| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating to 3.14+.
We drop a two patches that are no longer needed, and pickup the
following commits:
e49ce513c net: allow restoring of precreated veth devices
901ea2b56 scripts/build: drop obsolete ENV1 variable
b98bbda8e images: re-license as Expat license (so-called MIT)
38a9cbe7a ci: enable crit tests in CI
7accc4454 test: fix crit test and extend it
e65a56a1e lib: also handle extra pipe data correctly
35a4761ab lib: print nice error if crit gets wrong input
f9616e917 lib: correctly handle stdin/stdout (Python 3)
840dc0b4d criu: Replace faccessat with fstatat when using AT_SYMLINK_NOFOLLOW flag
9edf53128 criu: Throw error when parent path is provided but invalid
480605824 cr-service: fix CRIU_REQ_TYPE__FEATURE_CHECK RPC request
49b9cff74 lib: fix crit-recode fix for Python 2
ca032081e ci: move CentOS 8 based test to Cirrus
9b0d75279 Use a real VM instead of a privileged container
d334ba38d pstree: don't change sid/gid-s if current sid/gid is the same
c8beca655 lib: correctly handle padding of dump images
02b0e850d lib: fromstring() and tostring() are deprecated
d49ace9d3 criu-ns: Merge comparisons with 'in'
66f5ab439 criu-ns: Add unsupported msg for restore-sibling
719c5b07e criu-ns: Handle restore-detached option
6055d0be7 criu-ns: Pass arguments to run_criu()
b31d3ad92 criu-ns: Close namespace fd before raise
44a1d321b criu-ns: Extract set namespace functions
ab9418d96 criu-ns: Remove unused _umount
b790ce21e criu-ns: Use documentation strings
097834dad criu-ns: Extract wait for process into a function
c7d76082c criu-ns: Extract mount new /proc into a function
a6659c3a7 criu-ns: Remove space before/after bracket
42df84994 criu-ns: Convert indentation to spaces
628ff18fc ci: run zdtm/transition/pid_reuse with pre-dumps in ci tests
b7d2c2a26 ci: remove ccache setup
9f2a69691 ci: run recode tests on more input files
8017b6a8e lib: fix recode errors seen in Jenkins
cdfca8694 ci: remove '-Wl,-z,now' workaround
ca2d27378 lib/cli.py: Open out file as a binary
fddf3a732 docker-test: set log file path
19be9ced9 docker-test: use containerd v1.5.0-beta.0
b51fb87a4 ci: move Travis CI Docker tests to GitHub Actions
77968d43c pstree: check for pid collision before switching to new sid/gid
1c1949ab5 test: move vt test to minor 65 on s390x
447b3cf61 zdtm/fpu03: Add .desc file to omit running on !x86
6569412bb Revert "compel: add -ffreestanding to force gcc not to use builtin memcpy, memset"
fc1fefd6e s390: Purge stale comment
24f57c68d fault-injection: Run fpu corruption tests
e07e5eee3 compel: Provide compel_set_task_ext_regs()
e9b1e0b74 compel: Store extended registers set in the thread context
8394062e4 zdtm/fpu03: Add a test to check fpu C/R in a thread
6e1cd5b6a zdtm/fpu00: Simplify ifdeffery
2fdc09499 x86/compel/fault-inject: Add a fault-injection for corrupting extended regset
e4e58a8f3 namespaces: properly handle errors of snprintf
84be3047a x86: Use PTRACE_GET_THREAD_AREA instead of sys_get_thread_area()
f8cf0715e ci/compat: Check if tests are 32-bit ELFs
e0d4aef35 github/stale: separate labels with commas without following spaces
168668ec7 ci: fix Fedora rawhide CI failures
ab395e423 plugin: check for plugin path truncation
3397ac0a7 sk-unix: check whether a socket name is NULL before printing it
950a88c74 bug: add __builtin_unreachable in BUG_ON_HANDLER
42171caba test: fix test compilation on rawhide
6110236b6 zdtm: Add javaTests output to .gitignore
7a8f426f1 test: Reduce verbosity of mvn output
89aa87484 javaTests: Add --file-locks option
2692215a5 file-lock: Add space in error message
a277c8493 ci: use runc instead of crun for podman tests
42c211285 seccomp: initialize seccomp_mode in all cases
1b5dbe567 zdtm: add second fifo_upon_unix test
903b903d2 zdtm: add fifo upon unix socket test case
82f203308 sk-unix: rework unix_resolve_name
a4c000e30 sk-unix: make criu respect existing files while restoring ghost unix socket fd
8d92d4694 files-reg: rework strip_deleted
9546f3919 files: Don't forget on stripping deleted postfix on linked files
042560a2f ci: move coverage run to github
3fb8cd3a4 test/zdtm: check that locks are not dumped if --file-locks isn't set
7a64074c0 dump: dump has to fail if there is locks and --file-locks isn't set
81c3c9748 ci: move compat tests to Github Actions
4c3f3245e README.md: remove unused badges; add a few new badges
10cb8521d README.md: remove trailing whitespaces
5792612d3 ci: move asan and image streamer test to github
2cb1156e6 vdso: fix segmentation fault caused by char pointer array
b62707bc1 Tell podman to use vfs as storage-driver
41efd592e ci: move Fedora Rawhide based tests away from Travis
442dc6515 ci: factor out Fedora Rawhide CI setup
8c89fbde3 ci: skip bpf tests on vagrant
9ec1f1a7b ci: upgrade vagrant and Fedora version
d4b0f0f94 ci: fix syntax error in stale.yml
098d4cc72 zdtm: handle a case when a test vma is merged with another one
7d63ceaec util: zero the events pointer to avoid its double free
90f043dea namespaces: handle errors of snprintf
76f9ccc70 ci: also use clang for compel-host-bin
7766f12e9 ci: run aarch64 compile tests on Drone
af1103ff2 zdtm: cleanup thread-bomb test error handling and printing
9807413c3 ci: move vagrant test to cirrus ci
11b3a1a75 workflows/stale: Don't close issue that has labels 'new feature' or 'enhancement'
2cf09cc4e fsnotify: rework redundant code
d3b1d6e0c mount: adjust log level for mnt_is_dir
504c032af mount: adjust log level for get_clean_mnt
41b486790 dump: at exit do not call timing_stop if stats are not initialized
3dc47b22d coverity: get_service_fd() is passed to a parameter that cannot be negative
8112e7657 restore: warning: Value stored to 'ret' is never read
56853fb53 memfd: use PROC_SELF instead of getpid in __open_proc
3f047f13a util: move open_proc_self_fd to service_fd
4178beaa5 servicefd: don't move service fds in case they remain in the same place
0e7321c2f compel/test: Fix warn_unused_result
cf0337c80 compel: Fix missing loff_t in Alpine
1b3274a90 ci: Enable compel testing
988b40230 compel/test: Add main makefile
61db62a87 compel/test: Resolve missing includes
f5a408cdd dump/ppc64,arm,mips: sanitize the ERESTART_RESTARTBLOCK -> EINTR transition
b4be97de9 github: auto-close stale issues and pull requests
43023fe75 zdtm: look up iptables in /sbin and /usr/sbin
cb9c85fb6 test/zdtm_ct: Run zdtm.py in the host time namespace
5351b6efe ci: Alpine's busybox based free does not understand -h
72fc2e8e4 namespaces: don't set rst on error in switch_ns_by_fd
cf8c88df6 ci: move alpine based tests to github actions
944bd0b6e ci: give an overview of the current CI environment
52bbac5a9 ci: add Circle CI definition
ac9843b08 CONTRIBUTING.md: add component prefix to the subject example
e403226ce .gitignore: Remove qemu-user-static
bde4e8565 scripts/Docerfile.centos8: Use 'powertools' repo name
e0da8b895 x86/asm: fix compile error in bitops.h
a9d08735f others/ns_ext: restore a process out of PID namespaces into the host PID namespace
660e12843 cr-restore: setup external pidns only for root task
c72901dcb namespaces: make root_ns_mask more consistent
5db1657ab cr-restore: make CLONE_NEWPID flag in clone_flags more consistent
b27c7e9c8 compel/handle-elf: override unexpected precalculated addresses
55a8b099d docs: fix simple typo, clietn -> client
9cc1f051e vim: remove wrong 8-space tabs indent from python files
82f6518db zdtm: on fail with no error also print the tail of the log
bc94f35a0 uffd: check for exited task when reading uffd_msg
87d007bcd uffd: cleanup read error handling in handle_uffd_event
a667d5778 cr-restore: Properly inspect status in sigchld_process()
a813f8676 ci: remove special handling for mips
430e464c7 CI: remove centos7 from Travis
3cf87ed48 ci: use graviton2 for arm64 tests on Travis
42a86db74 tls: Add logging within send/recv callbacks
0ecec9966 compel/log: Provide %u specifier parsing
56d3eab1c compel/log: Stop parsing at unknown format specifier
403741feb vdso: Let zero-terminator in vdso_symbol_length
ab288c35c uffd: handle xrealloc() failure
7e1f22b78 uffd: fix 'double free detected in tcache 2'
ffac3d649 ci: add CentOS 8 based CI run
407404297 ci: switch centos7 to github actions
369e17b29 travis: rename centos test to centos7
68585dec9 criu-ns: Remove unreachable statement
953e87c7b ci: fix lazy-pages test selection
8722bf012 ci: 'fix' lazy tests
50878f4f7 CI: distribute CI jobs between CI systems
0e47308d0 CI: rename 'travis' to 'ci'
2d290eeb0 namespaces: fix 'Declaring variable "path" without initializer'
cec432500 coverity: img_raw_fd() returns a negative number
84df563c5 sk-unix: ignore coverity chroot() warning
ef4ec3261 cr-dump: get_service_fd() is passed to a parameter that cannot be negative
d95c2683b util: fix double_close false positive
5527329ba dump: Potential leak of memory pointed to by 'si'
fc20d280c coverity: fix parameter_hidden: declaration hides parameter
73ed071e0 restore: Value stored to 'ret' is never read
53501e5e8 cr-dump: Potential leak of memory pointed to by 'si'
36f9700b1 vdso-compat: let coverity know that the function does not return
62ab67ed5 coverity: ignore CHECKED_RETURN
42e3e2e84 autofs: Potential leak of memory pointed to by 'token'
84ffb965c sk-unix: do not overwrite function parameter
eb741528f Use 'is None' instead of '== None'
407d3fe0f bfd: remove unused line
bbca79ab6 coredump: remove two unused variables
6a9bff88b lib/py: remove unused variable
e13a7ecd2 infect: initialize struct to avoid CLANG_WARNING
b80dd7e7c lock: disable clang_analyzer for the LOCK_BUG_ON() macro
2ec05a056 compel: don't mmap parasite as RWX
53dd29e93 cr-restore: Wait child & reap zombies if PID=1
265569a40 criu-ns: Use PID 1 on restore
e18017285 flog: Missing varargs init or cleanup (VARARGS)
532944695 Add flog to CRIU
bfb051a51 criu-ns: Convert c_char_p strings to bytes object
3f7189729 criu-ns: Print usage info when no args provided
226efaac9 criu-ns: Convert to python3 style print() syntax
ca5c93d38 python: Replace xrange with range
1609a345a crns.py: New attempt to have --unshare option
f68da4a86 criu: Version 3.15
5a655e890 travis: install gzip and redhat-rpm-config for Fedora Rawhide based tests
1062cc4fe x86/asm: update test_bit() and test_and_set_bit()
c7726b7f3 zdtm: add alternative socket filter
5c4cc46fd sockets: fix incorrect malloc size
749eb33a9 compel: Calculate sh_addr if not provided by linker
867dd27c9 util: Improper use of negative value (NEGATIVE_RETURNS)
16aea4a7c mount: Explicit null dereferenced (FORWARD_NULL)
5f0674075 util: Improper use of negative value (NEGATIVE_RETURNS)
ca7a832b5 page-xfer: Argument cannot be negative (NEGATIVE_RETURNS)
f0e48be48 sk-netlink: Argument cannot be negative (NEGATIVE_RETURNS)
4e4227871 kerndat: Argument cannot be negative (NEGATIVE_RETURNS)
50dbcadf0 net: Argument cannot be negative (NEGATIVE_RETURNS)
4a77e0456 net: Argument cannot be negative (NEGATIVE_RETURNS)
5631e9dca action-scripts: Improper use of negative value (NEGATIVE_RETURNS)
0f4b053c1 cr-dump: Resource leak (RESOURCE_LEAK)
7e4f50e74 irmap: Double close (USE_AFTER_FREE)
2ed16451b proc_parse: Copy into fixed size buffer (STRING_OVERFLOW)
864564823 autofs: Resource leak (RESOURCE_LEAK)
90369437f cgroup-props: Resource leak (RESOURCE_LEAK)
2a4c4bf2f filesystem: Double close (USE_AFTER_FREE)
38246bf55 uffd: Resource leak (RESOURCE_LEAK)
03d66390b mount: Resource leak (RESOURCE_LEAK)
c1ab1a19e pagemap: Logically dead code (DEADCODE)
4e7e26b70 files-reg: Resource leak (RESOURCE_LEAK)
da5a4d6e5 cgroup: Resource leak (RESOURCE_LEAK)
af569ac01 pagemap: Argument cannot be negative (NEGATIVE_RETURNS)
19365c1e6 cgroup: Resource leak (RESOURCE_LEAK)
b89303433 img-streamer: Double close (USE_AFTER_FREE)
59010ad6d net: Argument cannot be negative (NEGATIVE_RETURNS)
82cd3bb0d zdtm: update and refactor tests for BPF array and hash maps
8301c7e01 criu: adding support for BPF map name, ifindex and freeze
02f7e3434 images: adding support for BPF map file name and ifindex
97ab725db zdtm: adding BPF helper functions as a new library
f7bd70573 servicefd: close temporary fd on error path
3ef2c1ff8 criu: check matching the tcp-close option on restore only
9acca8df9 tcp: add a separate test for listen sockets
9ba9d6706 tcp: dump shutdown state for unconnected sockets
fd7b6e73d CI: run cross compile on all branches
32b162831 CI: add Travis test script to 'lint'
025ef090d CI: switch to loop based apt-get
0def9bc1f tests: only run 'make lint' once in CI
84215e035 scripts: run shellcheck on the scripts folder
e2101abf2 crtools: Fix --help output line width
4a80dfab8 doc: update documentations for the tcp-close option
e42f5e032 tcp: allow to specify --tcp-close on dump
4f7c48041 test/zdtm: write in a tcp socket has to fail if tcp-close was set
5b5f4b717 socket/tcp: shutdown tcp sockets if the tcp-close option is set
3957d9533 Switch to python 3 variants of dependencies on debian-based builds
a6214c360 mips64: implement vdso_redirect_calls()
80672c9f3 zdtm: Add test for SO_LINDER
5bb5890cb socket: c/r support for SO_LINGER
0aeddba7c socket: c/r support for SO_OOBINLINE
5c11b0e44 zdtm: check that unbindable mount flag does not affect restore
b554eacb5 mount: replace mountpoint to mnt_id in error messages
f3b18865f mount: delay setting unbindable flag where possible
dbf798811 sk-netlink: Handle case of in-use netlink peer ids
c0f365310 images: kindly ask not to use fields with id 18 in unix_sk_entry
ed74c9e05 zdtm: add new epoll01 test
0dda60f51 eventpoll: fix toff off calculation
dd082fad1 eventpoll: resort toff back by idx
596276a9a travis: use Fedora rawhide images from Fedora
df0c793d5 travis: restore lazy-pages tests for uns flavor
1391f84d8 criu: don't use the deprecated security_context_t (SELinux)
20d87bbfa scripts: adding libbpf for Travis tests
372782d8a zdtm: adding tests for BPF maps
14b1cc26d criu: restoring BPF map data
4d073a75e criu: restoring BPF maps (without data)
4b8186cb6 crit: add BPF map data decoding
b924394cc criu: dumping BPF map data
5ff0e7058 criu: dumping meta-data about BPF map files
b85709797 criu: parse information about BPF maps from procfs
aa59dfc6d Set Makefile config variables for libbpf
95b7d06cb criu: define constants for c/r of BPF maps
c26cd1395 images: protobuf definitions for BPF map meta-data and data
d6735616a travis: add a focal based test run
ca360ce30 travis: switch travis to Python 3
8063fbb47 contrib: Add python-future to Debian packages
52eff52e6 github: disable cross-compule for mips on master branch
5b751fbaf criu: the type of a socket inode has to be "unsigned int"
a6b00b1a7 actions: create file for daily rebuild
18f42b302 travis: loop over apt-get to recover from errors
3d67e8a0d Makefiles: do not re-generate magic.py every time
9ce4ed093 python: Handle byte strings when converting protobuf to dict
320c88e92 CONTRIBUTING.md: clarify placement of Fixes: tags
83be11f1f lib/c: extend receive to handle incoming FDs
20a24c11e log: Ask developers not to use print_on_level directly
ebc0d205a log: Hide vprint_on_level in log.c
478072474 util: Use pr_info in vma printing
1955d4907 ipc: Use pr_info() instead of print_on_level(PR_INFO...)
