup logic
b85e3764a tweak a couple of flag descriptions in help output
ff92d7371 Update swagger doc make filed optional
ba8eba83e Fix bindings container log test
0234b153c test: run --cgroups=split in new cgroup
001d48929 MAC address json unmarshal should allow strings
6e6388eac Make stop message more similar to start
449cc7a5c Implement top streaming for containers and pods
f2115471d Handle HTTP 409 error messages properly for Pod actions
d0dfc5e22 Add tests
48d0d2b4a Fix swagger definitions
48e1cca9f More conforming libpod API and swagger types
62ee24bb7 More conforming libpod API and swagger types
a845613d0 Better emptiness test for custom JSON serializer
7b2531c13 System tests: enhance volume test, add debug prints
15eb01601 add unit test to containers_test
120ad2d3c Use correct swagger type in doc-comment
9c34bd52f Cirrus: Authorize rootless user self-ssh
218d91d76 Fix libpod API conformance to swagger
e69eae645 Fix help message case for `podman version`
9fc98f265 Fix pause usage example
749487600 Use systemctl in local system test
98506c961 Allow label and labels when creating volumes
c5f0a5d78 volumes: be more tolerant and fix infinite loop
3c79202fb Add information on how podman machine is updated
4e9e6f21f volumes: allow more options for devpts
e6286fbac volumes: do not pass mount opt as formatter string
feebf1bd8 Bump k8s.io/api from 0.22.2 to 0.22.3
960831f9c runtime: change PID existence check
9e5cd3205 oci: rename sub-cgroup to runtime instead of supervisor
0136a66a8 libpod: deduplicate ports in db
e68fbf03a Set flags to test 'logs -f' with journald driver
dcbf5cae1 Set Checkpointed state to false after restore
ff31f2264 container create: fix --tls-verify parsing
6b3b0a17c runtime: check for pause pid existence
825889cc7 utils: do not overwrite the err variable
d53789068 Fix systemd PID1 test
864748df5 Record the image stream along with the path
55397de93 cgroups: use SessionBusPrivateNoAutoStartup
8163d38c6 vendor: update godbus to v5.0.6
008075ce5 Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
c723e6b97 Fix a few problems in 'podman logs --tail' with journald driver
bf8fd943e Allow 'container restore' with '--ipc host'
efd1c080b Document to not set K8S envars for CNI
773caf293 Bump github.com/docker/docker
75f478c08 pod create: remove need for pause image
9d2b8d279 add kubernetes pause
e86549b18 cirrus: containers: mount directory in /var/tmp to /tmp
2e3611d61 overlay root fs: create mount on runtime dir
a42c131c8 Update vendor github.com/opencontainers/runtime-tools
d6296c918 If Dockerfile exists in same directory as service, we should not use it.
adee084d6 Fix tests of podman image trust --raw and --json
53ff49237 Tighten the expected output of the "podman image trust show" test
c872788e4 Use INTEGRATION_ROOT instead of current directory
acd8b4900 Add support to play kube for --log-opt
d7662edf6 [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
24c83980e Fix some typos in documentation and comments (found by codespell)
22270fb84 Replace 'an user' => 'a user'
936ab158c [CI:DOCS] Fix typo keep_id -> keep-id
38c78381c Set DOCKER_HOST in the VM
ce4ed7d13 fuse-overlay probably means fuse-overlayfs.
ece0c7e5d Support template unit files in podman generate systemd
8e3760c29 Remove --kernel-memory options
f4f96962c tag: Support tagging manifest list instead of resolving to images
30245f584 Remove infra ID from DB before removing containers
70a5d8cd1 System tests: confirm that -a and -l clash
12d0a8509 systemd: compatible with rootless mode
960a55c09 system tests: CONTAINER_* and --help: cleanup
20b5a8599 podman run --memory=0 ... should not set memory limit
c3801f0fa Add information on how to discover default log driver
d24ce0a33 Add test for system connection
517b56b02 Generate Kube should not print default structs
9500e11a8 libpod: change mountpoint ownership c.Root when using overlay on top of external rootfs
34dcbc949 Change podman connection list to use default field
087f8fc73 Allow API to specify size and inode quota
db7a98de4 Use exponential backoff when waiting for a journal entry
4f7a431da Pod Rm Infra Improvements
c8cffe1b3 system tests: socket activation: clean up
d0f7b99c6 rootfs-overlay: fix overlaybase path for cleanups
468e7c689 Move CONTAINER_HOST and _CONNECTION to IsRemote Function
207abc4a9 We should only be relabeling when on first run
4f857bc10 If CONTAINER_HOST env variable is set default podman --remote=true
8db62d04f Set targetPort to the port value in the kube yaml
16e7cc8bf Do not add TCP to protocol in generated kube yaml
ab4c9a894 Use CGO_ENABLED=1 when building natively on darwin
c1497cf44 Test-hang fix: Wait for ready + timeout on connect.
8439a6d5e Checkpoint/Restore test fixes
f9ff0525c Don't include ctr.log if not using file logging
50b9d82f2 Don't use docker/pkg/archive, use containers/storage/pkg/archive
7112a4159 Fix codespell errors
184de3955 Adjust tests to verify all subcommands show the help message
8cae2978e Fix panic in container create compat api
5d18fb923 Don't add image entrypoint to the generate kube yaml
cc875fd26 Display help text on empty subcommand by default
14bfee31f podman search: display only name and description by default
8600bce53 codespell code
7b1e386f7 Add information about .containerignore to podman build man page
cead18537 CNI: fix network create --ip-range
4631f5b28 Kube Gen run as user/group issues
3ba69dccf rootlessport: reduce memory usage of the process
ab0e6630f No space in kube annotations for bind mounts
0459484bd Fix CI flake on time of shutdown for API service
b28a8bc19 Refactor podman search to be more code friendly
69b665996 Unit files: Use actual installed path for podman
1e81787e3 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
9042520cf cgroups: use cgroup.controllers to read controllers
ab8fb3876 builder: Add support for builder prune
7580c2273 Remove a volume with --force if container is running
6b2939884 Use SplitN(2) when copying env variables
e57b32c59 podman stats: move cgroup validation to server
54471acba fix test
dd5975f3d Support readonly rootfs contains colon
90b5318b8 [CI:DOCS] oci-hooks.5.md: fixup section in header
8d3aec9d0 Enable /debug/pprof API service endpoints
5caf6b94e Not all fields in machine list were set properly
fad14dafe faster image inspection
48d26a893 Warn if podman stop timeout expires that sigkill was sent
6fc73ea4e [CI:DOCS] introduce --replace flag for play kube
0479fd8d6 [CI:DOCS] Include manifest example usage
a487a6382 Change podman.1 man page to show corret log-level default
da8e4cdeb Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
6f9e9ee9e Fixes #11668
fbce7584d libpod: fix race when closing STDIN
8bd9f58d1 Ensure `podman ps --sync` functions
e1089e89d Allow `podman stop` to be run on Stopping containers
675d2d0c1 Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
033a662b9 Bump github.com/docker/docker
521c0cbd1 It really should be no **NEW** tests needed
fb118b852 README.md: Point to Podman's channels
8e80f4d24 Add podman-plugins to upstream image
a726043d0 CNI networks: reload networks if needed
8156df5b7 bump c/common to latest and c/storage to 1.37.0
21c9dc3c4 Add --time out for podman * rm -f commands
d6b9451b4 Cirrus: Fix defunct package metadata breaking cache
163d81cc0 Pod Events Logging Fix
c67593df1 [NO TESTS NEEDED] Ignore removed containers
6da97c863 Pod Volumes From Support
4ea5d6971 Add note about empty fields and null values for API responses
97bf6331f Bump github.com/containers/buildah from 1.23.0 to 1.23.1
641f0ccc4 Add podman play kube --no-hosts options
fb2355adb Gating tests: fix permissions error
686b7ef7b pkg/specgen: cache image in generator
0b5a2b746 cirrus: gitlab: download packages
648882bf6 Add guard for BuildOptions.CommonBuildOpts
bf94ebf42 System tests: tighten 'is' operator
7e81d78ed Update README and release notes for v3.4.0
cc4232169 sdnotify test: accept MAINPID anywhere
642d68299 machine: silently cleanup dangling sockets before rm if possible
a1dce3a0d Add expose type map[uint16]string to description
0a156211d [NO TESTS NEEDED] Fix typo in storage.conf file exists message
1ff6a5082 Support selinux options with bind mounts play/gen
9c6c98192 kube: fix conversion from milliCPU to period/quota
5090920cc Bump github.com/mattn/go-isatty from 0.0.12 to 0.0.14
5c1b3e8d7 test: use new helper
788106dad test: skip test on rootless cgroupsv1
5a33b7aef machine: Info on successfully stopping qemu machine
c25cc7230 Allow a value of -1 to set unlimited pids limit
1805ed360 Vendor in latest containers/storage
c9ea2cae1 Storage can remove ErrNotAContainer as well
ccff77025 libpod: container create: init variable: do not deep copy spec
5ea369ade libpod: add GetConfigNoCopy()
30bf31010 libpod: add execSessionNoCopy
98176f001 libpod: do not call (*container).Spec()
2d8605189 Pod Device-Read-BPS support
97f755f87 Remind user to check connection or use podman machine
678b554b1 Ensure pod ID bucket is properly updated on rename
60824c613 Fix contributor make targets on Ubuntu and Debian
0d4fa7bc9 Implement PR template to assist review & release
5d6ea90e7 libpod: do not call (*container).Config()
a3cdee979 [NO TESTS NEEDED] Add port configuration to first regular container
d14f66972 [CI:DOCS] cmd/podman: no dot for short descriptions
1c8926285 move network alias validation to container create
d0950f3ef set --cni-config-dir for exit command
05614ee13 always add short container id as net alias
a9a54eefa image prune: support removing external containers
86083c580 System tests: speed up. They've gotten too slow.
344ba32c8 Add dockerfile.5 as man link to containerfile man page
87559b020 Set MSI to be 64-bit only.
ca3c08bf9 fix podman network prune integration test flakes
f76fa3475 Cirrus: Add gitlab podman runner test
1df0646b0 CNI: network remove do not error for ENOENT
464fec260 remote build: EvalSymlinks() the context directory
8fca626e3 stop: Do nothing if container was never created in runtime
3ce98a5ec logging: new mode -l passthrough
3600054d1 Allow machine options to be set from containers.conf
5a2ca77b9 Vendor in containers/common v0.46.0
c668ca859 podman machine: do not join userns
b3307bc9c Disable docker and alias to podman in FCOS ignition
1e0039a83 added healthcheck to ps command
a97551eb2 Fix english on prune prompt
3d8dec982 Document missing /images/search query parameters
6095c4fac rootful: do not set XDG_RUNTIME_DIR for cni plugins
1cf66f514 Revert "rootful: unset XDG_RUNTIME_DIR"
ba46613a6 Add completion for machine list format
2df0685cb Set context dir for play kube build
ce080d25c Makefile: use -ldflags/-gccgoflags depending on the go implemenatiton
82818caff Update docs for --platform in podman-build.1
b6e5a4909 shell completion: do not show images without tag
119973375 podman inspect add State.Health field for docker compat
01bf8a668 podman save: enforce signature removal
4ecaf85d9 Add JSON version of the machine list
ed3c4a89d Add support for :U flag with --mount option
2d5d98c04 [CI:DOCS] Add link to running ctrimage on enablesysadm
b6fecbb75 Ignore mount errors except ErrContainerUnknown when cleaningup container
1c4e6d862 standardize logrus messages to upper case
45ee5c5db podman generate kube should not include images command
f5f95d722 Fix machine image
db44addf9 sync container state before reading the healthcheck
0baee2cc3 Also show the (initial) disk size
911298252 Show cpus and memory in machine list
5acf8ae12 Eighty-six eighty-eighty
68d21b6ff net types: remove omitempty from required fields
49c5688a3 podman save: add `--uncompressed`
af49810a6 Bump CNI to v1.0.1
5875e409e vendor c/psgo@v1.7.1
738f2b36e [CI:DOCS] Add network alias note in man pages
4ecbc7caa Add a backoff and retries to retrieving exited event
319fcf52f Cross-build release-archives w/ arch in filename
34043bd81 Fix Error, empty output for info: 'VERSION'
185294cb8 Generate kube should'd add podman default environment vars
ae5de8b39 volume: Add support for overlay on named volumes
8fac34b8f Pod Device Support
8453c8ce6 Support --format tables in ps output
61217f3ba Remove references to kube being development
b74edfb0a Add support for retrieving system service --timeout
3221f50a4 Add podman image/container inspect man pages
665b451e5 [CI:DOCS] Add link to skopeo delete in podman rmi
509812457 vendor c/common@main
92ee2f372 remote untag: support digests
cb077c968 Created MapOptions for PodCreate
a1861c570 Bump k8s.io/api from 0.22.1 to 0.22.2
5242030ac compat API: /images/json prefix image id with sha256
cf28dab9f podman machine: use gvproxy for host.containers.internal
eea5d2512 utils: return error message from StartTransientUnit
4caca0969 utils: raise warning only on cgroupv2
74ad05396 Add podman machine init --now option
22df773f7 System tests: cleanup, and remove obsolete skips
e3e9e5175 Add username flag for machine ssh
c692f7a18 Remove unused code from libpod
62350fed6 [CI:DOCS] markdown cleanup
613ef220f Fix up build the docs site
7ca666f47 Use a new markdown converter for sphinx
a2c8b5d9d runtime: move pause process to scope
72534a74b system: move MovePauseProcessToScope to utils
9c1e27fdd system: always move pause process when running on systemd
fa9728c55 system: avoid reading pause pid file
f1ee23425 Only add 127.0.0.1 entry to /etc/hosts with --net=none
4216f7b7f Add no-trunc support to podman-events
aee0ab98c CNI: add ipvlan driver
c20f61148 CNI: network create support macvlan modes
5c7935057 Do not allow network modes to be used as network names
9c091e42d fix inverted condition
7c5d64b47 Fix /auth compat endpoint
5e8309464 Add Drivers method to the Network Interface
1bcd006c5 CI: load ipv6 kernel modules for rootless tests
b906b9d85 Drop OCICNI dependency
85e8fbf7f Wire network interface into libpod
218f132fd cni network configs set ipv6 enables correctly
24bec9a76 default network: do not validate the used subnets
aa7bc4e37 network create: validate the input subnet
3e77f960f Set default storage from containers.conf for temporary images
0b1c45bc5 container runlabel remove image tag from name
962675c14 build.bats: fix copy tests after containers/buildah#3486
d0c605cd3 build: mirror --authfile to filesystem if pointing to FD instead of file
5cafb6d18 Fix example in podman machine init man page
222b62e7b vendor: Bump github.com/containers/buildah from 1.22.3 to 1.23.0
9b04e1789 api: handle nil pointer dereference in rest endpoints
5dbf3ee7a build: take advantage of --platform lists
64de4f612 Document `all` query parameter for /libpod/images/prune
38c5f6721 Show variant and codename of the distribution
952fc4a6f Use new aarch64 fcos repos
d7256be80 Enhance bindings for IDE hints
84005330a Pod Volumes Support
b1768d3b0 test: enable --cgroup-parent test
44abc1797 libpod: honor --cgroups=split also with pods
65f3b16c6 tests: enable --cgroups=disabled test for rootless
afe4d17be tests: simplify --cgroups=disabled test
d3f0f09ad libpod: rootful close binded ports
072b061b4 Search gvproxy with config.FindHelperBinary()
a55e2a00f rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108
6221f269a fix restart always with rootlessport
d30facfda Cirrus: NM/CNI workaround + Remove prior-Ubuntu
ba2130ff5 If container exits with 125 podman should exit with 125
9ae947654 Bump github.com/json-iterator/go from 1.1.11 to 1.1.12
b0cbcd1d0 bump c/common to v0.44.0
32424d9a9 remove rootlessport socket to prevent EADDRINUSE
3c77a98e4 Add deprecated fields for 1.22+ clients that still expect them
7a667c4ac Use default username for podman machine ssh
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Bumping docker-distribution to version v2.7.1-42-g3b7b5345, which comprises the following commits:
97f6dace [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
10ade61d manifest: validate document type before unmarshal
c5679da3 [release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping docker to version v20.10.12-84-g906f57ff5b, which comprises the following commits:
ce3b6d1ae9 distribution: retry downloading schema config on retryable error
180f3b9cc7 update containerd binary to v1.5.10
0fa0d70489 [20.10] update to go 1.16.15 to address CVE-2022-24921
4679ffd01c docs: remove HostConfig.LxcConf field from API docs
fbbe1fcfd8 api: remove HostConfig.LxcConf field
a5a697143d docs: fixing /exec/{id}/resize response code in API documentation
42b13c09a6 Added error codes for exec resize in API docs
aa69e8ed3f Fixed exec resize success code in API docs
ca5ba4890e Fix typo on the v1.41 changelog
db214206e5 vendor: bump etcd v3.3.27
df6a536193 vendor: github.com/coreos/etcd v3.3.25
9502dec32f [20.10] Update Go to 1.16.14
878b9de935 daemon/graphdriver/fuse-overlayfs: Init(): fix directory permissions (staticcheck)
d1b3497bfa [20.10] vendor: github.com/docker/distribution v2.8.0
f9344b45fe api/swagger: move DistributionInspect to definitions
13cb9d9723 api/swagger: rename PluginPrivilegeItem to PluginPrivilege
7f9760e10c api/swagger: fix up event-types and move to definitions
e6739a2884 api/swagger: move DistributionInspect to definitions
d445d24804 api/swagger: rename PluginPrivilegeItem to PluginPrivilege
