| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.24.1-18-gb0d2ef327, which comprises the following commits:
81ef20b38 Fix unit test coverage
7b4941478 Fix release-notes tag determination
0dde66a3c Upload release notes for each tag
29762438c Fix container status for HostToContainer propagation
2cf9cf9df bump ocicni to 0.4.0
5481d35e9 Fix unit tests
b0040ddd9 test: set cri stats more idiomatically
cf0037d1a utils/RunUnderSystemdScope: fix wrt channel deadlock
5b75a4763 oci: kill children of container if it is in the host pid namespace
489819e33 bump to v1.24.1
8acadd3f4 conmonmgr: query help text to see if it supports log-global-size-max
fc852b402 add support for conmon log-global-size-max
77f0429d9 oci: cap exec sync length
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
clang-based builds are still broken due to:
https://github.com/llvm/llvm-project/issues/53999
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
This will fix clang-based builds.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v1.6.6-10-g4e92d8e7e, which comprises the following commits:
37dfc5c9d [release/1.6] Fix WWW-Authenticate parsing
fa2016d58 [release/1.6] Downgrade MinGW to version 10.2.0
99c56d217 ctr: fix label args used in NewContainer
51de785f8 [release/1.6] Make building static binaries simpler
2ea4e6348 update runc binary to v1.1.3
61213742a Prepare release notes for v1.6.6
f92068350 Implicitly discard the input to drain the reader
2eb67213b [release/1.6] Limit the response size of ExecSync
185e87275 Prepare release notes for v1.6.5
5c9c83d3e [release/1.6] update golang to 1.17.11
fdcdc27bc update go-cni/for cni update fixing plugins that don't respond with version
e33b9e709 archive: add human-readable hint to Lchown error
3bb5a9d19 config: improve config v1 deprecation message
6eff5b6c0 [release/1.6] go.mod: Bump hcsshim to 0.9.3
f1d2d9260 [release/1.6] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
9f99be51b [release/1.6] update golang to 1.17.10
246a1b42e vendor: github.com/opencontainers/runc v1.1.2
43717e03a update runc binary to v1.1.2
82a77be2d reverts removal of parallel run from critest
06bdfeb67 Allow git commands in Vagrantfile
70839a344 Bug fix for mount path handling
1520bae0f update critools to v1.24
0d1d2953b Prepare release notes for 1.6.4
42d691fe6 Bump opencontainers/selinux from 1.10.0 to 1.10.1
e9f22e008 Update go-cni to v1.1.5
be4909e95 cri: close fifos when container is deleted
baa386dc0 Prepare release notes for v1.6.3
e8da82adc tracing: fix panic on startup when configured
1764ea9a2 CRI: improve image pulling performance
9cd76d465 [release/1.6] update golang to 1.17.9
c09cc1242 check for duplicate nspath possibilities
fe6ba62ce metrics/cgroups: fix deadlock issue in Add during Collect
8b81a7843 [release/1.6] go.mod: update image-spec to merge-commit of v1 into main
f2ba2041b update runc binary to v1.1.1
b736b4dab go.mod: github.com/opencontainers/runc v1.1.1
72f1e58c7 CI: add Rocky Linux 8
7ede40c5c [release/1.6] vendor: github.com/containerd/imgcrypt v1.1.4
5538be6cf cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events
da35c19da Test turning off golang CI lint cache
a0213573b Add nolint:staticcheck to platform-specific calls
ad0036ed6 Update prometheus client vendor
c7bbf316f Mount devmapper xfs file system with "nouuid" option.
a1de89c3e Make the temp mount as ready only in container WithVolumes
82a12edf2 moving up to go-cni v1.1.4
28b44826b native: fix deadlock from leaving transactions open
8461dd6e5 Prepare release notes for v1.6.2
91800c4e9 Add static checks to shim for Windows
ca51d7f85 Update go.mod go version
765df6609 [release/1.6] remove empty go mod to allow building for go 1.18
e9af80859 Fix the Inheritable capability defaults.
7c929318a Update TestNormalize to only test Windows
06985e7d0 Upgrade golangci-lint and its GitHub Action
b13d3e05c cri: relax test for system without hugetlb
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
patch a33188f [podman: Fix host contamination] appears to have
introduced fuzz/failures. Which strangely wasn't picked up on
merge testing.
We refresh the patch to fix the issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
This support is disabled by default and exposed via PACKAGECONFIG.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Podman can run in via a docker symlink emulating docker commands. By
default this generates a runtime warning. This change silences it via
the provided interface.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The project's internal Makefile uses BUILDFLAGS variable to pass
arguments to `go build` while Yocto/OE defines it as GOBUILDFLAGS. Add a
patch to align this and avoid using host headers in which case, a musl
build will fail similarly to:
| [...]ld: /tmp/go-link-3172010154/000015.o: in function `vfprintf':
| /usr/include/x86_64-linux-gnu/bits/stdio2.h:130: undefined reference to `__vfprintf_chk'
| [...]ld: /tmp/go-link-3172010154/000016.o: in function `fprintf':
| /usr/include/x86_64-linux-gnu/bits/stdio2.h:100: undefined reference to `__fprintf_chk'
| collect2: error: ld returned 1 exit status
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
buildah is a command line tool, to be installed and run on target,
that can be used to:
- create a working container, either from scratch or using an image
as a starting point
- create an image, either from a working container or via the
instructions in a Dockerfile
- images can be built in either the OCI image format or the
traditional upstream docker image format
- mount a working container's root filesystem for manipulation
- unmount a working container's root filesystem
- use the updated contents of a container's root filesystem as a
filesystem layer to create a new image
- delete a working container or an image
- rename a local container
Testing:
Setup the build directory:
$ . oe-init-build-env <build_dir>
Add to local.conf:
IMAGE_INSTALL:append = " buildah kernel-modules"
KERNEL_FEATURES += "features/overlayfs/overlayfs.cfgi \
features/netfilter/netfilter.scc \
features/lxc/lxc-enable.scc"
IMAGE_ROOTFS_EXTRA_SPACE = "5242880"
Build image:
$ bitbake core-image-minimal
Run the image:
$ runqemu nographic kvm qemuparams="-m 4096"
On target:
Pull an image:
> cnt=$(buildah from fedora)
Or build from Dockerfile
> buildah bud -t <image_name>:<tag> .
Mount the image:
> mnt=$(buildah mount ${cnt})
Install packages on the container rootfs:
> dnf install --installroot $mnt <packages_to_install> -y
Copy local files to the container:
> buildah copy $cnt <local_file> <dest_on_container>
Save the changes to an image
> buildah commit --format docker $cnt <name>:<tag>
Run the image using buildah:
> buildah run $cnt /bin/sh
Or using docker:
> docker run -it <name>:<tag>
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adjust the GOROOT setting as directory specified by the original
one does not exist.
The CGO_CFLAGS and CGO_LDFLAGS should use target flags instead
of the nativesdk ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adjust the GOROOT setting as directory specified by the original
one does not exist.
The CGO_CFLAGS and CGO_LDFLAGS should use target flags instead
of the nativesdk ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adjust the GOROOT setting as directory specified by the original
one does not exist.
The CGO_CFLAGS and CGO_LDFLAGS should use target flags instead
of the nativesdk ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
The CGO_CFLAGS and CGO_LDFLAGS should use target flags instead
of the nativesdk ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
According to https://github.com/containers/skopeo/blob/main/install.md#building-from-source,
the ostree dependency is not needed.
Also, adjust the CGO_CFLAGS and CGO_LDFALGS to use target
flags instead of the SDK ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
v2.8.1 is the latest stable version.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix settings for GOROOT, CGO_CFLAGS and CGO_LDFLAGS.
The previous setting for GOROOT is no longer valid as the directory
does not exist for now. So adjust the GOROOT setting.
Currently CGO_CFLAGS is set to use BUILDSDK_CFLAGS, and this is
incorrect. We need target flags instead of SDK related flags. Such
setting happens to work for some hosts. However, when building on
newer hosts, we get QA error like below:
ERROR: docker-distribution-v2.7.1-r0 do_package_qa:
QA Issue: /usr/sbin/registry contained in package docker-registry requires
libc.so.6(GLIBC_2.34)(64bit), but no providers found in RDEPENDS_docker-registry? [file-rdeps]
The above error was found on hardknott on host Fedora 35.
Tracking down the error and I found it's using host stuff which is likely
to be caused by using incorrect CGO_CFLAGS. As the master branch is
using the same settings, it has the same issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In order for systemd variables such as SYSTEMD_AUTO_ENABLE to have
effect, we need to inherit the systemd class. We also need to specify
the package which contains the service.
As go.bbclass already inherits goarch.bbclass, we only need to inehrit
go.bbclass.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Reformat the k3s depedencies and src_uri into a more readible and
maintainable format.
We also map googlesoruce to github for better fetching, as suggested
by Diego Sueiro <diego.sueiro@arm.com>.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.24.1
We refresh one patch, add add textrel to our QA check skip list.
Which imports the following commits:
489819e33 bump to v1.24.1
8acadd3f4 conmonmgr: query help text to see if it supports log-global-size-max
fc852b402 add support for conmon log-global-size-max
77f0429d9 oci: cap exec sync length
9441b6700 Fix review issues
ee1a8519f Fix it case failed
027ab3f50 Fix review issues
db4a4aa51 Add integration test for remove paused ctr
76d1a929e 1.When in paused state, stop contianer should unpause it 2.We should treat paused state as running, or kubelet will delete it and restart one
3b25e48e4 fix review issues
eff3af248 Try to force delete ctr when in paused state
62d81d722 vendor: bump crypto package
3d516c53b oci: Move exec probe process to container cgroup, if enabled
8294126fa config: Add monitor_exec_cgroup config option
9a2723cb4 Reenable pod runtime in package spec
ae024bd0a dependencies: Upversion conmon dependency to v2.0.27
1737a4702 Sanitize conmonrs log level and print used version
5658fd35a Wrap runtime pod errors
b4bbd4d94 openshift test: use go 1.18
aa13dfb7b openshift test: add skip_pod_runtime to cri-o spec
d6aff5b63 Bump nixpkgs and use go1.18
4864ffc60 Fix golangci-lint errors
d0664581d add runtime pod
c33e14fc1 vendor conmon-rs
3b80d009b oci: add IsInfra method
0f601939e oci: lock for runtime creation
1376307fb test: use go 1.18 for lint
b98f15851 Move WillRunSystemd call after iterating the mounts
2a75c8307 Add sha256sum bundle files to uploaded artifacts
9f6a6724d crio:fix a bug about log container
901310bdd oci: use runtime handler level monitor fields
12758b2b3 config: assume default conmon cgroup if it's not specified
240de5f3f template: add comment to runtimes table
5a8223c75 config: replace Conmon specific fields with runtime handler versions
de2105a17 main(): don't treat reexec.Init() == true as an error
1de3e5ed2 crio:try fix integration test failed, because unpause not on time
6dfc68de4 config: increase pids limit to unlimited and deprecate it and logSizeMax
9ff165b4e bump ocicni to 0.3.1
b447dff77 bump containernetworking cni to 1.1.0
3fa33fe48 crio: unpause ctr after test
8e9ddee87 crio:fix golint check warning
019c578fa fix(stats): incorrect id on zfs driver
153bb668c crio:fix crun it failed
87f7f00f3 crio:update status after pause/unpause container
54912d7c8 oci: cleanup log path if the container failed to create
7a65dc340 utils: remove unused io related packages
9b111b532 runtime_vm: use containerd deps for container io directly
2da7482db remove the external dependency on the conntrack binary
1955cc167 go.{mod,sum}: update CDI deps to v0.3.2.
a8687861c server: no longer use hardcoded timeouts
64270ef91 fix builds by passing -buildvcs=false on 386
48230e006 test: bump to go 1.18.1
d41e3cbe6 Disable systemd-mode cgroup detection conditionally
e10376810 crio: Fix review issues and make format shell file
78308acd4 Add bats test to ensure namespaces are cleaned up on pod stop
ec1414424 pinns: Check calloc return value
adfe57b5d bump to 4.11 image
5e72b4133 crio: Fix code style
270d195ec crio: implement extended interface for pause/unpause container
31c278301 seccomp: drop unshare syscall from default profile
1098cc9b9 Retry to set CPU load balancing before return the error
7ccafd559 build(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.1.0
9b735153b Fix integration tests
862b27b8c Switch to registry.k8s.io for the sandbox Image:
9ebdeef1e Change the mcs order in selinux.bats to test the canonization of selinux label
1a9a3fdae Canonize selinux label for comparison with filesystem label
b106fcd71 oci: fix segfault in pod stop code
3e9d77257 capabilities: drop inheritable
afe738b18 Bump ocicni to v0.3.0
7b5a67f51 Switch to ginkgo/v2
1999baa2f Add bats test for infra_ctr_cpuset taskset
9fada28f7 Add bats test for zombie conmon cleanup
15afd20ee Update golangci-lint and config
13d7b9738 Bump golang to 1.18.x
1af1f8af2 pinns: Pass sysctls as repeated '-s' arguments
eb8715d30 Fix shell format
c3095bf20 README: Update EOL & Version Skew links
05c443b06 config/sysctl: fail if there is a + in the value
ea39e74f2 Fix critest
739379b0c Enable `--seccomp-use-default-when-empty` by default
98c18d1cb test: update to new runc behavior
4cb2407a2 Automatically chcon and restorecon on get script
bef94e1f8 Pin `github.com/u-root/u-root`
3be4dba79 Switch to `main` for `get` script
09399e41f Bump nixpkgs
51a800af0 Pin nixos/nix version
97df87f71 test: allow state of failing tests to be kept intact.
32d682800 factory: take capabilities setup
a643dad27 Add dedicated security information
d65414758 test/crio-wipe.bats: don't nuke $TESTDIR too early.
ff36ee6e0 test/cgroups.bats: fix incorrect setup order.
128165130 test/cdi.bat: add CDI integration tests.
a0d3fd8aa config,cli: add configuration for CDI.
f35fba448 pkg/container: implement CDI device injection.
572616137 go.{mod,sum}: update deps, vendor.
683baa221 contrib/test: force BATS symlink in place.
0be4d0611 contrib/test: always install BATS for integration.
2426bdb4c openshift e2e: bump cri-o version
e337fa364 bump to 1.24.0
5cad5f287 test: avoid concurrent crictl config writes.
bc240fd4c server: stop deleting pod from idIndex if already gone
a4b5f0c15 CI: use kubernetes from git tip
03064f4ca test/e2e: update skipped test list
65f93912d contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
2e7a4d375 server: use syncfs instead of fsync
d9102e748 config/sysctls: validate against invalid spaces
230409570 [gitpod] use latest workspace full
6c3144af2 hack/build-rpms.sh: fix yum-builddep failures
52adfe025 ci: bump shellcheck to 0.8.0
92edea6dd test/apparmor: suppress bogus SC2031/2031
ca10da055 test/cni_plugin_helper: suppress shellcheck warning
0655dd213 test/test_runner: rm eval, fix comment
1acde4379 OWNERS: move rhatdan to emeritus approvers
d280c71ce OWNERS: move runcom to emeritus approvers
4041adc55 utils: Sync: use f.Sync
14d742672 Deny empty `localhost/` AppArmor profiles
bd02dac92 OWNERS: add first round of reviewers
626446e5c OWNERS: Move @sboeuf to emeritus approver
8aab1e8f2 int/storage: getReferences: fix gocritic warning
f1ca25bc5 server: fix (rather than ignore) gocritic warning
bc839156e server/streaming: specify the linter
fa2fd247f ci: bump golangci-lint to 1.44.0
cc6ed292b scripts/release-notes: fix printf args
f0e70901e scripts: fix a typo
b1705dc28 int/version: fix forcetypeassert linter warning
851916f0d server/container_create_linux: fix forcetypeassert warning
a2760072b utils: fix forcetypeassert linter warnings
d295f8b24 server/streaming: fix nolintlint warning
dd70c87ab int/storage: fix gosimple warning
f26fafdc5 int/config/cgmgr: fix stylecheck warnings
bc91cdb57 Format code using gofumpt 0.2.1
98d945cc9 Makefile: fix a comment
bb96cd907 test/crio-wipe: fixups
107fe3853 ISSUE_TEMPLATE: fix grammatical error
1affa13d9 OWNERS: move @sameo to emeritus_approvers
4dc761f9f ISSUE_TEMPLATES: update membership form to be reviewer form
592aa5159 ISSUE_TEMPLATES: add a couple of more
238e4d009 image: use imageCache value for ImageStatus()
411e15058 contrib/bundle: remove deprecated kubelet option.