99fc76d8b proc_parse: Do not feed loglevel into restore_loginuid
8564bc49e check: Use pr_foo macros
7646deed6 vagrant: Update to Fedora 32
cee36af38 criu/files-reg.c: build-id size bug fix
aeeaa30a5 criu/files-reg.c: build-id from multiple headers fix
9c0b904a0 compel/infect: Don't adjust stack/args alignment
70ecbbcc8 compel: allocate the GOT table to avoid memory corruption
fee517b3d compel: remove x86/prologue.S
8d8dd5a79 compel: x86 parasite_service entry point simplification
b8c1d9d93 compel: rewrite parasite cmd and args manipulation from assembly to C
391da7464 compel: stop rounding up the parasite blob size and args region to PAGE_SIZE
d99fc1e55 compel: remove "addr_" from offset variable names
a531f9a8b compel: pass the parasite_blob_desc to compel_relocs_apply()
8ac0fa6aa compel: add error message for COMMON symbols
f92948cca zdtm: make cgroup_yard to be aware of cgroup2
f96cd8c74 tests: skip cgroup04 and cgroup_ifpriomap on pure cgroup2 systems
5f160811a zdtm.py: add the cgroup2 freezer support
98e9165f0 cgroup: Add the initial support for cgroup2
a93df9eb9 pidns: fixup
bb555b372 criu/config.c: added cli option for build-id
9191f8728 criu/files-reg.c: add build-id validation functionality
7b18c13c1 images/regfile.proto: adds additional fields to RegFileEntry
8354b526c restore: skip unnecessary setgroups calls
0d8d7f232 tests: criu-image-streamer change dev branch to master branch
62d70bd48 test/zdtm/autofs: use sigaction instead of the deprecated siginterrupt
539183fad Add error logging to config + crtools init
9a4b933f2 Add error logging to kerndat init
3490d997b test: test external namespace support
f3ebdeebe pidns: add external pidns to man-page
9dd1ab00e pidns: support external PID namespaces
f1e6b1036 pidns: write and read pidns information
4e7ec3c88 pidns: add pidns image file definition
99c848783 zdtm: add zombie_leader test
f0438f47f cgroup: make prepare_task_cgroup lookup current cgset in ancestors
d38046b00 mount: restore_task_mnt_ns - Lookup for mount namespace conditionally
41b535d31 test: skip vdso test on non-vdso systems
ce22e0f37 uffd: uffd_open prints info, caller prints error
6815aa958 CONTRIBUTING.md: add pull request guidelines
35f8c056a CONTRIBUTING.md: add sections about patch description and splitting
2e5805878 CONTRIBUTING.md: minor formatting fixes
d0fcb01d4 CONTRIBUTING.md: import "How to submit patches" from criu.org
808684c99 Add CONTRIBUTING.md
6ee4b7238 arch/x86: Fix calculation of xstate_size
1d9438aef criu swrk: fix usage, allow common options
cbf099400 Travis: use Vagrant to run VMs
d72428b7c Also report clone3() errors correctly
047ecd3a1 test/others/libcriu: test version library calls
55f71b866 lib/c: add criu_get_version()
e57e74a18 criu: optimize find_unix_sk_by_ino()
62c03530c swrk: send notification instead of using status fd
faf6dbf33 close_service_fd: rename to status_ready
e34f5dd3a clang: Branch condition evaluates to a garbage value
b4c51ea49 coverity: fix FORWARD_NULL in criu/proc_parse.c: 1481
64347398c coverity: fix RESOURCE_LEAK criu/timens.c: 67
f33410252 libcriu: Add space between 'if' and parenthesis
4ac9a3c90 libcriu: Use spaces around '='
ae4fd07ca libcriu: Add orphan pts master
f6d1b498d cr-service: spell out an error
00a44031e cr-service: fix wording in debug messages
00b8257d9 tests: move cross compilation to github actions
8452be93c travis: use bionic almost everywhere
5bd776da3 Remove dupe of "deprecated stuff on" msg
8364b0940 soccr/test: Fix error logging in libsoccr tcp-test
277b0b69f mips: fix fail when run zdtm test pthread01.c
be1394122 mips: impliment arch_shmat()
d38851c9b test/jenkins: use bash to run shell scripts
40169b950 style: fix typos
b5c34c74c mips:support docker-cross compile
afe90627e mips:criu: Enable mips in criu
d325b7b77 mips:criu/arch/mips: Add mips parts to criu
158e8f8fe mips:proto: Add mips to protocol buffer files
e7d13b368 mips:compel: Enable mips in compel/
ba0d6dbac mips:compel/arch/mips: Add architecture support to compel tool and libraries
8be1d457d net: fix coverity RESOURCE_LEAK
eb732bcf0 util: Remove deprecated print_data() routine
8c538ca10 page-read: Warn about async read w/o completion cb
27ab533cb tests: run tests with criu-image-streamer with --stream
7d79a58f4 img-streamer: introduction of criu-image-streamer
51c3f8a90 pipes: loop over splice() when dumping a pipe's data
0708cbd88 remote: Use tmp file buffer when restore ip dump
01cab14df util: Fix addr casting for IPv4/IPv6 in autobind
be2ded15e test: fix flake8 errors
d23d1fc0f travis: fix alpine builds
f2edc1e19 Update certificates for failing tls based tests
95ead1487 criu: Version π
5c5e7695a get_clean_mount: demote an error to a warning
c83a0aae2 proc: parse clock symbolic names in /proc/pid/timens_offsets
7dc89376b pstree: improve error handling in read_pstree_image
42b5700b7 kerndat remove duplicate call to kerndat_nsid()
2c2fdd333 parasite-msg: %u is not implemented for parasite code
ef7ef9cfa kerndat: remove duplicate call to kerndat_socket_netns()
62088c721 criu: put statement continuation on the same line as the closing bracket
d1fa1734e autofs: fix integer overflow in mount options parsing
6b9faabf3 mem: avoid re-opening CR_FD_PAGES when not needed
4d34f84bb img: rellocate a PATH_MAX buffer from the bss section to the stack
bb0b4219e img: fix image_name() when image is empty
067a20c81 zdtm: fail if test with the crfail tag passes
698f3a4db zdtm: limit the line length for ps by 160 symbols
eab1a3074 timens: restore processes in a new timens to restore clocks
73438d34b test: check that C/R of nested time namespaces fails
0d8c0562f zdtm_ct: run each test in a new time namespace
f1655fd54 zdtm: add a new test to check c/r of time namespaces
3fd0fa4bd zdtm: add support for time namespaces
ddba4af60 namespace: fail if ns/time_for_children isn't equal to ns/time
4127ef4ab criu: Add support for time namespaces
0e9b42acf MAINTAINERS: Add Pavel (myself) to maintainers
e3fb52e37 remove header include statements duplicates
8c36865c8 memfd: split the struct memfd_inode
e3a5d0975 memfd: save all memfd inodes in one image
967797a86 Add build directory to gitignore
cc362b432 namespaces: fix error handling in dump_user_ns
1ad8657dd config/nftables: include string.h for strlen
5f28b692a test/fifo_loop: change sizes of all fifo-s to fit a test buffer
1ad209b9c test/pipe03: check that pipe size is restored
2b376168e pipe: restore pipe size even if a pipe is empty
fa705e418 zdtm: Use safe helper function to initialize unix socket sockaddr structure
691b4a4e7 zdtm: Implemented get_current_dir_name wrapper that checks for 'x' permissions
c40c09cbb test/zdtmp: add a test to C/R shared memory file descriptors
10b1d46f6 mem/vma: set VMA_FILE_{PRIVATE,SHARED} if a vma file is borrowed
fb65ab2b1 mem: dump shared memory file descriptors
f42ae70c7 make: use cflags/ldflags for config.h detection mechanism
d0d6f1ad1 mailmap: update my email
c3ad4942d travis: add ppc64-cross test on amd64
b9c8e957d crit-recode: skip (not try to parse) nftables raw image
1f74f8d77 travis: Use debian/buster as base for cross build tests
18ac1540c travis: Add aarch64-cross test on amd64
327554ee6 compel: Remove compel.h
62ad2f609 criu: Remove compel.h includes
065ff6f41 zdtm/fifo_loop: don't try to write more than pipe size
73e0ed3b8 zdtm: add a test on open symlink migration
1936608ce files: allow dumping opened symlinks
8b9c1f4c5 zdtm: add a test for files opened with O_PATH
f167d1f4e fown: Don't fail on dumping files opened with O_PATH
58fd63042 zdtm/inhfd: force python to read new data from a file
fce196d88 memfd: don't corrupt a state of the dumped fd
ffe0896ed fs: use __open_proc instead of open("/proc/...", ... )
4129d3262 cgroup2: add minimal cgroup2 support
10416bcbc seize: support cgroup v2 freezer
9f902e0c6 seize: factor out opening and writing the freezer state
563c5e5e7 seize: prepare for cgroupv2 freezer
bb032cc3e criu(8): Convert tabs to spaces
48f3b6516 criu(8): Add documentation for --enable-fs
cdd08cdff uffd: use userns_call() to execute ioctl(UFFDIO_API)
38793699e test/jenkins: remove empty line at the end of file
3eab205ba python: sort imports
bc49927bb criu: Make use strlcpy() to copy into allocated strings
ec1164495 criu: Use strlcpy() instead of strncpy()
2dd105b8d memfd: add tests
b133c375a inhfd_test: add support for non-pair files
56d8e2455 memfd: add seals support
29a1a88bc memfd: add memory mapping support
b25684e24 memfd: add --inherit-fd support
875ac4d03 files: increase path buffer size in inherited_fd()
c1e72aa93 memfd: add file support
5dbc24b20 util: introduce the mount_detached_fs helper
e19f4cf3b MAINTAINERS: Add Dima and Adrian to maintainers
42db2c156 MAINTAINERS: add Mike
872b795a5 Maintainers: Suggest the maintainers codex (#932)
ff756cbb2 python: sort imports
d68a68b8f test/zdtm/inhfd: update dump options one each iteration
f5181b276 Travis: fix podman test case
3a4c33c50 zdtm: mntns_rw_ro_rw update error msg
9cb4067e1 vdso: Don't page-align vvar
a96a7ed87 vdso: Repair !CONFIG_VDSO
0022c2846 vdso: Add vdso_is_present() helper
99346a282 zdtm: Make test_{doc,author} weak variables
72ff29070 criu: Make use strlcpy() to copy into allocated strings
0f438ceee typo: fix missing space in error message
9bc9366c9 vdso: use correct offsets to remap vdso and vvar mappings
f1714ccce test/vdso: check the code path when here is no API to map vDSO
56258da17 criu: fix build failure against gcc-10
23374b779 criu(8): fix for asciidoctor
a15426a11 criu(8): some minor rewording
8477875dc doc/Makefile: don't hide xmlto stderr
c98af78c5 compel: add -ffreestanding to force gcc not to use builtin memcpy, memset
f6de8d4ea travis: fix warning and errors from validation
0e291d26c arm: use clone3() if it exists
f991f2350 aarch64: use clone3() if possible
3dabd38a8 clone3: handle clone3() with CLONE_PARENT
f6469493d ppc64le: use clone3() if possible
55c8ec62a arm: remove stack pointer from clobber list
cbadd201c s390x: use clone3() if possible
4c4f67a56 s390x: remove stack pointer from clobber list
a1ea8deb4 Use clone3() with set_tid to create processes
97c03b97d Add assembler wrapper for clone3()
ca02c4707 kerndat: detect if system support clone3() with set_tid
8fea2647b travis: reduce the number of podman tests
4232b270b image: core -- Reserve start_time field
f1abc9aa2 ppc64le: remove register '1' from clobber list
0c218746d Switch open-j9 alpine tests to python3
1e9ff2aa0 Add Socket-based Java Functional Tests
8b5dea33f travis: switch alpine to python3
75a744238 files: Add FD_CLOEXEC test
8255caf27 files: Remove O_CLOEXEC from file flags
2ac43cd42 python: Improve decoding of file flags
7622b7a70 files: fix ghost file error path
acb42456d zdtm: nft tables preservation test
e1c487175 net: add nftables c/r
17c4a8b24 style: Enforce kernel style -Wstrict-prototypes
8bb3c17a0 style: Enforce kernel style -Wdeclaration-after-statement
79559bef9 Fix tests on Ubuntu
8b467dd94 zdtm: Add test for SO_KEEPALIVE
d4e6fc2a0 socket: c/r support for SO_KEEPALIVE
0980617e2 sockets: Remove duplicate variable assignment
00bb06878 scripts: alpine: Install py2 packages with pip
2e656222d crit: fix python3 encoding issues
4c46cbc4d x86/cpu: cleanup and improve xfeatures_mask check
55f7a571f zdtm: sysctl net.unix.max_dgram_qlen value preservation test
ebe3b5235 unix: sysctl -- Preserve max_dgram_qlen value
1d23dc4a3 mount: Order call_helper_process calls
2237666ac restorer/inotify: reorder inotify cleanup after waiting helpers and zombies
af7e5f994 readme: github pull-requests is the preferred way to contribute
be43c3b84 cgroup: use new mount API to open the cgroup file system
76e4d31a3 net: use new mount API to open the sysfs file system
1a2d8ad7e mount: use new mount API to open the proc file system
4997a096e util: introduce the mount_detached_fs helper
b5b1c4ec4 kerndat: check whether the new mount API is supported of not
3ca09b191 travis: ignore fails of podman-test
37220b3c4 Add File-based Java Functional Tests
6ab2bdd94 zdtm/socket-tcp-fin-wait1: Use array index fro TEST_MSG
434e6b92d Documentation: Add a hint about docker build
1dbc83595 travis: Add armv7-cross as cross-compile test
bffa6e0ad build/zdtm: Use pkg-config to find includes/libs
3b24574b6 build/zdtm: Makefile hack for travis aarch64/armv8l
70fae1250 build/zdtm: Support cross-build
1463c4111 build: Use SUBARCH
df66aa99b build/nmk: Provide proper SUBARCH
a4fa4162d build/nmk: Remove SRCARCH
25f6d4f72 build: Remove SRCARCH
60bb5c731 zdtm: Set --root path to 0700 on restore
90cbeadb6 zdtm: Replace if->continue with if->elif->else
9a50fbce7 man: Describe --root option requirements
8ab3e40e3 restore: Create temp proc in /tmp
d99ee9753 mount: Bind-mount root via userns_call
b50b6ea09 mount: Add error messages
75fcec0ec travis: exclude uns tests for lazy-pages on newer kernels
8f45330d1 travis: group lazy-pages options
dc4677123 Checkpoint only specified controllers
1c0716924 compel/criu: Add __must_check
56bc4189e criu: Kill tasks even when the network is unlocked
c21c0aea1 compel/infect: Detach but fail compel_resume_task()
bd17ee858 parasite-syscall: Log if can't cure on failed infection
abe48f8c3 cr-restore: Warn if restorer can't be unmapped
1038a0ae4 cr-dump: Warn if unmapping local memfd failed
b5a83623b cr-dump: Try to cure remote on err-pathes
717385657 lib/infect: Check if compel succeed in executing munmap
ee449e27c compel: Mark compat argument of __NR() as used
c8f16bfac compel/infect: Warn if close() failed on memfd
a93117ede lib/ptrace: Be more elaborate about failures
ef277068d lib/ptrace: Allow PTRACE_PEEKDATA with errno != 0
ea018e9a9 travis: remove group from .travis.yml
fe668075a travis: switch pcp64le and s390x to real hardware
eab8cf077 travis: switch all arm related tests to real hardware
075f1beaf Makefile hack for travis aarch64/armv8l
6be414bb2 travis: Do not run privileged containers in LXD
62953d433 travis: fix copy paste error from previous commit
2b4e65336 Run java functional tests on travis
f3cca97d8 mount: make mnt_resort_siblings nonrecursive and reuse friendly
35adc0859 mount: rework mount tree build step on restore
7be726026 ns/restore/image: do not read namespace images for non-namespaced case
71dff54aa ns: make rst_new_ns_id static
d804f70a6 mount: remove useless check in populate_mnt_ns
9325339e6 travis: Disallow failures on ia32
389bcfef3 test/java: Add FileRead Tests
c4006c003 test/static:conntracks: Support nftables
a7c625938 travis: start to use aarch64 hardware
3861b334b Fix broken web-links
1a28dee52 Action scripts should be invoked with normal signal behavior
19a24df53 early-log: Print warnings only if the buffer is full
00ce121fd Add `criu` to PATH env variable in libcriu tests
321f82662 Enable libcriu testing in travis jobs
f8125b8be Couple of fixes to build and run libcriu tests
477c3a4b0 service: Use space on stack for msg buffer
e56401ed3 image-desc: Remove CR_FD_FILE_LOCKS_PID
f65b17e97 cgroup: fix cg_yard leak on error path in prepare_cgroup_sfd