5e38ae84b2 api/swagger: fix up event-types and move to definitions
012fdff916 Fix swagger docs to match the opencontainers image-spec
13cbf7fbb7 Extract PluginPrivilegeItem as explicit type definition
8fbcf0611b Use explicit object names for improved swagger based code generation
b8bee972c4 Fix ContainerSummary swagger docs
7092a6091c Add "changes" query parameter for /image/create to swagger docs
adf1e470a1 Add RestartPolicy "no" to swagger docs
b4b469eac2 Fix swagger docs to match the opencontainers image-spec
2c38a2a635 Extract PluginPrivilegeItem as explicit type definition
621bfddd6e Use explicit object names for improved swagger based code generation
8a5240a8aa Fix ContainerSummary swagger docs
751cf68e36 Add "changes" query parameter for /image/create to swagger docs
a961b76aef Add RestartPolicy "no" to swagger docs
ad21bcd94e Jenkinsfile: remove Windows RS1 as it reached end of support
b2684c1857 Fix for lack of syncromization in daemon/update.go
8268f70ebb daemon/logger: replace flaky TestFollowLogsHandleDecodeErr
78d0b936b8 daemon/logger: refactor followLogs to write more unit tests
39519221c2 daemon/logger: test followLogs' handleDecodeErr case
ada1b01de1 daemon/logger: read the length header correctly
829f071228 update containerd binary to v1.5.9
3e5eea4192 update runc binary to v1.0.3
bd42e17284 update containerd binary to v1.5.8
3fd0b8d6eb Update containerd binary to v1.5.7
3700adb70a Update containerd binary to v1.5.6
0f37f2989b Dockerfile: update gotestsum to v1.7.0
2716336abd Dockerfile: use "go install" to install utilities
b35a1707e3 Dockerfile: use version for some utilities instead of commit-sha
2a18825cdf Dockerfile: remove GOPROXY override (was for go < 1.14)
0f925d5d3d remove deprecated "nokmem" build-tag for runc
fb45fe614d info: remove "expected" check for tini version
fd32c70031 update containerd binary to v1.5.5
302114634c update containerd binary v1.4.8
1cd13dcb6c Update containerd binary to v1.5.3
5f09d5c76a update containerd binary to v1.5.2
23f23c99ed update containerd binary to v1.5.1
f036a34c5b update containerd binary to v1.5.0
1dd37750a6 Revert "[20.10] update containerd binary to v1.4.5"
b097d29705 Revert "[20.10] update containerd binary to v1.4.6"
de656f9da4 Revert "[20.10] update containerd binary to v1.4.7"
9e36f77577 Revert "[20.10] update containerd binary v1.4.8"
eb2acf2fb3 Revert "[20.10] update containerd binary to v1.4.9"
4e838e50ea Revert "[20.10] update containerd binary to v1.4.10"
79fd9c1541 Revert "[20.10] update containerd binary to v1.4.11"
13de46fd4b Revert "[20.10] update containerd binary to v1.4.12"
aa92e697cb [20.10] update Go to 1.16.13
f9df098e76 fluentd: Turn ForceStopAsyncSend true when async connect is used
81fc02b7e1 vendor: github.com/fluent/fluent-logger-golang v1.8.0
d6f3add5c6 vendor: github.com/fluent/fluent-logger-golang 1.6.1
660b9962e4 daemon.WithCommonOptions() fix detection of user-namespaces
a621bc007b [20.10] update Go to 1.16.12
f4daf9dd08 [20.10] update Go to 1.16.11
dc015972bb vendor: github.com/opencontainers/image-spec v1.0.2
e0108db2bd [20.10] fix vendor validation
d47de2a4c7 [20.10] update containerd binary to v1.4.12
da9c983789 [20.10] vendor: github.com/moby/buildkit v0.8.3-4-gbc07b2b8
c1f352c4b1 distribution: validate blob type
c96ed28f2f vendor: update github.com/containerd/containerd
7677aeafd7 TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage
34eb6fbe60 testutil: daemon.Cleanup(): cleanup more directories
0e76a0a418 info: unset cgroup-related fields when CgroupDriver == none
c7edd308ad [20.10] Update Go to 1.16.10
b3456925ca vendor: update github.com/docker/distribution
6611c72b65 cmd/dockerd: create panic.log file without readonly flag
4b9a3dac46 Fix race in TestCreateServiceSecretFileMode, TestCreateServiceConfigFileMode
acb4f263b3 Fix racey TestHealthKillContainer
59d2a2c397 dockerd-rootless.sh: Fix variable not double quotes cause unexpected behavior
2c6aa5aad9 Remove needless check
3285c27503 Fix log statement 'failed to exit' timeout accuracy
a4bcd4c64f docker daemon container stop refactor
bed624fdc9 docker kill: fix bug where failed kills didnt fallback to unix kill
80b7e8b5d7 buildkit: normalize build target and local platform
c2b9a32875 vendor: Update go-winio to v0.4.20
c580a02873 [20.10] Update Go to 1.16.9
129a2000cf [20.10] update containerd binary to v1.4.11
6835d15f55 [20.10] update containerd binary to v1.4.10
5730c139f7 Bump swarmkit to get fix for rollback
59f10e3435 quota: adjust build-tags to allow build without CGO
fa78afebcf Update Go to 1.16.8
567c01f6d1 seccomp: add support for "clone3" syscall in default policy
07728cd2bd update runc binary to v1.0.2
964768f200 cmd/dockerd: add the link of "the documentation"
80f1169eca chrootarchive: don't create parent dirs outside of chroot
93ac040bf0 Lock down docker root dir perms.
b0c0b73798 bump up rootlesskit to v0.14.4
decb56ac89 Update Go to 1.16.7
Bumping docker-cli to version v20.10.12-22-ga22408634, which comprises the following commits:
a282e0c5d [20.10] update to go 1.16.15 to address CVE-2022-24921
700364e30 Fix mistake with env var example in docker run docs
62d27c32f Update WORKDIR command information
c0e952cf0 Fix the (dead) link for docs for Dockerfile syntax reference
04104a04d Update dockerd.md
b721998b7 Fixing typo (his --> its)
4065e1246 format create.md table
f1002eb9f Fix typo
e97c7b240 added missing closing parenthese
aa7893763 Update stats.md add example json output
40fe0573a Update Ubuntu version number references in push.md
c9737e1c3 docs/daemon: replace deprecated '-g' option for '--data-root'
5c6723d08 Correct device syntax to --gpus
fd5fc61ec [20.10] Update Go to 1.16.14
3624019d8 [20.10] update Go to 1.16.13
f3ff8e6ad [20.10] vendor: compose-on-kubernetes v0.5.0 to remove github.com/golang/glog
ee1ac1b31 fix innocuous data-race when config.Load called in parallel
38dd744a1 [20.10] Update Go to 1.16.12
4de40a825 Update Go to 1.16.11
03fa8f92c Update Go to 1.16.10
9989fdbc4 Update most links in docs to use https by default
0e20c1fd2 Update Go to 1.16.9
1c0927a04 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921 info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79 docs: some minor touch-ups in checkpoint reference
8260476a0 docs: remove trailing space to fix generated YAML format
bce2e1f95 docs: create.md: typo fix
44064f51c Fix typo in documentation - build.md
292779add Add doc for BUILDKIT_PROGRESS env var
f2e79b826 docs: use "console" code-hint for shell examples
fa46b9236 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089 experimental: fix broken link to "checkpoint and restore" page
c72057c8d docs: move checkpoint/restore doc from experimental into reference
77db97d59 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b docs: fix some broken anchors
d0014a86b docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55a docs: fix search results by filterd is-official
44fdac11f Update Go to 1.16.8
061051c24 docs: add missing redirect, and remove /go/experimental redirect
2012fbf11 Update Go to 1.16.7
42d1c0275 registry: ensure default auth config has address
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.12-84-g906f57ff5b, which comprises the following commits:
ce3b6d1ae9 distribution: retry downloading schema config on retryable error
180f3b9cc7 update containerd binary to v1.5.10
0fa0d70489 [20.10] update to go 1.16.15 to address CVE-2022-24921
4679ffd01c docs: remove HostConfig.LxcConf field from API docs
fbbe1fcfd8 api: remove HostConfig.LxcConf field
a5a697143d docs: fixing /exec/{id}/resize response code in API documentation
42b13c09a6 Added error codes for exec resize in API docs
aa69e8ed3f Fixed exec resize success code in API docs
ca5ba4890e Fix typo on the v1.41 changelog
db214206e5 vendor: bump etcd v3.3.27
df6a536193 vendor: github.com/coreos/etcd v3.3.25
9502dec32f [20.10] Update Go to 1.16.14
878b9de935 daemon/graphdriver/fuse-overlayfs: Init(): fix directory permissions (staticcheck)
d1b3497bfa [20.10] vendor: github.com/docker/distribution v2.8.0
f9344b45fe api/swagger: move DistributionInspect to definitions
13cb9d9723 api/swagger: rename PluginPrivilegeItem to PluginPrivilege
7f9760e10c api/swagger: fix up event-types and move to definitions
e6739a2884 api/swagger: move DistributionInspect to definitions
d445d24804 api/swagger: rename PluginPrivilegeItem to PluginPrivilege
5e38ae84b2 api/swagger: fix up event-types and move to definitions
012fdff916 Fix swagger docs to match the opencontainers image-spec
13cbf7fbb7 Extract PluginPrivilegeItem as explicit type definition
8fbcf0611b Use explicit object names for improved swagger based code generation
b8bee972c4 Fix ContainerSummary swagger docs
7092a6091c Add "changes" query parameter for /image/create to swagger docs
adf1e470a1 Add RestartPolicy "no" to swagger docs
b4b469eac2 Fix swagger docs to match the opencontainers image-spec
2c38a2a635 Extract PluginPrivilegeItem as explicit type definition
621bfddd6e Use explicit object names for improved swagger based code generation
8a5240a8aa Fix ContainerSummary swagger docs
751cf68e36 Add "changes" query parameter for /image/create to swagger docs
a961b76aef Add RestartPolicy "no" to swagger docs
ad21bcd94e Jenkinsfile: remove Windows RS1 as it reached end of support
b2684c1857 Fix for lack of syncromization in daemon/update.go
8268f70ebb daemon/logger: replace flaky TestFollowLogsHandleDecodeErr
78d0b936b8 daemon/logger: refactor followLogs to write more unit tests
39519221c2 daemon/logger: test followLogs' handleDecodeErr case
ada1b01de1 daemon/logger: read the length header correctly
829f071228 update containerd binary to v1.5.9
3e5eea4192 update runc binary to v1.0.3
bd42e17284 update containerd binary to v1.5.8
3fd0b8d6eb Update containerd binary to v1.5.7
3700adb70a Update containerd binary to v1.5.6
0f37f2989b Dockerfile: update gotestsum to v1.7.0
2716336abd Dockerfile: use "go install" to install utilities
b35a1707e3 Dockerfile: use version for some utilities instead of commit-sha
2a18825cdf Dockerfile: remove GOPROXY override (was for go < 1.14)
0f925d5d3d remove deprecated "nokmem" build-tag for runc
fb45fe614d info: remove "expected" check for tini version
fd32c70031 update containerd binary to v1.5.5
302114634c update containerd binary v1.4.8
1cd13dcb6c Update containerd binary to v1.5.3
5f09d5c76a update containerd binary to v1.5.2
23f23c99ed update containerd binary to v1.5.1
f036a34c5b update containerd binary to v1.5.0
1dd37750a6 Revert "[20.10] update containerd binary to v1.4.5"
b097d29705 Revert "[20.10] update containerd binary to v1.4.6"
de656f9da4 Revert "[20.10] update containerd binary to v1.4.7"
9e36f77577 Revert "[20.10] update containerd binary v1.4.8"
eb2acf2fb3 Revert "[20.10] update containerd binary to v1.4.9"
4e838e50ea Revert "[20.10] update containerd binary to v1.4.10"
79fd9c1541 Revert "[20.10] update containerd binary to v1.4.11"
13de46fd4b Revert "[20.10] update containerd binary to v1.4.12"
aa92e697cb [20.10] update Go to 1.16.13
f9df098e76 fluentd: Turn ForceStopAsyncSend true when async connect is used
81fc02b7e1 vendor: github.com/fluent/fluent-logger-golang v1.8.0
d6f3add5c6 vendor: github.com/fluent/fluent-logger-golang 1.6.1
660b9962e4 daemon.WithCommonOptions() fix detection of user-namespaces
a621bc007b [20.10] update Go to 1.16.12
f4daf9dd08 [20.10] update Go to 1.16.11
dc015972bb vendor: github.com/opencontainers/image-spec v1.0.2
e0108db2bd [20.10] fix vendor validation
d47de2a4c7 [20.10] update containerd binary to v1.4.12
da9c983789 [20.10] vendor: github.com/moby/buildkit v0.8.3-4-gbc07b2b8
c1f352c4b1 distribution: validate blob type
c96ed28f2f vendor: update github.com/containerd/containerd
7677aeafd7 TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage
34eb6fbe60 testutil: daemon.Cleanup(): cleanup more directories
0e76a0a418 info: unset cgroup-related fields when CgroupDriver == none
b3456925ca vendor: update github.com/docker/distribution
Bumping docker-cli to version v20.10.12-22-ga22408634, which comprises the following commits:
a282e0c5d [20.10] update to go 1.16.15 to address CVE-2022-24921
700364e30 Fix mistake with env var example in docker run docs
62d27c32f Update WORKDIR command information
c0e952cf0 Fix the (dead) link for docs for Dockerfile syntax reference
04104a04d Update dockerd.md
b721998b7 Fixing typo (his --> its)
4065e1246 format create.md table
f1002eb9f Fix typo
e97c7b240 added missing closing parenthese
aa7893763 Update stats.md add example json output
40fe0573a Update Ubuntu version number references in push.md
c9737e1c3 docs/daemon: replace deprecated '-g' option for '--data-root'
5c6723d08 Correct device syntax to --gpus
fd5fc61ec [20.10] Update Go to 1.16.14
3624019d8 [20.10] update Go to 1.16.13
f3ff8e6ad [20.10] vendor: compose-on-kubernetes v0.5.0 to remove github.com/golang/glog
ee1ac1b31 fix innocuous data-race when config.Load called in parallel
38dd744a1 [20.10] Update Go to 1.16.12
4de40a825 Update Go to 1.16.11
03fa8f92c Update Go to 1.16.10
0e20c1fd2 Update Go to 1.16.9
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.4.3-4-g3b3061a, which comprises the following commits:
77df89b docs: update known issues with CRI and side-cars
164d753 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars
61c9600 NEWS: tag 1.4.3
040c59f chore(utils): add pointer casts to avoid C++ permissive mode
16850e4 build: fix bashism in configure.ac
e094499 test: fix CI
22284a9 tests: add codespell tests
37f13e3 crun.1.md: fix typo
8fca8bf tests: add fuzzing for idmapped mounts option
abfdf1f fuzzing: move chdir to Dockerfile
d935d0a linux: move parsing to separate function
5c7165a centos9: enable only needed repo
160e626 centos8: enable only needed repo
648b132 tests: add tests for idmapped mounts
916c5cd tests: add check for file ownership
934e19a tests: add feature check for idmapped mounts
bf06c8c linux: support options to idmap
e1ee353 test, container-delete: ignore warn for cgroupv1 when cgroup cleanup fails
4355edc test: add a test for crun delete
cdc4f6a utils, rmdir-all: transfer ownership and responsiblity of fd to rmdir_all_fd
bb5bc67 linux: open source bind mount in the host
df2fecd cgroup-destory: terminate infinite loop and relay error back to callee
44d7816 cgroup-destroy: bump delay while deleting from 0.1ms to 10ms
ec9fa1c Remove ignored arguments
9854c71 Fix compilation error with seccomp
58d33b8 crio-tests: skip userns tests with auto annotation
b3301ad crio-tests: use golang 1.17.6
192ff3e cri-o: remove locking to a specific commit in CI and use master
f6fbc8f NEWS: tag 1.4.2
4029e63 utils: check for dup error
83668f1 linux: create_missing_devs creates /dev/console
0b09d62 utils: always create trailing file
5c47eac container: ignore EROFS when chowning std stream files
8ff9652 linux: validate sysctls before applying them
2f5be74 python: fix build
da28cf1 container: attempt find_executable after setresuid
9646fde utils: drop const from find_executable
8026135 NEWS: tag 1.4.1
8711fbd utils: add a len argument to get_current_timestamp
b5987ee utils: add printf attribute to xasprintf
e9ba4ae libcrun: add printf attribute to error functions
2ca2d06 utils: add attribute malloc to x.*alloc.* functions
ece4431 utils: add the sentinel attribute to append_paths
bb57968 cgroup: do not lookup string twice
d74c5e4 wasm: add docs and example for using crun wasm support on kubernetes
78384da tests/oci-validation: optimize build
c7aac36 Revert "oci-validation: checkout last working commit for runtime-tools"
4cd65c3 utils: drop check for invalid path
90c6b1f tests/fuzzing/run-tests.sh: fix
e65f285 ci: add shellcheck job
b1c520c tests/*/*.sh: add set -e, fix shellcheck warns
1613f4e tests/cri-o: don't remove non-existing files
ff3e33b tests/fuzzing: nits
28c5f89 tests/oci-validation: rename script to run-tests.sh
2bf7a93 tests/*/*.sh: rm redundant cd
a51137c ci/gha: skip installing deps if Dockefile is used
209fe89 ci/gha: don't start docker
9174557 .github/workflows/test.yaml: nits
b97d397 errors: use printf compiler annotation
f12a5ac linux: fix lookup for namespace
acc5f87 linux: skip setns_with_pidfd with explicit paths
5f924cb container: allow delete while in created state
cc70b0a container: merge two if blocks
6aff973 cgroups: skip setting cpu limits if shares==0
5930bfa cgroup: append the sd error message in the error
c9f0b16 gha: simplify deps install
08b621f tests/podman: exclude --ip6 test case
1da6b96 Fix some typos found by codespell
fd6da89 src: rename libcrun_container_kill_all to libcrun_container_killall
dfd5dae libcrun: unexport str2sig
21a8daf libcrun: let libcrun_container_kill* accept a string
dd80179 libcrun: unexport append_paths
eada263 tests: skip sd_notify tests without systemd
8ead30f ci: enable codeql analysis
3a1da09 .github: fix ci build
a834e9b .github: test --enable-shared
95b482f src: export some symbols used by crun
7f37f2e src/libcrun/linux.c:425:77: error: 'OPEN_TREE_CLOEXEC' undeclared (first use in this function); did you mean 'OPEN_TREE_CLONE'?