15048929c minor edit: removed dead link from TOC
0dd5d2d00 oci: drop WaitContainerStateStopped
6449ff0d3 oci: fix a leaked goroutine
40165cb5b internal/factory/container: initialize from pkg/container
0dabb91b3 internal/factory/sandbox: initialize from pkg/sandbox
6e2472c92 README: update branches
a0f88d3a5 Updated format
a53f1d221 Generate checksum files for artifacts
728731808 test: add test for skipped sysctls
1667b5a66 server: skip sysctls that would affect the host
a7ac4683c deep copy List{PodSandbox,Container} structs
183ac018f GOVERNANCE: fix links
18dfcd273 oci: always have conmon log to syslog
c424e85e7 README: add reference to governance
008b3541a add GOVERNANCE.md
33063001c issue templates: add membership request form
aa8130f62 Add Debian_11 OS variable on installation instructions of Debian Signed-off-by: Wang Kai <persistence201306@gmail.com>
e5dad09ee criocli: produce diff-friendlier zsh completions.
b299c80c5 ci: use main branch for conmon
bcf069b12 server: fix race with kubelet
0769411bb Fix runtime panic on pod sandbox stats retrieval
ef1746095 update go to 1.17 in go.mod
acde72556 Reuse createContainerIO in CreateContainer
0731a9b57 Fix vm containers couldn't restore after CRI-O restart
386d4a447 ci: use main version of runc
28585442e openshift e2e: bump ci image
35c02b56e server: fix a potential NULL-pointer dereference.
20370fa95 Documentation: expand on CNI CIDRs in the kubeadm tutorial
143a623ad test: update tests for allowed_devices
56929cdb9 config: add AllowedDevices option
2aceed0f0 pass the main mount point to fix crypto profiles binding
6b887e9c3 Add Nestybox to the CRI-O adopters list.
33e25b47b server: drop duplicate log message
25a2eec40 pkg/container: fix container device GID fallback.
a68b239af bump crio commit for upstream k8s CI
d7da8b2b0 adds config template linting
86e43fc28 adds comments to default values
ff2a04e8b server: don't set memory swap when it's not enabled
5ebc4a407 Inherits storage configurations from storage.conf if crio config does not set
d0d8fb3a7 use cmdrunner singleton
2237f2658 conmonmgr: refactor for new CommandRunner
878040d10 cmdrunner: update mocks and add target to makefile
b3bb86659 config: prepend commands with taskset if InfraCtrCPUSet is configured
e9f0bb6c8 cmdrunner: add tests for prepended commands
04e9c61e3 cmdrunner: create singleton
fd2e2aeec Use timeout for conmon cgroup move
9af5e3363 build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0
9a051dede Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
347f04161 test: add test ensuring a stopped pod is restored
86fd03b81 sandbox stop: remove namespaces
e02d5bf15 restore: handle removed namespaces
334e925ac Partially revert "restore: restore stop before managing namespace"
948b92bd7 restore: ensure containers are wiped on reboot
c3f75859b build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
78e1c80af build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
d8ea9f6ca vendor: bump c/image to 5.17.0
11c127f3d pinns: Add LDFLAGS to Makefile
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
There's a QA issue about criu complaining the shebang
of crit script is too long. We should replace it with
'#!/usr/bin/env python3'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping umoci to version v0.4.7-98-gdb97609, which comprises the following commits:
d8f4f12 build(deps): bump github.com/opencontainers/runc from 1.1.1 to 1.1.2
9db1db9 dependabot: ignore github.com/klauspost/compress for now
c20d1ba build(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.1
defa147 build(deps): bump actions/setup-go from 2 to 3
d7c6b89 build(deps): bump actions/cache from 2 to 3.0.1
e76ee78 build(deps): bump actions/checkout from 2 to 3
852bb73 build(deps): bump actions/download-artifact from 2 to 3
83706fc build(deps): bump actions/upload-artifact from 2 to 3
b93cb2a build(deps): bump codecov/codecov-action from 2 to 3
671fa10 build(deps): bump github.com/opencontainers/runc from 1.1.0 to 1.1.1
abd9d71 build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
597a50e build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1
87f2e17 mutator: allow setting annotation data when generating a layer
e14c6d5 README: s/anuvu/project-stacker
c67586e build(deps): bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping podman-tui to version v0.3.0-82-gcd51747, which comprises the following commits:
da1eea3 new ui color theme
36230ca CI setup
cb43be9 update vagrant box to Fedora 36
7ad72ce pre-commit configuration and fixes
a6749cd Bump github.com/docker/docker
8cadc6f Bump github.com/containers/storage from 1.40.2 to 1.41.0
9070e74 doc update - install.md
ef05222 pod/container top dialog ui update
91e73ee image history dialog ui update
097674e container stats dialog ui update
fb11dc7 image search/pull dialog ui update
b6bda1a sort categories for pod/containers create and image build dialogs
5dd3e38 code coverage for ui/dialogs package
5bde8a5 Bump github.com/containers/podman/v4 from 4.0.3 to 4.1.0
6ffb274 Bump github.com/docker/docker
bd08f23 Bump github.com/containers/buildah from 1.25.1 to 1.26.1
697eb4f Bump github.com/containers/common from 0.47.5 to 0.48.0
ff98068 Bump github.com/containers/storage from 1.40.0 to 1.40.2
bc47ea7 Bump github.com/containers/storage from 1.39.0 to 1.40.0
1c46d42 exec terminal update (automatic resize and detach)
1ef0c11 adding image tree command
5db9ef8 adding security options fields to pod create dialog
aeeba55 adding container create security options fields
5c90866 adding format and security options fields to image build dialog
3d0b91b doc update
0f9ead6 adding format and security options fields to image build dialog
1091a3f windows support
26134e7 removing unused connection dialog
206ac15 fixing golint
4ef15e4 removing image index from name field string search result
d9ed9e3 activating left/right key to switch between different pages (#55)
06f342c adding image import command (#51)
c986342 activate <delete> key for removing items (#50)
9a962a8 Bump github.com/BurntSushi/toml from 1.0.0 to 1.1.0
e29ce96 using utils pkg common variables and functions
61904de new feature: image save
c9f132a doc update - fedora podman-tui rpm
372c71f Bump github.com/containers/buildah from 1.24.3 to 1.25.1
d592f1d error dialog ui update to separate the title from the error message
1b9045f new feature: image build
c7f3032 Bump github.com/containers/podman/v4 from 4.0.2 to 4.0.3
0311f68 Bump github.com/containers/storage from 1.38.2 to 1.39.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v4.1.0-8-gcedbbfa54, which comprises the following commits:
4ae7161c4 Fix strange buildtag edit
44d253b6c Add support for machine events on Windows
8e3a991ff test: fix "podman search format json"
ab4d33e14 Update README for 4.1.0 release
3b4de8efc Bump to v4.1.1-dev
e4b039020 Bump to v4.1.0
e87b07f7c Release notes for v4.1.0 final
a8b55a3b9 pass networks to container clone
b2025c64f Add more unit tests
7b64cd783 libpod: treat ECONNRESET as EOF
6d1d6cc0b play kube default log driver
d57bbdb5c Cirrus: Fix ownership of repos. to keep git happy
4716b6b1b build: disable --output for podman-remote clients
fbab06796 Vendor in containers/buildah@v1.26.1
ee4e0aa43 Temporarily skip netavark/aardvark e2e test
8b897a586 Cirrus: Temporarily update netavark/aardvark-dns
b73bdcdb9 Cirrus: Test w/ netavark/aardvark-dns in F36+
80cf4e31c Cirrus: Update to F36 CI VM Images
0d8ff6fa9 Add 4.1 branch to API documentation
6ea122f6e Report correct RemoteURI
2fd178ac0 Misc readme update to retrigger CI
d3f406e9f podman system reset removed machines incorrectly
8cbe598fd Bump to v4.1.0-dev
0abf24320 Bump to v4.1.0-rc2
d45a68bce Update release notes for v4.1.0 RC2
9e83826d5 machine events: only open sockets when needed
a21e11236 Add podman machine events
bea8301a8 Implement --format for machine inspect
3ab8fa679 Release notes for more v4.1.0 backports
8842e9b7a Additional stats for podman info
642204821 libpod: unset networks before storing container conf
9d5158e94 Implement machine inspect for WSL
b7e8b25d4 Bump github.com/rootless-containers/rootlesskit from 1.0.0 to 1.0.1
65108dede Use simulated dual-stack binds when using WSL
95633146e libpod: host netns keep same /etc/resolv.conf
1cdf18a86 fix incorrect permissions for /etc/resolv.conf in userns
bbb10bb52 pkg/api: do not register decoder in endpoint handler
c441a1756 fix broken hooks-dir test
fb14171cb enable errcheck linter
724965132 libpod: unlock containers when removing pod
159d597cd remove unused codepath for creating/running ctr in a pod
a9a70a949 Refactor machine inspect
1d2120412 image search --format: add completion for go template
d4fe645ed shell completion --format: use structs by reference
524b53610 image --format: fix add completion for go template
a9deb5c67 shell completion --format: use anonymous struct field once
835b89c60 network inspect --format: add completion for go template
68f7349bc shell completion --format: work with nil structs
07bc615b4 podman machine starting test
66500b82a Report properly whether pod shares host network
8627b5151 Bump github.com/containernetworking/cni from 1.0.1 to 1.1.0
9f6131e9c Three manual fixes
ecc39b595 Ginkgo: use HaveField() for better error checking
e5d6b6b0a volume: add new option -o o=noquota
77f147468 podman search: truncate by default
b1089a23b Produce better test error messages
4ff6884fb Add CreatedSince & CreatedAt format fields to podman image history
3226561cf Allow changing of CPUs, Memory, and Disk Size
cb399245b CI: emergency fix for broken go get
1593e75c6 Bump to v4.1.0-dev
146dcb28d Bump to v4.1.0-rc1
b2beb5a53 Add release notes for v4.1.0-RC1
3bcfd256b manifest endpoints fix ordering
4a4906b91 pkg/bindings: manifest remove 3.X API support conditional
e9599fb1a fix manifest modify endpoint to respect tlsverify param
609b52f72 Bump version to v4.1.0-dev
652921119 Bump github.com/fsnotify/fsnotify from 1.5.3 to 1.5.4
70a2c0008 play kube respect hostNetwork
7259a6315 Truncate annotations when generating kubernetes yaml files
4f8ece76f play kube: do not skip containers by name
51fbf3da9 enable gocritic linter
1a9f110b5 Cirrus: Fix skipping all/most tests
7c914355d [CI:DOCS]Remove unnecesarry files
c090931da remote: do not join user NS
49264c714 vendor in containers/(common,buildah,storage,image)
facc009ca benchmarks: add more image benchmarks
ee9d755c5 Robustify nginx tests
ecd245d8f Unit tests for pkg/specgenutil pkg/signal
c5e48f12e Cirrus: Re-fix build-cache miss on main
eb4e53087 Revert "Cirrus: Fix cirrus cache race on bin/podman"
b0d36f635 Implements Windows volume/mount support
3b6ffcd29 Update to use new common machine API
d441a711e machine starting status
833456e07 Add podman machine test suite
3d1e40608 Pass --tls-verify option in podman -remote build
62f4ae98f fix staticcheck linter warning for deprecated function
a615cb2fe Docs rootfull -> rootful
2f53259a8 Cirrus: Fix cirrus cache race on bin/podman
1260bf631 Revert "Switch all rootful to rootfull"
c7b16645a enable unparam linter
94d043be8 Modify the pod name suffix '_pod' to '-pod'
0d83f4b76 Allow filtering of "removing", it is a valid status
13079abe3 Add support for passing --volumepath
44642bee8 libpod/networking_linux.go: switch to sha256 hashes
ad249222d Fix hang in test_connect
cafb76b63 Increase verbosity and sequencing of APIv2 testing
5b4af0584 replace golint with revive linter
454468e03 Update test to run network check in both rootless and rootfull mode
3e240c3ae Bump github.com/fsnotify/fsnotify from 1.5.2 to 1.5.3
104042e20 Bump github.com/container-orchestrated-devices/container-device-interface
e0f5bf279 test/system: add containers.conf test for new /etc/hosts options
e912f1b68 Improve /etc/hosts documentation
e4ab8a5be shared netns and --add-host should conflict
cf1b0c196 network dis-/connect: update /etc/hosts
128086639 libpod: fix c.Hostname() to respect the utsNsCtr
696bcd277 use etchosts package from c/common
1514d5c93 silence deprecated warnings for manifest functions
2a8e43567 enable staticcheck linter
56d6ee080 move golang.org/x/crypto/ssh/terminal to golang.org/x/term
e39f4495e Run codespell on code
f87f23e3b specgen-volumes: parse --mount using csv-reader instead of split by comma
93ecafcba Workaround criu re-linking output in system test
cc3790f33 Switch all rootful to rootfull
566b6071d Cirrus: Fix missing git-enforced runtime identity
80c0fceb2 Add support for --userns=nomap
8080a5f8e Revert "container,inspect: convert Entrypoint to array instead of a string"
17105028e vendor in latest containers/(storage,common,image)
537540196 podman container clone -f
d24507c1e Fix upgrade tests assuming storage.conf exists
c67d6a52c Fix using --network-backend on podman-remote
dc02e99d8 Fix size-check to display more context
b7dcbfed0 Update release notes for v4.0.3 and v3.4.7
55a5bd8a0 Optimization: skip tests in some circumstances
df156ab78 [CI:DOCS] podman build --pull=*missing*
fa239f2ec Bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.2
eb7171262 systemd socker activation: check listener
ff2e6291a vendor c/common
13c6fd067 system service: remove unnecessary pointer to listner
97ee41146 system tests: add assert(), and start using it
93b8ef627 Buildah Vendor Treadmill: the script
d865fcc5e Fix e2e tests referencing generic env. var.
bbe1063a5 Add checkpoint image tests
756ecd540 Add support for checkpoint image
fca3397dc Update github.com/checkpoint-restore/checkpointctl
80d175279 slirp4netns: actually make ipv6 default
519535daa healthcheck: set default healthcheck Interval if not specified in image
0162f678c benchmarking Podman: proof of concept
a2077e5ea Add missing events to podman-events man page
be0da4a22 Translate Memory Limit to Swap in API
1b3dc899d manpage vs --help checker: better error messages
99bcd6595 Add --quiet to machine ls
e716790af Fix typo in generate kube docs for selinux labeling
08d08f995 Correct play kube docs for selinux labeling
b03466cb7 Update troubleshooting.md
a4798ab4e Respect "Rootful" when starting WSL API Forwarding
d68e9faee Update vendor of storage,common
900739d13 Add container.conf default volume to init
f38b03d37 Fix Memory Swappiness passing in Container Clone
2a75164e2 add a regression test for CVE-2022-1227
3f2939c2e run, create: add --passwd-entry
97f93dc78 Revert "images --size"
3da3afa57 Add log rotation based on log size
2f4874eb0 Update containers/common to main branch
9ef745d54 System tests: Usage checks: better error messages
63c38b99f Fix --tail log on restart problem
02b7eeff6 Allow HTTP attach to stopped containers
970c8d472 compat api: use network mode bridge as default
6c878b7a5 docs: fix typo in podman-container-clone.1.md
20384b037 build(deps) bump CDI dependency from 0.3.0 to 0.3.2
8710197e8 Introduce machine inspect
3987c529f Add support for ipc namespace modes "none, private, sharable"
2c800a717 System tests: fix oops in start --filter tests
5e680d54e Bump golang.org/x/crypto to 7b82a4e
8fb9dbdb4 machine,rm: Ignore ENOENT while cleaning machine
857b36ca8 Update vendor of storage,common,image
fb4fc03ec Pretty print systemd services file
81a95fade run, mount: allow setting driver specific option using volume-opt
923d454b2 [CI:DOCS] Rewrite rootless --userns=auto docs
61cf22288 Cirrus: Fix unsupported cirrus-cron build status
ee4a583ed pkg/bindings: document requirements for use
d8a902a16 API: use no_hosts from containers.conf
615099ddb System tests: reenable ps --external test
784a13f57 network create: add support for ipam-driver none
2508913a0 If newuidmap or newgidmap fail, then check their permissions
0cebd158b container,inspect: convert Entrypoint to array instead of a string
dc17195bd Vendor in new opencontainers/selinux
e133a06d2 images --size
a95f7f9ca Cirrus: Multi-arch build auto-update + tagging update
356d53434 Fix docker socket handling
90ac1ba2a Prevent set command from updating a running instance
db7d69950 Add Podman Hello to readme.md
e73547a63 Unify examples section across several man pages: pod rm/start/unpause
9c72ea343 machine refactor 3: add symlinks for sockets
bd4b9c3d5 build(deps): bump github.com/BurntSushi/toml from 1.0.0 to 1.1.0
dd9eec06a Unify examples section across several man pages: init/kill
164b64ea3 specgen: do not set OOMScoreAdj by default
bf4318e60 Allow creating anonymous volumes with --mount
1cd529b22 specgen: permit --privileged and --cap-add
d55c46f8c Cirrus: Allow manually running image-build task
5fcd2a7ac Cirrus: Upd VM images to fix multi-arch build bug
f8c2df87c Add build test for .containerignore tar file
e5745139a cli commands: better error for unsupported commands
daeea48df kube: configmap volume should be reused if already exists
9cacc18c9 Set permissions for GitHub actions
a06df4fc1 Machine refactor part 2
81632722e systemd: enable all cgroups when running as a service
23cdbf322 test/apiv2: support netavark
1f1cf7bd4 rootless netns: move process to scope only with systemd
1ffcc4a88 Add 'Os' to be queried via 'version' output
b60854e8b Prefer registering both machine and global pipe
2a882b770 Upgrade tests: reexamine cross-testing matrix
eedaaf33c fix slirp4netns port forwarding with ranges
c185d8c0d Add option for pod logs to display different colors per container.