5a92f100b page-pipe: Resize up to PIPE_MAX_SIZE
71c2a9dc7 Guard against empty file lock status
3efe44382 image: avoid name conflicts in image files
6b264f591 criu: use atomic_add instead of atomic_sub
7c97cc7eb lib/c: fix a compile time error
d30557699 zdtm: handle --pre-dump-mode in the rpc mode
befbbd9bb Refactor time accounting macros
98608b90d read mode pre-dump implementation
4c774afc1 Adding cnt_sub for stats manipulation
29b63e9a7 Skip adding PROT_READ to non-PROT_READ mappings
e0ea21ad5 Handling iov generation for non-PROT_READ regions
20d4920a8 Adding --pre-dump-mode option
576a99f49 restorer/inotify: Don't overflow PIE stack
578597299 Cleanup do_full_int80()
b84f481b5 unix: print inode numbers as unsigned int
3f1c4a17a pipe: print pipe_id as unsigned to generate an external pipe name
b47ef26ea cgroup: fixup nits
f44939317 zdtm/cgroup_yard: create a test cgroup yard from the post-start hook
db40ef5be test/cgroup_yard: always clean up a test cgroup yard
813bfbeb4 Convert pr_msg() error messages to pr_err()
a9f974b49 Introduce flush_early_log_to_stderr destructor
8bdc60d50 arch/x86: fpu_state->fpu_state_ia32.xsave hast to be 64-byte aligned
4f24786b3 travis: Install missing diffutils dependency
cf0080505 test: implement test for new --cgroup-yard option
2f337652a Add new command line option: --cgroup-yard
ad7e82a30 scripts: Drop Fedora 28/rawhide fix
3e9dc1c7f compel/x86: Don't use pushq for a label
0d8e2477e arch/x86: push correct eip on the stack before lretq
8ea953f18 cr-dump: Remove redundant if-statement
3eed47223 files-reg: Drop clear_ghost_files() prototype
08f3b57ab py: Manual fixlets of code formatting
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pulling in the small set of commits that move us to the
1.2.3-dev cycle:
5a117bfc Bump c/storage to v1.24.8 and c/image to v5.10.5 for RHEL 8.4 in release-1.2
560a34af Bump to v1.2.3-dev
b94b7dc0 Bump to Skopeo v1.2.2
f78bf42c Bump c/common c/image and c/storage to latest
b4210c0b Fix gating test in release-1.2 port #1169
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the SRCREV to include the following commits:
ef9922c2 libct/cg: don't return OOMKillCount error when rootless
5cdd9022 libct/cg/fs[2]: fix comments about m.rootless
2f1a3ed3 Fix vendored dependencies
d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0
f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach
928ef7af libct/nsenter: add json msg escaping
52390d68 Ignore kernel memory settings
b7c315ad vendor: bump containerd/console to 1.0.2
b6cdb8ae fix a typo
64bb59f5 nsenter: improve debug logging
6ce2d63a libct/init_linux: retry chdir to fix EPERM
c5029c00 tests: fix hello-world tarball name in testdata for arm64
289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1
4316df8b libcontainer/system: move userns utilities to separate package
e7fd383b libcontainer/system: un-export UIDMapInUserNS()
249356a1 libcontainer/system: remove unused GetParentNSeuid()
dc52ed25 libcontainer/user: remove outdated MAINTAINERS file
72ecf59c libcontainer/user: fix windows compile error
2515b0c2 libct/user: rm windows code
0596f6e1 libcontainer/devices/device_windows.go: rm
b1deba8c libcontainer/configs/config_windows_test.go: rm
f1586dbd libcontainer/configs/validate: make Validate() less DRY
4126b807 libcontainer/configs: add missing type for hooknames
48125179 go.mod: github.com/cilium/ebpf v0.4.0
44611630 docs/systemd: add
27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default
d748280a make release: build/include libseccomp
aa6da82c script/release.sh: fix shellcheck warnings
3eb46d89 ci: make static built binary available
f0dec0b4 libct/specconv/CreateCgroupConfig: nit
36fe3cc2 tests/int/cpt: fix lazy-pages flakiness
2dd62b3d libct/checkCriuFeatures: rm excessive debug
0e089002 tests/int/checkpoint: close lazy_r fd
b09030a5 tests/int/checkpoint: close fds in check_pipes
e63df1e6 tests/int: really randomize cgroup/unit names
6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE
adf733fa vendor: update go-systemd and godbus
f09a3e1b tests/int: don't set/use CGROUP_XXX variables
4ecff8d9 start: don't kill runc init too early
b1184302 libct/configs/validator: add some cgroup support
79a8647b libct/int: add TestFdLeaks
b3be2b0b libct: close execFifo after start
08b52797 Make test specific to disassembleFilter function
7b3e0bcf Ensure the scratch pipe is read during ExportBPF
62f1f0e4 tests/int/checkpoint: check all logs for errors
346cb359 Revert "tests/checkpoint: show full log lazy pages cpt"
c9b3787b script/check-config.sh: add SELinux and AppArmor
5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities
e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
2726146b runc --debug: more tests
201d60c5 runc run/start/exec: fix init log forwarding race
c06f999b libct/logs/test: refactor
688ea99e runc init: fix double call to ConfigureLogs
dd6c8d76 main: cast Chmod argument to os.FileMode
69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner
0300299a tests/int/debug.bats: fixups
d38d1f9f libcontainer/logs: use int for Config.LogPipeFd
ac93746c libct/seccomp: rm IsEnabled
9b2f1e6f runc version: don't use seccomp.IsEnabled
d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER
997e8942 capabilities.Caps: use a map for capability-types
41f466d8 nsexec.c: fix formatting for netlink defines
522bd641 Fix checking C code formatting
1948b4ce cloned_binary.c: rm redundant comments
b67deb56 nsexec.c: rm a block
513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias
dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection
d6e89248 Fix build-tags in libcontainer/devices
f585cec7 libct/cg/v2: always enable TasksAccounting
8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight
74299a1c CI: cache ~/.vagrant.d/boxes
97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set
051646a3 tests: test nested bind mount restore
705b6cc7 Re-create mountpoints during restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to 2.0.27. Also, move to a _git suffix on the recipe.
We already had one bump that made the extension and PV be out
of sync. Since we track this by git increments, not release
or release tarballs, the _git is appropriate.
The following changes are part of this update:
3efab3e Add Kubernetes e2e tests as GitHub action
0114f3c move integration to gh actions
186038c run make vendor
31c5a2e add tests running a runtime
c53c155 always set container pid file
1955f59 write runtime stderr to journal on error
af1f3c4 some small cleanups
6c38b5a Use less resources
355dbf1 conn_sock: fix potential segfault
4587294 ci/gha: bump runc to rc93
92867a7 Add Podman integration test GitHub action
1ec43d9 bump to v2.0.28-dev
65fad4b bump to v2.0.27
dd99302 Add CRI-O integration test GitHub action
911c786 exec: don't fail on EBADFD
3ac015e close_fds: fix close of external fds
1c7e6fb Add arm64 static build binary
c3f31c0 bump to v2.0.27-dev
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating cri-tools. We refresh a patch, and change the recipe
to capture the binary from build/bin versus _output dir.
The following commits are part of this bump:
e0b90a7f Increase image build timeout
8f0434e8 Add image-test builds to main cloudbuild script
b796452d Add windows images to build script
e1e9f853 Bump github.com/docker/docker
0cd06f41 Add hostnet-nginx image build to main script
74ccfeaf Bump k8s.io/api from 0.0.0 to 0.21.0
c98b734a Bump k8s.io/kubernetes from 0.0.0 to 0.21.4
109fb62d Bump k8s.io/kubectl from 0.0.0 to 0.21.0
534d9f03 Bump k8s.io/apimachinery from 0.0.0 to 0.21.0
8c5599a6 Bump k8s.io/cri-api from 0.0.0 to 0.21.0
8694106a Bump README versions to v1.21.0
b953f776 Update dependencies
ef872c25 Add dependabot config file
eaf18dae Simplify test image build process for user images
afb5b62c Move from gcr.io/cri-tools to gcr.io/k8s-staging-cri-tools
1b32fe8d Fix UID/GID and username values for test images
f749fc76 Bump gcb-docker-gcloud image to v20210331-c732583
916fae03 add docker.io/ prefix to image:busybox in docs/examples/
a0d17c4a Fix CRI-O master installation in GitHub actions
791ddab1 fix StartedAt and FinishedAt of the container status
2d5c2872 Fix CRI-O master installation in GitHub actions
44fd67ce Makefile: avoid rebuilding binaries
14485a8c support mips64le architecture.
c8c1ebae Modify hack/release.sh script to include sha256 sum files
ec31d9a2 Trigger prow job
3e939cf7 Update CRI-O to v1.20.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the latest 1.21 release changes, which comprise the
following commits:
bce3e6c5f Fix tests
ec1a512ac Bump to v3.1.1-dev
9f09fb62c Bump to v3.1.0
1386f9046 Fix test failure
38bb77c5b Update release notes for v3.1.0 final release
670e1ac67 [NO TESTS NEEDED] Turn on podman-remote build --isolation
ac4bdd265 Fix long option format on docs.podman.io
96ffce219 Fix containers list/prune http api filter behaviour
e772719bf [CI:DOCS] Add note to mappings for user/group userns in build
52cd3ce2d Validate passed in timezone from tz option
633ae014e Generate Kubernetes PersistentVolumeClaims from named volumes
c9640bab7 libpod/image: unit tests: use a `registries.conf` for aliases
43c772aa2 libpod/image: unit tests: defer cleanup
396a59b02 libpod/image: unit tests: use `require.NoError`
a01b387e8 Unification of until filter across list/prune endpoints
183a68a81 Unification of label filter across list/prune endpoints
d1589f280 fixup
31351ad94 fix: build endpoint for compat API
7148544df [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
88672b58c Check if stdin is a term in --interactive --tty mode
23f3805df [NO TESTS NEEDED] Fix rootless volume plugins
5e3445e6e Ensure manually-created volumes have correct ownership
6b6989206 Support multi doc yaml for generate/play kube
d560f168f Correct json field name
573ed9220 Fix filters in image http compat/libpod api endpoints
1b349d79a podman generate systemd --new do not duplicate params
1089f83a4 Fix podman build --pull-never
be02c8581 man pages: correct seccomp-policy label
62b49e176 [NO TESTS NEEDED] Use same function podman-remote rmi as podman
3d1aaffdb Add problematic volume name to kube play error messages
d498022fd Fix list pods filter handling in libpod api
66b1c2bd9 [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
b55730180 Remove resize race condition
e7dc66d83 [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
57e0d8f29 Use TMPDIR when commiting images
505f43c08 Add RequiresMountsFor= to systemd generate
15da607d1 Fix swapped dimensions from terminal.GetSize
0127cc184 Revert go-systemd to v2.22.0
4f11517c0 Cirrus: Update configuration for v3.1 branch
834f4caaa Bump to v3.1.0-dev
1b56ea2d9 Bump to v3.1.0-rc2
1ae87ff46 Update release notes for v3.1.0-RC2
3b609a706 Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.3.0
1dfbdd5d9 Fix system prune cmd user message with options
afce37671 System tests: reenable a bunch of skipped tests
417f36281 Cleanup /libpod/images/load handler
adf652e2a vendor: drop replace for github.com/syndtr/gocapability
e85cf8f4a security: use the bounding caps with --privileged
f46b34ecd Bump github.com/containers/common from 0.35.0 to 0.35.3
5a18b5eb7 Bump k8s.io/apimachinery from 0.20.4 to 0.20.5
aa2d6e6e6 Fix volumes and networks list/prune filters in http api
ec1651fbf Bump github.com/containers/storage from 1.25.0 to 1.28.0
1ca74b00d add a dependabot config to automate vendoring
a596d1f5d Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
8ea02d0b6 network prune filters for http compat and libpod api
8da5fd820 test: check for io.stat existence on cgroup v2
592aae4f9 test: fix test for last crun/runc
1c873c7da test: simplify cgroup path
af3499db5 Latest crun/runc should handle blkio-weight test
82858a97c fix user message image prune --all
3d01d42f2 Docs: removing secrets is safe for in-use secrets
21f229a3d Downgrade github.com/coreos/go-systemd/v22
e8918ff10 pkg/bindings/images.Build(): fix a race condition in error reporting
310eae4ba Switch all builds to pull-never
963d19c75 System test cleanup
f4b2d597a Fix for volumes prune in http compat api
8de560703 Fix remote client timezone test
57e8c6632 Do not leak libpod package into the remote client
762148deb Split libpod/network package
955aaccc5 fix use with localhost (testing)
9251b6c8c add /auth for docker compatibility
3803d0a4a create endpoint for querying libpod networks
12fb9e465 Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
660a72993 sdnotify tests: try real hard to kill socat processes
7b0155cf7 Fix array instead of one elem network http api
92a8d69a7 Delete all containers and pods between tests
258749e43 apiv2 tests: finally fix POST as originally intended
c9ef26071 Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables
f1eb8e816 Removing a non existing container API should return 404
dc0c72a48 Docs: Add docs to access APIs inside container
6d4899745 options: append CLI graph driver options
930bec4d3 podman load: fix error handling
1f2f7e745 podman cp: evaluate symlink correctly when copying from container
2033fa4c7 rm pkg/api/handlers/libpod/copy.go
31b11b5cd podman cp: fix copying to a non-existent dir
a61d70cf8 podman cp: fix ownership
2abfef380 podman cp: ignore EPERMs in rootless mode
d175fbfdb vendor buildah@v1.19.8
e33f52390 apiv2 tests: add helpers to start/stop a local registry
e926b5d73 Bump to v3.1.0-dev
aa9616cd4 Bump to v3.1.0-rc1
e9db60492 allow the removal of storage images
9eac4a7f7 podman-remote build does not support volumes
d1878cc67 Compat API: Avoid trying to create volumes if they already exist
7e289833e Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
0e36e65ea Allow users to generate a kubernetes yaml off non running containers
80390dd18 Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
d0d084dd8 turn hidden --trace into a NOP
320df8388 pkg/terminal: use c/storage/pkg/homedir
cc7a7568a Update nix pin with `make nixpkgs`
9e75cafd5 build-arg
326f3eda3 Handle podman build --dns-search
01ffe2c30 podman build --build-arg should fall back to environment
2c500a814 Add support for podman build --ignorefile
1a33b7648 replace local mount consts with libpod/define
e4da5096b separate file with mount consts in libpod/define
9fc29f63e Correct compat images/{name}/push response
a910f74ea [NO TESTS NEEDED] Bump pre-commit-hooks version
3ae580b0e [ci skip] Bad formatting fix in build documentation
803e58b36 Bump github.com/containernetworking/plugins to v0.9.1
d107c3729 podman-remote stop -time 0 does not work
5bb8fa30b Do not return from c.stop() before re-locking
2bcc95257 Fix for podman network rm (-f) workflow
3396343d4 Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.2.0
efc592fba Bump github.com/containers/buildah from 1.19.6 to 1.19.7
793c52dd5 Add tests for selinux kvm/init labels
8453424e2 Respect NanoCpus in Compat Create
a090301bb podman cp: support copying on tmpfs mounts
e43385eca image removal: ignore unknown-layer errors
aa0a57f09 Fix cni teardown errors
f86d64130 Use version package to track all versions