3daded0 NEWS: tag 1.4
a400e8b libocispec: sync from upstream
76271c9 cgroup: initialize status
d583bdc utils: fix path check
2b74dc1 handler: add support for running handlers on kubernetes with containerd
9b25f52 tests: extend checkpoint/restore test with pre-dump
587d0b2 tests: add memhog command to init
fb2a7ed docs: add pre-copy migration options to the man page
0683fec checkpoint: add pre-dump support
7ecb4b0 handlers, wasm: add lost support for run.oci.handler=wasm
020ee61 tests: add tests for CPUShares/CPUWeight on systemd
58b8879 state: export systemd scope
3adb2d5 tests: allow to override cgroup manager
bcbc72d cgroup-systemd: update CPUShares/CPUWeight
2ba3106 cgroup: add custom update_resources
2d7a495 update: fix shares file name
ec70d28 cgroup-systemd: set CPUWeight/CPUShares on the scope cgroup
4012668 cgroup-resources: move CONVERT_SHARES_TO_CGROUPS_V2 to function
77318e4 cgroup: add function to write to the files
6457228 tests: add CRI-O integration tests to the CI
d6ab372 configure.ac: mark unused variable
cb4152d ebpf: fix build on 32 bits arches
2eafdff cgroup: ignore swap limit if it is not enabled
62e84d8 nix: lock nix version to last working release
1efb0f9 linux: fix join cgroup v1
f72414e crun, spec: allow override file name
5231a30 utils: retry openat2 on EAGAIN
782fb02 crun: load custom handlers
e6fda97 build: define CRUN_LIBDIR
af950dd handlers: support load from .so files
6d093a0 handlers: split each handler to its own file
46fb105 utils: remove hardcoded check for wasm
8f9337e crun, libcrun: move handlers behind an interface
fd0e171 handler: split libcrun_configure_wasm
4eb1f03 container: move custom handlers code to new file
2063305 wasmedge: The wasmedge.h is moved to wasmedge/wasmedge.h
2b4dfef container, handler: close files marked with O_CLOEXEC
4898342 linux, exec: try setns with pidfd
a14ae9e linux: move join namespaces to a new function
a32286c linux, exec: use CLONE_INTO_CGROUP
cb5bf95 linux: use clone3 if available
0e2eda2 tests: fail fuzzing test on crashes
74a21ed ebpf: handle missing access string
c1127a3 container: propagate close for ready-fd
c9c89c6 container: wait_process accepts a struct
9bf58f2 container: replace sprintf with snprintf
3191e49 container: drop argument for write_container_status
91b47f6 container: replace same failure code with a goto
b5405fc linux: improve detection of /dev target
dcc87a3 cgroup: move errors check to helper
0af034d cgroup: hide create/destroy behind a struct
f95e56a cgroup: move cgroupfs code to new file
98e4e46 cgroup: move cgroup setup code to new file
c3119e7 cgroup: move more functions to cgroup-utils
0272dae cgroup: move setting resources to new file
80925dc cgroup: move some functions to a new file
9c014c6 cgroup: rearrange code
24f6b40 cgroup: quote file names
ed31849 cgroup: separate each cleanup to a different function
d9eba41 cgroup: drop argument from libcrun_cgroup_destroy
f47d933 cgroup: split systemd code to a new file
aed4362 cgroup: drop unused function
384cf2a cgroup: drop usage of raw paths
1f313a8 libcrun: new function libcrun_container_read_pids
ce7dedf cgroup: move returned data to different struct
e2670b4 cgroup: drop argument delegate_cgroup
22d9dcb cgroup: drop argument systemd_subgroup
a0d4d9f cgroup: drop unused argument create_if_missing
dc135cf cgroup: drop cgroup_mode argument
4dcbf43 cgroup: remove unused argument
16db42f libcrun: unexport unused functions
4b18425 Also run clang-format on *.c files in tests/
abdeabf container: allow libcrun_run_linux_container to call final _exit() for handlers
2d177df container, exec: refactor to new function
d78dff2 container: attempt chdir twice
c9052f2 container: make chdir error clearer
78cf48b linux: use sd_notify_barrier if available
0fa6447 libocispec: sync with recent commits
40e4736 utils: move safe_openat fallback to separate function
82d2170 mounts: handle paths with multiple slashes
79699be utils: write_file truncates existing files
ef37d51 linux: Enter specified cgroup namespace
a36bcdd tests: disable podman unuseful test
53f2615 .github: use a bind mount for /var dirs
5566520 tests: add build test for centos:stream9
940705f tests, centos8: use centos:stream8
0e99990 Change podman branch to fix CI
1575f2f Add file-locks checkpoint/restore option
d7029af linux: replace mounts lookup with gperf hashing
5511255 linux: support more recursive options
2dbce9b linux: use bool for is_user_ns
827b873 linux: new mount option "idmap"
02938ac linux: add function to send mounts from the host
b5fc60e linux: provide cleanup private data callback
a5a2ca5 linux: generalize opening mounts earlier
4523486 linux: silence warning
a01a03a tests: update podman
3c6d57d wasmedge: fix error message if VM fails to get valid result object
b48b654 crun: show if version supports wasm with configured runtime
365dc57 linux: new mount option "rro"
85c5bc9 linux: fix a race when saving external descriptors
825108e wasm: add support for wasmedge runtime
33e75d0 fix build error on ubuntu
e1c7293 clang-check: refactor to suppress -Wunused-but-set-variable where needed
575c4a6 ci: use latest docker with seccomp profiles supporting clone3
8e5757a NEWS: tag 1.3
685078a tests: temporarily switch to fedora:34
9ea94e9 wasm: allow wasi modules to read args from config
76759f1 fix status.h compile error in C++
952913b wasm: replace printf while relaying output to stdout with safe_write
152a3fc linux: bind mount the current cgroup path
ce211c5 linux: fix mounting cgroup2 with --net=host
e31ab81 wasm: add support for annotation module.wasm.image/variant=compat
2559696 wasm: add documentation
7407be1 wasm: add support to natively build and run wasm workload and wasm containers
6d046d6 oci-validation: checkout last working commit for runtime-tools
eeae045 cgroup: fix race condition when enabling controllers
fd7b3cb criu: do not override external_descriptors
979f6f0 criu: save the new descriptors after restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-tools to version v1.23.0-26-g23f44eaa, which comprises the following commits:
e396a77d fix security test case for hostpid
670f1e50 fix log info for mount test case
3e01b9f2 fix seccomp test case for arm64
715ec019 Type cast error messages to `string`
f89ab075 add annotation for pull
ce8cbc3f Bump github.com/docker/distribution
cd38481e Update crictl ps to show pod name and image path
d5943543 Bump github.com/onsi/gomega from 1.18.0 to 1.18.1
e514433f Add backwards compatiblity to `Version` and `ListContainerStats` RPCs
9001d78a Switch to CRI v1 API
2694dc34 Bump google.golang.org/grpc from 1.43.0 to 1.44.0
4a54a037 Bump github.com/onsi/gomega from 1.17.0 to 1.18.0
5d213e82 Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
5828782d Bump docs to v1.23.0
c688ed1d Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
b93abd15 Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
5092844d Bump github.com/docker/docker
2816d415 Bump google.golang.org/grpc from 1.42.0 to 1.43.0
c15dbbc6 1.5.9
5a87849f Use same grpc max message size as Kubelet
1a64648a Add support for cri-dockerd
7bbcf895 Add support for specifying custom test container images.
f2091fc3 Fix cri-dockerd CI runs
61ba8b97 Fix Containerd main branch CI for Windows
e3e5375f fix ci for dockershim-critest
4611ba31 Update Windows images for ltsc2022
1a255046 images: use k8s-staging-test-infra/gcb-docker-gcloud
0f2d4138 Refactor fish completion
c52d97b1 Rename bash and zsh completion functions
cad0736a Add zsh compinit tag
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.23.1-16-g1607c6ec2, which comprises the following commits:
f2d8f69e3 config/sysctls: validate against invalid spaces
b1932286d server: stop deleting pod from idIndex if already gone
bccfd5110 [1.23] ci: use kubernetes 1.23, cri-tools 1.23
2630e0f88 contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
e50405e5a hack/build-rpms.sh: fix yum-builddep failures
574393461 image: use imageCache value for ImageStatus()
4559c3328 oci: fix a leaked goroutine
e19f812f9 Reuse createContainerIO in CreateContainer
c9b4eb84e Fix vm containers couldn't restore after CRI-O restart
3899601f9 release-notes: add args for checksum fields
abe57a58b Updated format
b2fba4cf7 Generate checksum files for artifacts
0c619fc21 bump to v1.23.1
24092dd77 test: add test for skipped sysctls
b2ac1b7ca server: skip sysctls that would affect the host
8d512cbac server: don't set memory swap when it's not enabled
ac75b6cf0 deep copy List{PodSandbox,Container} structs
76e9feca0 ci: use main branch for conmon
54b6b7932 server: fix race with kubelet
987bd1366 Fix runtime panic on pod sandbox stats retrieval
a8513868c ci: use main version of runc
a6d6d3dde openshift e2e: bump ci image
8520be5fc server: fix a potential NULL-pointer dereference.
bc38aa734 pass the main mount point to fix crypto profiles binding
dc4bea916 test: update tests for allowed_devices
0f57bf75c config: add AllowedDevices option
dc224daf3 server: drop duplicate log message
11ffa6cbe test: add test ensuring a stopped pod is restored
a1ada429a sandbox stop: remove namespaces
89eccb5fc restore: handle removed namespaces
873414dbf Partially revert "restore: restore stop before managing namespace"
fe0e69dc8 restore: ensure containers are wiped on reboot
b905626d9 use cmdrunner singleton
228f82dbb conmonmgr: refactor for new CommandRunner
97bbe0637 cmdrunner: update mocks and add target to makefile
8ec9ce138 config: prepend commands with taskset if InfraCtrCPUSet is configured
81761eb2e cmdrunner: add tests for prepended commands
9c915e269 cmdrunner: create singleton
499540011 Use timeout for conmon cgroup move
04e8e4081 Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
021b5ba00 vendor: bump c/image to 5.17.0
dba27ab7e Add new metrics that match Prometheus best practices and reduce cardinality * add metrics with new names that match naming best practices * use _total for all counters * use base unit seconds, bytes * metrics that do not follow best practices have been marked deprecated, these can be removed in a future release, it is to ensure non-breaking change for couple of releases
e7aa30fdc unit test: fix relative log test
acc746e52 unit tests: update pinns path in case it isn't found in PATH
9f584ca4c test: skip target tests for userns
972c29c2d test: add test for target namespace
0176d5f92 add support for target PID namespaces
da0de5373 test: give testunit sudo
4b0d40ad4 oci: add managed pidns to container object
1fa69c707 pkg/container: take container namespace configuration
546732eed nsmgrtest: take some namespace related test code
440ba9feb nsmgr: add function to pin existing namespace
e122cb4f0 nsmgr: take (and rename) NamespacePathFromProc
8db9a89a5 pkg/sandbox: take config initialization
6f4e7bf8c Bump Kubernetes to v1.23.0
da8f9a07e set user.max_user_namespaces in case it's not
b8a766213 lint: bump cyclo complexity
0864aed84 gh-actions/contrib: setup sub{g,u}id
067551101 docs: add tutorial for setting up user namespaces
5d3c5a67f oci: put conmon in infra ctr cpuset if it is in the pod cgroup
231a358d2 test: add tests for user namespace annotations
ce3699969 test: move workload creation function to helpers
87aede8d5 cni manager: catch server shutdown
f3d2c601e server: notify user when network isn't ready yet
99e93ee58 stop using hardcoded "pod" const
9f81e4a00 oci: always reap conmon zombies
ab1b1aaaa clarify some error messages
96679844e Drop intermediate CRI types
3162e0552 Relabel containerenv files
f154c7c3c Add minimum_mappable_(u|g)id settings
bbc944cf6 Fix runtime panic on stats server shutdown
efcf8afe6 restore: restore stop before managing namespace
dec3bf5c9 server: add {,List}SandboxStats
5ba5cb0be server: refactor sandbox list
64870e3d8 server: use stats server to get container stats
b17b7dfd9 container server: use stats server
7f136833c stats: add stats server
43db34fb6 config: add StatsCollectionPeriod field
2569255c9 cgmgr: move most of stats handling to cgmgr
c6efa96ee oci: make changes in preparation for moving stats functionality:
536c08423 server: stub {List,}PodSandboxStats
542eb5580 server/cri: add PodSandboxStats support
ad71bd9ff vendor: bump cri-api
c5dd30dd1 server/cri: refactor to make stats processing unified
a598debac pkg/config: use iota
40dcd6da9 Add go 1.17+ go:build tags
6fbd6773f Remove redundant build tags
3064a9d7a Add containerenv file to containers This file indicates that the current environment is inside a container environment. The same technique is used by podman and docker. The same file name/path as podman was used, as it is vendor agnostic.