7a5342804 fix pod volume passing and alter infra inheritance
c602084a5 size-check: display binary size and growth
61c518627 upgrade tests: fix networking problems
21502987b replace hpcloud/tail with nxadm/tail
f6963cea1 Cirrus: Build multi-arch images + manifests
cdf74f208 Set systemd mode if entrypoint begins with /bin/sh -c
a8e6c639e Unify examples section across several man pages
6e0e1cbdd Migrate machine configs
1821eb383 Pin actions to a full length commit SHA
2ac897aa0 Machine refactor - part 1
38bd4010c network setup: fail if slirp4netns is not installed
82ed99b6a event: generate a valid event on container rename operation
798988050 Fixes errors from 'manifest push' being dropped in remote case
d106b294b Switch all calls to filepath.Walk to filepath.WalkDir
446c35efd Vendor common Added patch provided by rhatdan to add support for shareable
ab41037c8 Update filter docs with missing entries and add negation option.
3cc173937 Resolves #13629 Add RegistryAuthHeader to manifest push
7680211ed Remove error stutter
76614c461 build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
ffbab30d7 Run codespell to cleanup typos
25345c087 build(deps): bump github.com/rootless-containers/rootlesskit
640c2d53a test: fix podman run test as rootless
4f73cf3fc Misc typo fixes
c01d1f8e3 [CI:DOCS] docs: drop note about upcoming RHEL 7.7
d4bf6b4d7 clarifying "loginctl enable-linger" section in doc
61b2d8844 Bump github.com/prometheus/client_golang to v1.11.1
b469bf5c0 container: allow clone to an existing pod
eb5b08f62 build(deps): bump github.com/docker/docker
7189b6f26 podman machine set: clarify --rootful option
c0bbca8c4 podman machine: fix port forwarding with proxy
7ae52e86f readConmonPipeData: try to improve error
809f82bdb specgen: fix typo
bf6430d18 Remove experimental warning from podman-remote rpm
e90b35438 machine-set: fix example for setting rootful flag
752680366 play: kube: use in-memory kubefile and remove tempfile
9b0c8d23b man pages: sort flags, and keep them that way
346beec35 Remove nix packages, since no one is supporting this
5e28cbc5f When running systemd in a container set container_uuid
da5891130 fix podman machine start log level detection
59dc70bb4 podman machine start: lookup qemu path again if not found
5669ffb35 document that using libpod package directly is not supported
cdda1924a Explicitly use IPv4 to check if podman-machine VM is listening
a6504963b Fix manifest 4.0 endpoints [NO NEW TESTS NEEDED]
5b2597d52 Fix a potential race around the exec cleanup process
aafa80918 do not set the inheritable capabilities
eedce31eb import: allow users to set os, arch and variant of imports
13b6ff652 docs: Fix links to Containerfile and containerignore
41a6dd36f Update swagger to improve compatibility [NO NEW TESTS NEEDED]
88d4db009 Binary growth check, part 2 of 2
3627dfc52 podman unshare: document that command cannot be used with remote
130bcc3a9 podman stats: improve cpu average calc
0edb3ddd3 podman stats: calc CPU percentage correctly
1a7f5b3d5 Cirrus: Publish binary artifacts on success
501355d4a Fix unreadable netavark logs
5e1e13c18 add contextDir to tar on remote
c25213c8f fix compose test error in retry logic
84e7ce82d Binary growth check, part 1 of 2
06dd9136a fix a number of errcheck issues
07999b237 [CI:DOCS] troubleshooting: document rm in image stores
6c030cd57 fix a number of `godot` issues
68b94338b linter: enable makezero
0f12b6fe5 linter: enable nilerr
081e09143 linter: document nolintlint
7c047bfbe linter: document tagliatelle
9e8cca26a test/e2e/inspect_test.go: wait for sessions
fb792f7ed linter: enable ineffassign
f72a678f2 linter: enable errchkjson
bb6b69b4a linter: enable wastedassign
070e40149 linter: enable interfacer
90f37e1a6 build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3
6d6bdabc8 healthcheck: stop showing wrong status when --no-healthcheck is set
8961dd345 Makefile: build podman-remote-static with cgo disabled
1b68c3826 libpod: drop warning for Fedora 31
63bf3991e vendor containers/storage with https://github.com/containers/storage/pull/1165
e3cc0717b podman system df: fix percent calculation
53e770566 pod system tests: clean up stray image
026bd9b20 bump golangci-lint to v1.45.0
2460261fb Fix documentation typo
36ff8f2b3 Add Windows installer support for upgrades
95dad4d8a podman rmi --ignore
4408db330 Updated dependabot to GitHub actions
cc7b5974b Fix type-o and cleanup doc punctuation
54641f5f7 fix compose test flake
622d0068e fix dual stack network e2e flake
57cdc21b0 vendor c/common@0ededd18a1f9
ea08765f4 go fmt: use go 1.18 conditional-build syntax
3c968c3d2 Handle incompatible machines
d3e3ea843 logformatter: link to bats sources on error
4b359e459 Set names in compose tests based on version
bde3ca8c3 Add tests with Docker Compose v2
1fd76c901 podman machine: remove hostip from port
0793a5834 Deduplicate between Volumes and Mounts in compat API
ff54aaa63 podman create: building local pause image: do not read ignore files
714e5a13d Separator is no longer prepended when prefix is empty on podman generate systemd
1387b5bd8 Add test for BZ #2052697
449f2fc0b Set rawimage for containers created via play kube
c732adf2d build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1
ca7376bb1 Exit with 0 when receiving SIGTERM
29f24ff68 [CI:DOCS]: Mention netavark limitations for macvlan/ipvlan drivers
45df70ec1 fix empty newline in version output
33aa2f2d1 Fix windows win-sshproxy build
0db184fb0 fix breaking change in pkg/bindings
19d0c5a8a pkg/k8s.io: add small readme with copyright notice
dd9e4dc72 pkg/k8s.io/api/core/v1: remove unneeded types
f106867ac pkg/k8s.io/...: remove more unneeded files
0612f859b pkg/k8s.io/...: remove protobuf field tags
f8577766d pkg/k8s.io/...: fix lint errors
a0ad1f2ad remove unneeded k8s code
918fc88a9 move k8s deps into podman
3d82d17f8 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
439323cd2 Bump github.com/docker/docker
daebf50b8 apply-podman-deltas: skip modified test case for --add-host which adds anomaly
3bb046a5e slirp: fix setup on ipv6 disabled systems
217197340 Fix typo
e8968c867 Add support for --chrootdirs
c845216fd docs: podman-build add --no-hosts
780d4b2d6 vendor: bump buildah, c/image and c/storage
edc62b529 Fixes TTY & resizing on Mac and Windows
6e41d1f44 podman.spec.rpkg: enable rhel8 builds on copr
c06460bea Bump golang to 1.17 in `vendor-in-container`
4ab24a068 Bump github.com/docker/docker
931477461 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
e6b64703f Bump github.com/containernetworking/plugins from 1.1.0 to 1.1.1
a5353207c Bump github.com/vbauerster/mpb/v7 from 7.3.2 to 7.4.1
e5a86d293 CI: fix golangci-lint installation
feaa1a134 Add podman play kube --annotation
30bf065c3 Use github.com/vbauerster/mpb/v7 in pkg/machine
8f2f8d4ca use gopkg.in/yaml.v2 instead of v3
166edf00a Fix handling of tmpfs-mode for tmpfs creation in compat mode
e56150264 Bump github.com/docker/distribution
db3010279 [CI:DOCS] troubleshooting.md: mention "podman unshare chown 0:0 path"
a7c4691bf Improve agent install message to add restart instructions
5b51b42cc machine rm -f stops and removes machine
8cfdddf50 test/e2e: add aardvark specific tests
e66c46441 Skip flaky pprof tests
bd0766e96 selinux: remove explicit range transition when starting conmon
9ce3c0a87 Move secret-verify-leak containerfile into its own Directory
611b45c51 Inspect network info of a joined network namespace
d2f77c256 Set default rule at the head of device configuration
cdb6deb14 MacOS improvements
6dfe63463 [CI:DOCS] DISTRO_PACKAGE.md: List the packaging changes for v4
639e6899b [CI:DOCS] RELEASE_PROCESS.md: cosmetic fix
f13ca392c [CI:DOCS] Remove "(1)" from web tab text
01514f33b Fixes: #13301 ("machine rm removes the mounted socket file on macos")
b20993393 [CI:DOCS] troubleshooting.md: Improve language and fix typos
d302c08cf Throw an error if kube yaml has duplicate ctr names
dca2e7924 Move all python tests to pytest
2fb6a8daf Add ExitCommandDelay configuration use in API exec handler
63f92d0a6 test: add a test to verify race free concurrent/parallel builds
a3497cee9 RELEASE_PROCESS.md: build artifacts locally
a901c919a libpod: pods do not use cgroups if --cgroups=disabled
0bd0ad594 container: workdir resolution must consider symlink if explicitly configured
410d28660 vendor: bump c/image to main/9a9cd9
08036e9af vendor: bump c/storage to main/d06b0f
e71d497e7 libpod: drop warning if cgroup doesn't exist
22f331e54 Revert "use GetRuntimeDir() from c/common"
572e6464f Use storage that better supports rootless overlayfs
7729afe97 Refactor docker-py compatibility tests
675d775eb Add --context-dir option to podman play kube
40c6192e9 Add the names flag for pod logs
2e14c7270 Allow setting binarypath from Makefile
569319d39 Vendor in containers/common@main
3dc1b8e83 Add podman volume mount support
dbf34bfe7 Clarify v2 API testing for podman vs docker clients
988190db5 copr packaging: use generic macros for tmpfiles and modules load dirs
6f71fa6d9 Show version of the deb package in info output
a7fc8a146 Improve the error message for usused configMaps
f3e883fb4 Bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0
e1b298166 docs: generate-systemd: pod requires an infra container
eab5a4cfb Load ip_tables modules at boot
fbbcb957c container-commit: support --squash to squash layers into one
ed73040b3 kube: honor mount propagation mode
5cba5cbfd play kube: set defaults to container resources
46b7c5bc6 Bump CDI go dependency to v0.3.0
6f7a803d0 Cleanup display of trust with transports
80c5962db Add containers-common spec and command to podman
4a60319ec Remove the runtime lock
c4dfbd58f Don't log errors on removing volumes inuse, if container --volumes-from
b19251242 system tests: cleanup networks on teardown
ea01f8963 [CI:DOCS]Update networking tutorial for netavark
9ce61e3a4 kube: honor --build=false and make --build=true by default
44d037898 provide better error on invalid flag
f018c07ed System tests: show one-line config overview
f150f2921 troubleshooting.md: tweak subuid paragraph, encryption
fc5cf812c use GetRuntimeDir() from c/common
94df70151 Implement Podman Container Clone
23a7f4e0d Option --url and --connection should imply --remote.
d12489858 [CI:DOCS] troubleshooting: mention overlay option for --rootfs
8c9d37faf [CI:DOCS] troubleshooting: mention machinectl and systemd-run
db4d15e85 Propagate $CONTAINERS_CONF to conmon
d615ab81f tests: Remove inaccurate comment
7b55ab442 Cirrus: Disable F34 aka prior-fedora testing
632c089cc Cirrus: Use updated VM images
aa1703037 Update release notes with v4.0.0 additions
1252f9dd3 Fix a potential flake in volume plugins tests
38811823c vendor: update c/storage to 26c561f9
095026c3d Bump github.com/containers/buildah from 1.24.1 to 1.24.2
90066af62 Calculate device major/minor using bitshift
13f6261f8 increase subuid and subgid in image
7a83d16f9 [CI:DOCS] logformatter: handle python logs
a811acf74 pkg: support passing down options for idmap
50fbe52f4 Update to podman4 copr stream
c74f8f04f Introduce podman machine init --root=t|f and podman machine set --root=t|f
8f5ba05ec Initial implementation of mac forwarding using a privileged docker sock claim helper
b62816578 e2e: merge after/since image-filter tests
10580ec19 Unify ls --filter docs for networks and pods
6a8d29eea Changes of docker descriptions
5b98efe1d Fix images since/after tests
4a166c8b6 podman network: add documentation for netavark
a0991c6f3 create: Fix key=value annotation in the flag output
a8928a3ca ignition: propagate proxy settings from a host into a vm
3b5a3f4a7 [CI:DOCS] Add --userns=keep-id, --uidmap, --gidmap troubleshooting
73f35ff2a Temporarily pull machine images from side repo
6f9f78f7f enable netavark specific tests
4b90542d5 Fix checkpoint/restore pod tests
4966adddb Make sure building with relative paths work correctly.
3f28d697e Add 409 response to swagger godoc
40ba9f10e Make the hello image leaner [NO TESTS NEEDED]
a0b38c071 troubleshooting: add doc for ssh into a container
87cca4e5e Modify /etc/resolv.conf when connecting/disconnecting
c4676c571 Add version guard to libpod API endpoints
1512740e3 Bump c/common to v0.47.4
829f88d74 Show API doc for several versions
3762946e6 Do not set the network config dir to cni plugin dir
411fca0b3 helloimage: header symmetry
e405fefb3 [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.
61f97083c idmap should be able to be specified along with other options
5bcd9134f Bump github.com/docker/distribution
58adf1a83 fix: Multiplication of durations
8d0fb0a4e move rootless netns slirp4netns process to systemd user.slice
d0d1ffa43 Cleanup: remove obsolete/misleading bug workaround
3b561a468 compat: endpoint /build must set header content type as application/json in reponse
44fb431a3 Fix: Do not print error when parsing journald log fails
f0826b3a4 Cirrus: Expand netavark testing to include rootless
3cf64a8e9 tests: retrofit healthcheck system tests
4f77331c9 healthcheck, libpod: Read healthcheck event output from os pipe
d733c3baa append podman dns search domain
54cf0f05e Bump github.com/buger/goterm from 1.0.1 to 1.0.4
1d1b2b150 Update containers/buildah v1.24.1
7cfe4d3fe System tests: revert emergency skip of checkpoint tests
185dc5b2f Bump github.com/containers/common from 0.47.2 to 0.47.3
642a691cb Cirrus: Add netavark/aardvark system test task
daf51eafe Bump github.com/containers/image/v5 from 5.19.0 to 5.19.1
ebbf10ae8 Cirrus: Log netavark/aardvark binary build info.