252aec1c9 Check for supportsKVM based on basename of the runtime
53d22c779 Compat API: create volume source dirs on the host
61e626c85 Makefile: add install.docker-docs-nobuild for packaging use
81a3f8a43 Add /sys/fs/cgroup as readonly path in docs
8f2192922 Add network summary to compat ps
4eed89aca Fix possible panic with podman build --iidfile
9391bfc52 Add version field to secret compat list/inspect api
b19791c0b Tidy duplicate log tests
5df625140 Fix support for podman build --timestamp
43e899c2e Rewrite Rename backend in a more atomic fashion
91b2f07d5 Use functions and defines from checkpointctl
bf92e2111 Move checkpoint/restore code to pkg/checkpoint/crutils
bd819ef7d Vendor in checkpointctl
2c8c5393a Support label type dict on compat build
ac992e4b0 Makefile: install systemd services conditionally
63a3b8a09 podman-system-service.1.md: fix timeout example
774aea45e swagger: update the libpodPutArchive operation verb
3908c0079 Makefile: split install.docker-docs from install.docker
2f0fc2911 Bump RootlessKit v0.14.0-beta.0
8b7caa6d0 Compat api containers/json Ports field is null
14d5bd164 Bump github.com/cri-o/ocicni to latest master
7927fe01f Refactor python tests to run against python3.9
9435e5b79 APIv2 tests: make more maintainable
e9d94dc90 [CI:DOCS] Improve release process docs
375201633 podman rmi: handle corrupted storage better
d9cb135b6 Enable cgroupsv2 rw mount via security-opt unmask
cc679d952 podman-image-sign.1.md: typo fix
f54ed7269 compat api network ls accept both format options
680dacaea Enable no_hosts from containers.conf
fcce1da1b Correct compat images/create?fromImage response
ba319e3ba [Compat API] Also print successfully tagging images in /build endpoint
43d010bd0 Fix parsing of Tmpfs field in compat create
24d9bda7f prune remotecommand dependency
bee21f1e4 system test image: build it multiarch
ef549235e Updated based on Jhonce comments
ccbe4ff73 updated common to 0.35.0
836bfebb4 Refactored file
1aa96ed2e swagger: removes the schema type for PodSpecGenerator $ref
431f75519 podman-system-connection.1.md: fix copy/paste error
90050671b Add dns search domains from cni response to resolv.conf
f152f9cf0 Network connect error if net mode is not bridge
fc32ec768 Sort CapDrop in inspect to guarantee order
79eaadd3f podman upgrade tests
3947feb4b test: ignore named hierarchies for cgroups=split
e5ac28f3b container removal: handle already removed containers
a775c5920 Bump github.com/rootless-containers/rootlesskit from 0.13.1 to 0.13.2
0ab32d11d Bump k8s.io/apimachinery from 0.20.3 to 0.20.4
874f2327e Add U volume flag to chown source volumes
fcf669fd9 Replace Labels and Options nulls with {} in NetworkResource
4875a8fb4 Cirrus: Temp. disable prior-fedora (F32) testing
f3a8e3324 podman cp: test /dev/stdin correctly
8577be72e podman cp: treat /dev/stdout correctly
e87c5b6c1 cgroup: change cgroup deletion logic on v1
9d818be73 Fix podman network IDs handling
d9655b0f0 pr-should-include-tests: recognized "renamed" tests
d2f3098c6 --no-header flag implementation for generate systemd
af7a68fa8 [NO TESTS NEEDED] Make binding util internal
c236aebb9 Two variations of --new flag added to e2e
a2e1b3eab swagger: add missing schema properties
5dded6fae bump go module to v3
d333ef82b Fix 'storage.options' indent
d886cd930 Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
b40d778f4 Bump github.com/containers/buildah from 1.19.4 to 1.19.6
05eb06f56 Turn on journald and k8s file logging tests
f06dd45e0 Allow podman play kube to read yaml file from stdin
43a581904 Log working dir when chdir fails
d6b0b5412 Fix segfault in run with memory-swap
e1ad50654 leak fix in rootless_linux.c fcn can_use_shortcut
612ba6aa8 Fix journald logs with more than 1 container
9016387bb Fix journald logs --follow
f2d057c94 Fix journald logs --since
fbc50e528 fix journald logs --tail 0
cf2a55189 [CI:DOCS]basic networking guide
71689052a cp: treat "." and "/." correctly
caa0bc157 [CI:DOCS] [NO TESTS NEEDED] Update swagger doc for libpod container wait
31eca5c20 Bump k8s.io/apimachinery from 0.20.2 to 0.20.3
e022c1975 Don't switch on a single case
3e168b19f Quote URL
b3f9559c8 bindings: support simple types that implement fmt.Stringer interface
9699e81a0 API: fix libpod's container wait endpoint condition conversion
a9d548bf7 Change source path resolution for volume copy-up
e2d5a1d05 podman ps --format '{{ .Size }}' requires --size option
12b6342c3 infra: downgrade warning to debug
12a577aea Ignore entrypoint=[\"\"]
684290725 Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
68a8d397c Add missing early returns in compat API
5d1ec2960 Do not reset storage when running inside of a container
958f90143 podman kill should report rawInput not container id
759fc9334 Fix an issue where copyup could fail with ENOENT
2ec0e3b65 do not set empty $HOME
2a21ecafa images/create: always pull image
f2f18768a Fix panic in pod creation
0fd480708 Bump github.com/rootless-containers/rootlesskit from 0.13.0 to 0.13.1
2845f7b83 podman build: pass runtime to buildah
39c1fdb15 correct startup error message
690c02f60 Add missing params for podman-remote build
a532994f8 Fix typo podman run doc in flag -pid=mode "efault"
4a9bd7a18 When stopping a container, print rawInput
714acf326 fix create container: handle empty host port
3d50393f0 Don't chown workdir if it already exists
bf083c185 Fix broken podman generate systemd --new with pods
227c54813 fix dns resolution on ubuntu
0ab5bfd31 e2e: fix network alias test
704fa8b55 fix failing image e2e test
9a24d5098 Update troubleshooting.md
6ffd05d0b [NO TESTS NEEDED] Refactor generated code
2c31f3839 Fix superfluous response.WriteHeader call in WaitContainerLibpod()
4067f3a4d change ps Created to unix
78b419909 Enable more golangci-lint linters
adfcb7460 make layer-tree lookup errors non-fatal
78c8a8736 Enable whitespace linter
69ab67bf9 Enable golint linter
ef2fc90f2 Enable stylecheck linter
40c3c972d Update Master to reflect the 3.0 release
660a06f2f utils: takes the longest path on cgroup v1
5f999b6bc container ps json format miscue
8e2fae186 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3
1b5f3ed24 utils: create parent cgroups
9196a5ce3 utils: ignore unified on cgroupv1 if not present
f4fd25a00 utils: skip empty lines
f28b08fe9 Correct compat network prune response
5ccb1596b Display correct value for unlimited ulimit
fdf39e169 apiv2: handle docker-java clients pulling
ea910fc53 Rewrite copy-up to use buildah Copier
31b2b2cc2 bump to v3.1.0-dev
68133414f [NO TESTS NEEDED] Update linter
46b014bad Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
1cc387bf7 Add shell completion tests for secrets
f4ece018b Docker APIv2 push sends digest in response body
f2a856203 Fix compat networks endpoint for a empty result
21deafba8 hardening flags for fedora rpmbuilds
e15e170ac [CI:DOCS]First pass at release process
46385dd60 Restart service when CONTAINERS_CONF changes
cc846a8cd Support annotations from containers.conf
68414537c vendor github.com/containers/image v5.10.2
ea704da72 APIv2 tests: lots of cleanup
721a1e104 Fix Docker APIv2 push endpoint
48c612cf6 generate kube: support --privileged
08d8290f1 Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0
832a69b0b Implement Secrets
45981ba29 Bump containers/buildah to v1.19.4
1caace8f4 Allow path completion for podman create/run --rootfs
6c75419a8 Cirrus: Send cirrus-cron report e-mail to list.
feecdf919 make `podman rmi` more robust
407e86dcd Implement missing arguments for podman build
3c3e644c1 vendor latest containers/common
91ea3fabd add network prune
821ef6486 fix logic when not creating a workdir
002f2aca7 Bump remote API version to 3.0.0
6c713984e play kube selinux test case
5c6ab3075 Fix podman network disconnect wrong NetworkStatus number
05444cb2c Fix per review request
c995b5460 generate kube: handle entrypoint
96adf0e2a play kube selinux test case
2b8d6ca09 Increase timeouts in some tests
3c57bc845 Add test for Docker APIv2 wait
4a219aa23 Implement Docker wait conditions
fc385806d Improve ContainerEngine.ContainerWait()
570e1587d Improve container libpod.Wait*() functions
6a6e86829 Cirrus: Collect ginkgo node logs artifacts
ebc42f508 Bump github.com/containers/storage from 1.24.5 to 1.25.0
9dc795191 Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1
bc149a4dd bindings: attach: warn correct error
d87f54fbb Fix invalid wait condition on kill
dfa9a340a Makefile: make bin/* real targets!
3d105015f typo
c40cd1be9 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
bda95bdb6 Update nix pin with `make nixpkgs`
1c50e09b0 System test for #9096 (truncated stdout)
432ee04c5 play kube selinux label test case
e0bc8ffb5 Gating tests: diff test: workaround for RHEL8 failure
bde23a021 [NO TESTS NEEDED] style: indendation
89df89b5f [NO TESTS NEEDED] fixup: remove debug code
7e4d696d9 Report StatusConflict on Pod opt partial failures
bd0e22ed1 Honor network options for macvlan networks
095919680 Make slirp MTU configurable (network_cmd_options)
ac3bd4c33 [NO TESTS NEEDED] Generated files
5a746c08f [NO TESTS NEEDED] Improve generator
c68b59f97 play kube selinux label issue
e9f936a29 Makefile: refactor ginkgo * ginkgo-remote
931ea939a Allow pods to use --net=none
323ab314e Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0
077fd670b Update release notes for v3.0.0
ee8ee651d New 'make completions' target
e11d8f15e add macvlan as a supported network driver
5352df226 Fix podman generate systemd --new special char handling
eaafd975a Bump github.com/rootless-containers/rootlesskit from 0.12.0 to 0.13.0
51c11fea8 Endpoint that lists containers does not return correct Status value
3cfd4ce45 Fix --network parsing for podman pod create
9b5b03d1e list volumes before pruning
4a6d042c2 Docker ignores mount flags that begin with constency
cdbbc6120 podman generate kube ignores --network=host
073f76c13 Switch podman stop/kill/wait handlers to use abi
b842d97f5 [CI:DOCS]build instructions for macOS
280f332bd Vendor in containers/buildah v1.19.3
ca0dd76bf Honor custom DNS in play|generate kube
d7c356552 Podman-remote push can support --format
b74f939fb Bump github.com/containers/image/v5 from 5.10.0 to 5.10.1
8d979e093 Cirrus: Build static podman-remote
c0bf0ba9e podman build --pull: refine help message and docs
c450092fd Revert "podman build --pull: use correct policy"
75c3b3389 Bump github.com/containers/image/v5 from 5.9.0 to 5.10.0
59076888d Cleanup bindings for image pull
89bb8a9b3 Don't fail if one of the cgroups is not setup
1fac43654 Add support for rootless network-aliases
c717b3cac Allow static ip and mac with rootless cni network
15caebfe5 podman build --pull: use correct policy
bfc1b66be Cirrus: Fix running Validate task on branches
f8bf509d1 Fix static build cache by using cachix
84f7bdc4d Switch podman image push handlers to use abi
fee2fadc3 e2e tests: synchronize test results
21cb3043f podman-remote ps --external --pod --sort do not work.
f79d68eea Fix podman history --no-trunc for the CREATED BY field
c63599d36 remote exec: write conmon error on hijacked connection
e9f4fb975 Fix #9100 Change console mode message to debug
02ec5299f Add default net info in container inspect
1ae410d19 Ensure the Volumes field in Compat Create is honored
35c89ccc5 [CI:DOCS]update state of restful service
0f668aa08 workdir presence checks
7b186dcb9 libpod: add (*Container).ResolvePath()
74a63df05 Fixup search
97f5e9458 Pass DefaultMountsFile to podman build
5350254f0 Ensure shutdown handler access is syncronized
33179c281 System tests: cover gaps from the last month
5623cb9d3 Fix --arch and --os flags to work correctly
a86d23c75 Bump github.com/google/uuid from 1.1.5 to 1.2.0
75698b4b7 Fix typo
393a8f026 disable dnsname when --internal
ef76b92b8 swagger.go: Fix compilation error
8c1768e38 Fix fish completion issue if the command is prefixed with a space
a457c5c92 Bump golang.org/x/crypto
0ba1942f2 networking: lookup child IP in networks
c182091b0 Small API test improvement for compatibility search endpoint
6e6a38b41 podman manifest exists
c9baa6b93 Accept and ignore 'null' as value for X-Registry-Auth
4b8df5903 Turn on some remote test
94f96c78a Add a notice to remove pod before starting service
ef654941d libpod: move slirp magic IPs to consts
5e65f0ba3 rootlessport: set source IP to slirp4netns device
37319dec1 vendor: update rootlesskit to v0.12.0
2fa67fe4b api: fix import image swagger definition
9d31fed5f podman volume exists
4e4d318b7 Cirrus: Upload swagger YAML in every context
dbb99433d [CI:DOCS] Cirrus: Skip smoke task on branch-push
836fa4c49 Move the cni lock file into the cni config dir
c1cd512cb Use random network names in the e2e tests
3fedb2b6d [CI:DOCS] Update project name in Code of Conduct
f43046745 Set log driver for compatability containers
c3cbaa355 Make generate systemd --new robust against double curly braces
6518391e8 Fix man page for fuse-overlayfs config in rootless mode
a3621a7cf Cirrus: add bindings checks
e7df73efa Fix handling of container remove
41a7e11c7 make bindings generation explicit
f302ce578 make bindings generation more robuts
175fc3867 Revert "ginkgo: install on demand via `go get -u`"
37abec240 [CI:DOCS] fix go-md2man HTMLSpan warnings
9f6bb3563 CI: smoke test: insist on adding tests on PRs
a45d22a1d podman network exists
de05e5816 ginkgo: install on demand via `go get -u`
d2ee3d815 runner.sh : deal with bash 'set -e'
4ccb0729b Add binding options for container|pod exists
683bab03f [CI:DOCS]Do not run compose tests with CI:DOCS
2df59829e simplify bindings generation
462994268 make: generate bindings: use vendor
caaaa2c5e hack/install_golangci.sh: smarter install
f38b7f48c golangci-lint: install to ./bin
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Updating kubernetes to the 1.21 release. Minor build changes and
patch refreshes were required.
The changelog is massive, so we won't list it here.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to the latest 1.20.x release, which comprises the following
commits:
b06a5ffc2f Update to v1.20.6
77390596e6 add cloud controller manager fixes from master
ef28edaf9a Update to v1.20.6
1521e3b085 Resolve local retention issue when S3 in use.
221c9ae589 add hidden attribute to disable flags
9a572ecae0 delete nocluster file and remove build tag
3f73665131 remove hidden attribute from cluster flags and related code
29f6275aae add etcd s3 secret and access key flags and env vars to secret data
355fff3017 Update to Kubernetes v1.20.5 (#3094)
c09142a3a7 put etcd bootstrap save call in goroutine and update comment
a2b1d28c68 [release 1.20] containerd: v1.4.4-k3s1 (#3086)
62839b302a remove duplicate method
0167f86f5d Have Bootstrap Data Stored in etcd at Completed Start (#3038)
1da86eaa0b Etcd Snapshot/Restore to/from S3 Compatible Backends (#2902)
0a3360fc6f Add ability to perform an etcd on-demand snapshot via cli (#2819)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bumping containerd to the 1.5.x development series.