86538358a build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8
5fb7618d5 config: merge runtime and workload allowed annotations
28b01dad2 Updates kubeadm.md: The cgroup property is removed in [kubeadm-config.v1beta3](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/)
5a510ad7f build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
99027c321 Specify runtime table format in the error message
1f7b886d7 build(deps): bump github.com/containerd/ttrpc from 1.0.2 to 1.1.0
cbfab09d5 server: fix segfault when using cgroupv2
0f99f3348 gh-actions: add sed for kube e2e
880744562 release-notes: update to main
60615f0a3 build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0
8530f0a38 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
8daa9039a Bug 2012838: fix override storage options from storage.conf
0ce45a372 oci: fix deadlock in container stop code
cf7f6f5af build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0
a216d3d24 oci: always close chControl
1e8e40aaa oci: make some channels buffered
3036101b0 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
cf3524471 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
2e1048422 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
10f8f17c4 Add annotation that makes /sys/fs/cgroup writable
7f747dde0 Add support for CNI plugins v1.0.1
ec6305762 bump(deps-opentelemetry)
37418e122 pin go.opentelemetry grpc/otelgrpc v0.25.0
c16429eb1 opentelemetry: add gRPC tracing
2a5623a2e build(deps): bump k8s.io/klog/v2 from 2.20.0 to 2.30.0
3571d9c74 build(deps): bump github.com/go-logr/logr from 1.1.0 to 1.2.0
ca38caa74 version: bump to 1.23.0
808681227 build(deps): bump github.com/containers/podman/v3 from 3.3.1 to 3.4.1
0b1b2061f build(deps): bump github.com/containers/common from 0.43.2 to 0.46.0
8f1daefc6 test: drop swap disable playbook
f253acb15 server: add support for CRI unified field
cd8bc4c1f server: implement swap support
9ab385d44 server/cri: add support for 1.22 features
aca331db3 test: bump cri-tools version
518fceb63 scripts: pin cri-tools version
97773983e server: reduce needless copying for sb.NamespaceOptions
b8b2f308d oci: refactor internal structure to use CRI type
9c813715d oci: use server CRI metadata type for containers
91289b929 sandbox: refactor internal structure to use CRI type
e45403022 sandbox: save createdAt as a int64
99cb4a362 build(deps): bump github.com/containerd/cgroups from 1.0.1 to 1.0.2
c119e253d build(deps): bump github.com/creack/pty from 1.1.16 to 1.1.17
6845b4233 build(deps): bump github.com/Microsoft/go-winio from 0.5.0 to 0.5.1
f61a4e097 Bump Kubernetes to v1.22.2
2cf307d2e sandbox: use server CRI metadata type
01ee37390 docs: emphasize deprecation notice
b7a80f137 update documentation for workloads
83518f098 add allowed annotations to workloads
b6b3f4cbb Log HTTP response writer message instead an error
20ad4f609 oci: use c/common signal parsing function
13182e64b Skip volume relabel for super privileged containers
cd2b0028a oci: chown stdin pipe to user in the container
c0a8f339c test: fix selinux test failures
f27efb28a build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
cd7f7cb46 Fix runtime handler docs
63d69d2a7 build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.1
b753b04a2 scripts: fix release branch forward script
87b8e5d05 server: FilterDisallowedAnnotations of containers earlier
0e02798d6 server: conditionally relabel volumes given annotation
99dac5fb8 build(deps): bump github.com/containers/storage from 1.36.0 to 1.37.0
6ec1ec47c test: refactor allowed_annotation tests
e70542f26 server: reduce args in addOCIBindMounts
f3106693c build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
74177a645 test: add label for openshift e2e in dockerfile
b2e665754 build(deps): bump github.com/containerd/containerd from 1.5.5 to 1.5.7
28043f5a9 test: skip certificate check for downloading parallel
086386bb1 Remove usge of deprecated apt-key in Ubuntu install
7ca329409 Fix install.md links
0f455e285 build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0
245a88040 use a more appropriate console with code block
8c088319f build(deps): bump k8s.io/api from 0.22.1 to 0.22.2
ef861e8c7 build(deps): bump k8s.io/cri-api from 0.22.1 to 0.22.2
c7e8c26f5 build(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
757c863d5 build(deps): bump github.com/creack/pty from 1.1.15 to 1.1.16
5dd999e05 build(deps): bump k8s.io/apimachinery from 0.22.1 to 0.22.2
683428d75 fix node e2e
756543ec8 build(deps): bump github.com/intel/goresctrl from 0.1.0 to 0.2.0
d56449c4c bump crio commit used by node e2e installer
615ba94fd server: mount cgroup if hostNetwork
77b1a6e62 server: use container level host network setting
45366c8c7 server: don't recalculate hostnet
6493d8640 Fix typo in install.md
7071e5b3d Remove one of the explanations for `bind_mount_prefix` because it is duplicated.
7fe435d7d node e2e: keep infra container
c6f1ed4d5 add unit test for the `server/sandbox_remove`.
ce96d93c2 test: fix journald test for new conmon
9ada36be0 fix shfmt
19fb1db10 update `install.md` for debian and ubuntu
5b1c43bbb build(deps): bump github.com/json-iterator/go from 1.1.11 to 1.1.12
0833f62f3 build(deps): bump k8s.io/client-go from 0.22.1 to 0.22.2
f5ebb6c23 fix shfmt
61e08418a server: set spec when dropping infra
68c8989f8 Update 'master' branch links to 'main'
7fc2f88ce bumps pause image to 3.6
3fd1cd226 server: don't wait forever on conmon cgroup move fail
a9add6909 build(deps): bump github.com/containers/storage from 1.34.1 to 1.36.0
d7cc66fe8 Remove bashism in sh script
15f7f7e4e Do not log if Intel RDT is not supported
b9ad2de69 build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
eb45b4891 Fix cluster.yaml for kubectl create
69e88512a call cmd.Wait() in all cases we call Start()
07328622a oci: call wait on conmon if cgroup move fails
a377aec52 build(deps): bump github.com/go-logr/logr from 1.0.0 to 1.1.0
38f41c16a Fix `crio_image_pulls_layer_size_` metrics docs
9195a3417 Adapt to klog incompatible changes
a5716420b build(deps): bump k8s.io/klog/v2 from 2.10.0 to 2.20.0
6b96358ef Add `--profile-cpu` and `--profile-mem` options
ed0eca0f1 build(deps): bump github.com/containers/podman/v3 from 3.3.0 to 3.3.1
88f5e154d server: remove ineffective `updateLock`.
05e662469 Fix missing quantile in `latency_microseconds_total` metrics
681aa32ed Update crio commit for node e2e
94b9b8688 build(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1
c8ecab3da Bump runc binary to 1.0.2
0d640e6f9 Switch to go1.17 for CI
8bbbbf2b5 fix debian 10 build doc
639d494cd test/testdata/sandbox_config.json: fix the dns_config
af555c038 adds updating instructions to install.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v1.6.1-4-gd12516713, which comprises the following commits:
b13d3e05c cri: relax test for system without hugetlb
b325d5647 update to go 1.16.15, 1.17.8 to address CVE-2022-24921
787b4671d Prepare release notes for v1.6.1
444eba43d containerd-shim-runc-v1: return init pid when clean dead shim
37bb915c6 containerd-shim-runc-v2: return init pid when clean dead shim
9f316fa4b Use fs.RootPath when mounting volumes
8713c0472 Prepare release notes for v1.6.0
f261498e0 Update Go to 1.16.14, 1.17.7
fa19714db Update go-cni to v1.1.3
6e3cc28a6 Wait for containerd installation in GCE scripts
c0f818846 Update go-cni to v1.1.2
dea7ae27a Add instructions on using go with admin perms
4f0d5f0ee Enable TestContainerPTY and TestContainerUsername
732103271 Change the context to avoid misunderstandings
6827eec7a Prepare release notes for v1.6.0-rc.4
b0623a06e Change file name for shim binary path
daaf031e2 Use white logo in github dark mode
efc6ca4c4 Prepare release notes for v1.6.0-rc.3
7e821fb61 fix: .dockerignore makes git working tree dirty
ac2692d30 containerd-stress: introduce option for specifying image
8b9571e34 containerd-stress: start task ctr before starting execs
9b1fb8258 cri: fix handling of ignore_rdt_not_enabled_errors config option
dcbe3e471 docs: add Talos Linux to the list of adopters
821c961c8 pkg/oom/v2: handle EventChan routine shutdown quietly
2d9d5fddb Document fs_type and fs_options in snapshots/devmapper/README.md
a31e28e2c Prepare release notes for v1.6.0-rc.2
8944c12f5 Update releases document
8d69c041c Update cgroups to v1.0.3
bec6e4dd6 platforms.Normalize(): do not reset OSVersion and OSFeatures
34f717349 seccomp: kernel 5.16 (futex_waitv)
8632bdcb7 seccomp: kernel 5.15 (process_mrelease)
c013db696 seccomp: kernel 5.14 (quotactl_fd, memfd_secret)
17a2831f7 seccomp: kernel 5.13 (landlock_{add_rule,create_ruleset,restrict_self})
1329ea371 seccomp: kernel 5.12 (mount_setattr)
cc59ae4d9 tracing: return (ctx, span) from StartSpan
e751f1f44 tracing: support OTLP/HTTP in addition to gRPC
813a061fe oci: use readonly mount to read user/group info
c0e00f19a fix acr fetch token 400
4cd9f37f5 Fix windows periodic workflow
4aff7431f Fix possibly incorrect media type default on import
3ffb6a611 shimv2: handle sigint/sigterm
f048a2593 docs: add doc-comments on GC-related methods
31a710c49 fix: should not send 137 code event if cmd is notfound
936faf9c9 fix empty scopes return
c1e17d8ba Prepare release notes for v1.6.0-rc.1
4f552b077 Compile binaries for go1.16 and go1.17 in CI
7d7064e6b Integration: Change to Windows Server 2022 build number constant
2898004a5 Update kubernetes vendor to 0.22.5
4e9e14c2b Fix rdt build tags for go 1.16
af83e9af1 platforms: add support for matching amd64 variants
af39d2ad7 go.mod: Update hcsshim to v0.9.2
fcb7bd699 Remove api go submodule
46312f4a1 Update makefile to remove API submodule
ed0828bb6 delete useless code
21a748e38 go.mod: github.com/opencontainers/runc v1.1.0
dba897c35 update runc binary to v1.1.0
d5e8edf2d Do not automatically inject client traces
69ae95531 tracing: fix OTLP tracer's initialization
8dd36423b Revert "Add shared content label to namespaces"
a1ba38056 Update caching logic to avoid map access
ce3871966 services/introspection: support to show introspection grpc service
a018ae3f6 Prepare release notes for v1.6.0-rc.0
919797163 Integration: Switch to `upload-cloud-storage` Gcloud action.
8a2b61356 Integration: Switch to using `auth` Gcloud action in Windows workflow.
c0a31a7a4 Add ppc64 support for test images
a303d552a ctr: Unify the delete subcommand alias
b35fb7d44 remove io/ioutil
d05194f0a ctr: flag to toggle non-distributable blob push
f77989036 Add image handler to skip non-distributable blobs.
8c194d8f3 gha: run CodeQL scan on pull requests
f99e92359 Enable critest tests on Windows Server 2022.
55b89eabf Parametrize CRITest test images in Windows Periodic workflow.
18592b2f5 Fix wrong log message
bdc852190 test: e2e node COS cgroupv2 script
e38946d86 Updating adoption of containerd for AKS
8aca314dd Update error message for apparmor parser
48c7529de Fix incorrect error wrapped when closing ingest file
0c2c289d4 Fix seek error used without nil check
8816006d1 Fix followup items from errors replacement
a94f32ce0 update the adoption status of containerd in GKE
adee2c797 seccomp: add support for "swapcontext" syscall in default policy
4f0f36350 corrected link in cri architecture documentation
d3724a6c1 go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
bbe46b8c4 feat: replace github.com/pkg/errors to errors
e43d4206a Update k/k to 1.23.0
8d5af6be8 Prepare release notes for v1.6.0-beta.5
9c2e3835f cri: add ignore_rdt_not_enabled_errors config option
eba104816 Update dependencies
f4a191917 cri: annotations for controlling RDT class
eae14688c tasks: add Linux rdt support
9e755d12e cmd: add --rdt-class command line option
2946db890 oci: implement WithRdt
df21828d2 content/local: use syscall.Timespec.Unix
85326d76f fix: only test abstract unix socket on linux
90426378e Integration: Check GCP secrets on Windows CI artifact upload.
97623ab0c remotes/docker: allow fetching "refresh token" (aka "identity token")
8094f50dd remotes/docker/config: allow setting custom AuthorizerOpts
8e6afaa20 Fix $(PWD) issue for Windows makefile
653b8b02a Expect ErrorNotFound on Windows after Kill()
ac8129706 fix: use _ for consistency
f39b3ac7e fix(ctr): enable networking for Windows containers
0ff87a892 Replace tskill with taskkill
aadae6d50 Fix flakiness on Windows for list stats
d53c43133 Fix no-daemon flag for integration/client tests
5c2edeffb Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
2ee3ce510 Use insecure.NewCredentials instead of grpc.WithInsecure
2fb739aa2 Upgrade OpenTelemetry dependencies
34c4abc34 Fix default makefile target for windows
78ad7a2d3 cri-integration: Add Windows default paths
abcf7c2f6 Disable TestContainerHook on Windows
f1c799331 seutil: Fix setting the "container_kvm_t" label
c8a009d18 add-list-stat: return container list if filter is nil
f83ab813d Use task plugin for runc shim
04e57d71b Seperate shim manager and task service
44b28b61f medatada: make namespaces' deletion error less cryptic
20419feaa cri, sandbox: pass sandbox resource details if available, applicable
9e9ee66bf integration: deflake TestContainerdRestart
dd26d3d09 feat: support custom timeout for blot open
c0d07094b feat: Errorf usage
0e472420b Update Go to 1.17.5
569042e6d Prepare release notes for v1.6.0-beta.4
552a27081 Disable restart monitor test in Windows
b7f673790 OCI: Mount (accessible) host devices in privileged rootless containers
7f70ff967 oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
2c96d5b06 Run windows parallel integration test as short
807213fd3 Update restart monitor test to output daemon logs on failure
9b0303913 only relabel cri managed host mounts
90cdc6c9a images/converter: remove deprecated types
fc8138468 go.mod: update image-spec to latest (v1.0.3-dev)
2d3009038 cri/server: use consistent alias for pkg/ioutil
dc13bcd51 Enable lazy init for ext4 with devicemapper
68dabdcc6 Use RFC3339 format so rg cleanup works
6f9d80907 Remove Windows integration testing for 2004.