9eb88ea47 Podman pod create --share-parent vs --share=cgroup
55c4a1468 system prune: remove all networks
fee76f6ab Document `schema` values in the `--url` flag
5468757ad play kube envVar.valueFrom.resourceFieldRef
725a6f893 pkg/bindings/images.Build(): slashify "dockerfile" values, too
7d3ad6081 netavark e2e tests
25e073492 Revert "Move each search dns to its own line"
3d3e8d8f8 hack/bats: fix broken usage message
903f9a3a2 Cirrus: Minor - limit release task applicability
a1bc8cb52 Move each search dns to its own line
4ddc4e79d Only change network fields if they were actually changed by the user
c4dfd004a libpod: enforce noexec,nosuid,nodev for /dev/shm
b6fe7d119 Fix size to match Docker selection
012e24b79 [CI:DOCS] Add a hello world image to quay.io
852ca9a7a Cirrus: Add [CI:BUILD] magic that only builds
cd8b30289 COPR: fix dependencies
85e8c1c9a docs: clarify rootless net stats
865f0a197 libpod: report slirp4netns network stats
6609bb73a Fix use of infra image to clarify default
2ceab1194 play kube envVar.valueFrom.fieldRef
e7bdd1260 CI: fix nightly builds
009d9eb67 Add notes to "--oom-kill-disable" not supported on cgroups V2
a8fb8f52c Adapt podman images ls filters docs to be aligned with prune filters docs
636543787 Clarify remote client means Mac and Windows
6f2b027b3 ignition, machine: delegate cpu,io cgroup controllers to machine's default users
56d95172f podman image scp syntax correction
8842dab68 Cirrus: Also download aardvark-dns binary
b381d7565 Cirrus: Add e2e task w/ upstream netavark
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.16, which comprises the following commits:
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
be7855fdbe vendor: update github.com/containerd/cgroups and github.com/cilium/ebpf
414a9e24a7 update containerd binary to v1.6.4
47b6a924b6 update containerd binary to v1.6.3
6d7c2b2d26 update containerd binary to v1.6.2
91708bf704 update containerd binary to v1.6.1
53ae17008e Revert "[20.10] update containerd binary to 1.5.11"
961b9a78d5 update runc binary to v1.1.1
97972dac5f update runc binary to v1.1.0
033a819714 [20.10] update golang to 1.17.9
a80884126b Jenkinsfile: add workaround for CVE-2022-24765
09d6fcdfec update to go 1.17.8 to address CVE-2022-24921
5957684b2c Update Go to 1.17.7
55b72c70ba Update Go to 1.17.6
fdf3020bd5 Update Go to 1.17.5
36e164ba80 Update Go to 1.17.4
ecfba8f588 Update Go to 1.17.3
4e14dcc125 Update Go to 1.17.2
c32b5ece31 Update Go to 1.17.1
7096508811 vendor: update archive/tar to match Go 1.17.0
a1150245cc Update to Go 1.17.0, and gofmt with Go 1.17
95cc7115fb hack/vendor.sh: allow go version to be specified with .0
949c33b1c5 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
8392285876 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
4e81bcf380 Makefile: update buildx to v0.8.2
74e699c8d3 Makefile: update buildx version to v0.6.0
bc3cc2e7ac Makefile: install buildx from binary release, instead of building
492fac20af api: docs: fix indentation of HostConfig.SecurityOpt (v1.39-v1.41)
3cba2682d8 api: docs: move ContainerWaitResponse to definitions (v1.39-v1.41)
55e71450ae api: docs: move VolumeCreateOptions to definitions (v1.39-v1.41)
c54362cd64 api: docs: move Volume examples inline (v1.39-v1.41)
c60ff9b296 doc: server API Correct ImagesCreate - platform parameter added in 1.32
7a45f7a8cc docs: cleanup swagger API with multiple examples (v1.25-v1.41)
29bb9204bf api: docs: add IPAMConfig on IPAM (v1.41)
77f6564369 api: docs: document MountPoint fields (v1.25-v1.41)
51ea235ab8 api: docs: remove deprecated RootFS.BaseLayer (API v1.25-v1.41)
3d6b4ae572 Correct type of Mounts in ContainerSummary in docs (v1.25-v1.40)
6e8b9809b7 Correct type of Mounts in ContainerSummary in docs
621a98dac0 api: docs: fix warning about comment indentation (API v1.40-v1.41)
bb9ef98060 api: docs: update docs for /images/{name}/json (API v1.39-v1.41)
88ca5cec4e daemon: fix error-message for minimum allowed kernel-memory limit
3ea996abd7 docs: add missing KernelMemoryTCP to api v1.40 and v1.41
b475bc95cd docs/api: add missing 400 response for POST /containers/{id}/wait
ae07b3cc96 docs/api: update /containers/{id}/wait "condition" parameter (v1.30-v1.41)
19555fa92d [20.10] vendor: github.com/docker/distribution v2.8.1
32fe0bbb91 daemon: use RWMutex for stateCounter
ed8fb00b65 errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
3bd611d7a5 log error message when receiving an unexpected type error
7dfe7a1752 [20.10] update containerd binary to 1.5.11
af953d2f38 [20.10] vendor: containerd 7cfa023d95d37076d5ab035003d4839f4b6ba791
5f9753ae73 client: remove containerd "platform" dependency
4df345e65d client: remove unused Platform field from configWrapper
dd38613d0c oci: inheritable capability set should be empty
2825bf7123 Only check if route overlaps routes with scope: LINK
f5c56eaca8 [20.10] bump swarmkit for config size increase
ce3b6d1ae9 distribution: retry downloading schema config on retryable error
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bumping libnetwork to version v0.7.0-dev.3-1830-g339b972b, which comprises the following commits:
9db86fb7 Only check if route overlaps routes with scope: LINK
7b9c2905 fix port forwarding with ipv6.disable=1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.16, which comprises the following commits:
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
be7855fdbe vendor: update github.com/containerd/cgroups and github.com/cilium/ebpf
414a9e24a7 update containerd binary to v1.6.4
47b6a924b6 update containerd binary to v1.6.3
6d7c2b2d26 update containerd binary to v1.6.2
91708bf704 update containerd binary to v1.6.1
53ae17008e Revert "[20.10] update containerd binary to 1.5.11"
961b9a78d5 update runc binary to v1.1.1
97972dac5f update runc binary to v1.1.0
033a819714 [20.10] update golang to 1.17.9
a80884126b Jenkinsfile: add workaround for CVE-2022-24765
09d6fcdfec update to go 1.17.8 to address CVE-2022-24921
5957684b2c Update Go to 1.17.7
55b72c70ba Update Go to 1.17.6
fdf3020bd5 Update Go to 1.17.5
36e164ba80 Update Go to 1.17.4
ecfba8f588 Update Go to 1.17.3
4e14dcc125 Update Go to 1.17.2
c32b5ece31 Update Go to 1.17.1
7096508811 vendor: update archive/tar to match Go 1.17.0
a1150245cc Update to Go 1.17.0, and gofmt with Go 1.17
95cc7115fb hack/vendor.sh: allow go version to be specified with .0
949c33b1c5 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
8392285876 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
4e81bcf380 Makefile: update buildx to v0.8.2
74e699c8d3 Makefile: update buildx version to v0.6.0
bc3cc2e7ac Makefile: install buildx from binary release, instead of building
492fac20af api: docs: fix indentation of HostConfig.SecurityOpt (v1.39-v1.41)
3cba2682d8 api: docs: move ContainerWaitResponse to definitions (v1.39-v1.41)
55e71450ae api: docs: move VolumeCreateOptions to definitions (v1.39-v1.41)
c54362cd64 api: docs: move Volume examples inline (v1.39-v1.41)
c60ff9b296 doc: server API Correct ImagesCreate - platform parameter added in 1.32
7a45f7a8cc docs: cleanup swagger API with multiple examples (v1.25-v1.41)
29bb9204bf api: docs: add IPAMConfig on IPAM (v1.41)
77f6564369 api: docs: document MountPoint fields (v1.25-v1.41)
51ea235ab8 api: docs: remove deprecated RootFS.BaseLayer (API v1.25-v1.41)
3d6b4ae572 Correct type of Mounts in ContainerSummary in docs (v1.25-v1.40)
6e8b9809b7 Correct type of Mounts in ContainerSummary in docs
621a98dac0 api: docs: fix warning about comment indentation (API v1.40-v1.41)
bb9ef98060 api: docs: update docs for /images/{name}/json (API v1.39-v1.41)
88ca5cec4e daemon: fix error-message for minimum allowed kernel-memory limit
3ea996abd7 docs: add missing KernelMemoryTCP to api v1.40 and v1.41
b475bc95cd docs/api: add missing 400 response for POST /containers/{id}/wait
ae07b3cc96 docs/api: update /containers/{id}/wait "condition" parameter (v1.30-v1.41)
19555fa92d [20.10] vendor: github.com/docker/distribution v2.8.1
32fe0bbb91 daemon: use RWMutex for stateCounter
ed8fb00b65 errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
3bd611d7a5 log error message when receiving an unexpected type error
7dfe7a1752 [20.10] update containerd binary to 1.5.11
af953d2f38 [20.10] vendor: containerd 7cfa023d95d37076d5ab035003d4839f4b6ba791
5f9753ae73 client: remove containerd "platform" dependency
4df345e65d client: remove unused Platform field from configWrapper
dd38613d0c oci: inheritable capability set should be empty
2825bf7123 Only check if route overlaps routes with scope: LINK
f5c56eaca8 [20.10] bump swarmkit for config size increase
ce3b6d1ae9 distribution: retry downloading schema config on retryable error
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping to the 1.24 kubernetes release from May 2022.
We refresh one patch, and drop another as the build race looks to be
different (since it is no longer installed seperately).
Otherwise the build is the same, and smoke tests have passed.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
WARNING: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0
do_package_qa: QA Issue: kubernetes-misc: ELF binary
/usr/bin/kubectl-convert has relocations in .text [textrel]
This textrel is acceptable, so we can inhibit the warning.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
It looks like 'devel' in podman compose gets rewritten, so our
1.0.3 commit is no longer on that branch, breaking fetches.
Moving to stable and changing the commit to avoid the issue.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- To fix restore Segmentation fault
criu restore -d -D checkpoint
8306: Error (criu/cr-restore.c:1480): 8331 killed by signal 11: Segmentation fault
Error (criu/cr-restore.c:2447): Restoring FAILED.
- Inherit pkgconfig to fix build warning
pkg-config not found
- Define PLUGINDIR when doing instll to fix build failure
mkdir: cannot create directory '/var/lib/criu': Permission denied
New commits since 3.16.1:
4f8f295e5 criu: Version 3.17
991f27c84 ci: skip new hugetlb maps09/maps10 tests for pre-dump
0c1f0256f kerndat: handle the case when hugetlb isn't supported
17a19676c zdtm: handle the case when hugetlb isn't supported
c1380c077 ci: workaround race between sit module loading and bridge test
550eafc5d ci: print kernel modules list
f635b61f4 test: install criu in /usr
2f0f12839 readme: Add badge links to workflows
d14dbb8c7 sk-unix: rework bind_on_deleted() return codes
5b872c718 proc_parse: Fix parsing bpf map_extra
d40b332ce bpf: update deprecated API
f641e0c4b ci: print mountinfo instead of mount cmd output
5c0b4fbcd ci: criu-fault: skip inotify_irmap fault-injection on btrfs
7ac85cab8 scripts/ci: fix ZDTM_OPTS variable passing
ead227994 zdtm: temporary disable rseq02 test
db9ec1361 zdtm: add rseq02 transition test with NO_RESTART CS flag
1e0bed3d6 rseq: handle rseq/rseq_cs flags properly
13338dee5 Revert "test: disable rseq also on Archlinux"
064e9925a zdtm: add transition/rseq01 test for amd64
2d3354e7b cr-dump: fixup thread IP when inside rseq cs
4c7ece0bb compel: add helpers to get/set instruction pointer
441310c26 zdtm/static/rseq00: fix rseq test when linking with a fresh Glibc
f70ddab24 pie/restorer: unregister (g)libc rseq before memory restoration
e1799e530 include: add thread_pointer.h from Glibc
267c1fdad ci: add Fedora Rawhide based test on Cirrus
03aff7e82 Revert "ci: disable glibc rseq support"
51e0d3e29 zdtm: add basic static/rseq00 test for rseq C/R
c5162cef5 rseq: fail dump if rseq is used but host doesn't support get_rseq_conf feature
f81e3062c rseq: initial support
bd9ee3255 cr-check: Add ptrace rseq conf dump feature
ca54dfcac util: move fork_and_ptrace_attach helper from cr-check
8b3a76b64 kerndat: check for rseq syscall support
de03eb435 compel: add rseq syscall into compel std plugin syscall tables
4adec8e8e cgroup: test for --manage-cgroups=ignore
2b6901707 cgroup: fix --manage-cgroups=ignore
c71d4a54a cgroup: fix "unified" path
8ddd7f483 ci: add codespell to lint target
e7b1c8579 Fix remaining codespell warnings
0194ed392 Fix some codespell warnings
3f1800477 Add .codespellrc
f16976c03 test/zdtm.py: rename a var
fab46c310 test/exhaustive/unix.py: rename a var
2a60b4974 Rename useable to usable
c4bdde213 criu/mount.c: separate \t
51837a65e criu/files.c: some renames
bd3a21e0b test/javaTests: rename ser to s
777ad1966 Nit: rename sie to se
716e56f37 Typo: mmaped -> mmapped
d9411c948 test/zdtm/static: s/NODEL/NO_DEL/
58d76cb16 test/zdtm/static/inotify_system.c: s/inot/infd/
0cb8b9c04 test/zdtm/static: use param not parm
58b120b06 criu/pie/restorer.c: use param not parm
747ec75d9 criu/arch/s390/include/asm/restorer.h: fix comments
8bb05e3bf ci: Switch to non overlaysfs tests
45e048d77 criu: generate unique socket names
75064b742 mount: fix -Wunused-but-set-variable for Clang 15
46e4773c3 style: delete some redundant code
5109fccf8 apparmor: Fix -Wfortify-source for Clang
791651f1b criu-ns: add a helper to hold a pid namespace
805559c1d scripts/ci: mount test cgroups once
ab6191ccd zdtm: use unique holder for cgroups
73a783ac1 mount: make error messages differ in different places
165d5a2cd mount-v2: make mount engine fallback messages loglevel debug
8867840c8 zdtm/mount-v2: disable pty-console test
c8121ed74 test/jenkins: test for old mount engine
3c0e99ccf ci: make others/mnt_ext_dev also run for old mount engine
642abd133 zdtm/mount-v2: disable mnt_tracefs test
f736d88c9 zdtm: add propagation group with mount flags to mount_complex_sharing
ef53df471 zdtm: add mount_complex_sharing test
486e1fd85 zdtm: add new mnt_ext_sharing test for mount-v2
3db949d82 ci: run tests for old mount engine