We refresh patches and add new build dependencies, but otherwise
the overall structure is the same.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
moby has moved on to the 20.10+ series, while docker-ce has
stayed behind a bit.
Master of docker-ce now has imports from moby and is getting
ready for release.
To keep our variants from diverging, we switch to master (for
now) and will track the new development.
We adapt some patches from the moby build to work for docker-ce,
in particular, we cannot use docker to build docker, so we
port the cli building from moby.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to the lastet 20.10 series. This includes the following
moby commits:
255c79a1e8 Move cgroup v2 out of experimental
f2c0b3688a Pin arm64 machines to a specific Ubuntu version
29ff2af2d3 Fix flaky TestInspect
60310e2409 Use docker media type for plugin layers
8088859bab btrfs: Allow unprivileged user to delete subvolumes (kernel >= 4.18)
d22dde8eb1 rootless: fix getCurrentOOMScoreAdj
c1e7924f7c archive: do not use overlayWhiteoutConverter for UserNS
22dc1597b9 overlay2: doesSupportNativeDiff: add fast path for userns
daae27bfce overlay2: call d.naiveDiff.ApplyDiff when useNaiveDiff==true
e974cb638c rootless: bind mount: fix "operation not permitted"
7022b1e12e bump up rootlesskit to v0.14.1
88470052e7 vendor: docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46
d26ed2c33b fix assertPortList normalizing being too strict
915b239519 builder: produce error when using unsupported Dockerfile option
ef2351b416 integration-cli: rely less on "docker port" output format
86d98f5711 integration: update getExternalAddress to prefer IPv4
b41e2d4dc1 integration/container: wrap some long lines for readability
407a61cdb2 hack: use GOPROXY for rootlesskit to workaround issue with old git on CentOS/RHEL 7
a35e1f451e update rootlesskit to v0.14.0
9780942e20 Remove cli test for duplicate --net/--network opts
e1ee2823ec TestPushMultipleTags: Add support for 20.10 CLI
969bde2009 jsonfile: more defensive reader implementation
cb501700e8 Fix handling for json-file io.UnexpectedEOF
2d39a44c1c overlayutils/userxattr.go: add "fast path" for kernel >= 5.11.0
95d2b686be overlay2: support "userxattr" option (kernel 5.11)
074270703c Use buster backports to build with libseccomp-2.4.4
fed6ba2790 Include VPNkit binary for arm64
2ab3cd8c9e update containerd binary to v1.4.4
d3188dc164 Dockerfile: switch to "stable" dockerfile front-end
98273a606a dockerd-rootless-setuptool.sh: create CLI context "rootless"
a0670c6d3d pkg/archive: TestUntarParentPathPermissions requires root
04d9b581e9 Update documentation links
1015b5b438 dockerd-rootless.sh: prohibit running as root
35f5f9e624 builder: fix incorrect cache match for inline cache with empty layers
3ce37a6aa4 vendor: github.com/moby/buildkit v0.8.2
5e8c1b4f7d dockerd-rootless.sh: add typo guard
a24d92f95b check-config.sh: add NETFILTER_XT_MARK
80019e1b0e builder: fix blobs releasing via leases after pull
2a220f1f3d Update Swarmkit to pick up fixes to heartbeat period and stalled tasks
da1a672102 builder: fix pull synchronization regression
0e001154f9 Check the length of the correct variable #42039
3beb2e4422 Move cpu variant checks into platform matcher
0caf485abb Fallback to manifest list when no platform match
a6a88b3145 profiles: seccomp: update to Linux 5.11 syscall list
e3750357a5 builder: ensure libnetwork state file do not leak
ab5711e619 Fix builder inconsistent error on buggy platform
df2a989769 Add shim config for custom runtimes for plugins
d13e162a63 Handle long log messages correctly on SizedLogger
34446d0343 replace json.Unmarshal with NewFromJSON in Create
c00fb1383f docs: fix double "the" in existing API versions
b7e6803ec4 swagger.yaml: Remove extra 'the' wrapped by newline
420de4c569 contrib/check-config.sh: fix INET_XFRM_MODE_TRANSPORT
8412078b1e contrib/check-config.sh: fix IOSCHED_CFQ CFQ_GROUP_IOSCHED
bb0866f04e contrib/check-config.sh: fix MEMCG_SWAP_ENABLED
db47bec3c7 contrib/check-config.sh: fix NF_NAT_NEEDED
6bc47ca4b4 contrib/check-config.sh: fix NF_NAT_IPV4
491642e696 contrib/check-config.sh: support for cgroupv2
cda6988478 Fix Error in daemon_unix.go and docker_cli_run_unit_test.go
1640d7b986 Fix daemon panic when starting container with invalid device cgroup rule
6e3f2acdac docs: fix NanoCPUs casing
ad777ff3bc api: fix NanoCPUs casing in swagger
94d2467613 Fix userns-remap option when username & UID match
acb8a48a3c update runc binary to v1.0.0-rc93
5d442b1cb7 pkg/archive: Unpack() use 0755 permissions for missing directories
5db18e0aba archive: avoid creating parent dirs for XGlobalHeader
94feac18d2 Update rootlesskit to v0.13.1 to fix handling of IPv6 addresses
cc377d27ac Update TestDaemonRestartWithLiveRestore: fix docker0 subnet missmatch Fix docker0 subnet missmatch when running from docker in docker (dind)
fc07fecfb5 TestBuildUserNamespaceValidateCapabilitiesAreV2: verify build completed
f7893961de TestBuildUserNamespaceValidateCapabilitiesAreV2: use correct image name
d31b2141ae Jenkinsfile: add cgroup2
5de9bc7e01 TestInspectOomKilledTrue: skip on cgroup v2
ff49cb3e33 Dockerfile.simple: Fix compile docker binary error with btrfs
49e706e14c Dockerfile.buildx: update buildx to v0.5.1
0211909bde testing: update docker-py 4.4.1
faf6442f80 integration: fix TestBuildUserNamespaceValidateCapabilitiesAreV2 not using frozen image
f0e526f43e Make test work with rootless mode
a287e76e15 pkg/archive: allow mknodding FIFO inside userns
And the following cli commits:
dc017bdda bake: remove windows targets other than windows/amd64
feb6f439e Makefile: have binary, cross, dynbinary targets not use docker for backwards compat
8bc4062fc set default version from git
84cc7d87c update readme with new examples
c1c3d3b3a remove unused targets
048a84614 update circleci cross target
33dacda24 add windows/arm64 target
fcc05e5ea update windows resources generation
58061d25f dockerfile based binary building
4c3b87d92 config.Load() remove unneeded locks
019609872 vendor: github.com/theupdateframework/notary v0.7.0-21-gbf96a202
6ebf76504 vendor: update notary to 5f1f4a34
f508ce9db vendor: github.com/theupdateframework/notary v0.7.0
2c0435431 docs: remove trailing spaces to prevent yamldocs using "compact" notation
ff945151e docs: improve example for "remove all stopped containers"
4571d90f2 config: print deprecation warning when falling back to ~/.dockercfg
f33a69f6e [20.10] Revert "Ignore SIGURG on Linux."
d6eeeb625 service rollback: always verify state
3e157d529 docker service rollback: fix non-zero exit code in some cases
1fdf84b8e fix --update-order and --rollback-order flags
376b99c6d Rename bin/md2man to bin/go-md2man
0de4e6e9a Fix reading context and dockerfile from stdin with BuildKit
de40c2b17 Fix panic when failing to get DefaultAuthConfig
d513e46bf cli/config: prevent warning if HOME is not set
2b74b90ef Add docs and completion for docker node ls --filter node.label
05343b36a fix docker-run man page table formatting
f90db254d docs: Fix wrong variable name
0dcfdde33 Removed format flag for inspect
03cd1dc50 Added zsh completion for docker context subcommands
42811a7eb docs: add redirect for old reference URL
be966aa19 docs: fix typo in deprecated.md
b22fe0fb1 deprecate blkio-weight options with cgroups v1
4eb050071 Update bash completion for fluentd --log-options
08c4fdfa7 Add bash completion for `dockerd --ip6tables`
6aa1b37c8 Add bash completion for `docker run|create --pull`
e82920d76 Remove duplicate word in push.md
82123939f Add bash completion for jobs
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to v3.1, which comprises the following commits:
bce3e6c5f Fix tests
ec1a512ac Bump to v3.1.1-dev
9f09fb62c Bump to v3.1.0
1386f9046 Fix test failure
38bb77c5b Update release notes for v3.1.0 final release
670e1ac67 [NO TESTS NEEDED] Turn on podman-remote build --isolation
ac4bdd265 Fix long option format on docs.podman.io
96ffce219 Fix containers list/prune http api filter behaviour
e772719bf [CI:DOCS] Add note to mappings for user/group userns in build
52cd3ce2d Validate passed in timezone from tz option
633ae014e Generate Kubernetes PersistentVolumeClaims from named volumes
c9640bab7 libpod/image: unit tests: use a `registries.conf` for aliases
43c772aa2 libpod/image: unit tests: defer cleanup
396a59b02 libpod/image: unit tests: use `require.NoError`
a01b387e8 Unification of until filter across list/prune endpoints
183a68a81 Unification of label filter across list/prune endpoints
d1589f280 fixup
31351ad94 fix: build endpoint for compat API
7148544df [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
88672b58c Check if stdin is a term in --interactive --tty mode
23f3805df [NO TESTS NEEDED] Fix rootless volume plugins
5e3445e6e Ensure manually-created volumes have correct ownership
6b6989206 Support multi doc yaml for generate/play kube
d560f168f Correct json field name
573ed9220 Fix filters in image http compat/libpod api endpoints
1b349d79a podman generate systemd --new do not duplicate params
1089f83a4 Fix podman build --pull-never
be02c8581 man pages: correct seccomp-policy label
62b49e176 [NO TESTS NEEDED] Use same function podman-remote rmi as podman
3d1aaffdb Add problematic volume name to kube play error messages
d498022fd Fix list pods filter handling in libpod api
66b1c2bd9 [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
b55730180 Remove resize race condition
e7dc66d83 [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
57e0d8f29 Use TMPDIR when commiting images
505f43c08 Add RequiresMountsFor= to systemd generate
15da607d1 Fix swapped dimensions from terminal.GetSize
0127cc184 Revert go-systemd to v2.22.0
4f11517c0 Cirrus: Update configuration for v3.1 branch
834f4caaa Bump to v3.1.0-dev
1b56ea2d9 Bump to v3.1.0-rc2
1ae87ff46 Update release notes for v3.1.0-RC2
3b609a706 Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.3.0
1dfbdd5d9 Fix system prune cmd user message with options
afce37671 System tests: reenable a bunch of skipped tests
417f36281 Cleanup /libpod/images/load handler
adf652e2a vendor: drop replace for github.com/syndtr/gocapability
e85cf8f4a security: use the bounding caps with --privileged
f46b34ecd Bump github.com/containers/common from 0.35.0 to 0.35.3
5a18b5eb7 Bump k8s.io/apimachinery from 0.20.4 to 0.20.5
aa2d6e6e6 Fix volumes and networks list/prune filters in http api
ec1651fbf Bump github.com/containers/storage from 1.25.0 to 1.28.0
1ca74b00d add a dependabot config to automate vendoring
a596d1f5d Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
8ea02d0b6 network prune filters for http compat and libpod api
8da5fd820 test: check for io.stat existence on cgroup v2
592aae4f9 test: fix test for last crun/runc
1c873c7da test: simplify cgroup path
af3499db5 Latest crun/runc should handle blkio-weight test
82858a97c fix user message image prune --all
3d01d42f2 Docs: removing secrets is safe for in-use secrets
21f229a3d Downgrade github.com/coreos/go-systemd/v22
e8918ff10 pkg/bindings/images.Build(): fix a race condition in error reporting
310eae4ba Switch all builds to pull-never
963d19c75 System test cleanup
f4b2d597a Fix for volumes prune in http compat api
8de560703 Fix remote client timezone test
57e8c6632 Do not leak libpod package into the remote client
762148deb Split libpod/network package
955aaccc5 fix use with localhost (testing)
9251b6c8c add /auth for docker compatibility
3803d0a4a create endpoint for querying libpod networks
12fb9e465 Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
660a72993 sdnotify tests: try real hard to kill socat processes
7b0155cf7 Fix array instead of one elem network http api
92a8d69a7 Delete all containers and pods between tests
258749e43 apiv2 tests: finally fix POST as originally intended
c9ef26071 Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables
f1eb8e816 Removing a non existing container API should return 404
dc0c72a48 Docs: Add docs to access APIs inside container
6d4899745 options: append CLI graph driver options
930bec4d3 podman load: fix error handling
1f2f7e745 podman cp: evaluate symlink correctly when copying from container
2033fa4c7 rm pkg/api/handlers/libpod/copy.go
31b11b5cd podman cp: fix copying to a non-existent dir
a61d70cf8 podman cp: fix ownership
2abfef380 podman cp: ignore EPERMs in rootless mode
d175fbfdb vendor buildah@v1.19.8
e33f52390 apiv2 tests: add helpers to start/stop a local registry
e926b5d73 Bump to v3.1.0-dev
aa9616cd4 Bump to v3.1.0-rc1
e9db60492 allow the removal of storage images
9eac4a7f7 podman-remote build does not support volumes
d1878cc67 Compat API: Avoid trying to create volumes if they already exist
7e289833e Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
0e36e65ea Allow users to generate a kubernetes yaml off non running containers
80390dd18 Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
d0d084dd8 turn hidden --trace into a NOP
320df8388 pkg/terminal: use c/storage/pkg/homedir
cc7a7568a Update nix pin with `make nixpkgs`
9e75cafd5 build-arg
326f3eda3 Handle podman build --dns-search
01ffe2c30 podman build --build-arg should fall back to environment
2c500a814 Add support for podman build --ignorefile
1a33b7648 replace local mount consts with libpod/define
e4da5096b separate file with mount consts in libpod/define
9fc29f63e Correct compat images/{name}/push response
a910f74ea [NO TESTS NEEDED] Bump pre-commit-hooks version
3ae580b0e [ci skip] Bad formatting fix in build documentation
803e58b36 Bump github.com/containernetworking/plugins to v0.9.1
d107c3729 podman-remote stop -time 0 does not work
5bb8fa30b Do not return from c.stop() before re-locking
2bcc95257 Fix for podman network rm (-f) workflow
3396343d4 Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.2.0
efc592fba Bump github.com/containers/buildah from 1.19.6 to 1.19.7
793c52dd5 Add tests for selinux kvm/init labels
8453424e2 Respect NanoCpus in Compat Create
a090301bb podman cp: support copying on tmpfs mounts
e43385eca image removal: ignore unknown-layer errors
aa0a57f09 Fix cni teardown errors
f86d64130 Use version package to track all versions
252aec1c9 Check for supportsKVM based on basename of the runtime
53d22c779 Compat API: create volume source dirs on the host
61e626c85 Makefile: add install.docker-docs-nobuild for packaging use
81a3f8a43 Add /sys/fs/cgroup as readonly path in docs
8f2192922 Add network summary to compat ps
4eed89aca Fix possible panic with podman build --iidfile
9391bfc52 Add version field to secret compat list/inspect api
b19791c0b Tidy duplicate log tests
5df625140 Fix support for podman build --timestamp
43e899c2e Rewrite Rename backend in a more atomic fashion
91b2f07d5 Use functions and defines from checkpointctl
bf92e2111 Move checkpoint/restore code to pkg/checkpoint/crutils
bd819ef7d Vendor in checkpointctl
2c8c5393a Support label type dict on compat build
ac992e4b0 Makefile: install systemd services conditionally
63a3b8a09 podman-system-service.1.md: fix timeout example
774aea45e swagger: update the libpodPutArchive operation verb