77a321a07 Replace find with native Go code
22dc60e05 Enable TestVolumeOwnership on Windows
441bcb56d Skip WithAdditionalGIDs on Darwin
4c1e26cd5 Don't fail-fast on Windows integration tests
c9d1e155c go.mod: github.com/opencontainers/runc v1.0.3
44995d483 update runc binary to v1.0.3
416899fc8 Allow native snapshotter on Darwin
6b0e2414c Do not use `go get` to install executables
d2f1dda0f Include runtime v2 in default builtins
392f604eb Use a single RUN command
533dd1c0e fixup: check for swap accounting
f33d38c7c integration: align tags of test images
c5b0a18b6 fixup: handle diff between cgroupsv1 and v2
9cc0d1f07 Set explicit ACL on test files
4ccf287da Set CONTAINERD_ROOT in Windows cri-integration
ff77dd112 Add Windows Server 2022 CI runs
fd0850e9e Update continuity dependency
ff9d7aef3 Update volume test images
2fa4e9c0e cri: add support for configuring swap
bae0d88ae Add error logging on cleanup
6bccd67e8 Revert shim plugin migration
665877a5b Move volume images from gcr to ghcr
323a62d7b Add permissions
f3195b3b5 export oci.DeviceFromPath()
c6d26f0d3 Authenticate against ghcr.io
2a6857d06 Skip TestExportAndImportMultiLayer on Windows
6ff1a5934 fix when kernel version < 4.13rc1 by using index=off cause overlay test error
94462d8f5 oci/deviceFromPath(): correctly check device types
7a4415dd5 Add VMware TKG & TCE to Containerd adopters
46892d340 Vagrantfile: update to Fedora 35
8de1117c9 integration: add stats result in error message
6681cc4b9 ctr/snapshots/diff: don't show the media-type in output
a97564411 remotes: fix dockerPusher to handle abort correctly
1698d061c Build volume test images on Windows
7ccd733d2 Add image build workflow
95b3ab2a4 ctr: Add Linux Capabilities control flags
3d318b3bb docs: mark 1.4 as Extended
9a994877c docs: fix RELEASES.md gRPC API anchor
0a25bc1aa Integration: Separate Windows Periodic Tests workflow trigger.
507bfc91b feat: skip ci for fork
9dfbcbbc4 content/local: Close the file if Seek fails
5015130f7 Fix executable file not found when restoring shims
2b28dd363 Fix wrong make target on documentation
cb1359fa8 Integration: Remove explicit version passing to `azure/CLI`.
fa6759ae5 fix: server error return
5e4b033ec Update README.md repo->org
5f293d9ac [CRI] Fix panic when registry.mirrors use localhost
674b94c42 Prepare release notes for v1.6.0-beta.3
f5863e22f Update API version in go.mod
5df9ec366 Update release name to use consistent format
f8d734e40 fix: make max recv/send msg size setting default
63895de45 Add support for TMP override on toml
444ef2f6d Generalize Windows CI setup script for any user.
3d6bfa3f5 Standardize cmdlet capitalization in Windows CI scripts.
6835a9470 Split runc shim into plugin components
6eea8f3f6 Add shutdown package
547040cd5 feat:support custom callopts on client side
bef792b96 feat: use rwmutex instead
2f31dcda7 release: change tar name to match prior releases
70c88f507 schema1: reject ambiguous documents
eb9ba7ed8 images: validate document type before unmarshal
2a81c9f67 CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
db124c560 Close file if permission modification fails
526defb57 Fix containerd fails to pull OCI image with non-`http(s)://` urls
89eebc4c0 Fix wrong error returned for image index lookup
be84932e1 Rename release dockerfile to omit distro name
28126fd60 release: improve dockerfile
27d7c5038 Add arm64 to releases
6765524b7 use write lock when updating container stats
b103bee4c go.mod: Bump hcsshim to v0.9.1
e17fe37e0 Fix package alias
920b24793 go.mod: Bump ttrpc to 1.1.0
6870f3b1b Support custom runtime path when launching tasks
91bbaf679 [cri] add sandbox and container latency metrics
a3b756ce1 Prepare release notes for v1.6.0-beta.2
574800633 cleanup: add more description on comment
a22346622 CI: bump up crun: 1.0 -> 1.3
97073c943 go.mod: github.com/moby/sys/mountinfo v0.5.0
19d9d0d2a go.mod: github.com/moby/sys/signal v0.6.0
9c455ded6 go.mod: github.com/moby/sys/symlink v0.2.0
fa12f4e69 go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
869ccc01c Update Go to 1.17.3
3196e65f5 docs: document the runtime shim plugin config options
0d8e07681 docs: use proper markdown lists in containerd-config.toml.5.md
54c0cdae6 Update TestRestartMonitor expected time check
d4f4c1380 Add runtime path in CreateTaskRequest
548579d0e Pin az CLI version
2e6d5709e Implement CRI container and pods stats
b69bbe25a Vendor latest k8s.io/cri-api and netlink
9bfec3980 test: Add grace period for restart monitor test
d022fbe78 Address PR comments
82cb0a63e Add mkdir on Dockerfile
6fa1bb4a5 Fix build after rebase
2cec3a34b Migrate task directory
8b788d9df Expose shim process interface
733519677 Fix after rebase
df8c206a9 Cleanup shim loading
b554b577b Move shim restore to a separate file
a3d298193 Fix backward compatibility with old task shims
33786ee4d Add plugin dependency between shim and shim services
fb5f6ce3c Rework task create and cleanup flow
7c4ead285 Add task manager
2d5d3541e Rename task manager to shim manager
ea8978810 adds additional debug out to timebox cni setup
6fa9f22fa compression: support zstd with skippable frame
f0d3ea96c converter: Allow hooks during image conversion
6ee8577e5 sys/reaper: avoid leaky goroutine when exec timeout
88fc5cf2d Adding scope tests for ParseAuthHeader
3e51312a6 fix shim reaper wait command execute blocked
7438edc7e Adding tests for GenerateTokenOptions
9b4a6f129 Generate token options with each scope as a separate string.
b8f3ebb03 vendor: update moby/sys for darwin support
0ccc386c8 Prepare release notes for v1.6.0-beta.1
e5fc3b38e Update mailmap
37720fc6f Update api vendor
a217b5ac8 bump CNI to spec v1.0.0
010a9e2bc content: close stream after commit request
ebc5cf19a feat(doc): update to version 2 syntax
294143bf3 Inject otel traces to grpc client.
cd2f2b0af client: expose (*image).platform
535191abf fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
3b73922fb feat(doc): add Core Scheduling documentation
c18c2e735 Fix spelling mistake in Windows snapshotter
130a9c7dd Ensure namespace is proxied to grpc/ttrpc plugins
2a8dac12a Output a warning for label image labels instead of erroring
602018900 integration: Enable some tests for Windows
1f1cad391 io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
46be06937 close Writer after use which may leak mem
1abe50512 Prepare release notes for v1.6.0-beta.0
c5947557d Add error message to in TestContainerdRestart integration test
072a7074b Fix typo in the NewContainer function documentation
ac2df3ba9 test: check file content after mount
18d483b23 Update cgroups to v1.0.2
4ed3c524c Update test timeout based on recent cancellations
d252a293d Remove extra test_teardown
4a569c889 Check the pid in cri test teardown
f1054dbbd fix integration client vendor
e48bbe839 add runc shim support for sched core
de1a39bf3 Update Go to 1.17.2
46b152f81 vendor: Bump hcsshim to 0.9.0
fb4432c24 integration: Enables TestVolumeCopyUp for Windows
0ba3532f5 integration: Enables TestRuntimeHandler for Windows
830b3c26e integration: Enable some tests for Windows (part 2)
3a713811b run `gofmt` with Go 1.17
96018b7db vendor: Updates go-cni
703b86533 pkg/cap: remove an outdated comment
1ee2bff0e Update go otel 1.0.1
b9a0c5080 modify the way for checking cos
c528d2c39 Update ADOPTERS.md with additional uses
5b222d54a commands: Enables task metrics for Windows
9734b4039 Pin mingw to version 10.2.0
d19af5afb Update to golang 1.17.1
3cb0ec01e Install nssm
02e77bcdc task service: return known error type
791e175c7 Windows: Fixes Windows containers with image volumes
049042382 fix: update vendor
5c2426a7b cleanup: import from k8s.io/utils/clock/testing instead
6484fab1e cleanup: import from k8s.io/utils/clock instead
d16942cf1 feat: enable cri remote client to call with grpc calloptions
ca35f4e82 Windows: Cleanup rm- prefixed layers
f6b7e07fd cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
933ddaa6f fix: wrong flag type
da16d492c feat: support import image for specific platform
67b883146 Update mirror images to take target image name
e6ddffc2a fix: make exec-id flag required in exec command
09c9270fe images: enable converter to uncompress zstd
694a00754 replace deprecated function
2bc77b8a2 Adds Windows resource limits support
224454062 Fix main branch build is broken
7c621e1fc btrfs: reduce permissions on plugin directories
fcffe0c83 switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
b9cf0d75a Fix panic in metadata content writer on copy error
6886c6a2e v1 runtime: reduce permissions for bundle dir
7d56b24f1 v2 runtime: reduce permissions for bundle dir
7a7a9a282 integration: Adds test for multilayer image import
f7658e37d runtime: should fail fast if dial error on shim
483d2e947 go.mod: update opentelemetry modules to v1.0.0
084387e0b Move tracing to plugin
45c3453a7 Add open telemetry logging hook for logrus
16f3d67b5 add current process state to the error message
407d60694 Add github action to mirror image
97df73004 gha: collect Vagrant VMs' IP addresses
2bffb5f9b FreeBSD: fix tar headers & the nil check on getxattr
7854e0bff bump continuity and console version that remove pkg/errors
16d3f48a2 ctr namespaces: improve usage string
50da67359 refactor: move from io/ioutil to io and os package
a68fb7add bump console version to v1.0.3 that remove pkg/errors
3e72e335f Use github images for integration tests
55893b9be Add CNI conf based on runtime class
50a568595 Change oci.WithUser behavior for LCOW
65f6a896c Fuzzing: Add 4 fuzzers + small modifications
2fecf5b02 Make sure exit signals trigger an exit during init
f40df3d72 Enable image config labels in ctr and CRI container creation
6875aa5d3 import: Add option to skip creating digest image
f700ae873 CI: bump up crun to 1.0
55923daa9 seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
8596d1188 Fix typo
73dbbf5bf Update to Go 1.17.1
498e5b27f fix error string format
6d961f967 CI: Switch to available latest images
e087b47e9 import: Raise error if the imported image is filtered out
91b64c58b add xfs support to devicemapper snapshotter
8ff8b1b82 vendor: update continuity for darwin support
1efed4309 add ip_pref CNI options for primary pod ip
16cd6ed13 Additional integration tests for pulling image with labels
756f4a314 cri: add devices for privileged container
9954147c0 pin protobuild version to tag
2458afeb1 Fix content copy to not ignore unexpected EOF
6bec0d39b use a const metric for build_info
ae27a6b05 Add metric exposing build version&revision
8e850bc0f replace deprecated Dail with DailContext
aeea697d8 Add WS2022 support in Windows Periodic tests
55faa5e93 task delete: Closes task IO before waiting
f42513112 integration: Adds Windows HostProcess tests
ccc5ee303 archive: Add WriteDiff error logs
820bd9269 fix document non-synchronous in crictl.md
2bcd6a4e8 cri: patch update image labels
789abc936 using Hosts replace deprecated field
57e10439d Fixes task kill --force on Windows
abf4de498 integration: Enables Windows containerd restart test
96ec0b6f3 content fuzzer: Clean up tempdir
eb2530be8 Makefile.linux: build on riscv with PIE
6b0b64a51 ctr: Fixes Windows image import
a43fa9f28 darwin: runtime support
5dd38792a darwin: use the default values for socketRoot variable
27046a9e0 Fix cwd flag for `ctr tasks exec`
24cec9be5 sandbox: Allows the sandbox to be deleted in NotReady state
1dd0d59b7 go.mod: Update hcsshim to v0.8.21
6d3d34b85 Update Pause image in tests & config
278176db1 Address issue forms feedback
838afd211 Adding testing of two devices
e0f8c04da cri: Devices ownership from SecurityContext
7bc5aa74c Fix pull fails on unexpected EOF
11ab3cba0 Use issue forms for bug reporting
e2c769d6f windows: The DefaultSpec platform should match the Default matcher
7826a21ac Update RELEASES.md
2ac996840 replace uses of os/exec with golang.org/x/sys/execabs
25644b461 Add RunAsUserName functionality for the Windows Pod Sandbox Container
e18516767 go.mod: update runc to v1.0.2
3f8ea1b6a update runc binary to v1.0.2
429296910 go.mod: github.com/pelletier/go-toml v1.9.3
f8dfbee17 add cri test case
9a8bf1315 feature: add field LinuxContainerResources.Unified on cri
d3aa7ee9f Run `go fmt` with Go 1.17
c3609ff4c cri: filter selinux xattr for image volumes
4dd5ca70f script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
f7b1ceb9f integration: investigate TestRestartMonitor's failure
acb81bbda integration: fix TestContainerPids
9fe7bc938 Bump integration timeout to 35 min
7fba86264 Fix dir support for devices V3 (#4847)
6f60b3016 [ctr] add HOSTNAME env for host network
8d135d284 Add support for shim plugins
f8602c372 Update to Go 1.17
c9b1b2fd5 Fuzzing: Add fuzzer
9e1b57ca0 Add env for SystemdCgroup driver
1224060f8 Allow expanded DNS configuration
538d93d2f Fuzzing: Add 4 fuzzers
79b369a0b Added windows hostProcess cni skip
82fe0db9a Fix bad `make protos` failure
1c47fb17f docs: remove FOSSA's badge
bc4cea4e4 docs: rename main to master
5e49ec27d Use http.Get to download binaries instead of exec.Command
e6538b8bc Add trap to cri-integration test script
d2f3b7146 add cpu-shares to ctr
30b832e49 archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
9cc179aa7 BUILDING.md: remove some bits about building runc
42b57cc73 BUILDING.md: markdown fixes
a3d6edc0e content: return the error with its timestamp
a5468852f docs: list all snapshotter-related build flags
e634f04d8 go.mod: update kubernetes to v1.22.0
11a90c7ff Fuzzing: Add experimental version of container fuzzer
42a28ad2c Update Go to 1.16.7
534685f95 Fix Linux CI Linter using go 1.15.14
10eab21a4 Cleanup CI
0a0621bb4 Move plugin context events into separate plugin
6f027e38a Remove redundant build tags
3c5424454 [otel-tracing] vendor and go modules changes
3597ac859 [otel-tracing] Initial opentelemetry support
7917da764 Change default directories on Darwin
10824eaf2 remove go 1.13 from containerd
d30d897ef Cleanup v2 shim
c3c276ae1 Fuzzing: Fix for OSS-fuzz issue 36825
6c257552a scripts: declare ROOT closer to where it's used, and some DRY changes
dba0ef4eb scripts: add missing quotes, and minor linting issues
0cb656860 test/build-utils.sh: remove support for Debian Jessie
41a04246f Fuzzing: Add two more fuzzers
2c699cc35 Fuzzing: Remove panics of container_fuzzer
f2c3122e9 platforms: Format(): use path.Join() instead of joinNotEmpty()
acecd6603 Change protoc link
ce437864b mergo: Upgrade to 0.3.12 to fix panic
d1e868c83 ci: install criu from PPA
e692a0192 Add shared content label to namespaces
3a8622e30 Updates the location of protobuf downloads in docs
0d9393650 Update protobuf install to use correct repository
d62d6c11d Split release steps into multiple tasks
b4807122d Update release workflow to upload binary without CNI
67406b373 overlay: add an optional label of upperdir location of each snapshot
43117cf91 Script to check if entries in go.mod files are in sync
4ab3e7a53 runtime: fix the issue of create new socket with abstract address
cc88f8e0a Split fuzzer to two fuzzers
7a10fd4fc respect context timeout in shim binary call
23bc3db91 Enable critest on Windows
494b940f1 Introduce a new go module - containerd/api for use in standalone clients
4fdb88464 add CRI support matrix to RELEASES.md
b5fc7846c adding a little more clarity
1d3d08026 Support SIGRTMIN+n signals
18d6cc1b0 update gotestsum to v1.7.0
efa8ab715 Add runtime label to metrics
6294235d8 Fuzzing: Add container fuzzer
2405671d4 platforms: add "ios" as known OS, "loong64" as known ARCH
2556aac67 Fuzzing: Add archive fuzzer
0d45ac14e interface about shim build check
00d52bb15 integration: log all processes to investigate the test failure
f1d79d33b Discard blocks when removing a thin device
d2b6d192d Update cpuguy83/go-md2man binary to v2.0.1
53ec1abec remotes/docker/pusher.go: Fix missing Close()
67d07fe5c remotes/docker/fetcher.go: Fix missing Close()
0789a0c02 Add docker fetch fuzzer
b483177ee Support custom compressor for walking differ
150e07b64 Use systemd cgroup driver for cgroupv2 tests
603962bc8 update gotestsum to current master
a12c7bd1c go.mod: runc v1.0.1
43e0594ae update runc binary to v1.0.1
9537bc265 Dockerfile.test: build containerd in separate stage
36be5ef3a Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
8faacfca1 Dockerfile.test: clean up apt indexes after installing
9f7e6335c Dockerfile.test: build critools in a separate stage
7ec8e2d36 Dockerfile.test: build cni in a separate stage
f9f423c07 Dockerfile.test: standard directory to collect build aftifacts
e9f26eb87 Dockerfile.test: split dev stage, and optimize order
25fada0cc Dockerfile.test: skip curl, gcc, git and make install
546538971 install-critools: make sure DESTDIR exists
dbef1d56d runtime: runc v2: remove redundant validation
18321f539 Move loop check to before sleep
2e8a572df Add timestamp to flaky restart monitor test
55fd2ab5d integration/client: go mod tidy
e72046f86 Update Go to 1.16.6
bc4e416c8 Add test for archive breakout test for lchmod
894b6ae39 Fix missing Body.Close() calls on push to docker remote
ac75071b4 remove pkg/cri/platforms package
0a8802df6 Allow WithServices to use custom implementations
aefabe546 Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
53835221f Cleanup lchmod logic in archive
d1c105192 use fu wei's suggeted interface pick for marshaling
14962dcbd add alpha version
4c6e4a06f gha: make release workflow work in forks
73d28ddeb client: surface a connection error more clearly
a7ad6b3be Add support for registry host path override
3a0b9ec6b Add unit test for plugin
95c708572 Update documenation for OCI distribution 1.0
a81f05f36 [Vendor] Update hcsshim to 0.8.18
16deba098 integration: Windows volume-copy-up images
63fe34add grpc config add options tcp_tls_ca
a5c417ac0 move up to CRI v1 and support v1alpha in parallel
bda7b5866 feat: Add snapshotter label to the new snapshot for container.