8d6e2d044 zdtm: enable mounts compat mode on restore with --mntns-compat-mode option
b35c842d0 mount: add new mounts-v2 engine
c29675c9a mount: export global variables for mount-v2
972a59862 mount: export several functions for mount-v2
3229e7f58 mount: export common defines for mount-v2
0723d0cd9 mount: remove double ns_id declaration
1f4a9a531 files-reg: export parent dirs helpers for mount-v2
f032741cd mount: add plain mountpoints
f2d1c7fab config/rpc: add new option --mntns-compat-mode for old mount engine
f6b52c711 crtools: move check_options after kerndat_init and log_init
6a25420d3 util: add resolve_mountpoint helper
cef8366f5 kerndat: check whether the openat2 syscall is supported
387f4652b compel: add open_tree syscall
a946b946e kerndat: Check for MOVE_MOUNT_SET_GROUP availability
0ca89b99b files-reg: teach clean_one_remap to work with mount-v2
9a0918497 files-reg: teach create_ghost to work with mount-v2
169f95c39 files-reg: split create_ghost_dentry out of create_ghost
9fb3984a7 mount: add service_mountpoint getter for ->mountpoint
65967a84b mount: use ns_mountpoint instead of mountpoint where possible
eedbc6f47 mount: use ns_mountpoint in mnt_depth
ae0b218c3 mount: use ns_mountpoint in aufs_parse
7b968ceea mount: use ns_mountpoint in collect_mntinfo
f2bf6597c path: simplify mnt_get_sibling_path via get_relative_path
abbc70adc mount: use ns_mountpoint for children-overmount check
c17695cb1 mount: use ns_mountpoint in root_path_from_parent
010295b8f mount: use ns_mountpoint in validate_children_collision
07eb01593 mount: skip root yard children from mnt_needs_remap check
e8de10a4f mount: use ns_mountpoint in mnt_is_overmounted
b954e5136 autofs: use ns_mountpoint in autofs_create_dentries
7a67949e5 mount: make general place for shared variables on mount-info on restore
0c41c1187 mount: fix broken remounted_rw check
718247045 mount: move root yard tree merge as early as possible
770cdbfb9 mount: prepare is_overmounted as early as possible
83bbf1b05 mount: add helper mnt_get_external_bind_nodev
0fd0e03a2 mount: do not override master_id to -1 for root binds
4f156f32b mount: put external slavery mounts to separate mnt_ext_slave list
ef79912c1 mount: add can_receive_master_from_root helper
b52fcb284 mount: replace CRTIME_MNT_ID with HELPER_MNT_ID
4736a7240 mount/restore: leave ns_mountpoint NULL for aux binfmt_misc mount
16085b5e6 mount/restore: create auxiliary binfmt_misc mount in the root yard
a379d4d94 zdtm: add mntns_pivot_root_ro test
2a3d2bc28 mount: apply superblock flags to nested ns roots
77f67973f zdtm: add mntns_pivot_root test
2fdb4993a mount: allow nested mount namespaces with different roots
cf6fe2d48 mount: add mnt_is_root_bind helper
e50abbd3b zdtm: add mnt_ext_collision test
a963ceb77 mount: restrict mp-external mount map to init container mntns only
007501f98 zdtm: add new mnt_ext_root test
4f9414934 mount: mount external mount before mounting it's binds
d5cb7764e mount: show more info about why we can't mount
685a53eec mount: rework skipping external mounts in dump_one_mountpoint
3b2b80812 mount: split mnt_is_external(_bind) and can_receive_master_from_external
c09bd8941 mount: add mnt_bind_pick helper to pick the desired bind
9d1f39f28 unittest: add some tests for get_relative_path helper
97bd9511c util: add get_relative_path helper
261b7a8fd mount: setup mnt_bind list before using it in mnt_is_external
30261a751 mount: skip fstype and source checks for external mounts in mounts_sb_equal
8d5300aa9 mount: mark mounts of external devices external
e17c1cc12 mount: do not detect non-fsroot mounts as device-external
eda1e5fdb mount: add mntinfo_add_list_before helper for adding to mntinfo list
9649356e3 zdtm: fix mnt_ext_master test to correspond to it's name
5a8fd343f uffd: fix __u64 print format specifier
9e7473516 sk-unix: fix e_str leak in unix_sk_id_add
87d373514 criu/plugin: Add support for criu image streamer
55370b720 criu/plugin: Store BO contents directly to file
ecdf740fa criu/plugin: Add whitepaper document
99a2380fc criu/plugin: Dockerfile for amdgpu_plugin
2095de9f0 criu/plugin: Fix for FDs not allowed to mmap
bd8333009 criu/plugin: Implement sDMA based buffer access
6d7926622 criu/plugin: Restore libhsakmt shared memory files
a218fe0ba criu/plugin: Read and write BO contents in parallel
ba9c62df2 criu/plugin: Add unit tests for GPU remapping
4856e0d4d criu/plugin: Add parameters to override mapping
72905c9c9 criu/plugin: Remap GPUs on checkpoint restore
6e99fea2f criu/plugin: Implement system topology parsing
c4e3ac7fe criu/plugin: Adding check for kernel IOCTL version
55a5993bc criu/plugin: Support AMD ROCm Checkpoint Restore with KFD
71ff9cc04 criu/plugin: Initialize AMD KFD header
91157315b criu/plugin: Skip plugin vmas during premap
63e127fc8 criu/plugin: Add dedicated flag for plugins
e04db0241 criu/files: Add function to return unused FD by pid
653eefea0 criu/plugin: Do not reopen vma fd for plugins
5b0a639a5 files: fix inh leak in inherit_fd_add
060567042 net: fix e_str leak in veth_pair_add
2856d06e3 config: fix ns leak in parse_join_ns
a8dd7d290 ci: run criu-config tests
1c54c45fc zdtm: drop redundant config_inotify_irmap test
d2073cd4d zdtm: add --criu-config option
fc38a01e5 zdtm: use long form cli options
0734fc807 zdtm: sort import lines
0b7965397 zdtm: refactor main
1b4a9df9c sk-unix: fix uint32_t id variable printf format specifier
09fa32a75 tun: fix tun_link leak in dump_tun_link
7e9a9dc34 cr-dump: fix cr_imgset leak in dump_one_task
2747bb2a7 mount: fix e_str leak in ext_mount_add
be78b853d proc_smaps: remove useless nonlinear check
97a998567 compel: set mxcsr during error injection to zero
ef98a71b1 zdtm: fix missplacement of err=True
6b842635b test: disable rseq also on Archlinux
51099d2bb test: remove test for LOCK_MAND flock
247cdc90d bpfmap: handle new field in fdinfo
56df8aeeb ci: skip MAP_HUGETLB tests in stream test
2dc6d146b zdtm: Add MAP_HUGETLB mappings test for parent-child relationship processes
87a5694b4 zdtm: Add shm hugetlb test
d22e472cf zdtm: Add memfd hugetlb test
ffa268896 zdtm: Add MAP_HUGETLB memory mapping test
a26b692c4 uffd: Skip lazy-mode restore on hugetlb mappings
456e50b59 mem: Skip premapping hugetlb mapping
8941b63a4 proc_parse, files: Add support for hugetlb memory mapping
e4fb1dd5f memfd, shmem: Add support for checkpoint/restore memfd and anon shared memory
4d77b19eb ipc: Add support for checkpoint/restore hugetlb System V shared memory
f69c36591 kerndat: Collect hugetlb device numbers
9c7bbfa69 check: Add a check for using memfd with hugetlb
e8087fcff files: generate unique transport socket names
408a7d82d util: add an unique ID of the current criu run
b13b95e52 compel: fix how PTRACE_GET_THREAD_AREA errors are handled
b2ba14a15 restorer: Fix sys_mmap's returned value check
7177938e6 criu-ns: use os.waitstatus_to_exitcode()
bb1b1681a criu-ns: fix exit code o for criu dump
fdf4fda20 pstree: when updating sid for shell job also update matching pgid
89267dbcc ci: install libbsd dependency
48d53b699 Fix formatting in criu documentation
73d6a2c0e test/autofs: fix use-after-free
4d31105c7 ci: set continue-on-error for cross-compile
0568889ee compel: fix parasite with GCC 12
db352ca48 criu: fix configuration file scanner with GCC 12
bf6975c3e compel: fix GCC 12 failure (out of bounds)
6be10a232 zdtm: fix zdtm/static/maps00 case in arm64
6cfad77f0 pagemap: tiny fix on truncating memory image
908e5dd95 lib: added tests for feature check in libcriu
b00b61f0e lib: introduce feature check in libcriu
4c4b2159d ci: added .lgtm.yml file
7f4265dc0 ci: update to latest Vagrant and Fedora images
7400d91f8 contributing: remove old badges and logo
29e221bb7 readme: add docker test badge
6f9d62eb3 ci: test criu-image-streamer with all tests
8ec214d3c mount/btrfs: make check_mountpoint_fd fallback to get_sdev_from_fd
bbf5f642d proc_parse: add helper to resolve sdev from fd
15c42696c mount: remove mnt_fd argument of __open_mountpoint
1e7c62047 mount: split check_mountpoint_fd from __open_mountpoint
1b912802d zdtm/static/uffd-events: add more log messages
ebd03383f zdtm: print tails of all logs if a test has failed
f65098746 test: log testname.out.inprogress if a test has failed
8775cf3a5 ci: reenable the lazy-thp test in the lazy-remote mode
c59abfa81 page-xfer: stop waiting for a new command after a close command
13b726ebc tls: allow to terminate connections synchronously
73d1d0769 uffd: call disconnect_from_page_server to shutdown a page-server connection
4fdf3db31 tls: add more comments
5a2250b1a tls: use ssize_t for return value
89e8e8e69 tls: fix typo
0da88b6da zdtm: Add SOCK_SEQPACKET variants to unix socket tests
530ad9c89 sk-unix: Add support for SOCK_SEQPACKET unix sockets
3d618d0f4 crtools: check that cpuinfo command has sub-command
233f1f1d0 crtools: use new opts.mode in image_dir_mode
3fa85bcdc crtools/rpc: export current criu mode to opts.mode
1b015df9b crtools: remove excess always true condition
be092e25a zdtm: remove mntns-deleted-dst test leftover from git
f92c7f1af zdtm: zdtm_ct fix compilation error with strict-prototypes on
e62e05c2d zdtm.py: clean up MAKEFLAGS env variable before running make instance
af4b26519 tests: added test for single pre-dump support
51a1adbc0 libcriu: add single pre-dump support
119a79885 ci: disable glibc rseq support
9fd000c58 ci: use unstable release for cross-compile
0e04a3c6a libcriu: add setting lsm-mount-context to libcriu
af298353d usernsd: UNS_FDOUT should not require an input descriptor
efe5d9a12 Add documentation for --timeout option
583e8ca05 ci: enable x86 xsave fault injection tests back
1ba443982 x86/compel/fault-inject: print the initial seed
fc1eb01ff x86/compel/fault-inject: bound xsave features set
6186bfa0c test: another try to correctly fix the kernel version
d79d73e3a ci: install procps in Alpine
3eba68089 ci: Enable disabled unix socket related tests
94111596f sk-unix: Fix TCP_ESTABLISHED checks in unix sockets
6930d6a32 util: make page-server IPv6 safe
d57f27bc9 files-reg: try dump_ghost_remap if link-remap failed with error ENOENT
14075baf7 test: do not use --keep-going for single zdtm tests
a52185ffe ci: disable broken tests until fixed
4ab2facb2 make: Explicitly enable FPU on ARMv7 builds
d514bacb4 ci: Run cross compile with debian testing
4c1330bb0 ci: Run cross compile on debian stable
718eb06be clang-format: disable wrong struct pointer declaration format
858002483 zdtm: add ro-mount check after c/r to mntns_ghost01
17357d67f files-reg: temporary remount writable the mount we do unlink on
bd219b69a ghost/mount: allocate remounted_rw in shmem to get info from other processes
cfed6f35e files-reg: fix error handling of rm_parent_dirs
5a0943c90 files-reg: fix error handling in open_path
64b58b514 check: cleanup child processes
156cce78c ci: switch to centos-stream-8
c2fd81903 crtools: ignore SIGPIPE in swrk mode
a491706cc ci: Use latest Fedora for lint ci runs again
eb0dee408 seize: restore cgroup freezer to right state
781676f10 clang-format/zdtm: fix clang complains about strange elseifs
d2b6faf8f tests: improve the deterministic behavior of the test suite
94092ce00 zdtm.py: make tests with --link_remap exclusive
1f9e2c420 ci: disable socket-raw test on centos8
a9d9fb8aa clang-format: make x86_ins_capability_mask human-readable
4ff252656 cr-dump: fail dumping when zombie process with sid 0
26db7adbb clang-format: do automatic comment fixups
206479322 clang-format: do several manual comment fixups
bbfd9031a clang-format: enable AlignTrailingComments
718f4cae2 zdtm: make sock_opts02 also check lock change by SO_*BUF*
3a875cc4c zdtm: add test for socket buffer size locks
e69be16db sockets: c/r bufer size locks
ce5ce285a kerndat: check for set/getsockopt SO_BUF_LOCK availability
2bd709664 sockets: don't call sk_setbufs asyncronously
37a8090d8 tests: improve the image streamer process control
dae0704b6 ci: use Fedora 34 for lint CI runs
f7bc3bdc9 ci: fix userfaultfd test failures
d17eb325c ci: replace deprecated codecov bash uploader
c1659c386 net: optimize restore_rule() to not open the CR_FD_RULE image file twice
e3a853ab9 criu-ns: make pidns init first do setsid
c750e62ca util: use nftw in rmrf helper
485a83c11 tty: fix the null pointer of get_tty_driver
7ba4d3bf1 pie/restorer: remove excess hash printf specifier
bffaa7d07 ci: enable coredump tests
bf8382a80 make: enable lint for coredump
8aa769455 test/coredump: fix shellcheck errors
0b3cf5c9e coredump: lint fix visually indented line
3a689ed9a coredump: fix comparison to true
c1eab7d06 coredump: fix too many blank lines
baad88d5e coredump: fix missing whitespace around operator
579066633 coredump: lint fix for block comments
06306c8b1 coredump: drop exec permission
1b368238b coredump: drop unused variable
a92a7887a python: replace equality with identity test
c71a81a6b coredump: convert indentation to spaces
bf8a3c9f6 coredump: sort imports
a0b738cb8 coredump: remove unused import
1c866dbb5 Add new files for running criu-coredump via python 2 or 3
3180d35fa Add support for python3 in criu-coredump
f24360658 criu(8): Add more detailed description about --tcp-close dump option
abf6b15c1 zdtm: Dumping/restoring with --tcp-close on TCP_CLOSE socket
795973055 tcp: Skip restoring TCP state when dumping with --tcp-close
74d1233b5 criu/files: Don't cache fd ids for device files
7b6239b6d criu/plugin: Implement dummy amdgpu plugin hooks
17e2a8c70 criu: Introduce new device file plugin hooks
dd46e7919 criu(8): add --external net option
be239109a github: update the stale version
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The NVD database uses version without a prefixing 'v'
for containerd.
e.g.