3908c0079 Makefile: split install.docker-docs from install.docker
2f0fc2911 Bump RootlessKit v0.14.0-beta.0
8b7caa6d0 Compat api containers/json Ports field is null
14d5bd164 Bump github.com/cri-o/ocicni to latest master
7927fe01f Refactor python tests to run against python3.9
9435e5b79 APIv2 tests: make more maintainable
e9d94dc90 [CI:DOCS] Improve release process docs
375201633 podman rmi: handle corrupted storage better
d9cb135b6 Enable cgroupsv2 rw mount via security-opt unmask
cc679d952 podman-image-sign.1.md: typo fix
f54ed7269 compat api network ls accept both format options
680dacaea Enable no_hosts from containers.conf
fcce1da1b Correct compat images/create?fromImage response
ba319e3ba [Compat API] Also print successfully tagging images in /build endpoint
43d010bd0 Fix parsing of Tmpfs field in compat create
24d9bda7f prune remotecommand dependency
bee21f1e4 system test image: build it multiarch
ef549235e Updated based on Jhonce comments
ccbe4ff73 updated common to 0.35.0
836bfebb4 Refactored file
1aa96ed2e swagger: removes the schema type for PodSpecGenerator $ref
431f75519 podman-system-connection.1.md: fix copy/paste error
90050671b Add dns search domains from cni response to resolv.conf
f152f9cf0 Network connect error if net mode is not bridge
fc32ec768 Sort CapDrop in inspect to guarantee order
79eaadd3f podman upgrade tests
3947feb4b test: ignore named hierarchies for cgroups=split
e5ac28f3b container removal: handle already removed containers
a775c5920 Bump github.com/rootless-containers/rootlesskit from 0.13.1 to 0.13.2
0ab32d11d Bump k8s.io/apimachinery from 0.20.3 to 0.20.4
874f2327e Add U volume flag to chown source volumes
fcf669fd9 Replace Labels and Options nulls with {} in NetworkResource
4875a8fb4 Cirrus: Temp. disable prior-fedora (F32) testing
f3a8e3324 podman cp: test /dev/stdin correctly
8577be72e podman cp: treat /dev/stdout correctly
e87c5b6c1 cgroup: change cgroup deletion logic on v1
9d818be73 Fix podman network IDs handling
d9655b0f0 pr-should-include-tests: recognized "renamed" tests
d2f3098c6 --no-header flag implementation for generate systemd
af7a68fa8 [NO TESTS NEEDED] Make binding util internal
c236aebb9 Two variations of --new flag added to e2e
a2e1b3eab swagger: add missing schema properties
5dded6fae bump go module to v3
d333ef82b Fix 'storage.options' indent
d886cd930 Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
b40d778f4 Bump github.com/containers/buildah from 1.19.4 to 1.19.6
05eb06f56 Turn on journald and k8s file logging tests
f06dd45e0 Allow podman play kube to read yaml file from stdin
43a581904 Log working dir when chdir fails
d6b0b5412 Fix segfault in run with memory-swap
e1ad50654 leak fix in rootless_linux.c fcn can_use_shortcut
612ba6aa8 Fix journald logs with more than 1 container
9016387bb Fix journald logs --follow
f2d057c94 Fix journald logs --since
fbc50e528 fix journald logs --tail 0
cf2a55189 [CI:DOCS]basic networking guide
71689052a cp: treat "." and "/." correctly
caa0bc157 [CI:DOCS] [NO TESTS NEEDED] Update swagger doc for libpod container wait
31eca5c20 Bump k8s.io/apimachinery from 0.20.2 to 0.20.3
e022c1975 Don't switch on a single case
3e168b19f Quote URL
b3f9559c8 bindings: support simple types that implement fmt.Stringer interface
9699e81a0 API: fix libpod's container wait endpoint condition conversion
a9d548bf7 Change source path resolution for volume copy-up
e2d5a1d05 podman ps --format '{{ .Size }}' requires --size option
12b6342c3 infra: downgrade warning to debug
12a577aea Ignore entrypoint=[\"\"]
684290725 Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
68a8d397c Add missing early returns in compat API
5d1ec2960 Do not reset storage when running inside of a container
958f90143 podman kill should report rawInput not container id
759fc9334 Fix an issue where copyup could fail with ENOENT
2ec0e3b65 do not set empty $HOME
2a21ecafa images/create: always pull image
f2f18768a Fix panic in pod creation
0fd480708 Bump github.com/rootless-containers/rootlesskit from 0.13.0 to 0.13.1
2845f7b83 podman build: pass runtime to buildah
39c1fdb15 correct startup error message
690c02f60 Add missing params for podman-remote build
a532994f8 Fix typo podman run doc in flag -pid=mode "efault"
4a9bd7a18 When stopping a container, print rawInput
714acf326 fix create container: handle empty host port
3d50393f0 Don't chown workdir if it already exists
bf083c185 Fix broken podman generate systemd --new with pods
227c54813 fix dns resolution on ubuntu
0ab5bfd31 e2e: fix network alias test
704fa8b55 fix failing image e2e test
9a24d5098 Update troubleshooting.md
6ffd05d0b [NO TESTS NEEDED] Refactor generated code
2c31f3839 Fix superfluous response.WriteHeader call in WaitContainerLibpod()
4067f3a4d change ps Created to unix
78b419909 Enable more golangci-lint linters
adfcb7460 make layer-tree lookup errors non-fatal
78c8a8736 Enable whitespace linter
69ab67bf9 Enable golint linter
ef2fc90f2 Enable stylecheck linter
40c3c972d Update Master to reflect the 3.0 release
660a06f2f utils: takes the longest path on cgroup v1
5f999b6bc container ps json format miscue
8e2fae186 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3
1b5f3ed24 utils: create parent cgroups
9196a5ce3 utils: ignore unified on cgroupv1 if not present
f4fd25a00 utils: skip empty lines
f28b08fe9 Correct compat network prune response
5ccb1596b Display correct value for unlimited ulimit
fdf39e169 apiv2: handle docker-java clients pulling
ea910fc53 Rewrite copy-up to use buildah Copier
31b2b2cc2 bump to v3.1.0-dev
68133414f [NO TESTS NEEDED] Update linter
46b014bad Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
1cc387bf7 Add shell completion tests for secrets
f4ece018b Docker APIv2 push sends digest in response body
f2a856203 Fix compat networks endpoint for a empty result
21deafba8 hardening flags for fedora rpmbuilds
e15e170ac [CI:DOCS]First pass at release process
46385dd60 Restart service when CONTAINERS_CONF changes
cc846a8cd Support annotations from containers.conf
68414537c vendor github.com/containers/image v5.10.2
ea704da72 APIv2 tests: lots of cleanup
721a1e104 Fix Docker APIv2 push endpoint
48c612cf6 generate kube: support --privileged
08d8290f1 Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0
832a69b0b Implement Secrets
45981ba29 Bump containers/buildah to v1.19.4
1caace8f4 Allow path completion for podman create/run --rootfs
6c75419a8 Cirrus: Send cirrus-cron report e-mail to list.
feecdf919 make `podman rmi` more robust
407e86dcd Implement missing arguments for podman build
3c3e644c1 vendor latest containers/common
91ea3fabd add network prune
821ef6486 fix logic when not creating a workdir
002f2aca7 Bump remote API version to 3.0.0
6c713984e play kube selinux test case
5c6ab3075 Fix podman network disconnect wrong NetworkStatus number
05444cb2c Fix per review request
c995b5460 generate kube: handle entrypoint
96adf0e2a play kube selinux test case
2b8d6ca09 Increase timeouts in some tests
3c57bc845 Add test for Docker APIv2 wait
4a219aa23 Implement Docker wait conditions
fc385806d Improve ContainerEngine.ContainerWait()
570e1587d Improve container libpod.Wait*() functions
6a6e86829 Cirrus: Collect ginkgo node logs artifacts
ebc42f508 Bump github.com/containers/storage from 1.24.5 to 1.25.0
9dc795191 Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1
bc149a4dd bindings: attach: warn correct error
d87f54fbb Fix invalid wait condition on kill
dfa9a340a Makefile: make bin/* real targets!
3d105015f typo
c40cd1be9 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
bda95bdb6 Update nix pin with `make nixpkgs`
1c50e09b0 System test for #9096 (truncated stdout)
432ee04c5 play kube selinux label test case
e0bc8ffb5 Gating tests: diff test: workaround for RHEL8 failure
bde23a021 [NO TESTS NEEDED] style: indendation
89df89b5f [NO TESTS NEEDED] fixup: remove debug code
7e4d696d9 Report StatusConflict on Pod opt partial failures
bd0e22ed1 Honor network options for macvlan networks
095919680 Make slirp MTU configurable (network_cmd_options)
ac3bd4c33 [NO TESTS NEEDED] Generated files
5a746c08f [NO TESTS NEEDED] Improve generator
c68b59f97 play kube selinux label issue
e9f936a29 Makefile: refactor ginkgo * ginkgo-remote
931ea939a Allow pods to use --net=none
323ab314e Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0
077fd670b Update release notes for v3.0.0
ee8ee651d New 'make completions' target
e11d8f15e add macvlan as a supported network driver
5352df226 Fix podman generate systemd --new special char handling
eaafd975a Bump github.com/rootless-containers/rootlesskit from 0.12.0 to 0.13.0
51c11fea8 Endpoint that lists containers does not return correct Status value
3cfd4ce45 Fix --network parsing for podman pod create
9b5b03d1e list volumes before pruning
4a6d042c2 Docker ignores mount flags that begin with constency
cdbbc6120 podman generate kube ignores --network=host
073f76c13 Switch podman stop/kill/wait handlers to use abi
b842d97f5 [CI:DOCS]build instructions for macOS
280f332bd Vendor in containers/buildah v1.19.3
ca0dd76bf Honor custom DNS in play|generate kube
d7c356552 Podman-remote push can support --format
b74f939fb Bump github.com/containers/image/v5 from 5.10.0 to 5.10.1
8d979e093 Cirrus: Build static podman-remote
c0bf0ba9e podman build --pull: refine help message and docs
c450092fd Revert "podman build --pull: use correct policy"
75c3b3389 Bump github.com/containers/image/v5 from 5.9.0 to 5.10.0
59076888d Cleanup bindings for image pull
89bb8a9b3 Don't fail if one of the cgroups is not setup
1fac43654 Add support for rootless network-aliases
c717b3cac Allow static ip and mac with rootless cni network
15caebfe5 podman build --pull: use correct policy
bfc1b66be Cirrus: Fix running Validate task on branches
f8bf509d1 Fix static build cache by using cachix
84f7bdc4d Switch podman image push handlers to use abi
fee2fadc3 e2e tests: synchronize test results
21cb3043f podman-remote ps --external --pod --sort do not work.
f79d68eea Fix podman history --no-trunc for the CREATED BY field
c63599d36 remote exec: write conmon error on hijacked connection
e9f4fb975 Fix #9100 Change console mode message to debug
02ec5299f Add default net info in container inspect
1ae410d19 Ensure the Volumes field in Compat Create is honored
35c89ccc5 [CI:DOCS]update state of restful service
0f668aa08 workdir presence checks
7b186dcb9 libpod: add (*Container).ResolvePath()
74a63df05 Fixup search
97f5e9458 Pass DefaultMountsFile to podman build
5350254f0 Ensure shutdown handler access is syncronized
33179c281 System tests: cover gaps from the last month
5623cb9d3 Fix --arch and --os flags to work correctly
a86d23c75 Bump github.com/google/uuid from 1.1.5 to 1.2.0
75698b4b7 Fix typo
393a8f026 disable dnsname when --internal
ef76b92b8 swagger.go: Fix compilation error
8c1768e38 Fix fish completion issue if the command is prefixed with a space
a457c5c92 Bump golang.org/x/crypto
0ba1942f2 networking: lookup child IP in networks
c182091b0 Small API test improvement for compatibility search endpoint
6e6a38b41 podman manifest exists
c9baa6b93 Accept and ignore 'null' as value for X-Registry-Auth
4b8df5903 Turn on some remote test
94f96c78a Add a notice to remove pod before starting service
ef654941d libpod: move slirp magic IPs to consts
5e65f0ba3 rootlessport: set source IP to slirp4netns device
37319dec1 vendor: update rootlesskit to v0.12.0
2fa67fe4b api: fix import image swagger definition
9d31fed5f podman volume exists
4e4d318b7 Cirrus: Upload swagger YAML in every context
dbb99433d [CI:DOCS] Cirrus: Skip smoke task on branch-push
836fa4c49 Move the cni lock file into the cni config dir
c1cd512cb Use random network names in the e2e tests
3fedb2b6d [CI:DOCS] Update project name in Code of Conduct
f43046745 Set log driver for compatability containers
c3cbaa355 Make generate systemd --new robust against double curly braces
6518391e8 Fix man page for fuse-overlayfs config in rootless mode
a3621a7cf Cirrus: add bindings checks
e7df73efa Fix handling of container remove
41a7e11c7 make bindings generation explicit
f302ce578 make bindings generation more robuts
175fc3867 Revert "ginkgo: install on demand via `go get -u`"
37abec240 [CI:DOCS] fix go-md2man HTMLSpan warnings
9f6bb3563 CI: smoke test: insist on adding tests on PRs
a45d22a1d podman network exists
de05e5816 ginkgo: install on demand via `go get -u`
d2ee3d815 runner.sh : deal with bash 'set -e'
4ccb0729b Add binding options for container|pod exists
683bab03f [CI:DOCS]Do not run compose tests with CI:DOCS
2df59829e simplify bindings generation
462994268 make: generate bindings: use vendor
caaaa2c5e hack/install_golangci.sh: smarter install
f38b7f48c golangci-lint: install to ./bin
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following changes are part of this version bump:
1.29.1 (2021-04-13)
-------------------
Bugs
Fix for invalid handler warning on Windows builds
Fix config hash to trigger container recreation on IPC mode updates
Fix conversion map for placement.max_replicas_per_node
Remove extra scan suggestion on build
1.29.0 (2021-04-06)
-------------------
Features
Add profile filter to docker-compose config
Add a depends_on condition to wait for successful service completion
Miscellaneous
Add image scan message on build
Update warning message for --no-ansi to mention --ansi never as alternative
Bump docker-py to 5.0.0
Bump PyYAML to 5.4.1
Bump python-dotenv to 0.17.0
1.28.6 (2021-03-23)
-------------------
Bugs
Make --env-file relative to the current working directory and error out
for invalid paths. Environment file paths set with --env-file are
relative to the current working directory while the default .env file is
located in the project directory which by default is the base directory
of the Compose file.
Fix missing service property storage_opt by updating the compose schema
Fix build extra_hosts list format
Remove extra error message on exec
Miscellaneous
Add compose.yml and compose.yaml to default filename list
1.28.5 (2021-02-25)
-------------------
Bugs
Fix OpenSSL version mismatch error when shelling out to the ssh client
(via bump to docker-py 4.4.4 which contains the fix)
Add missing build flags to the native builder: platform, isolation and extra_hosts
Remove info message on native build
Avoid fetching logs when service logging driver is set to 'none'
1.28.4 (2021-02-18)
--------------------
Bugs
Fix SSH port parsing by bumping docker-py to 4.4.3
Miscellaneous
Bump Python to 3.7.10
1.28.3 (2021-02-17)
-------------------
Bugs
Fix SSH hostname parsing when it contains leading s/h, and remove the
quiet option that was hiding the error (via docker-py bump to 4.4.2)
Fix key error for '--no-log-prefix' option
Fix incorrect CLI environment variable name for service profiles:
COMPOSE_PROFILES instead of COMPOSE_PROFILE
Fix fish completion
Miscellaneous
Bump cryptography to 3.3.2
Remove log driver filter
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of this update to crun, we now much run autogen.sh before
running configure.