2019a1e68 Makefile: fix DESTDIR and PREFIX concatenation
04ab4418f test integration: Adds a test that restarts a failed container
03ee45006 snapshot/devmapper: log exported methods correctly
a964cf0cc un-export mount.FMountat
21f532d51 move sys.FMountat() into mount package
dac2543a0 sandbox: send pod UID to CNI plugins as K8S_POD_UID
5a0beaefb sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
f913a4275 go.mod: runc v1.0.0
28bb59c08 update runc binary to v1.0.0 GA
63c185da9 content/local: inline sys.StatATimeAsTime()
09d78bb6b allow multi gpu to be specified via ctr
560e7d479 fixing some doc links
d9694b297 Sync integration/go.mod with root go.mod
4a46ea2f4 archive: Expose ChangeWriter to allow customized diff computing
cd33c007c CI: Switch to available latest images
75b4c83f0 fix deprecation config for default runtime
1bbee573a github.com/golang/protobuf/proto is deprecated
91c8fa452 Update github.com/golang/protobuf from v1.3.5 to v1.4.3
b7e79dc5a Update google.golang.org/grpc from v1.27.1 to v1.38.0
8d2e156dd Increase golangci-lint timeout
87a2e0b2a runtime,v2: Enable debug when containerd is on debug+ log level
05e51539a command line flags of setting container rootfs propagation
394f86475 Re-enable criu in main integration runs
1dada3fc2 add cgroupv2 setup for cos with a flag
bfbebf02b Update gotestsum to add timestamps to junit output
2bb8ad7c9 Makefile: pass build tags to manpage build process
f60d447c1 Makefile: fix tags parameter computation
9c01fe20d Allow to pass --no-cgroup option to nvidia-container-cli
77374e8b3 Makefile: FHS conformant manpage installation pathes
3ab974433 Add proper Go version before project checks
af5a130bc Enable cri-integration in Windows Periodic Tests
7a2b04758 adds explanation for seccomp unset/unconfined default vs runtime default
01585595a update integration/client go.sum
419d616fe Install specific golang version in Windows CI.
69f43d458 Revert diff/walking error change
728743eb2 Fix cleanup context of teardownPodNetwork
014748bc0 fix invalid validation error checking
cabe67736 tests: Use EnsureImageExists for image pulling
a78bdf22d tests: Refactors PodSandbox creation
9a451d103 Update opencontainers/selinux to v1.8.2
93e268f62 tests: Symlink volume tests
edfd8d599 Change Wrapf of non-error to an actual error
a93b5cbc2 Install apparmor parser for arm64 environment
5f0fc4893 Add creation timestamp to RG
75daf45be docs: explicitly mention containerd's Prometheus path
2f870aa89 integration: Cleanup containerd on test teardown
558fdc680 diff/walking: fix defer cleanup
b5f530a15 Makefile: fix DESTDIR environment variable behaviour
498bb36f6 scrub the stale TODO
93d4541a2 docs/cri: update ocicrypt link
792466495 docs/cri: fix broken links
05c03de94 Update Windows periodic tests
9fcea1d3f Rename atomicWrite to writeToCompletion
b996e49c5 Do not run btrfs tests if btrfs kernel module is not loaded
50ad4b96c Fix incorrect UA used for registry authentication
923ab5b7c Makefile: use $@ for target file names
535d9cc59 ctr: parse mount options with embedded = character
a4f97d45d Add ruleset=4 option
5dec27b6f ctr: exec handle pty resize after Start
e1c845df5 Fix small typo
b9378b452 ctr: exec setup IO with console
869375a41 Remove useless lines
79e345221 update the link
1acca8bba Don't check for apparmor_parser to be present
ec28288f4 bump runc version to v1.0.0-rc95
599127f4d update runc binary to v1.0.0-rc95
a5b1740bb fixed typos
77285e311 Schedule Windows job daily after midnight.
2b58782df Update windows-periodic.yml
5dbae87c5 Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
1093f05ab Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
b6a251749 bump hcsshim version to v0.8.17
b1d4140a2 Update docker resolver to authorize redirects
09a0c9471 tests: Adds support for Windows cri-integration tests
315739251 just release ctd-decoder not ctr-enc
1442fee22 Remove mountpoints not commonly mounted on FreeBSD
fc4da9728 Pin integration test image for alpine
9643c9965 Makefile: allow overriding install command via environment
4b1b8346b Makefile: make sure manpages are built before install-man
6e249b1ae adds credentials description
de04b3243 Add copyright header & make sure compilation succeeds on all platforms
e1fd6be7e Fix mounts for FreeBSD
de6db4038 Update vendored runc to v1.0.0.0-rc94
5c99f150a Update the runc binary used with containerd to runc v1.0.0-rc94
b890f056e Fix content.ReaderAt close
c5797c8fc Update releases doc with updated support timeline
c74a6c419 update to new cri-tools make install
e37ddafab metadata: modify NewLeaseManager to return leases.Manager
79d800b9b Update Go to 1.16.4
0ba7303ee Prepare default branch rename
7d70992d3 tests: add test for adaptor
e120261ee windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
0b786908c doc: add missing namespaces package
b0d3b35b2 windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
9ea25634b Makefile: allow overriding go command by environment
81402e475 Fix different registry hosts referencing the same auth config.
b56527cb7 update seccomp version
8014d9fee Skip TLS verification for localhost
b538d8f1a Update golang.org/x/sys to add linux/ppc support
b59e29773 adds description for hosts.toml
e26fc8472 go.mod: cut circular dependency on github.com/containerd/containerd
15e0bd513 integration/client: go mod tidy
98f5922b5 plugin: optimize the check for the last registration
273c2bb16 tests: Prepull images used in tests
402acd7c1 Small typo fix "reimporst"
f21627059 Use DeactivateLayer to recover layers that we cannot rename
421fc6ea7 Add CI periodic Windows Jobs.
c0e2f4b5d Try next mirror in case of non-404 errors, too
f8538b5e1 Fix error case in Windows layer cleanup
b592a4c1e oci: fix WithDevShmSize
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping conmon to version v2.1.0-316-g4c41ec2, which comprises the following commits:
4c41ec2 meson: Handle journald
d1565ee bump to v2.1.0
96b8688 logging: buffer partial messages to journald
f20bbbe ci: add podman system to different cache
bde1b3c ci: install rootlessport right
2b10f9a ci: install go correctly
4f0b7f8 ci: add subid ranges for crio tests
e827355 ci: install all binaries for podman-system
ad092b1 ci: run vendor on podman job
b6025be ci: set host IP
ca12794 ci: give conmon job sudo
d6bdb97 ci: bump to go 1.17
e2215a1 exit: close all fds >= 3
830e644 fix: cgroup: Free memory_cgroup_file_path if open fails. Call g_free instead of free.
5a2cf98 Make libdl optional in meson definition
4edfc92 bump to v2.0.33-dev
436b460 bump to v2.0.32
f1fee3a Avoid mainfd_std{in,out} sharing the same file descriptor.
7c784a0 exit_command: unset subreaper attribute before running exit command
dc197c9 bump to 2.0.32-dev
7e7eb74 bump to 2.0.31
a854c52 conmon: fix error message
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
These changes are the result of running the convert-spdx-licenses.py
oe-core script.
There's no impact to the build, but we will avoid issues when
interacting with core QA by the alignment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
oe-core has remove PNBLACKLIST in favour of SKIP_RECIPE, so we update
our recipe accordingly to avoid warnings.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to version v1.23.2-rc.0-26-gfa546d8cc76, which comprises the following commits:
cce0b96068c fix nil pointer in create secret commands
27a66989d0f Fix order of commands in the snapshot tests for persistent volumes
cc6c36f286d client-go: Clear the ResourceVersionMatch on paged list calls
271a9f0e58d Improving performance of EndpointSlice controller metrics cache
98cc4f9e96a fix the error when cleaning up jobs for cronjob
6ca361089db Update CHANGELOG to add missing release notes.
40d718778d4 apf: ensure exempt request notes the classification
77b0a633575 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.1
aef116487af Release commit for Kubernetes v1.23.2-rc.0
86ec240af8c Release commit for Kubernetes v1.23.1
1292aee8707 add gce loadbalancer no-op finalizer and existingFwdRule tests
40c6f562eb3 disable gce service handling if has rbs forwarding rule
41b00595137 add ELBRbsFinalizer
036fd24b91c add gce elb rbs opt-in annotation
78e8cb0743c cherry pick of knp 0.0.27
0072226ca87 Re-introduce removed kubectl --dry-run values.
c237c5c78fc Point flowcontrol users at v1beta2
c836ebae52f [go1.17] Update to go1.17.5
d065f7ffe77 dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63
ea103cb23a9 mount-utils: Detect potential stale file handle
1346242fd57 Skip creating HNS loadbalancer with empty endpoints
38a678fccfb Add regression test for CPUManager distribute NUMA algorithm
6d437c7e827 Add unit test for CPUManager distribute NUMA algorithm verifying fixes
53fd9db1629 Fix accounting bug in CPUManager distribute NUMA policy
9cb973ac5ee Fix error handling in CPUManager distribute NUMA tests
462f3c90b05 Add a sum() helper to the CPUManager cpuassignment logic
03666ecf4fc Allow the map.Values() function in the CPUManager to take a set of keys
22b6be8c2cb Fix CPUManager algo to calculate min NUMA nodes needed for distribution
471dd78f5ea Fix unit tests following bug fix in CPUManager for map functions (2/2)
1db0c5136e7 Fix unit tests following bug fix in CPUManager for map functions (1/2)
18392c0c4ca Fix bug in CPUManager map.Keys() and map.Values() implementations
4c7bcbddd62 Ensure we balance across *all* NUMA nodes in NUMA distribution algo
d1248480b20 Short-circuit CPUManager distribute NUMA algo for unusable cpuGroupSize
3a9b3072612 Round the CPUManager mean and stddev calculations to the nearest 1000th
5fc309181ab updated deprecation messages from 1.23 to 1.24
f94a022c1bb kubelet: set failed phase during graceful shutdown
b63d5a805b3 kubeadm: avoid requiring a CA key during kubeconfig expiration checks
a18dbc12a46 kubeadm: print the CA of kubeconfig files in "check expiration"
880e0ac50f7 kubeadm: validate local etcd certficates during expiration checks
f9c8af54ccb publishing-bot/doc: add component-helpers to the readme
3245fe216f2 publishing-bot/rules: remove non existing component-helpers branch 1.19 from the rules
57f88ec404e Changelog: mention kube-scheduler bits deprication
f42cbbbff43 rbd: initialize ceph monitors slice with an empty value.
0a1d2914614 Direct v2betaX users to migrate to HPA v2
064a272ee03 DelegateFSGroupToCSIDriver e2e: skip tests with chgrp
dd1b0a12471 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.0
8aef834386e [go1.17] Update to go1.17.4
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
The startup of kubernetes relies on some kernel/runtime configuration.
We create a sysctl.d snippet to ensure that critical ones are set when
installing our packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Adding a simple helper to setup a host to the NodeReady state.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bumbing kubernetes to the latest release branch (now that our go
compiler meets the minium standards).
We also add a networking configuration similar to the k3s one, but
named appropriately so that CNI will read and do basic configuration.