https://nvd.nist.gov/vuln/detail/CVE-2022-23648
So we need to explictly set CVE_VERSION.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
This makes the main recipe more readable, and allows us to
clearly see changes to the SRC_URI and the main recipe
separately.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping nerdctl to version v0.18.0-61-g48f189a, which comprises the following commits:
8385be4 add test case for nerdctl inspect to check mounts field
a766555 show mounts info for nerdctl inspect
1547f73 Add flag ipfs-address to push to remote IPFS node
2db1039 update stargz-snapshotter (0.11.4), IPFS (0.12.2)
7b1c33d Import NOTICE from Docker/Moby
bc66bfa CI: upload go-mod-vendor.tar.gz as a backup
43f7b6b Dockerfile: update Ubuntu to 22.04
6c22944 Follow-up to `Support --init argument in nerdctl run command`
a8c3de4 Bump github.com/moby/sys/mount from 0.3.1 to 0.3.2
c4cf6a0 Bump actions/checkout from 3.0.0 to 3.0.1
90a91d2 Bump github.com/compose-spec/compose-go from 1.2.2 to 1.2.4
839faf5 Added volume remove fixes(issue #971)
f8272ed Support --init argument in nerdctl run command
175923e Export OS Platform and Arch information in `nerdctl version` command
b3504ce feat: container image build ci for push image to github registry
8dc5fc5 seccomp: relax restrictions depending on --cap-add
65170cb Bump actions/setup-go from 2 to 3
fe6a7e8 inspect: add type flag to inspect command
ac58d8c CI: relax timeout
96b5e49 nerdctl wait: fix flakeness and error handling
ba0624d Deflake TestComposeKill
401b541 update BuildKit (0.10.1)
1a3dfe9 Bump github.com/containerd/continuity from 0.2.2 to 0.3.0
800d9ee Bump github.com/ipfs/go-ipfs-http-client from 0.2.0 to 0.3.0
72a2923 Bump github.com/ipfs/interface-go-ipfs-core from 0.6.1 to 0.6.2
7c78e79 Bump github.com/compose-spec/compose-go from 1.2.1 to 1.2.2
8941220 update runc (1.1.1)
6fdf4d1 go.mod: vishvananda/netlink v1.2.0-beta
457317a build: fix `content digest ... not found` for built multi-platform image
500f039 Bump github.com/compose-spec/compose-go from 1.1.0 to 1.2.1
929298c Format created to be compatible with docker inspect
0564fc1 Remove orphan containers before the service has be started
b66451e update RootlessKit (1.0.0), imgcrypt (1.1.4)
50cbdfc Add check of snapshotter when sharing images
9c3cca2 docs: clarify availability of optional features
e45c8ea Bump github.com/docker/docker
589fc27 Bump github.com/docker/cli
6f5d0d2 Bump github.com/ipfs/interface-go-ipfs-core from 0.6.0 to 0.6.1
4372842 Fix nerdctl ignores BUILDKIT_HOST
0c334bd Support assign static IP address in `compose up` command by using ipv4_address field
facc229 CI: set fail-fast to false
fcdaa2e Add a document about setting up `nerdctl build` with BuildKit
ae1399a CNI: switch away from `isolation` plugin to `firewall` plugin with `ingressPolicy`
0cb1fe6 update containerd (1.6.2)
7f13c20 Fix `nerdctl build` logs error even when succeeds
8e3923c Bump github.com/containerd/go-cni from 1.1.3 to 1.1.4
d948091 avoid nil authconfig && display warning msg for unencrypted passwd
d8167e0 docs: clarify that P2P image distribution (IPFS) is completely optional
ba88f62 update CNI plugins (1.1.1), stargz-snapshotter (0.11.3), IPFS (0.12.1)
19bf1d3 enhance namespace management
1231875 push: skip foreign layers
87aa769 Support --ip argument when run the container
8ec0672 rootless: Support BuildKit containerd worker
21d0350 Bump github.com/ipfs/interface-go-ipfs-core from 0.5.2 to 0.6.0
debe171 CI: remove integration test with contianerd v1.4.5
fb0339e build with go 1.18
c0e0edf fix login on defaultRegistry
7e68a87 Support fallback to plain http in nerdctl login
7cb387d Follow-up to `Add GitHub issue templates`
701a55c Add GitHub issue templates
a9e5022 Windows CI: install git
2bcbdcb refactor netutil
b75b86c Bump github.com/docker/cli
94d9169 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
04199ec Bump github.com/docker/docker
12ca1b0 fix make failed when use go1.16
3e073bc build(deps): bump github.com/containernetworking/plugins
802db60 Update the README.md to remind people to upgrade the Go version
f20ef09 add macvlan/ipvlan doc for cni
d56bdd6 pkg/portutil: improve rootless error message
b154105 update stargz-snapshotter (0.11.2)
3f1ffe2 Support allocate host port when try to run container
9c14a02 CI: temporarily remove FreeBSD integration tests
0e7ddc9 Attempt to deflake TestPushInsecureWithLogin
1b1f1df build test-integration image in arm64
1dcc70c update containerd, CNI plugins, IPFS, Stargz Snapshotter
e8f7b6a Bump github.com/compose-spec/compose-go from 1.0.9 to 1.1.0
63ba16a Bump github.com/containerd/containerd from 1.6.0 to 1.6.1
b6850ff Bump golangci/golangci-lint-action from 2 to 3.1.0
f4d689d Bump actions/checkout from 2 to 3
f15e589 add ipam-driver and ipam-opt flags for create network
47190c4 Separate network code
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
K3s (and Kubernetes) supports load balancing via IPVS, and by default reports
errors when IPVS kernel modules cannot be loaded.
This patch adds the missing reported kernel modules to the k3s recipe:
* ip-vs
* ip-vs-rr
* ip-vs-wrr
* ip-vs-sh
The modules are configured by including the ip_vs kernel feature.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some build hosts, one of our downloaded depedencies matches
patch.bbclass' regex, and is then thought to be a patch. That leads
to errors as follows:
Compiling k3s failed with:
do_patch: Importing patch 'github.com.andreyvit.diff' with striplevel '1'
We add a noapply to the SRC_URI to ensure that it is not considered
a patch.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The shortlog of the previous uprev incorrectly stated that
1.23.x was the target. There are issues remaining with that
version, so the uprev was contained to 1.22.x
We also typically do NOT use the exact release tag, since
fixes are continually arriving post release, and with the
extensive go mod vendor process, it doesn't accurately
represent the version.
As such, we switch to: v1.22.6+k3s1+git${SRCREV_k3s}, for
finer grained version tracking.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Add the curses/terminal control application for podman.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to version v1.23.6-rc.0-16-gfbcfa330181, which comprises the following commits:
1e8f6d51484 Copy request in timeout handler
edd7a386c61 kube-up: use registry.k8s.io for containerd-related jobs
3194c87ba25 e2e: Wait only for the service account
a62ee8e5c3b e2e: Wait for kube-root-ca.crt to be created
651b1fa1cce Include pod UID in secret/configmap cache key
33d089b173c Move kubelet secret and configmap manager calls to sync_Pod functions
7f02733e4d8 test: Verify that nodes do not transition to Failed while ready
77865d3db93 test: Add E2E for job completions with cpu reservation
b51d11be7a4 test: Add E2E for init container pod deletion
290cdbf8792 kubelet: Delay writing a terminal phase until the pod is terminated
914475e2e9f Update CHANGELOG/CHANGELOG-1.23.md for v1.23.5
b3b64745789 Release commit for Kubernetes v1.23.6-rc.0
c285e781331 Release commit for Kubernetes v1.23.5
01c2f1c6420 Remove apf_fd from httplog
c52cd9c5920 Update Go to 1.17.8
1a897af197a cluster/gce: update konnectivity image tags to v0.0.30
d741174d7e1 bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30
0b8199041d1 fix dryrun when ca file exists
903f164b679 fix regression introduced by PR 100320
56bfc202e45 Add unit tests
a5faf0b5ce2 Fix nodes volumesAttached status not updated
4c85abf90bb Fix default config flags
1570a75766b test/e2e/framework: include the new control plane taint
60cd43c44e0 kubelet: Clean up a static pod that has been terminated before starting
33863be9478 Add an e2e test for updating a static pod while it restarts
621894de9d6 cronjob_controllerv2: do not filter jobs to be reconciled by labels
c9f904304d9 kube-proxy: fix duplicate port opening
f783e573f11 increase Azure ACR credential provider timeout
ba2cd0ca3db Updating EndpointSlice strategy to retain node name in topology until field is set
4e69dd88613 fix: do not return early in the node informer when there is no change of the topology label.
68ea240512a /test/e2e_kubeadm: adjust label checks for 1.23
2efffd62367 Ignore container notfound error while getPodstatuses
9f5e25033b6 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.4
d4b2d8cf961 Release commit for Kubernetes v1.23.5-rc.0
e6c093d87ea Release commit for Kubernetes v1.23.4
949798fe712 Add PDB selector patch integration test
47fc5aea4a2 Revert v1beta1 PodDisruptionBudget select patchStrategy
ef293a9ee95 test/e2e_kubeadm: fix matching UnversionedKubeletConfigMap defaults
799ffd58065 kubeadm: fix the bug that 'kubeadm init --dry-run --upload-certs' command failed with 'secret not found' error
c465ceccb32 Update Go to 1.17.7
f0eac451011 Use serializable struct for x-kubernetes-validations in openapi
02d1a291c8b Make JSON schema round tripping test more strict
30eff360132 ignore CRI PodSandboxNetworkStatus for host network pods
34a8474e600 set secondary address on host-network pods
14c399ec5e3 Deeply copy JSONSchemaProps.XValidations.
9fe0c40c8e5 wrap error from RunCordonOrUncordon
0d487176d3a Ensure the execHostnameTest() compares hostnames
733c0ebc7c3 Revert "Fix comparison between FQDN and hostname"
ebfa08cd39b service REST: Call Decorator(old) on update path
92d09f90c01 add namespace in azurefile volumeid
5830d1474ff fix: azurefile volumeid conflict in csi migration
bce4e5ba5b1 Mark device as uncertain if unmount device succeeds
4b868d09c98 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.3
72506a8439c Release commit for Kubernetes v1.23.4-rc.0
816c97ab8cf Release commit for Kubernetes v1.23.3
f2c6108f462 kubelet: fix podstatus not containing pod full name
398effdfe0d Fix bug with node restriction blocking pvc.status.resizestatus change
6d08a56228a Fix regression pruning array fields with x-kubernetes-preserve-unknown-fields: true
996d8fca977 Set max results if its not set
9c31df589b7 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.2
918dd8343f0 Release commit for Kubernetes v1.23.3-rc.0
9d142434e3a Release commit for Kubernetes v1.23.2
4935e0a527e Update k/utils to v0.0.0-20211116205334-6203023598ed
38e9dce15f4 [go] update to Go 1.17.6
28ad5463fda fix: remove outdated ipv4 route when the corresponding node is deleted
dfea07a3b04 fix: delete non existing disk issue
65b309c76d8 Revert "Automated cherry pick of #107554: Correct the feature gate string for RBD migration."
677eae51666 fix containers order after applying
89d8be52ef4 generated: ./hack/update-vendor.sh
04f3c5793c1 upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1
8c8fe66f7aa Execute sync before taking the snapshot
4b1d9d80da7 Correct the feature gate string for RBD migration.
50e813278cd fix: azuredisk parameter lowercase translation issue
879947434c0 removed unnecessary log line
88249a973a8 kubectl: add integration test for result reporting
16a4de9268a cli: let kubectl handle error printing
c5365784330 cli: avoid logging command line errors in more cases
26dae30f913 Fix header mutation race in timeout filter
81c8d0aad93 clear pod's .status.nominatedNodeName when necessary
f61c4b18c42 use node informer to check volumes attachment status before backoff
f4ba875cdfd When volume is not marked in-use, do not backoff
e36b9382ecd kubeadm: remove the restriction that the ca.crt can only contain one certificate
f4835a2cd3e flake fix: remove the error handler for cronjob integration test
962ab763c5e Fix the leak of vSphere client sessions
cc6c36f286d client-go: Clear the ResourceVersionMatch on paged list calls
d42a44fcb2f Enabling kube-proxy metrics on windows kernel mode
e6a8826e992 Remove JSON logging performance regression
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The significant commit in this series is:
0e72260df4 delete vendor dir
Which means that we completely have to revamp the recipe to build
without go accessing the network to pull in dependencies. This is
an initial effort, and it is acknowledged that it isn't efficient
or fast, due to the number of fetches and I/O required to complete
the population of the vendor/ directory.
The recipe can be iterated and made more efficient over time.
Bumping k3s to version v1.23.1+k3s1-11-ge7464a17f7, which comprises the following commits:
e7464a17f7 Fix use of agent creds for secrets-encrypt and config validate
8d8c8b0c6b Don't skip the dev image when skipping airgap
31f1a00b6f Fix a typo: advertise-up -> advertise-ip (#4827)
2ac8df3602 Integration tests utilities improvements (#4832)
612a9412fd Enable make generate to use dapper and standardize go and gzip versions (#4861)
66eeabbdfc linter doesn't actually run on windows, found these while getting it running on a windows machine
142b1d96f4 Update channel.yaml for 1.23
ff49dcf71e Export default parser
d0f7e23328 Require integration test to be run as sudo/root (#4824)
a02db0f2fa Fix cgroup smoke test (#4823)
08d538fb3a Update golang
87395e32d6 Update modules for Kubernetes v1.23
6656d48415 Add tests to use vagrantfile (#4722)
70902209b9 Bump stable to v1.22.5+k3s1 (#4821)
3ee3ecb3ac package rename wasnt approved yet, backing out cruft that snuck into last pr
a5c6e6a68a Fix panic checking name of uninitialized etcd member
52e450f033 Add etcd sonobuoy tests
9919f229b6 Add variable to enforce max test concurrency
247298a20d Fix previous channel detection
6872e7da25 More codespell ignores
3ae550ae51 Update bootstrap logic to output all changed files on disk (#4800)
0e72260df4 delete vendor dir
e6cf8f5982 code changes to drop the vendor dir
4eb282edac Move flannel logs to logrus
2e91913f54 Close agentReady channel only in k3s (#4792)
8ad7d141e8 Close etcd clients to avoid leaking GRPC connections
588d15db8f Remove Disables, Skips and DisableKubeProxy from the comparing configs
555dfc54db Add initial skeleton ADOPTERS.md to better track large use cases (#4764)
baf865b836 Add ADR
6f4217a340 Build standalone containerd
8737e2e13f Build script cleanups
89e63972e9 Bump k3s-root to v0.10.1
17eebe0563 Fix cold boot and reconcilation on secondary servers (#4747)
73725a0882 docs: adrs: Dual-stack in network policy agent
d71b335871 Fix snapshot restoration on fresh nodes (#4737)
bf4e037fcf Resolve Bootstrap Migration Edge Case (#4730)
2f3bfc27c0 Add in docs/adr to ensure we capture decisions properly during design calls (#4707)
a6fe2c0bc5 Resolve restore bootstrap (#4704)
a70487d5ae Update wharfie usage in windows code path
3985fd0e26 [master] Add validation to certificate rotation (#4692)
e8a30a87c8 Bump runc to v1.0.3
eb068da7f3 Add `SKIP_AIRGAP` enviroment variable for make (#4688)
8f389ab030 Include node-external-ip in serving-kubelet.crt SANs (#4620)
bcb662926d Secrets-encryption rotation (#4372)
1b3187ea07 Check HA network parameters
7d3447ceff Bump wharfie to v0.5.1 and use shared decompression code
05d43278e2 bump kine to v0.8.1
3b6a3fe905 Update dynamiclistener
a8f7e9f7e8 Nighlty automation vagrant rework (#4574)
a0208058ae Bump stable to v1.21.7+k3s1 (#4636)
77fd3e99ec Add cert rotation command (#4495)
1e6e4db2bc Update maintainers list (#4622)
d05c334a78 Improved cleanup for etcd unit test (#4537)
ae4a1a144a etcd snapshot functionality enhancements (#4453)
0c1f816f24 go generate
a7ba3e14ff Add package version to traefik helm chart
7685da3e24 Improve flannel logging
d93c82f958 [master] Bump golang and containerd (#4538)
65110a4eec [master] Bump Kubernetes to v1.22.4-k3s1 (#4536)
03485632ea Fix regression with cluster reset (#4521)
ef263bd2b0 Improved regex for double equals arguments (#4505)
535a919635 Removed value from warning about skipping flags (#4491)
c77efe64e1 tests/vagrant: refactor vagrant smoke tests (#4484)
f18b3252c0 [master] Add etcd extra args support for K3s (#4463)
41ff19de71 Feature: Add CoreDNS Customization Options
4b57951fb0 Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464)
5ab6d21a7d Increase agent's apiserver ready timeout (#4454)
bc7cdc78ca go generate
2e9358934d Add dashboard annotations to Traefik helm chart
5d168a1d59 Allow svclb pod to enable ipv6 forwarding
adaeae351c update bootstrap logic (#4438)
d85b2468ea Corrected skip check for dualstack on CI (#4427)
559c8ad94b install: /usr/sbin/transactional-update (#4403)
7bd65047c3 Match to last After keyword for parser (#4383)
8915e4c7f7 Replace gzip with pigz for faster builds (#4411)
0a5c6b1088 Remove unit tests from drone CI (#4424)
36c6634cce [master] updating to new signals package in wrangler (#4399)
f1d6e9bc4b install.sh: fix path detection for sle-micro (#4398)
86c6924119 containerd: v1.5.7-k3s2 (#4387)
f7dcc139ff Bump klipper-lb image for arm fix
aa3332085f Update k3s CI to run all integration tests (#4358)
94c1b988ca Enable Epics Action to automatically check off child issues in an epic (#4353)
f1622129e4 refactor: Use plain channel send or receive
f9f1cabe9c Fix log/reap reexec
702fe24afe containerd/cri: enable the btrfs snapshotter (#4316)
3da1bb3af2 Fix other uses of NewForConfigOrDie in contexts where we could return err
5acd0b9008 Watch the local Node object instead of get/sleep looping
3fe460d080 Block scheduler startup on untainted node when using embedded CCM
52eb6cac1c install.sh: initial support for sle-micro (#4331)
91cf835ec3 Update to v1.22.3 (#4354)
7c3f21e581 K3s Integration test fixes (#4341)
ab3d25a2c5 Update peer address when running cluster-reset
0a0b915921 reset buffer after use (#4279)
02a314c69a Bump klipper-helm version
918945da45 Added configuration input to etcd-snapshot (#4280)
72a1925a34 install.sh: capture quoted environment variables (#4275)
6e410fad49 Update to the newest flannel
b5b7033afd Bump klog fork version
e11a4bf8bb set duration to second (#4231)
0452f017c1 Add etcd s3 timeout (#4207)
34080b23b1 Copy old bootstrap buffer data for use during migration (#4215)
dbc14b8990 Fix race condition in cloud provider
5a923ab8dc Add containerd ready channel to delay etcd node join
6b4d75d245 maintainers: add Manuel and Michal (#4193)
b282528ee2 Display cluster tls error only in debug mode (#4124)
dc18ef2e51 Refactor log and reaper exec to omit MAINPID
d6b6a3ee9f vagrant: Add Ubuntu 21.04 support
5e01201195 vagrant: Update package list for Ubuntu
e420583684 vagrant: Add support for vagrant-libvirt
f830d09d6e vagrant: Change OS environment variable to DISTRO
feec44572d Improve error message when using a "K10" prefixed token (#4180)
ac7a8d89c6 Add ability to reconcile bootstrap data between datastore and disk (#3398)
9e787bfacb moving fossa to being inline step with a sles image
b6919adf62 Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161)
00cf4578ec Dual-stack support LB controller
1f7151ed2f Update stable to v1.21.5+k3s2
9b35734e1a Add topologySpreadConstraints to support scaling of coredns
e24e1332fd Bump containerd to v1.5.7+k3s1
12e675e2cc Don't evacuate the root cgroup when rootless
cd5002ea37 Skip tests that violate version skew policy
5d1a37ee32 Send MAINPID to systemd when reexecing for logfile output
a16105b348 Properly handle operation as init process
f4cea90cb9 set transport to skip verify if se skip flag passed (#4102)
fd495a6a5f Bump stable to v1.21.5+k3s1 (#4068)
87524a7ac7 Enable the inheritance of settings for ipv6
4ec71b360c Adding fossa anaylze/test drone step
73e21e739f Drop broken SupportNoneCgroupDriver support
8005885bad Add 1.22 channel
539e224159 Update build images to python3 for compat with recent gsutil change
b99b943c17 Use the new klipper-lb image that has newer go and Alpine versions
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Along with the commit summary below, we have the following changes:
- refresh the GO cross compiler patch context
- add new go dependency package symlinks
- only build the 'tool', since that is all we need
- fix the build error of:
cannot find package runtime/cgo (using -importcfg)
...