Otherwise, these are incremental changes and comprise the following
commits:
9effaeb On exec, honor additional_gids from the process spec, not the container definition
c25a2db tests: add explicit python3-pip dependency
e67a756 NEWS: tag 0.19
18c0274 gitignore: update
471a7b8 libocispec: update from upstream
f642968 tests: fix check for cgroup v2
3e7fa1d linux: always remount bind mounts
78aeac9 linux: ignore unknown capabilities
f11d742 Add linuxdevicecgroup to maintain parity with runc spec
9aa382b cgroup: skip parsing empty file
d9c9fd0 container: initialize tmp_err
00371ae src: initialize statx struct
2e88d19 src: initialize first_arg
5e4efb7 seccomp: always NUL terminate lowercase_arch
7812572 tests: add test for seccomp listener
f80e98d init: add check for seccomp listener
5d9010b init: fix check for nargs
5a627f4 seccomp: support notify listener
c3361c1 status: use function to convert from yajl errors
873b62d container: use new error function for hooks JSON
14083ab error: new function to convert from yajl errors
6e19235 linux: pass own pid to container process
8fd3320 contrib: new tool to test seccomp notifications
8722858 crun: always use absolute path for the bundle
ae9ea92 container: improve OOM error message
919aac9 utils: receive fd detect closed connection
a52e480 cgroup: new function to detect OOM
2e37d2a sync-libocispec
75ad96b Let autogen.sh generate m4
14c260f libcrun_warn if newuidmap/newgidmap invoke fails
5598401 README.md: drop pids limit comparison
9ea6857 github: add fuzzing test
0fd03ba tests: add container image for fuzzing libcrun
bbd5c7d fuzzer: reap child processes
c7350ef tests: add more fuzzing tests
816f95b fuzzer: merge two tests
effa508 linux: cleanup zombie on errors
b32f1eb linux: release only on error
5ca72f5 status: attempt open again on interrupts
9b5d4c1 Added static analysis Adding clang compilation Fixing comparison of integers of different signs
3b199ef Update GNUmakefile
dcd1a34 linux: label the tmpfs for masked directories
edf7f15 seccomp: check if the action supports errnoRet
bc222b6 seccomp: fail if no default action specified
0c5b920 seccomp: honor default errno value
92c0afe yajl: support static link of containers/yajl
f3d920d src: fix unitialized variable
7d89a02 src: add error check
765971c status: fix memory leak on error
31274d8 utils: fix check for fd
62d1c4d tests: add test to feed honggfuzz
ab75091 ebpf: return the program instead of NULL
8b16552 src: check if seccomp is defined
f721efb container: fix error ownership
4472e35 container: allow config from memory
6b369b8 container: fix memory leak
0fede0f container: initialize variable
2b6c0b6 container: fix dereference of def->linux if NULL
1dd9b5b container: check for def->process before deref
1b1a691 fix: cross-compiling for Android
b25cb2d tests: add device access test
86251b0 ebpf: handle access(dev_name, F_OK) call correctly
e2d79dc fix: access violate if ret < -2
4f35406 cgroup: read controllers from /proc/self/cgroup
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
calling bb.parse.SkipRecipe with conditional PNBLACKLISTs
* PNBLACKLISTs are IMHO a bit easier to read and easier to override from distro
which e.g. provides own recipe for libseccomp
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Moving off the 1.20.x-rc and onto a dot release tag. This pulls in
the following commits:
e87da0bd6e0 Release commit for Kubernetes v1.20.4
5682545c2da Update CHANGELOG/CHANGELOG-1.20.md for v1.20.3
f8f2fa827d3 Release commit for Kubernetes v1.20.4-rc.0
01849e73f3c Release commit for Kubernetes v1.20.3
58c5493f22a kube-cross: update image to use v1.15.8-legacy-1
e000e9722bb [go1.15] build: Update to k/repo-infra@v0.1.4 (supports go1.15.8)
3365196e9d8 Use go-runner:buster-v2.3.1 image (built on go1.15.8)
91f2745f08c staging/publishing: Set default go version to go1.15.8
3c777448311 Update to go1.15.8
b570189cf1f Revert "make hostPort match test linuxonly"
6698a4e7afc Revert "conformance changes"
6a31f8d17ef dockershim hostport respect IPFamily
a456eb4eaf6 dockershim hostport manager use HostIP
5d9910a0172 Cherry pick of #98254:Fix the kube-scheduler binary's description of the --config parameter is inaccurate
ac866d63911 make podTopologyHints protected by lock
b84ee98db74 kubelet: Fix mirrorPodTerminationMap leak
d381d6c52cc kubelet: Delete static pods gracefully
b2576fb35f7 kubelet logs print 'kubelet nodes sync' frequently
7826a1c6b87 WIP: node sync at least once
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
If the required modules aren't in the image, k3s will fail to start.
Set the requirements as RRECOMMENDS for image types that don't install
the kernel-modules meta-package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
We build and depend on our own containerd, we don't need the ctr
symlink to k3s for proper operation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
To more closely align with the rancher/upstream build, we add
additional tags to the build. To make them easier to manage, we
also introduce a variable and use it in the go build line.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
k3s requires seccomp, and a runc with seccomp enabled for proper
operation. runc has a distro feature check to enable seccomp, so
if we enforce it as k3s feature, we'll also get a properly built
runc and we'll work out of the box.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
runc can be built with both selinux and seccomp tags. These tags
are a requirement for proper operation with some frameworks (like
k3s).
So we add checks for the appropriate distro features and then
automatically add them to the build tags, allowing us a coordinated
enabling of the functionality.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixing up the PV to use SRCPV for tracking future version bumps, if
the tree is dirty or not, git will tell us.
We also add some additional kernel module rrecommends, so that the
tools called by k3s can find the support they need (mainly iptools)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Clarify some limitations / tweaks to get up and running in a
qemu virtual machine.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
containerd is rarely used without runc, so we add the runtime dependency
to make installation and image construction easier.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Grab any remaning binaries into the main k3s package. Both k3s-agent
and k3s-server rdepend on it, so we'll be sure to get them intalled
in both scenarios.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
containerd itself provides 'ctr', and it is in our rdepends. So on
target, we have a conflict for the provider of the ctr binary.
Dropping the ctr link from k3s, since having the actual containerd
package provide its binary .. makes sense.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
See recipes-containers/k3s/README.md for basic usage and testing
instructions.
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The URI has been changed to 'https://linuxcontainers.org/downloads/lxc'
by the site maintainers recently. Updating the recipe to reflect the new
path.
Signed-off-by: Robi Buranyi <rburanyi@google.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
We no longer need to support both the docker and opencontainer
variants, so we can just grab the service file from the source tree.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to the release, which pulls in the
808420e release: distribute CHECKSUMS file
c2b0064 build-aux: provide arm build without systemd
7cc03f7 .gitignore: update file
f5274bd NEWS: tag 0.18
94e8364 src: add missing definitions
baed691 libocispec: sync from upstream
8d0ebf6 Add arm64 static binary build
b66d5d9 tests: fix make check in a user namespace
e10205e linux: remove temporary mount logic
7819f4c linux: use targetfd for move_mount
891cd3c linux: use safe_openat for masked/readonly paths
6c5577f linux: use new function
9aa264d utils: add function to safely create and open
436daef src: add function to cleanup container struct
c955ece src: pull function out
7bd51a0 build: check for linux/openat2.h
dcb1914 utils: add function to remove initial slashes
a1c958c utils: memoize check result
25c6f07 container: rename function to get_root_in_the_userns
f08bd31 src: fix leak of the descriptors buffer
df88061 tests: disable more Podman flaky tests
052bab7 utils: set HOME to root if the user not found
efe35f1 linux: ignore ENOSYS on keyctl
1b65163 tests: enable asan sanitizer
a0f322a tests: build init always statically
a656698 configure.ac: allow to disable dl support
6adb26b tests: disable hooks_stdin for oci-validation
06199c7 tests: update to podman 3.0
bc888b9 tests: disable podman pull test
f1373f9 tests: install crun under /usr/bin
257f442 Fix permission error when using both user namespaces & NOTIFY_SOCKET
617a212 cgroup: skip +cpu on EINVAL in cgroup root
b6ac8de linux: use safe_openat for tmpcopyup
2d1f910 utils: avoid reopening the root during lookup
3ce74e8 utils: fix symlink lookup
cbb67ae container: set working directory for libkrun
df01709 seccomp: custom annotation to load raw bpf
b229dca linux: refactor allocate_tmp_mounts
68bb50f linux: disable temporary mounts with [r]slave
d6ae36b libocispec: update from upstream
487e792 github: enable clang-format checks
61d6844 src: run make clang-format
1d559d0 clang-format: change ColumnLimit to 0
643d05b linux: disable temporary mounts with [r]shared
de6082f cgroup: fix conversion from blkio to io
1db8312 Update nix pin with `make nixpkgs`
540444c Makefile.am: crun depends on libocispec.la
1df96e5 linux: fix build without CLONE_NEWCGROUP
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
We are not building containerd-docker anymore, so the containerd
service file should not be changing it in as the binary. It is
confusing when you see 'containerd-docker' in the process list,
when you've built and installed containerd-opencontainers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the original recipe from Tim Orling, we introduce a recipe
for critools so we can interact diretly with cri based runtimes.
We do the normal go manipulations to get this cross building,
with the following specific tweak/patch:
The build system already knows whether or not we want to use CGO,
so we remove the hardcoded variant so our exported environment
variable will control the enablement.
Since our oe-core go infrastructure insists on both -pie and static
builds (for the most part), and that is not recommended by many
packages, we end up with errors like:
1.20.0+gitec9e336fd8c21c4bab89a6aed2c4a138c8cfae75/src/import/_output/crictl \
-ldflags '-X github.com/kubernetes-sigs/cri-tools/pkg/version.Version=1.20.0' \
-tags '' \
github.com/kubernetes-sigs/cri-tools/cmd/crictl
# github.com/kubernetes-sigs/cri-tools/cmd/crictl
cannot find package runtime/cgo (using -importcfg)
/work/cortexa72-poky-linux/cri-tools/1.20.0+gitec9e336fd8c21c4bab89a6aed2c4a138c8cfae75-r0/recipe-sysroot-native/usr/lib/aarch64-poky-linux/go/pkg/tool/linux_amd64/link:
cannot open file : open : no such file or directory
In a similar manner to:
https://www.yoctoproject.org/pipermail/meta-virtualization/2019-March/004084.html
We introduce '-a -pkgdir dontusecurrentpkgs' to mask/fix the problem,
and continue to work towards non-static builds.
% root@qemux86-64:~# crictl --version
crictl version 1.20.0-dirty
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
0e3bf6dad9f kubeadm: drop explicit constant override in version test
1619e810d1c kubeadm: get k8s CI version markers from k8s infra bucket
42a3b9e85ef fix kube-scheduler cannot send event because the Note field is too large
afb0de9647c Fix nil pointer dereference in disruption controller
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to the 1.21 release branch. Although this still in development,
there are some depreciations and other features we want to get into the
release, so we bump now for extra testing.
This comprises the following commits:
7b4b8b2de bump protobuf to 1.3.2
cf1e612eb server: support setting raw unified cgroupv2 settings
fc69fe15c vendor: update runtime-specs
fcc278427 cgroup: implement fix for swap memcg on cgroup v2
7b7efa307 server: leave swap mem limit unset if not supported
2d857bf21 test: skip ServiceAccountIssuerDiscovery test
dcf651d91 hostport manager clean up host ports
6f096c58e allows stream timeout to be set from config
056f8161d Bump containers image to v5.10.1
26aa60644 Move unit tests to GitHub actions
04185fc4f Move go1.14 and 386 builds to GitHub actions
f91c4f0ca set kubelet node IP
26491d154 Fix validate-completions GitHub action
ebafe7536 Add integration test for pprof over unix socket
109b412af Add a flag for enabling profile over unix socket
a09423d60 Lookup echo command for unit tests
c1a724770 Move static build to GitHub actions
85feffc1f pinns: Fixup 'pwarn' output to match 'pwarnf' output
e30c3975f pinns: Don't put errno in the exit message for argument checks
fd8e390ad nsmgr: use host option
76a89b938 nsmgr: Use config struct for NewPodNamespaces
969505130 pinns: support pinning host ns
4394eee77 Remove implicit GitHub action `name` fields
a0568ace6 Move docs and completions validation to GitHub actions
fa3741f1d Make config tests work rootless
2a8f2b11b Make rootless namespace unit test execution work
2670d8598 Do not log file path on ioutil.ReadFile
a6e8ae41d fixes version_test.go
841913db8 Close the stdin/tty on server start to avoid shortname prompts
e430b1df6 Update debian repository url to use https
3f4bef945 docs: fix http link
c2b9d0fd8 docs: update kubeadm tutorial
b64e716a9 Fix `make lint`
f36c64dbd Return runtime API version based on protocol
cce49c0e4 Update compatibility matrix to mention v1.20
77f1b7c36 add method comment
84b616b79 restore irqbalance config only on system restart
aa46a2393 add blurb in doc and more informative name for unit tests
13be7ae5a add is-enabled check for irqbalance service
9930cc33d fix unit tests
ce9973796 add unit tests
b3b48b31f fix bash/zsh completions
3cd55b226 fix the docs validation
cf61f947d handle irqbalance service
7a1939882 runtime_vm: set finished time when containers stop
78c91cbf9 nsmgr: fix/add calls to GetNamespace
177250f74 managed namespaces: move to dedicated package
10c9e4961 Provide integration test for infra-ctr-cpuset feature
5f9dbb1a2 Set CPUs for the infra containers during the creation
b3fb25b44 Add shell completion for infra-containers-cpu flag
e0f7ccc32 Add new infra-containers-cpus to the CLI and config file
30b0aea2e refine `registries` deprecation message
ac8e51bfd Circle CI: install test/registries.conf
d0e9b8b0c crio.8.md: runroot defaults to /run/containers/storage
2e49302ed support short-name aliases
22417169d pull: do check for blocked registries
83974bbdd config: deprecate registries
4879bba02 Rollback gocapability vendor bump
78261109b vendor: bump containers/storage to v1.24.4
d25bfe297 Update nix pin with `make nixpkgs`
709e4d170 contrib/test/int: add Kata Containers runtime support
ce0beec25 contrib/test/int: enforce linking in parallel build process
85e67f811 contrib/test/int: build parallel from sources in CentOS
b18fe2cbf contrib/test/int: allow to skip user namespace testing
506e7c2e7 contrib/test/int: allow to configure test timeout
cc9d037c3 Capitalize Kubernetes
c85474476 modify the error url of podctl
1b7e811fb Add Digital Science to adopters
e0bf8bc94 pinns: make binary not always static
0aeb7d27e server: use IsAlive() more
2460f6d26 Support CRI v1 and v1alpha2 at the same time
1633196c1 drop support for ManageNSLifecycle
b395cd224 test/timeout.bats: increase timeout to fix flakes
ab2626872 release-notes: fix flags
fa6a34381 test/timeout.bats: fix comments
553123b19 int/resourcestore: fix comment about Put
de186def3 test/image.bats: simplify some loops
0a30ab479 test/helpers.bats: simplify cleanup_*
cfdf40e4b test: add timeout.bats
521fa1948 bump network creation timeout to 5 minutes
87977f19d resourcecache: add watcher idiom
1d2328aa8 server: use ResourceCache instead of dropping progress
4bdc500ba Add unit tests for ResourceCache
76ebcac66 Introduce ResourceCache