We also add some missing rdepends that were preventing the controller
node from fully initializing.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping skopeo to version v1.5.2-3-g1d24e657, which comprises the following commits:
4dcd28df Use a dynamic temp dir for test
789ee8be Bump to 1.5.3-dev
8a88191c Release 1.5.2
69728fdf Update to c/image v5.17.0
47066f2d Cirrus: Bump Fedora to release 35 & Ubuntu to 21.10
adfa1d4e Bump github.com/docker/docker
05a2ed49 proxy: Uncapitalize all errors
e9535f86 tests: Add new "procutils" that exposes PDEATHSIG
fa86297c proxy_test: Test `GetConfig`
2bb6f27d proxy_test: Add helper to read all from a reply
f90725d8 proxy_test: Add a helper method to call without fd
644074cb proxy: Add support for manifest lists
83416068 tests/integration/proxy_test: New test that exercises `proxy.go`
a3adf36d proxy: Use float → int helper for pipeid
6510f101 proxy: Add a helper to return a byte array
e7b7be57 proxy: Add an API to fetch the config upconverted to OCI
942cd6ec Fix bug that prevented useful diagnostics on registry fail
41de7f2f use fedora:latest in contrib/skopeoimage/*/Dockerfile
c264cec3 Move to v1.5.2-dev
2b357d82 Bump to v1.5.1
4acc9f0d main: Error out if an unrecognized subcommand is provided
7885162a move optional-flag code to c/common/pkg/flag
36d860eb Add --dest-precompute-digests option for docker
c8777f3b bump containers/image to 2541165
985d4c09 Add instructions to generate static binaries
11b59898 Add new `experimental-image-proxy` hidden command
2144a37c issue#785 inspect command - introduce a way to skip querying available tags for an image
60c98cac Document container images as an alternative to installing packages
89ecd5a4 Introduce --username and --password to pass credentials
119eeb83 Move to v1.5.1-dev
209a9931 Bump to v1.5.0
3e4d4a48 Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
3a97a0c0 Bump github.com/docker/docker
ff88d3fc Remove leftover Nix packaging files
e19b57c3 Update github.com/containerd/containerd to v1.5.7
b950f83c issue#1466 - Introduce a --keep-going option to allow "sync" command to continue syncing even after a particular image sync fails
12d01037 Bump github.com/containers/storage from 1.36.0 to 1.37.0
e0c53dfd Update installation doc with latest steps
aba57a88 Makefile: drop nix support
93c42bcd Bump github.com/containers/common from 0.45.0 to 0.46.0
c0f07d3d Bump github.com/containers/common from 0.44.1 to 0.45.0
0ce7081e Bump github.com/containers/common from 0.44.0 to 0.44.1
52dafe8f Update to github.com/vbauerster/mpb v7.1.5
ee8b8e77 Explain the usage of DISABLE_DOCS in the installation doc
1d204fb1 Update VM Images + Drop prior-ubuntu references
61310777 issue#1411 Introduce DISABLE_DOCS to skip doc generation while building from source
ed96bf04 Bump github.com/containers/common from 0.43.2 to 0.44.0
a837fbe2 Bump github.com/containers/storage from 1.35.0 to 1.36.0
9edeb69f Remove the extra (defaults to true) help msg
a2d083ca Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0
0e87d4d1 Run (gofmt -s -w)
c399909f Update non-module dependencies
102e2143 Bump github.com/containers/image/v5 from 5.15.1 to 5.15.2
7d5ef9d9 Bump github.com/containers/common from 0.43.1 to 0.43.2
70eaf171 Add OWNERS file
61969472 Bump github.com/containers/image/v5 from 5.15.0 to 5.15.1
ec1ac5d0 Bump github.com/containers/storage from 1.34.0 to 1.34.1
082db20f Bump github.com/containers/common from 0.43.0 to 0.43.1
8dce403b Add codespell fixes
f6ae7865 systemtests: if registry times out, show container logs
9acb8b6a Bump github.com/containers/common from 0.42.1 to 0.43.0
a23b9f53 Bump github.com/containers/storage from 1.33.2 to 1.34.0
be821b4f Bump github.com/containers/storage from 1.33.1 to 1.33.2
ab87b15f Cirrus: Run checks directly on the host
1aa98bab Github: Add workflow to monitor Cirrus-Cron builds
fbf96998 Bump github.com/docker/docker
a3bb1cc5 Bump github.com/containers/common from 0.42.0 to 0.42.1
0667a1e0 Bump to 1.4.1-dev
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping podman-compose to version 0.1.8-2-g1555417, which comprises the following commits:
1555417 FIXES #361: key error _service
1f989ed FIXES #356: respect pull_policy
66ce2a3 release 0.1.8
d8e11d5 FIXES #312: run starts dependencies
72c3572 #289: exit code and test for that
c187e88 up and down specific containers
31b8bb4 simpler passing of env
f177712 Fix `up` arguments parsing
ae3deb1 #355: fix dry run
117b7fb command list of strings
5acb997 command list of strings
02b2f65 Update issue templates
a36b6f1 Update issue templates
e3be6dd Update issue templates
4b75678 Update issue templates
dcb038e remove tabs
a2fef56 FIXES #353: down in reverse order
c753b8e FIXES #167: support ContainerFile
c9486c9 #115: handle string entrypoint
f2aeaba #348: conditional --infra-name
2d80e43 remove print
d1a77de external name
c49f070 volumes with names
6d69b7c Add support external volumes
ab13503 add support for long port publishing format
069018c #342: set infra container name
b33c42b Readability fix for missing commands
785f7ad Get version info with setup.cfg
b6a9f8e #335: report version with -v
4a5fd23 #275 make pipx happy
dc0ac0d docs: added the transform_policy default and description
502d7cc #327: accept ports as string
e85d79d added cpu_shares flag for v2
bfb57b9 added cpu_shares flag for v2
2d0aad6 Also pull images with a build section
ff5b9f1 Support for logging
62aa337 feat(secrets): :sparkles: Add support for secrets
3836094 Update podman_compose.py
d97a20d #308: fix environment
f417c9a #120: extend not add
5ed5528 FIXES #120: parse mem and cpu limits
3d6ca3c FIXES #120: parse mem and cpu limits
6e3383d Convert numeric command arguments to string (fixes #77)
8ef7587 Fix some typos (found by codespell)
039fe30 Make sure port entries are converted to strings
62d2024 Add stop_signal service attribute
9317f98 #278: args
045cef2 #289: report exit code when --exit-code-from
a7f97b6 implement -e in run
0ea18b4 Force adding an .env file for the tests
00840d0 resolve conflict
2ad7daa Test variable interpolation in the YAML
080b8a3 Prefer 'compose.yaml' as per compose spec
226ac4f fix missing --label flag in volume creation
030a196 Fix README typo
901213e Update podman_compose.py
b337060 Add support for sysctls in compose file
b3090c3 Mode Python installation and test deps to requirement files
5fabfee Support annotations
75a63df fix: check `.env` in current dir with `isfile` instead of `exists`
08dd36f Add docker-compose labels for interoperability
669953b Rework argument generation to adhere directly to what podman accepts.
d3df688 Remove test code
bda7b5e Add exec support
6289d25 fixes #236: compatible with docker-compose
abc0813 Only pull each image once
9cd837f Fixes #236: Ensure project name works with podman
a4b8b5e Fix 'podman-compose version' with no compose file in the working directory
5971f57 FIXES #249: update dotenv with some envs
ab96f12 FIXES #249: update dotenv with some envs
f6a3cb0 Allow environment variables to be unset
497355f Re-order environment/env_files to match compose
20a86ea add --no-cache arg to build
4e2e960 build specific service
efba3a1 support str style configuration for env_file
9063976 BUG: 'podman stop -t 360.0' called for float, expects int on cli
3712b54 ENH: add timeout option to podman-compose down, as in https://docs.docker.com/compose/reference/down/
294f8ee Hashlib to generate SHA256 instead of MD5 for FIPS
105b129 Fix infinite loop
d3f3711 FIXES #181: accept init and init-path
7eacf14 MAINT: resolve https://github.com/containers/podman-compose/pull/180#issuecomment-632722974
8cd98ab MAINT: extend instead of append
047820d ENH: Added restart policy forwarding to podmann run, compose build args added to up args
e7b1382 Add --build-arg to 'up' (Fixes #161)
64ed554 Allow empty default/error value in substitution
93bf39e Add Security Policy
5915ba3 Catch error when compose file is empty
1ca6a88 target once
7b40079 Pass "target" parameter when building an image.
f9915c4 Check for target property when building images
1973340 Add support for --build-arg option
e8147e3 Add support for cap_add/cap_drop
7f210ff fixing "Error: unknown flag: --shm_size"
cbed801 start detached
6a42d68 add ports test
07a2430 Fixes #152: validate that podman is useable
5215782 Fixes #152: validate that podman is useable
03cbd29 pass volumes using -v
796e6a4 Avoid crash when no services are defined
efcbc75 Pass ulimit parameters when building container
dacc753 Add Code of Conduct
8c3b7e6 Added mount option delegated and cached
147f0ae Update README with dnf install instructions.
27d3caf Add support for privileged option
e7a9bd3 Show stopped containers in ps
ddd582c Add support for logs subcommand
169eaee Fix override of the run command
c5f8973 Mixed-case directory names break 'podman create'
12036aa FIXES #76: a service extends a service with same name
7222fdb exit if not files
bb7120f Fix stop command runs start instead
7ebbe2e Fix KeyErrors encountered with extended services
29d4cdc Remove unused funtion in setup.py
a9216c3 podman volume inspect mountPoint/Mountpoint
e538852 #57: better ps via label
b1c2b02 podman_compose.py
9e0dd2d extends with external file
72c1992 Remove never-shared options.
3e2381f Support extends
dee813a #47: version command
9684429 #52: fix how we split commands
87e7211 #54: fix ulimits
7269701 Fixed get of ulimit tag, according to docker-compose specification
b369073 Fix podman-compose run command parsing
62f0cc4 Changed -l flag to --label in order to be compatible with Podman 1.0.2.dev
c152d28 Support for generic container-compose format
8e43e69 FIX #41: compare original volume name
751aaa8 Add support for devices in a service
243bdb6 Add support for setting container ulimit
2202e7f Add support for setting container ulimit
f505e49 a test showing yaml anchor magic
2e4378f add string check for cmd line args
2a8d430 FIXES #35: now support multiple composer files
a512c0c #35: test for multiple -f
f008986 release 0.1.5
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v3.4.2-4-g72031783c, which comprises the following commits:
25f35ac9e Use CGO_ENABLED=1 when building natively on darwin
7c98d542b Bump to v3.4.3-dev
2ad1fd355 Bump to v3.4.2
1d6397e5c Add release notes for v3.4.2
6d9b1e4b8 Fix partial log line handling with journald log driver
8b368b5e1 Fix Zsh completion command documentation
c2fb170b8 Fix flake in upgrade tests
6770fede7 VOLUME must be declared after RUN chown command
cedf1a3d4 podman-generate-kube - remove empty structs from YAML
e456873c0 Exclude already built sources for static build
e9f6e5194 Match .c files in Makefile
de852ebd0 shm_lock: Handle ENOSPC better in AllocateSemaphore
fc1707dfe Minor test tweaks
c8b7ca2ba pod/container create: resolve conflicts of generated names
2dc8db773 Add some information about disabling SELinux when using system volumes
93a3e720d Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
b1ac02dcb tweak a couple of flag descriptions in help output
718de67f3 Fix bindings container log test
dd6551055 test: run --cgroups=split in new cgroup
df9e0fdcb Fix tests of podman image trust --raw and --json
df736396e Tighten the expected output of the "podman image trust show" test
18c322d1c Use INTEGRATION_ROOT instead of current directory
3bd80ac9a Handle HTTP 409 error messages properly for Pod actions
a8332f694 Fix swagger definitions
5889c2c24 Cirrus: Authorize rootless user self-ssh
2a0aad6be Add information on how podman machine is updated
0ded340e6 Fix help message case for `podman version`
fa29ca710 Fix pause usage example
6bf6d7237 Set Checkpointed state to false after restore
2d6252b98 runtime: change PID existence check
a208bc24d Set DOCKER_HOST in the VM
246782133 runtime: check for pause pid existence
0519e7ef8 utils: do not overwrite the err variable
2b85684ad Fix systemd PID1 test
0e1f67b72 cgroups: use SessionBusPrivateNoAutoStartup
9707ff5d4 vendor: update godbus to v5.0.6
a67bf0f92 Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
47afa6d96 Fix a few problems in 'podman logs --tail' with journald driver
729310a85 If Dockerfile exists in same directory as service, we should not use it.
7275d389b Document to not set K8S envars for CNI
955d01f5a [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
2ff511798 Fix some typos in documentation and comments (found by codespell)
eead06b9d [CI:DOCS] Fix typo keep_id -> keep-id
8887cc7e4 podman run --memory=0 ... should not set memory limit
6f779b230 systemd: compatible with rootless mode
465e27cf1 Use exponential backoff when waiting for a journal entry
3b67336b6 Pod Rm Infra Improvements
f8ede7c5e System tests: confirm that -a and -l clash
c3f3e6d3b Remove infra ID from DB before removing containers
b3eaa08c5 Generate Kube should not print default structs
d489abf26 fuse-overlay probably means fuse-overlayfs.
34739f441 Replace 'an user' => 'a user'
9c94530bb network reload without ports should not reload ports
eca1b6c0b pod create: read network mode from config
9e78185e3 volumes: be more tolerant and fix infinite loop
5c2d17e1c [backport] tag: Support tagging manifest list instead of resolving to images
46f7d2af1 Bump to v3.4.2-dev
a6493ae69 Bump to v3.4.1
56a4372c2 Update release notes for v3.4.1
f05e206bd Fix test failures from backports
437ec951d system tests: socket activation: clean up
5aa89c88f Checkpoint/Restore test fixes
d39e41283 Set targetPort to the port value in the kube yaml
7923bfcb0 Test-hang fix: Wait for ready + timeout on connect.
c135ff76d Don't include ctr.log if not using file logging
9168db8bc Do not add TCP to protocol in generated kube yaml
b5dd62f31 Don't use docker/pkg/archive, use containers/storage/pkg/archive
a213661ae Fix panic in container create compat api
92ed439d2 Don't add image entrypoint to the generate kube yaml
16fb4161a Kube Gen run as user/group issues
3082ba8b7 No space in kube annotations for bind mounts
b470de05b cgroups: use cgroup.controllers to read controllers
8b87793d4 Use SplitN(2) when copying env variables
d458bc304 [CI:DOCS] Include manifest example usage
fbe94088f podman stats: move cgroup validation to server
338e01f04 [CI:DOCS] oci-hooks.5.md: fixup section in header
de6a4af5a Change podman.1 man page to show corret log-level default
326eae3b7 Add podman-plugins to upstream image
ca33df146 Ensure `podman ps --sync` functions
7bbf774e8 Allow `podman stop` to be run on Stopping containers
2cd206d0f libpod: fix race when closing STDIN
37347c321 It really should be no **NEW** tests needed
62d12a2ad Add guard for BuildOptions.CommonBuildOpts
c6be71486 machine: silently cleanup dangling sockets before rm if possible
835d74ac6 sdnotify test: accept MAINPID anywhere
14509a92b Allow a value of -1 to set unlimited pids limit
deb7517cc Gating tests: fix permissions error
cd4e10fdf [v3.4] bump c/common to v0.44.3
91f9682c7 Bump to v3.4.1-dev
6e8de00bb Bump to v3.4.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping docker-distribution to version v2.7.1-38-gf7365390, which comprises the following commits:
97f6dace [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
9a3ff113 fix go check issues
19b573a6 Change should to must in v2 spec
d836b23f [release/2.7] update to go1.16
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-tools to version v1.22.0-64-ga9898388, which comprises the following commits:
794d57a4 Bump github.com/onsi/gomega from 1.16.0 to 1.17.0
0f2d4138 Refactor fish completion
c52d97b1 Rename bash and zsh completion functions
cad0736a Add zsh compinit tag
569d1769 Bump google.golang.org/grpc from 1.41.0 to 1.42.0
082da7c6 Bump github.com/docker/docker
0aade2a4 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
4e03be78 Add release publishing workflow
5c0c14e2 Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
b4e1615c Add SHA512 sum for release files
22bdc0b9 Bump github.com/docker/docker
06422104 Bump google.golang.org/grpc from 1.40.0 to 1.41.0
b153327c Bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
c5fac65f Bump k8s.io/api from 0.22.1 to 0.22.2
36c9ae70 Bump k8s.io/cri-api from 0.22.1 to 0.22.2
c104c3a7 Bump k8s.io/apimachinery from 0.22.1 to 0.22.2
65509de9 Bump k8s.io/client-go from 0.22.1 to 0.22.2
59cf0fb9 Bump k8s.io/kubectl from 0.22.1 to 0.22.2
8d019343 Updates E2E test images registry
6824a581 Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
057a0a48 Switch to go1.17 for CI
d9fe19b8 Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
56a2c456 Added dropping/adding `ALL` capabilities case to critest
1817da64 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0
9c01f4d5 Bump k8s.io/cri-api from 0.22.0 to 0.22.1
e3ca48ad Bump k8s.io/client-go from 0.22.0 to 0.22.1
1e108dfb Bump k8s.io/api from 0.22.0 to 0.22.1
79ff09e9 Bump k8s.io/apimachinery from 0.22.0 to 0.22.1
f3863189 Bump k8s.io/kubectl from 0.22.0 to 0.22.1
32d96cbe Bump google.golang.org/grpc from 1.39.1 to 1.40.0
de44545a Bump github.com/onsi/gomega from 1.14.0 to 1.15.0
44385679 Bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
dd011a46 Bump google.golang.org/grpc from 1.39.0 to 1.39.1
3db8a88c Bump Kubernetes to v1.22.0
231cf44f Bump k8s.io/api from 0.21.3 to 0.22.0
032832ec Bump k8s.io/cri-api from 0.21.3 to 0.22.0
64e1ad02 Bump k8s.io/kubectl from 0.21.3 to 0.22.0
918e5c77 Bump k8s.io/apimachinery from 0.21.3 to 0.22.0
6ccbb79b Bump github.com/docker/docker
a2e29a4c Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0cfc8b32 crictl: Adds support for updating resource limits for Windows Containers
d6c95411 Bump k8s.io/api from 0.21.2 to 0.21.3
a9dc7558 Bump k8s.io/kubectl from 0.21.2 to 0.21.3
88e4d31b Bump k8s.io/apimachinery from 0.21.2 to 0.21.3
d7f79299 Bump k8s.io/cri-api from 0.21.2 to 0.21.3
5a43f6cd Bump github.com/onsi/gomega from 1.13.0 to 1.14.0
e89ffa50 Update GitHub actions to go 1.16 and remove .travis.yml
e5045b08 Bump google.golang.org/grpc from 1.38.0 to 1.39.0
31e70ff9 Update critest Windows tests.