recipe-sysroot-native/usr/lib/aarch64-poky-linux/go/pkg/tool/linux_amd64/link:
cannot open file : open : no such file or directory
by setting the GO_BUILD_FLAGS appropriately for our static and -pie
configuration
Bumping runtime-tools to version v0.9.0-75-g0105384, which comprises the following commits:
8927281 Add syscall "statx" in seccomp to fix Operation not permitted
a202491 spec generator support setting unified
30cecc1 validation/linux_rootfs_propagation: fix
10d2584 runtimetest: validateRootfsPropagation: fixes
8b26e24 validate: rm Clean() arguments
3fb1264 validation: fix Cleanup
14cd51e Makefile: replace TAP with TAPTOOL
adcb290 Fix hanging on runc create.
5ce2cac cmd/runtimetest: fix NewPid deprecation warning
8e1a3b5 deps: bump github.com/syndtr/gocapability to latest
543268b deps: github.com/hashicorp/go-multierror to v1.1.1
4b164a1 deps: bump github.com/opencontainers/selinux to v1.9.1
ee9c051 deps: bump github.com/mrunalp/fileutils to v0.5.0
01a6f47 deps: bump sirupsen/logrus to v1.8.1
abcb94d deps: switch to google/uuid
2253869 validation/.gitignore: fix
953e752 MAINTAINERS: add @kolyshkin
221e5ea deps: bump github.com/xeipuuv/gojsonschema to v1.2.0
67884fc validate: prepare for new xeipuuv/gojsonschema
09d837b Change /dev to be mounted by default with /noexec
10c865d ci: re-add commit subject length validation
a22a894 ci: add golangci-lint run
a7cecde Add*Hook: do not return errors
c0037c9 runtimetest: silence errlint on unix.Unmount
9505f16 Explicitly ignore errors from YAML
fec9c3c validation: fix Clean
0ab61ae validation: fix/rename ReadStandardStreams
6f4b5ba validate: fix staticcheck linter warning
6a9ad7c runtimtest: fix validatePosixMounts
44e9496 Fix "addr cannot be nil" staticcheck linter warnings
d38bd63 Fix deprecation warnings from staticcheck linter
1826c32 Fix gosimple linter warnings
e36f98f Fix deadcode linter warnings
112c88c Makefile: use fancy git commit ids
16dfbbd Makefile: add/use BUILD_FLAGS
5432bc4 ci: replace travis with gha ci
fab664e Makefile: rm gofmt and golint, simplify gotest
98b2d35 Run make .gofmt
0e5956d Switch from Godeps to go modules
71a5e7c generate: add --linux-intelRdt-closid option
4f51ef9 validation: read pid in PostCreate
6502e57 Fix build of hugetlb tests on 32-bit platforms
10f8f55 generate: fix type for Umask
8f1e958 Remove spurious WARNING message
43243fe Add missing interface to set init processes Umask
120c67a AddDevice(): better diagnostic when creating dup
2affd45 Add missing clone rule for s390x.
be9f6f1 Update hugetlb tests to be more portable
5a98426 Fix cgroup hugetlb size prefix for kB
cd1349b Improve performance of AddProcessEnv
73e9a99 update Mashimiao email in MAINTAINERS
ee63cfa release v0.9.0
0d022f7 Makefile: add rule to print validation-tests
6212483 delete: reduce check waiting time
3abdc1f kill: cleanup container on error
4db38e4 oci: kill process before delete
1c40e59 seccomp: add TAP plan to the output
dd39124 validate: check mount label only for bind mounts
6fd7866 misc: use different objects for the different tests
e83ba34 capabilities: correctly add not existing capability
9585ecb adding security and CoC links
6dae2f0 Simplified code
2e8216d validation: add apparmorProfile validation
b113b38 runtimetest: add apparmorProfile validation
743b0b3 validation: add mountLabel validation
3bc60a4 Windows: Typos and incorrect defaults
20302da add selinux deps
555c03d validate: add mountlabel validation
a2df8d9 runtimetest: add mountlabel validation
b90e5bc generate: add oci-version option
00f6e86 Modify the corresponding test according to hashicorp/go-multierror v1.0.0.
b005481 Godeps: update hashicorp/go-multierror
1f0579c hack: drop -dev from runtime-spec version
b1c11da fix up vm parameters
9f6de4d generate: add process-cap-drop option
192a8eb generate: add process-cap-add option
575c8a0 man: Add some instructions and examples to some commands.
9f55c07 generate: fix capabilities add/drop option
3fc5fcb generate: Verify the input values
146c5ee generate: add vm-image-format option
f5e59a3 generate: add vm-image-path option
0cd6663 generate: add vm-kernel-initrd option
3e43643 generate: add vm-kernel-parameters option
fc0fc84 generate: add vm-kernel-path option
73f6711 generate: add vm-hypervisor-parameters option
9b1de8c generate: add vm-hypervisor-path option
e980d2f generate: add windows-devices option
f5556a8 update to golang 1.11
58f2a15 Initialize Config Windows Network
a4a33d4 release v0.8.0
c291c2a Add generate.New support for Windows.
2974f2e readme: fix wrong filepath
fb101d5 Expose Windows namespace
4615fa4 /proc should be mounted with nosuid, noexec, nodev to match the host
30a03ab Fix test
c48ee5c Vendor in windows runtime-spec changes
d5be152 validation: mounts: fix condition of source & type check
069db1a validation tests: use new RuntimeInsideValidate
270145a RuntimeInsideValidate: can now be called several times
4b49cba devel guidelines: update TAP documentation
caa32a1 validation: Implement DeleteOnlyCreatedRes
e86b898 MAINTAINERS: remove philips
dcadcca Makefile: add generate to gotest
ae94592 release v0.7.0
6c943e8 validation: Implement DeleteResImplement
fab1de6 validation: use t.Fail when checking for main test errors
06591d3 travis: add go 1.10
68b7caa mountinfo: parse empty strings in source
a6e6aff validation: check for masked block, char devices, fifo
99c5e91 validation: check for invalid symlink inside container
234933b validation: check for a masked relative path
303ae30 validation: check for read-only block, char devices, fifo
e60cd06 validation: check for invalid symlink inside container
5dd461f validation: check for a read-only relative path
d9febe1 validation: more test cases for masked paths tests
91f2983 validation: more test cases for readonly paths tests
e2d34c1 validation: add more test cases for private & slave propagations
94f1f84 validation: squash rootfs propagation tests into a single file
708de67 runtimetest: improve logic for checking for file modes
2c9b929 runtimetest: correctly check for a readable directory
0a7749a validation: test with different test cases for hugetlb cgroups
ef113d1 validation: add different test cases for blkio cgroup tests
cf9decf validation: add more test cases for linux_cgroups_network
acaa992 validation: test linux_cgroups_cpus with different values
871f0eb validation: test linux_cgroups_memory with different values
279a194 validation: allow RuntimeOutsideValidate to take a tap parameter
58ea84a fix some misspells
c887efb fix generate test in calling generate.New
cf7b786 README: fix broken links to documentation
cd3faf9 validation: fix nil dereference when handling multierror in hooks_stdin
1fb00d9 validation: use helper util.GetRuntimeToolsNamespaces()
0f52f9a validation: add a new test for NSPathMatchTypeError
ad0e97e validation: exclude user namespaces and cgroup namespaces
f64bed2 validation: add more signals to killsig test
613c5de runtimetest: check if /dev/ptmx is a symlink to /dev/pts/ptmx
582a909 validation: test validation test with an empty hostname
1ceca9e validation: use rfcError instead of specerror
a90cd2b validation: print out correct diagnostics based on specError
23c9a51 validation: sync with unshare by using select & time ticker
e132d37 validation: kill child processes by setting process groups
73358a3 validation: fix a bug when passing in namespace strings
c5c1422 validation: add test for NSProcInPath
1794938 validation: add cgroup devices validation
7c6996f check the status of the state passed to hooks over stdin
6cc92d0 validation: fix nil deferences in cpu & blkio cgroups tests
1c243a8 release v0.6.0
ef75900 validation/kill_no_effect: fix bug
3e3094d Add cgroupsPath validation
f7dd673 cgroups_v1: Correction parameters
2640f5c travis: fix fetch issue of golint
e830fa3 validation: split out pringDiag from testNamespaceInheritType
1ac1c02 validation: split out pringDiag from testNamespaceNoPath
7992f01 specerror: Add NewRFCError and NewRFCErrorOrPanic
d165658 validation: add more values for rlimits test
9152ff4 validation: create: don't skip errors on state
cc8ab2e doc: add developer guidelines
d7985e3 validation: add a new test for NSInheritWithoutType
5ce0ff8 validation: add a new test for NSNewNSWithoutPath
14e621c bash: add os
5d2dc61 validation: Implement ConfigUpdatesWithoutAffect
84a62c6 generate: Move Generator.spec to Generator.Config
2e6f6ab generate: Respect runtime.GOOS when generating default template
1917b8c validate: With --host-specific, compare config platform vs. runtime
e1ad3f0 README: Update to reflect granular TAP output
4b888f2 runtimetest: Use ModeType as the mask in the symlink check
732d438 validation: Use non-empty files in masked/readonly tests
20a71e4 runtimetest: Make TAP output more granular
b4014f8 validation/test-yaml: Drop this local experiment
7f50875 docs/command-line-interface: Require complete runtime coverage
fc1bcf5 fix process_user validation
7c5f941 generate: add process-username option
83d367b validation: add process_user validation
0ddb5cd kill stopped container generate error
73964f2 add hooks stdin test
a79a1cb add test case for KillNonCreateRunHaveNoEffect
ff399f1 contrib/rootfs-builder: Use $(cat rootfs-files)
0f3cf9d validation: LinuxUIDMapping: fix tests
984dbc8 Fix error messages in validation cgroup tests
d5630f7 validation: Implement ProcArgsApplyUntilStart
82836c8 validate: mv deviceValid to validate_linux
e99b47e Implement DevicesErrorOnDup
9e919c6 runtimetest: fix root readonly check
c9b4d66 runtimetest: count correctly TAP tests
a7f94a2 rootfs-386.tar.gz: Add with BusyBox v1.28.0
be8811c contrib/rootfs-builder: Support xz (and other) compression formats
eea2bc9 contrib/rootfs-builder: Support timestamps in stage3 dates
141f9ea contrib/rootfs-builder: Don't hit latest-stage3 when STAGE3 is supplied
4dfca7a contrib/rootfs-builder: add /proc, /dev, /sys in rootfs
b5e5322 contrib/rootfs-builder: fix busybox link list
79ae4aa validation: run CLI with correct argument order
e43d1ff return ErrorOrNil in bundle validate
4e999f2 runtimetest: fix uid_map parsing
d412a17 Fix condition in BlockIO test
8e42ca5 Add system validation
4e8dc67 add annotation and prop tests
ac12f97 Implement PosixProcRlimitsTypeGenError and LinuxProcCapError
0ec9fe6 validation: Add system validation
3401d41 validate: CheckLinux is platform dependent
0451545 validate: allow non-linux compatibility
536b713 Implement PosixProcRlimitsSoftMatchCur and PosixProcRlimitsHardMatchMax
198b3ff add 'delete' testcases
b456bda validation: Add error judgment to SetConfig
1cbf66a check RootOnWindowsRequired
e2fbc1b generate/seccomp: platform independent values
55d7e14 implement kill tests
899a400 generate: fix handling of permitted caps drop
4902e9c implement start operation tests
86869d1 validation: Increase err judgment
4947839 validation: implement PosixHooksCalledInOrder test
f48ae22 validate_test: add weightDevice test
27acd46 implement DefaultStateJSONPattern test
b25ef0d validate: implement DevicesErrorOnDup
87c5e52 release v0.5.0
e211fb5 validate: add logrus.Debugf to CheckJSONSchema
fb9511d validate: Add a non-nil test to CheckMandatoryFields
9177741 add tests when prestart/poststart/poststop hooks fail
5cbd8c7 don't overwrite hook which has a same path
9dca840 validate: add weightDevice validation
78fdf66 validate_test: Complement test
4fdf325 nil config support in lifecycle validate
09ddc02 add lifecycle validation
be390c4 change two LGTMs requirement to one
696b805 waiting until the container stopped in inside validation
ed2a4b3 add 'state' test
c76062f validation: Remove runc 'create' exit timing crutches
d8d2396 validation/util/container: Use ExitError for stderr
5e8b51e Add lifecycle testing function; Add pidfile test. Fixes #556
17486b4 Relax LGTM acquirement for PullApprove
0909a7f release v0.4.0
b5a43d1 validation/util/container: Use --bundle (and stop requiring BundleDir)
8769602 validate_test: add TestCheckMandatoryFields
7815111 cmd/runtimetest/main: Run validateDefaultDevices even with process unset
6ae0867 README: Link to the runtime API docs
fb19ae1 cmd/runtimetest/main: Loop for DRYer validateCapabilities
e85081a Makefile: Clearer warning on missing validation executable(s)
0c2e37e validation/util/container: Use a local UUID for stdout/stderr
a12de42 validation/create: Label the state ID comparison test
b880d57 *: Transition from tap Diagnostic(...) to YAML(...)
0c66fe9 vendor/github.com/mndrix/tap-go: Bump to 629fa407
7a4cb36 docs/command-line-interface: Add Runtime CLI Spec (#321)
c2f774c validation: add mount validation
625e232 Hooks should be passed in as rspec.Hook, not as a string.
48b7f56 Modify the legal value of the rootfs-propagation
5bb8754 runtimetest: add validateSeccomp
9144f82 generate: add windows-servicing option
ef277d6 generate: add windows-resources-storage option
4068d38 generate: add windows-resources-memory-limit option
93b5f72 generate: add windows-resources-cpu option
b285305 generate: add windows-network option
6a71d30 generate: add windows-layer-folders option
e9507da generate: add windows-ignore-flushes-during-boot option
df629e3 generate: add windows-hyperv-utilityVMPath option
8397b70 Add interface to remove mounts.
e266af5 generate: modify the function return value
e996b69 generate: add solaris-milestone option
fc48567 generate: add solaris-max-shm-memory option
3bca692 generate: add solaris-limitpriv option
4a9f3fa generate: add solaris-capped-memory-swap option
c9ef766 generate: add solaris-capped-memory-physical option
61884ee generate: add solaris-capped-cpu-ncpus option
01cf5e7 generate: add solaris-anet option
6f10352 AddMounts should be AddMount you are only adding a single Mount
9bcbe83 Recursive propagation flags should be legal to use
3bd8d43 validation/linux_cgroups_*: Generate TAP output
c94875e validation/util/test: Fix 'start' -> 'create' typo in error message
1094856 validation/util: Generic RuntimeOutsideValidate API
612c315 validate_test: perfect TestJSONSchema
8fb3e83 Add validation when host-specific is set
9db5ddf validate: change platform default value
8a09ee1 generate: Use non-null validation instead of initialization
10ede2c validate: Add a double guards to the call of the verification function
2f21180 filepath/clean: Add Windows support
17ce13a filepath/abs_test: Compare IsAbs with the standard library
60df768 filepath/clean_test: Compare with the standard library
f2e8be2 filepath/clean: Avoid a panic on abs-path with trailing ..
eb2ffab filepath/clean: Handle 'a/..' -> '.' case
4b20ce2 validate: fix CheckHooks
4d0a011 validate: fix CheckCapabilities
45068ce validate_test: add TestCheckHooks
34f773a validate_test: add TestCheckPlatform
7c09b4c add relative cgroupath test
1aebc09 update to support relative cgrouppath test
6351044 add cgroup network test for runtime
72e67e5 add cgroup pids test for runtime
b712995 add cgroup cpus test for runtime
f1e02ff add cgroup blkio test for runtime
432615a add cgroup hugetlb test for runtime
4a57b0f add cgroup memory test for runtime
07118a8 add runtimeOutsideValidate
9a56096 add cgroups package
0d75257 validate: remove duplicate verification
229722a validate_test: add TestCheckLinux
e7ee761 remove kernel limit for id mappings
f7b8c7e fix idmappings test
53da048 generate: add linux-intelRdt-l3CacheSchema option
ad47e7d Makefile: Change from prove to node-tap
0a919c0 validation/util/container: Remove bundle even if delete fails
e11b77f validation: Use prove(1) as a TAP harness
721fbce solve conflicting option problem
e409855 man: small fixs
58374ae remove --mount-cgroups option
74d6245 man: add manpage for option --mounts-add
6e78ff2 support json value for hooks
1c2dca0 generate: Move generate_test.go from validation
9422eec cmd/runtimetest/main: Use TAP diagnostics for errors
ca332ae runtimetest: fix nil dereference
cdf38ca validate: fix nil deference
3e82a0a add all left behind container inside tests
9a69e14 add preFunc
39f3f74 runtimetest: add host platform validation
7026311 runtimetest: add rootfs propagation test
adf1844 generate: fix error return
d327e0b generate: fix DropProcessCapability*
b5c45de generate: remove redundant code
5557d36 add more test cases for default runtime validation
9f47cbe remove debug info
68e7720 generate: change process-tty to process-terminal
045bc5f generate: fixed seccompSet
8765570 runtimetest: add posixValidations
45b2686 runtimetest: add validateUser
cc5bf05 runtimetest: fix process validation
6c98b46 runtimetest: Raise ConfigInRootBundleDir for missing config.json
95e0d95 runtimetest: Make validateRlimits silent on Windows
2746c06 move validateRlimits to defaultValidations
3c9cdc5 runtimetest: fix error return
630f06a validate_test: add cwd check to TestCheckProcess
3a46197 add version file
e08f842 release v0.3.0
90ace62 translate RFC errors
a171213 redefine error code as int64
3a97b98 translate more RFC errors based on specerror
87d3df2 complete RFC codes of runtime.md
ccef443 generate: add mounts related option
64c5ef8 complete specerror of config-linux.md config-windows.md
6df06d9 validation: add a generate smoke-test
a6f475f config: correct rootfs default
de08605 validate: allow unset "type" fields in resource devices whitelist
7553161 validate: Soften unrecognized rlimit types to SHOULD violations
b446e38 add specerror framework; complete rfc errors of bundle.md and config.md
19b061c generate: fix nil deference
6d2dbbc runtimetest: fix nil deference
0b49b01 man: fix typo
6089f63 specerror: Add SplitLevel helper
a9dbd7e cmd/oci-runtime-tool: Implement --compliance-level
286d437 fix compile issue
310bac8 bash: fix commands
6dabb9b generate: fix rootfs-propagation
93ba5a2 bash: fix rootfs-propagation
4beb2a6 validate: fix cap validation
ed4adc3 travis: update go versions
19ae238 CHANGELOG: Document changes since v0.1.0
f172006 release: v0.2.0
c3c8c02 rootfs-386.tar.gz: Add with BusyBox 1.25.1
894cae7 validate/validate: Linux rlimits extend the POSIX rlimits
6367e88 validation: Support per-architecture tarballs
ff5e578 contrib/rootfs-builder: Support multiple architectures
a94f1f6 contrib/rootfs-builder/Makefile: Ignore previous symlinks
8635532 contrib/rootfs-builder/Makefile: Raise errors from echo recipe
4f756fd Specific cap-drop command
ea55f9d Specific cap-add command
5cb6c48 rootfs.tar.gz: Bump to BusyBox 1.25.1
1a9532e generate: remove redundant content
567f1aa validate: add root.path validation when platform is windows
2cbb341 validate/validate_test: Add linux.rootfsPropagation checks
6e7da81 validate/validate_test: Better error messages for unexpected JSON Schema errors
4a705c6 validate/validate_test: Handle JSON Schema test not raising an error
16be985 validate: Delete the extra validation
b3fc8fe validate: add the validation of rlimit.type when platform is solaris
24a2327 validate: modify the condition of the deviceValid
cf64923 filepath: Add a stand-alone package for explicit-OS path logic
fa9842c Add manpages and bash-completion for --device-access-add and --device-access-remove
7f09e1b generate: add --device-access-add and --device-access-remove option
a9c6787 generate: support blkio related options
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runtime-spec to version v1.0.2-79-g7ceeb8a, which comprises the following commits:
600a8bd cgroup ownership: clarify that some files may not exist
0608c1f Switch to GitHub Actions, CODEOWNERS, etc.
f4ef391 specify cgroup ownership semantics
104385d config-linux: MAY reject an unfit cgroup
411082c add youki to implementations.md
6641127 alphabetize the implementation list.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bumping image-tools to version v1.0.0-rc3-6-g11f9988, which comprises the following commits:
8899fa9 README: add summary of project status
c6e5a1b version: back to development
25e557a version: update to 1.0.0-rc3
e324098 update email in MAINTAINERS
c3f8284 Revert "Relax LGTMs"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping image-spec to version v1.0.2-144-g02efb9a, which comprises the following commits:
d6ce48a Add mediaType fields into example manifest & image index JSON references
bc44f5b Fixing charter link
02c5c05 implementations: adding the C and Rust libraries
a36b0c8 Handle multiple matching index entries
a3eee7d README.md: Remove link to OCI scope table The OCI scope table no-longer exists.
4533d3e schema: use Go's embed package instead of esc
d147780 .tool: remove lint tool, call linter directly
0e094f3 schema, specs-go: fix lint errors
d3cd202 *: switch to golangci-lint
4d865bc go: have the go.mod at top-level
0f6c001 Remove unneeded docker pull of pandoc image
de28903 Makefile: stale installation of glide was failing
3a46ac8 github: bring forward the versions of golang tested/built with
6ced3bd media-types: `.mediaType` is available in both OCI and Docker
3be64d9 version: bump main back to -dev
beccafd version: release 1.0.2
5b82148 specs-go: adding `mediaType` to the index and manifest structures
2eb4046 *.md: bring mediaType out of reserved status
e3885ce version: bump main back to -dev
67d2d56 version: release 1.0.2
dcdcb7f specs-go: adding `mediaType` to the index and manifest structures
5f31485 *.md: bring mediaType out of reserved status
3fee04b Adding ACR to implementations
8087946 Reflect docker dontation of distribution to CNCF
bd2fa25 Minor spelling correction
fc4df0a Fix very minor oversight in config example
0d98a6c Scope data verification to content consumers
83479d4 Clean up portability considerations
fccc435 Implementations MUST NOT populate data arbitrarily
2596ec0 Expand godoc for Data
58c082d Add note about portability concerns
ce281ce Add Embedded Data section
aaf8045 Define the data field
4f080a7 Add go.mod and pin dependencies
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We refresh our wget -> curl patch for context, but otherwise, no other
changes are required.
Bumping lxc to version lxc-4.0.12-8-g5ba5725cb, which comprises the following commits:
5ba5725cb cgroups: modify cgroup2 attach logic
1e4631641 ttys: ensure container_ttys= env variable is set correctly
8ef019a6c doc: Fix reverse allowlist/denylist in Japanese man page
f1c4a17e7 cgroups: log fd of newly created cgroup
f7446b4e1 cgroups: check that opened file descriptor is a cgroup filesystem
71ba7f656 doc: Fix reverse allowlist/denylist
f314419d1 lxc-checkconfig: Fix bashism
ca4c25c6e lxc-net: don't start by default inside lxc
7e37cc96b Release LXC 4.0.12
d678aa61e lxccontainer: allow xdev when creating the container dir
bc61d2354 github: Clear default ACL on /home
fb0e0b3dd github: add systemd-coredump
53e0d390c github: more detailed compilation instructions
db84a8b6b github: log system info
e9282b6a6 github: ensure system liblxc is wiped
ad8a3bd68 lxccontainer: properly wrap lxcapi_create()
bceb81cd2 build: simplify thread local storage handling
919da35b0 build: only enable LTO for regular builds
d0a1e9c44 lxccontainer: simplify partial file creation
62b5c0051 lxccontainer: improve create_partial()
bfe24cb6a lxccontainer: improve do_lxcapi_create()
1a5c236ac lxccontainer: improve do_lxcapi_save_config()
bae0d7196 conf: log termination status
4eb09aaad conf: improve userns_exec_mapped_root()
928943280 github: stop installing gnupg now that it's unused
7c70b0d14 lxc-download: Rely on HTTPS only
199d2077c Update README.md: Fix broken link (403 Forbidden)
0b6b230e3 attach: don't pointlessly call cgroup_init()
dbef704fb commands: log command during file descriptor retrieval
733f9c909 lxc-checkconfig.in: CONFIG_NF_NAT_IPV4 was removed from the kernel 2019-03-03
ce392e230 (trivial) Fix error message, failure was connect not bind
5628bff79 seccomp: close seccomp notifier fd in cleanup handler
1f2af83a9 seccomp: only guard seccomp notify behind HAVE_DECL_SECCOMP_NOTIFY_FD
9451303d5 api-extensions: don't advertise seccomp notify support if it's not compiled in
23d07c315 use 2 sysfs instances for sys:mixed
0dd3258bd Revert "api: ->save_config() doesn't need to create container dir"
93edd510a api: ->save_config() doesn't need to create container dir
28b2e04f1 cgroups: fix compiler warning
15515f9a3 Revert "initutils: use vfork() in lxc_container_init()"
41d2530d1 macro: ensure necessary io_uring flags are defined
fc4e948c9 autotools: Avoid multiple liblxc.so with --enable-pam
a616a311a build: refuse to compile with unsupported liburing version
93be4e512 tests: add lxc.proc.* test
d8027e49c tests: add lxc.sysctls.* test
6f580343e test: improve logging helpers
a10ff3418 conf: improve logging setting sysctl and /proc/<pid>/ parameters
334cf7beb conf: apply /proc/sys and /proc/<pid>/ parameters
1b74e01ad tests: include config.h
c36379431 build: move _FILE_OFFSET_BITS to common option
f24c234ee start: log signal name and number
4915c9112 process_utils: add signal_name() helper
78baec37d build: improve liburing support detection
1a102b310 mainloop: make ifdefs easier to follow
cf931928f Replace last occurence of 'which' with 'command -v'
1ec5939b4 Replace deprecated backticks with $() construct
fdfb4a13d Replace 'which' with 'command -v' in tests too
71743e811 start: check event loop type before closing fd
f69e6b4d3 mainloop: make sure that descr->ring is allocated
1a8895855 Replace 'which' with 'command -v'
9219277cc build: add io-uring-event-loop option
d04eb166c build: add static libcap to output
bc51048b7 confile: don't use path_simplify() on lxc.{execute,init}.cmd
48728e988 conf: add cgroup2, cgroup2:ro, cgroup2:force, cgroup2:ro:force options
4d3aad49d AUTHORS: Update to point to git history
e328a988e conf: handle kernels without or not using SMT
d40b0deb4 doc: fix typo in English lxc.container.conf(5)
49fab27fc doc: Add lxc.sched.core to Japanese lxc.container.conf(5)
1ad1cab80 doc: add loglevels to ja and ko common options
1505f0780 conf: make it more obvious how auto-mount flags are defined
429233cf0 criu: support restoring containers with pre-created veth devices
48e079bf3 Release LXC 4.0.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping umoci to version v0.4.7-70-gfa8e9f8, which comprises the following commits:
c67586e build(deps): bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
88aaeca fuzz: always use golang:latest
37b9db4 build(deps): bump golang from 1.17.4 to 1.17.5
09ff9d5 build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
86eb281 build(deps): bump golang from 1.17.3 to 1.17.4
610dabf oci: protect against mediatype confusion attacks (CVE-2021-41190)
9b17e05 oci: gc: fix tests to correctly use the right media-types
38c20f1 ci: fix fresh builds
220b0c0 build(deps): bump github.com/opencontainers/image-spec
732d36d build(deps): bump golang from 1.17.2 to 1.17.3
58f3a37 mutator: .Config() should return ispec.Image vs. ImageConfig
001bbd4 ci: update main branch name
7bebba6 ci: osx: only try to unlink parallel if installed
a0d54ce build(deps): bump golang from 1.17.1 to 1.17.2
72ec924 *: use new protobuf package
09d1d79 build(deps): bump github.com/golang/protobuf from 1.5.0 to 1.5.2
88243cd build(deps): bump github.com/rootless-containers/proto
12270d3 build(deps): bump github.com/opencontainers/runc
056236a *: make codecov slightly less annoying
18fdf79 build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0
6f84bbb build(deps): bump github.com/cyphar/filepath-securejoin
0b4d52f build(deps): bump github.com/apex/log from 1.4.0 to 1.9.0
ac6ba6c build(deps): bump github.com/klauspost/pgzip from 1.2.4 to 1.2.5
9cd570d build(deps): bump golang from 1.14 to 1.17.1
26e57a2 gha: enable dependabot
65932cd ci: hardcode Go version used for linting
17111a6 *: use go1.17-friendly go:build tags
f6c2e79 codecov: drop explicit env.CODECOV_TOKEN
f80d8e2 ci: use codecov-action
785ed73 fix(Makefile): avoid usage of which
97099f1 mutate: implement an AddExisting() API
5adbd99 oci: casext: walk: do not attempt to recurse into un-parseable blobs
aad89ed oci: cas: add StatBlob to CAS interface
7091cd1 ci: switch to GitHub Actions
3ceb144 Add 2 fuzzers
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