03fa217f chore: switch containerd branch to main
aef70e40 Bump k8s.io/cri-api from 0.21.1 to 0.21.2
f6f6a393 Bump k8s.io/api from 0.21.1 to 0.21.2
b90eefd5 Bump k8s.io/kubectl from 0.21.1 to 0.21.2
85fa1307 Bump k8s.io/apimachinery from 0.21.1 to 0.21.2
bb845cfd rm_force_while_container_running_fix
e866f8ff Bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
a8e055d2 Bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4
9de2a5e4 Bump github.com/docker/docker
c83bed06 Bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3
c9cb3790 Bump github.com/onsi/gomega from 1.12.0 to 1.13.0
1d34ea0c Add global handler for Interrupt signal
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.22.1-5-ge3dfe61ca, which comprises the following commits:
d89a55e91 gh-actions: add sed for kube e2e
b1ac0896f release-notes: update to main
a90fcad56 test: add label for openshift e2e in dockerfile
1495b80e8 bump to 1.22.1
4ce3396b9 Skip volume relabel for super privileged containers
66e3210e0 test: skip certificate check for downloading parallel
91acfb2e7 test: fix shmft
325ec64d5 vendor: update to selinux 1.9.1
8bacf3132 test: fix selinux test failures
116eff337 server: FilterDisallowedAnnotations of containers earlier
e595eeb06 server: conditionally relabel volumes given annotation
69dfc4bc4 test: refactor allowed_annotation tests
92810c137 server: reduce args in addOCIBindMounts
54f343719 server: mount cgroup if hostNetwork
b40d9220b server: use container level host network setting
53755727a server: don't recalculate hostnet
a220ddf71 server: set spec when dropping infra
85043dab6 server: don't wait forever on conmon cgroup move fail
764e83f44 Do not log if Intel RDT is not supported
4542e5166 call cmd.Wait() in all cases we call Start()
2bd8e315b oci: call wait on conmon if cgroup move fails
d45f1f112 Fix missing quantile in `latency_microseconds_total` metrics
6a8cb41cd oci: use conmon for exec again
ddef4d063 install dependency in test step
f74d274fa blockio: apply annotations and blockio classes to Linux.Resources
7b3f68fa8 blockio: handle class configuration file if set
d7444c86d blockio: enable setting blockio class configuration file
5aacbedb2 fix checking in openpgp_tag.sh
2bfcfb6fb config: set internal_wipe to true by default, and deprecate the option
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
cri-o has joined the projects switching their default branch to
main (and removing the old one).
We update our recipe to avoid fetcher errors.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v1.5.8, which comprises the following commits:
ef071b07b mailmap: Add Kevin Parsons
2385fd14d Prepare release notes for v1.5.8
15d8c03e3 schema1: reject ambiguous documents
833407fbf images: validate document type before unmarshal
01428ec40 Fix containerd fails to pull OCI image with non-`http(s)://` urls
2bd3f18d9 [release/1.5] go.mod: Bump hcsshim to v0.8.23
047ea15d2 [release/1.5] go.mod: Bump ttrpc to 1.1.0
7b20299bc [release/1.5] update Go to 1.16.10
641976bea [release/1.5] update Go to 1.16.9
b988fc918 Output a warning for label image labels instead of erroring
3109820f5 Update test timeout based on recent cancellations
16762f3e5 Fix spelling mistake in Windows snapshotter
6094bc770 Use DeactivateLayer to recover layers that we cannot rename
bf02a8330 task delete: Closes task IO before waiting
aa7c9d9da Fix pull fails on unexpected EOF
bc2f973ff Prepare release notes for v1.5.7
f95fca079 btrfs: reduce permissions on plugin directories
68119b417 v1 runtime: reduce permissions for bundle dir
97db45e83 v2 runtime: reduce permissions for bundle dir
bc8fdf832 Update release notes and mailmap
77dafa20c Prepare release notes for v1.5.6
a4b51d119 Fix panic in metadata content writer on copy error
147705920 Use github images for integration tests
514137aa0 cri: add devices for privileged container
6bfd09f7c Enable image config labels in ctr and CRI container creation
923088852 seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
4133c775c go.mod: update runc to v1.0.2
011fb4c0b update runc binary to v1.0.2
210d3bc15 Fix content copy to not ignore unexpected EOF
a863339c5 [release/1.5] update Go to 1.16.8
f3d46f828 CI: Switch to available latest images
c7ed09d55 Adding testing of two devices in a directory
0ca2e2751 Fix dir support for devices V3 (#4847)
0fd19511e go.mod: Update hcsshim to v0.8.21
c0534c168 [release/1.5 backport] cri: filter selinux xattr for image volumes
27e164648 Allow expanded DNS configuration
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping conmon to version v2.0.1-288-ge67bb4d, which comprises the following commits:
a854c52 conmon: fix error message
5d5b853 logging: set SYSLOG_IDENTIFIER= with --log-tag
ed0b60c conmon: free userdata files before exec cleanup
42cecdf Cirrus: Remove disused scripts
1c7b233 test: drop seccomp tests
eb808d2 fix gh action yaml
e7a5e0c ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
f263cf4 logging: new mode -l passthrough
f231c7f ctrl: delete the fifo if it exists
7cfb1ac conmon_test: fix race condition on os.RemoveAll
c657db7 integration: use the built binary
fa1fa36 bump to v2.0.31-dev
2792c16 bump to v2.0.30
fec62f1 bump go version for podman tests
89072ea Update VM Images + Drop prior-ubuntu references
53c9f75 Remove unreachable code path
9e54dda exit: report if the exit command was killed
4d3dba9 exit: fix race zombie reaper
c834521 conn_sock: allow watchdog messages through the notify socket proxy
423c391 Add seccomp to build dependency
9c23760 Update nixpkgs
3a8c913 make: only define use_seccomp if we're using it
1d67d9e Makefile: correctly check seccomp notify support
e796a80 Makefile: make conditional-compilation variable setting uniform
e83c392 Makefile: unify condition checking
7381063 Cirrus: Remove outdated/wrong documentation
4a8762d Cirrus: Fix references to 'master' branch
1ef2468 Fix docs links due to branch rename
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.10-9-g7bd682c48c, which comprises the following commits:
7677aeafd7 TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage
34eb6fbe60 testutil: daemon.Cleanup(): cleanup more directories
c7edd308ad [20.10] Update Go to 1.16.10
6611c72b65 cmd/dockerd: create panic.log file without readonly flag
4b9a3dac46 Fix race in TestCreateServiceSecretFileMode, TestCreateServiceConfigFileMode
acb4f263b3 Fix racey TestHealthKillContainer
59d2a2c397 dockerd-rootless.sh: Fix variable not double quotes cause unexpected behavior
2c6aa5aad9 Remove needless check
3285c27503 Fix log statement 'failed to exit' timeout accuracy
a4bcd4c64f docker daemon container stop refactor
bed624fdc9 docker kill: fix bug where failed kills didnt fallback to unix kill
80b7e8b5d7 buildkit: normalize build target and local platform
c2b9a32875 vendor: Update go-winio to v0.4.20
c580a02873 [20.10] Update Go to 1.16.9
129a2000cf [20.10] update containerd binary to v1.4.11
6835d15f55 [20.10] update containerd binary to v1.4.10
5730c139f7 Bump swarmkit to get fix for rollback
59f10e3435 quota: adjust build-tags to allow build without CGO
fa78afebcf Update Go to 1.16.8
567c01f6d1 seccomp: add support for "clone3" syscall in default policy
07728cd2bd update runc binary to v1.0.2
964768f200 cmd/dockerd: add the link of "the documentation"
80f1169eca chrootarchive: don't create parent dirs outside of chroot
93ac040bf0 Lock down docker root dir perms.
b0c0b73798 bump up rootlesskit to v0.14.4
decb56ac89 Update Go to 1.16.7
Bumping docker-cli to version v20.10.10, which comprises the following commits:
9989fdbc4 Update most links in docs to use https by default
0e20c1fd2 Update Go to 1.16.9
1c0927a04 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921 info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79 docs: some minor touch-ups in checkpoint reference
8260476a0 docs: remove trailing space to fix generated YAML format
bce2e1f95 docs: create.md: typo fix
44064f51c Fix typo in documentation - build.md
292779add Add doc for BUILDKIT_PROGRESS env var
f2e79b826 docs: use "console" code-hint for shell examples
fa46b9236 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089 experimental: fix broken link to "checkpoint and restore" page
c72057c8d docs: move checkpoint/restore doc from experimental into reference
77db97d59 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b docs: fix some broken anchors
d0014a86b docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55a docs: fix search results by filterd is-official
44fdac11f Update Go to 1.16.8
061051c24 docs: add missing redirect, and remove /go/experimental redirect
2012fbf11 Update Go to 1.16.7
42d1c0275 registry: ensure default auth config has address
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to version v1.22.4-rc.0-26-ga82c1e72259, which comprises the following commits:
a1bc265ce68 Fixed unit test SELinux support
9286d722d5e Add shortcut for SELinux detection
8ddc2963808 Don't guess SELinux support on error
24b725f29f1 Use separate pathSpec for local and remote to properly handle cleaning paths
3bf2248bda7 [go1.16] Update to go1.16.10
bd146ab0e1b Automated cherry pick of #105122: added keys for structured logging (#105137)
98ad7ac4ef4 Update debian, debian-iptables, setcap images to pick up CVE-2021-33910 fixes
b9236d7cd4a Fixing how EndpointSlice Mirroring handles Service selector transitions
9e778cb6ede Fix race condition in logging when request times out
dee25f4db12 Remove nodes with Cluster Autoscaler taint from LB backends.
e565102bce7 Support cgroupv2 in node problem detector test
33b5f0f1eaf Update CHANGELOG/CHANGELOG-1.22.md for v1.22.3
39f5a506c81 Release commit for Kubernetes v1.22.4-rc.0
c9203682049 Release commit for Kubernetes v1.22.3
6765a52acd9 Free APF seats for watches handled by an aggregated apiserver.
dd8563b0184 Run storage hostpath e2e test client pod as privileged
fc580a41252 support more than 100 disk mounts on Windows
176ba1d5236 [go1.16] Update to go1.16.9
cdfd8141855 Clear initial UDP conntrack entries for loadBalancerIPs
b30f24e2579 Verifying the auth headers are set for upgraded aggregated API requests
0dfe8e33143 apiserver aggregator upgrade unit test
36a9689ce81 Aggregator uses the regular transport even if the request requires upgrades
5fb05afd9f8 Fix PreferNominatedNode test
410c0413757 Remove Error Message Check Dynamic PV Tests
fcb66167905 go fmt
82cd11e646e Add e2e test to verify kubelet restart behaviour
8fa5ff3712c kubelet: set terminated podWorker status for terminated pods
bc392586f01 Fix quota controller hotloop in integration tests
af46778d58d remove StartedPodsErrorsTotal metrice message
13d852c73dc Copy VolumeSnapshotContent annotations in snapshottable.go test
ae10967d23f Fix bugs in e2e pod test
60e425c9009 Ensure terminal pods maintain terminal status
c44db53f2c2 Do not sync Waiting statuses for Terminated pods
4ca2cee155c Adds CancelRequest function to CommandHeadersRoundTripper
cd94fec74c9 Fixes kubectl command headers which hangs on kubectl run
60ee69c79bb Revert "Build non-static binaries with PIE buildmode"
e989925e232 Ignore VMs in vmss delete backend pools
407cc91f95a Fix CSR test to accept certs shorter than the requested duration
6bf5db2e3f7 fix: skip not found nodes when reconciling LB backend address pools
3ceb7b87649 fix: consolidate logs for instance not found error
e15dcbe404c Remove a duplicate StorageClass creation call
6763300949a Update Containerd version - GCE Windows
a135518af00 e2e scheduling priorities: do not reference control loop variable
cc1eb760389 storege e2etest: Delete restored PVC/Pod in snapshottable
614988c6626 pkg/kubelet/cm/memorymanager: Fix ErrorS key/value pair
2f850d636e8 v1.22: Fix test flake in old svc registry
20fa03d60ea 'New' Event namespace validate failed
2ff2780dcc5 kubelet: Handle UID reuse in pod worker
a6539a662cd Add test for recreating a static pod
2d9957274a4 Update CHANGELOG/CHANGELOG-1.22.md for v1.22.2
9f314ed137d Release commit for Kubernetes v1.22.3-rc.0
8b5a1914753 Release commit for Kubernetes v1.22.2
4fa7cdfa93c Refine locking in API Priority and Fairness config controller
b23fffb83ed kube-controller-manager: properly check generic ephemeral volume feature
38c7182897c Fix null JSON round tripping
aeff924339a Propagate conversion errors
a69920a9588 integration test
b7854d5f1c9 fix 104329: check for headless before trying to release the ClusterIPs
d8ead0e1c7b fix detach disk issue on deleting node
c948d8cc53b kubelet: fix sandbox creation error suppression when pods are quickly deleted
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping k3s to version v1.22.3+k3s1, which comprises the following commits:
61a2aab25e Upgrade containerd
e1883d0537 Bump klipper-lb image for arm fix
5eb13b6ba6 Fix log/reap reexec
259ceb452c Fix other uses of NewForConfigOrDie in contexts where we could return err
cc23fce0a7 Watch the local Node object instead of get/sleep looping
6349aed8e8 Block scheduler startup on untainted node when using embedded CCM
db8f54e6af Update to v1.22.3 (#4348)
46eea2f10a Revert "Add ability to reconcile bootstrap data between datastore and disk (#3398)"
9a4ca5978b reset buffer after use (#4279) (#4329)
c9f6fa0be0 remove integration test
07f844cf95 Copy old bootstrap buffer data for use during migration (#4215)
48355dce10 Add ability to reconcile bootstrap data between datastore and disk (#3398)
84e9b829e0 Update peer address when running cluster-reset
06b8639068 Bump klipper-helm version
f98934980d Added configuration input to etcd-snapshot (#4280) (#4281)
7ede7d2e7c Update to the newest flannel
971854c15b Refactor log and reaper exec to omit MAINPID
3988edef25 Add containerd ready channel to delay etcd node join
b65bcdf963 Bump klog fork version
7c78e1c802 [Release-1.22] - Add etcd s3 timeout (#4207) (#4230)
c10a0a2163 Fix race condition in cloud provider
6193b1af97 Display cluster tls error only in debug mode (#4200)
737f722315 set transport to skip verify if se skip flag passed (#4102) (#4103)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the following kernel modules for k3s:
* xt-physdev
* xt-nflog
* xt-limit
* nfnetlink-log
Without them, the k3s network-policy-controller reports failures in the log
related to iptables-restore.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
bitbake is going to start warning about the combination of +=
and :append, which is rarely correct.
We can use use :append and add the space.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* apply the same also for recipes using PKG_NAME starting
with github.com which the conversion script doesn't update
automatically
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
master has become main in the runtime spec, so we update our recipe to
match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
runtime-spec has moved to main instead of master, so we tweak our branch
name to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As introduced in the oe-core post:
https://lists.openembedded.org/g/openembedded-core/message/157623
SRC_URIs without an explicit branch will generate warnings, and
eventually be an error.
We run the provided conversion script to make sure that meta-virt
is ready for the change.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