a4588db28 moves shmsize to a handler allowed annotation
8e8f164f2 image pull: close progress chan
1fffd7210 test/ctr.bats: fix a "ctr execsync" flake
2bca8ec2b Fix the functions' name in completions
5e80372b7 Increase release-notes run timeout to 30m
7150db5ba Bump k/release to v0.6.0
eabdf7e4e ci: enable shellcheck for bats files
829053a41 test/network.bats: silence shellcheck SC1090
0c42734b2 test/network.bats: s/which/command -v/
c50658467 test/inspect.bats: fix SC2086
e62136838 test/image.bats: rm unused code
03f8eae37 test/network.bats: fix shellcheck warnings
149619d93 test/devices.bats: fix a shellcheck warning
15a3cb785 test/pod.bats: use jq to edit json
64c0fb2a0 test/network.bats: use jq to edit json
7053a2c39 test/*bats: rm unneeded stop_crio
99e521b23 test/testdata/container_config_sleep.json: rm
2a40a639a test/ctr_seccomp.bats: rm testdata/container_config_seccomp.json
9ca6eeab4 test/selinux.bats: rename a test
d309db54b test/selinux: rm testdata/sandbox_config_selinux.json
6ca29591a test/pod: rm testdata/sandbox_config_sysctl.json
f1fc4626f test/ctr.bats: do not create files in $TESTDATA
25a559237 test/image: rm container_config_by_imageid.json
f10a38851 Use own metadata types
09f929216 test: use jq to manipulate json
029bb46bf test/*bats: rm excessive runs
25db96707 Add CRI glue types for v1alpha2 and v1 usage
e8127e0e7 Add CRI v1 API
c4df5708c Fix make vendor GOSUMDB
d0e2cfdfd make: drop link to crio.service
5ad548b38 test: rm "run ctr with image with Config.Volumes"
39ff75035 test: add no-pull-on-run=true
ea9d2ab31 circleci: use updated images
284779311 Check allowed_annotations under performance hooks and drop deprecation warning
91ea6ac1a Add clean v1alpha2 CRI API interface
63bd12659 contrib/test/int/build: bump a few deps
abf049f6b circleci: use go 1.15 for vendor
302b36c0f ci: bump go to 1.15.5
bafa2a870 circleci: bump go to 1.15.5
7f046e2af Pass runtime to the handler hooks
bd5ae5de2 Provide methods to check allowed_annotations for high-performance runtime handler
38f8e9da5 Provide a better value for features specific annotationis
bd78f7e89 don't do unnecesary iptables restore
942e6255f switch CRI-O to use its own hostport manager
d17d157e0 dual-stack host port manager
a86d258c7 fix upstream hostport manager
76f6d342f Add README to hostport folder
7dbafacd1 fork hosport kubernetes code
90ae7e2d7 ignore test binaries
8dd12dc42 fix cleanup func wording
7244e40ca server: refactor handling of cleanup funcs
d2b341659 Make NamespaceOption an internal type in sandbox
49d0de238 test/e2e: disable a flaky test
22ce1d7a3 contrib/test/int/e2e-features: skip Serial tests
f1b6fde01 contrib/test/int/e2e-features: rework "skip" regex
fd15db07f contrib/test/int/e2e: rework "skip" regex
5e57f4215 contrib/test/int/e2e: rm obsoleted TODO
9ef215fb7 ci: move check vendor to github actions
437f1c1b8 Makefile: rm GIT_MERGE_BASE
a4309e000 circleci: fix cri-tools install
b59718676 alphabetize OS
ad043ae9a Update install.md
d22c37e71 ci: move docs-valication to github actions
9dd630514 ci: move shfmt from circleci to github actions
2489684ac ci: move shellcheck from circleci to github actions
7f9f09801 ci: move golangci-lint from circleci to GH actions
9fe43d28d github/PR template: add /kind ci, other
359c60f2a vendor: bump containers/storage to v1.24.0
99081ef41 Makefile: bump golangci-lint to 1.32.2
936e21890 circleci: rm build-test-binaries job
b3000eb70 test/devices.bats: fix "additional device permissions" case
22d9e7e8f do not enforce seccomp profiles if disabled
1eddc1b9b ci: use cri-tools from git head
a53c2a70e test/devices.bats: rm unneeded run
7b910a08f test/devices.bats: skip earlier
329ccbafb Add wrongly removed word
7ff1fbc05 Update the crictl tutorial and simplify a few steps
fedd00c0d Make CNI setup instructions a bit more clear and fix nits
205711e5e Fix links to installation documentation
24b7e4f83 move is_cgroup_v2 to helpers
ddcfee824 oci: add Devices to allowed annotations structure
54477302e restore.bats: allow userns tests
61dad864c test_runner: test userns with manage_ns_lifecycle
ba3d36c00 test/ctr_userns: rely on global userns testing
34d0aacbb Allow userns together with ManageNSLifecycle
1daaa067c server.createContainerPlatform: fix userns + spoofed infra
4e0cb03fe server: add userns mappings for spoofed infra
6e897b8e5 runtime_vm: Ensure closeIOChan is not nil inside CloseStdin's function
b256264f1 test/command.bats: fix device test
7646b5b74 server: fix some nits about resolveSymbolicLink
917d39c66 move device handling to container iface
c3370fb0c move additionalDevices handling to separate package
c8e270f23 Bandwidht CNI plugin reserved an upper limit on burst,in which banned include boundary. See: https://github.com/containernetworking/plugins/blob/v0.8.7/plugins/meta/bandwidth/main.go#L113
fe8c25a1d Update nix pin with `make nixpkgs`
3ca6f8dae pinns: fix ownership for created namespaces
d7d8f7a29 pinns: use a socketpair instead of a pipe
374415de8 vendor: pin shfmt to v3.2.0
f4301256d OWNERS: add myself
bd364cd2c Log version at startup
88159bb7b test: rm disabling selinux from userns tests
e54203c8a curl: add -S where -s is used
98fbf5bab ci: bump crun to 0.15/HEAD
be3ec3c1e nix: fix static build
0cfc673cd test: bring back userns testing
c9290e44c test/network_ping.bats: skip with userns
a3d0b391d test/restore.bats: skip some tests with userns
6931ee743 test/network.bats: skip hostnetwork test with userns
b7db612de test/image_volume.bats: fix userns check
b4d692617 test/drop_infra.bats: skip if userns is enabled
03cfc2fcc test/ctr.bats: skip privileged test when userns
f147b4a9e Preserve sandbox annotations for handling OCI hooks
3e6b81904 Increase integration test timeout to 30min
9750103ae Upload bundle in separate CI step
ecece5641 vendor: update containers/storage to v1.23.7
35f64617e test: disable crictl pull on create
f41aa4ae5 Update maintenance versions in README.md
d22514351 test/image.bats: pull the image to be used
a400561a7 circleci: use ubuntu 20.04 image
468d49427 removes runs
70f73ab7b circle-ci: use go 1.15.3
8a2f5f189 Add SUSE CaaS Platform and openSUSE Kubic to adopters
58328a6af Error if GitHub release could not be found
ca11353f8 Update e2e-aws logic for 4.7
95f285103 drop error in finalizeUserMapping as well
455a1b6b5 Adding Oracle Linux Cloud Native Environment to the list of adopters.
4cfde377e userns: use the same ID if the mapping is missing
0de968083 Add KubeCon EU 2020 talks to awesome list
99a21e919 use correct mappings when they exist
ba9c0c245 drop AllowUsernsAnnotations
1a5553ebd add allowed_annotations to runtime handler
1d0f68156 update documentation of privileged_without_host_devices
f0fab44c4 template: move default_runtime closer to runtimes map
5c9085a9f Fix release notes generation
23e0ed065 begin ADOPTERS.md file
4cf0a2915 test/testdata: rm container_redis_default_mounts.json
7e88c2cd6 test: mv test-specific setup out of setup_test()
b8af8c4f0 test/reload_image.bats: nits
35b7de3c8 test/default_mounts: rm --deprecated-mounts test
e1ffae3b5 test/default_mounts.bats: rm excessive run
5a59e514e test/testdata: rm *namespace*.json
ba126e6de test/namespaces.bats: rm excessive run and cleanup
83fe6c285 test/testdata: rm sandbox?_config.json
2a0076143 test/testdata: rm *_hostport.json
3fbdf6fa4 Remove last traces of --default-mounts
023c57ac7 test: improve/rename parse_pod_ip -> pod_ip
bc9d66793 test/helpers: improve test_pod_from_pod
417f0591f test/network: improve "Check for valid pod netns CIDR"
d7babd6ac test/network_ping: merge the two cases
905511a2f test/helpers: show crio.log after the test
8343d16fc test/helpers: hide crictl info output
2bdf0e109 test/helpers: rm temp_sandbox_conf, switch to jq
a6c985492 test/shm_size.bats: fix SC2002
a035e1561 test: simplify check_journald check
0483c62b2 .gitignore: rm conmon
e6ef7221b test: simplify check_metrics_port -> port_listens
5502607e1 container_create: fix /etc/resolv.conf to be ro
d04aa9092 test/testdata: rm container_config_resolvconf*.json
979dabda1 test/testdata: rm sandbox_config_privileged.json
347b03e01 test: rm testdata/container_redis_env_custom.json
1dbd73dc5 test/testdata: rm some unused files
2ba965644 test/pod.bats removes excessive runs
9784199e6 test/pod.bats removes unneeded teardown
5f4774efc runtime_vm: Ignore ttrpc.ErrClosed when removing a container
802b4e4fe runtime_vm: StopContainers() should not fail when the VM is shutdown
85f341c32 runtime_vm: Don't let wait() return ttrpc.ErrClosed
0f2a07053 runtime_vm: Fix updateContainerStatus() logic
fecf1a1d8 network stop: don't segfault if sandbox isn't created yet
2fb259791 Revert "Move back network setup to after adding infra container"
06b6e129f test/ctr.bats: use $newconfig
54959f5b8 test/ctr.bats: replace sed with jq
a7746c2dd test/ctr.bats: convert python calls to jq
bbd70e433 test: rm edit_json, use jq directly
ae7ac6105 test/ctr.bats: shfmt it
6693d79c5 CI: add shfmt check for bats files
4953fb28c test/*.bats: format using shfmt
4c9984603 shfmt: update to current master
407603303 introduce SeccompOverrideEmpty
e9d9b3011 server: cleanup container in runtime after failed creation
685f275d3 defer removal of container in storage immediately
cf79dc39f test/status.bats: use shfmt
0ea616973 test/status.bats: rm excessive use of run
70ea166d3 test/status.bats: minor refactor
7bc848cbe test/image_remove.bats: rewrite
510e5325a test: tidy image prefetch
6e0d7a3c2 test/image: rm unused var
4ab412848 test/ctr.bats: fix SC2086
27dd454a2 test/ctr: rm excessive use of run
eea57ad02 ctr.bats: fix jq checks
19e521422 test/ctr: fix "privileged ctr -- check for rw mounts"
86596bdcc test/ctr.bats: fix "annotations passed through" test
bea64ec68 test/ctr.bats: add is_cgroup_v2, fix SC2046
601e1e4ca test/ctr.bats: rm unneeded cleanup
37c9c24ed test/ctr.bats: fix SC2002
96b8890e5 test/version.bats: fix/improve
b45e341ee test: fix SC2086
dd3c394e3 crio: add new option --separate-pull-cgroup
fbed1b37e crio: move in a new cgroup on reexec
26cf82891 test/command.bats: fix shellcheck warnings
e60a04514 test/crio-wipe.bats: rm excessive run usage
6c69b4495 test/crio-wipe: simplify code
f0e081865 test/apparmor: simplify is_apparmor_enabled
e5bea7e08 pull: move image pull to a new process
7cc83932b crio: force garbage collection with SIGUSR2
4b549f542 test/network.bats: fix "Clean up network" tests
9da1a3ea8 Update nix pin with `make nixpkgs`
e559d8e0e test/helpers.bash: rm "echo 0"
caebae40e Support passing properties to RunUnderSystemScope
ada8cfcaa test/network_ping.bats: simplify
b03195eb5 test/network.bats: simplify, fix shellcheck
ef07f7192 Move back network setup to after adding infra container
178872342 Bump master version to 1.20.0-dev
39a0e7984 server: use more GetContainerFromShortID and less GetContainer
965b70fad server: do not do container operations on a not created container
928edf243 server: do not stop/create container if pod is not created
9284c007d defer network stop ASAP after network start
83169c578 network: create as early as possible
00bf747aa Bump Kubernetes to v1.20.0-alpha.1
a78651ff8 Bump logrus to v1.7.0
6913515c8 runtime_vm: set Pid and InitPid for VM runtimes
1a35fce0c go.mod/sum: update
309b3d07e contrib/test/ci/cri-o.spec: rm GO111MODULE=off
6445c1418 Makefile: rm GO111MODULE=on and -mod=vendor
8eb6575c6 CONTRIBUTING: no need to set GO111MODULE
012e52db9 Makefile: fix vendor target
bd3aa8151 internal/config/node: add checkFsMayDetachMounts
a2bc9d35c Fix bogus CI test failures
056b43d11 runtime: parse oom file for VM type runtimes
c49ee2362 test: use crun 0.15
b66ec3f42 test: adapt test to new crun output
bac4a3ea0 moves spec generation to container
40709d286 test: drop infra container
4aa7d4c51 test/config: fix shellcheck warning
94ef42cbc test/config: fix "config dir should fail with invalid option"
1d097f7d5 cni: fix ipv4 configuration file
4f1e4efae [feature] support custom shm size and docs
deba2580b Update nix pin with `make nixpkgs`
a20c3a4de Verify Cgroup Memory - cgroupfs
7eaede753 deprecate manage_ns_lifecycle option
aac00ea84 Enable debug logs for release notes generation
0d878de1e Bump GRPC to v1.27.0
53b72efe1 test: skip MetricsGrabber tests
9afdd35c3 drop infra container when appropriate
25383e728 server: no longer assume some infra containers will be nil
e42b2b1c5 sandbox: add NeedsInfra function
fdab97f50 oci: add Spoofed() function
33de444ce introduce pkg/annotations
4ff61bb49 portforward: rework to not need infra container
3c241bdbb pinns: fix pinning cgroup namespace
26de5b665 pinns: allow sysctls to be passed
3f655aa2b test: configure self when kata-runtime is the CONTAINER_RUNTIME
9e337b0ab test: add tests for dropping infra
3978b8cf5 add --drop-infra-ctr option
7d56d27b1 broken link
dff47619b update link for podman
3fd6ff726 add the integration tests for handling default runtime
db3f22b4c Update containers/* dependencies and vendor libpod/v2
0f9a374ea test: remove generated file
e5940bc87 Updating documentation of kubeadm with offline configurations. Signed-off-by: Athanasios Garyfalos garyfalos@cpan.org
6bda9b5e0 Force pkg dependencies to older ones compatible with gogo/protobuf
1635b0d26 Switch to Kubernetes AppArmor unconfined const
ca1c46636 Update crictl.yaml to reflect cri-tools v1.19.0 configs
40b9d971f Bump cri-tools to v1.19.0, CNI plugins and golang
6f9341d5d Add image layer reuse docs to metrics.md
167fed492 oci: parse stat file instead of using ctime
12a5cb458 Print seccomp profile JSON only on trace log level
ec69e86fa oci: return IsAlive error instead of logging
687202247 sandbox config: Improve validation error message
7b1e83595 pinNamespaces: fix cleanup and error returned
2b5a80d57 pinNamespaces: set capacity for returnedNamespaces
9925188dd pinNamespaces: use string concat instead of fmt.Sprintf
525d5b760 sandbox: ignore enoent on shm unmount
b66da412d Revert "runtime_vm: Cleanup process when the Container is Stopped"
bc9dd6fe2 test: deflake stats test
635ab5f5d oci: improve error message for verifyPid()
b6db1d8a0 Fix pinns compilation for TEMP_FAILURE_RETRY
4a3f8b87d Vendor Kubernetes v1.19.0
8152e00f3 config: set internal RootConfig to default storage if not specified
827eb0bfc Revert "dual stack portmap support"
f45c631ab Update nix pin with `make nixpkgs`
773f6b0b5 branch forward: stop on rc
5011a7b2f added irq smp balance and cpu cfs quota control
6a3f71112 Code clean up in containers_create_linux.go
7b942ed73 Remove git-validation in favor of prow/golangci-lint
f97ad7fd3 dual stack portmap support
f0d987acb Switch to containers/common for AppArmor
017e62dc1 Unset GOSUMDB when vendoring
4bf30158a storage: delete layer if mapped
ad2ed3b79 mapping: add support for userns-mode annotation
f035d6077 server: make paths to chown also accessible
d9d3789cd vendor: update containers/storage to v1.23.1
7f8c00e5e server, systemd: export container env variable
2716da1de remove --runtime option
0afa35525 fix high performance hook self-exit container issue
9e112eebd oci: move channel close to writer goroutine
3472cc5c8 test: fix container stats test
d4c32cb00 test/stats.bats: fix/improve container stats test
d1e2ea04a test/stats.bats: improve test case
d05a6335e test/stats.bats: fix typo in a variable name
9a1490531 managed ns: report namespace cleanup failure by default
4ed669482 managed ns: ignore `PID not initialized` on sandbox creation
ff6d989fb test/apparmor: add missing test case call
aca64980b test/cgroups.bats: enable pids test for cgroup v2
01432f5d6 test/cgroups.bats: simplify and fix
0aacb5b53 test/critest.bats: move setup/cleanup out of test
b811a2040 test/apparmor: simplify
6f169692f test/apparmor.bats: add teardown function
b4eb95602 test/cleanup_test: improve
5bce7486a test/wait_until_reachable: fix
d6405601a test/ping_pod_from_pod: fix
60a04790f test/pull_test_containers: fix
8bf151454 test/critest.bats: fix
d2ded1d73 handle runc not present on the system
838ab4aed Add fidencio to OWNERS file
ab82e12e0 Use Unmount w/o prior Mounted check
15375c94c Don't limit the size on /run for systemd based containers
8c7c8028e oci: reorder conmon args
80609e566 config: check conmon version before assuming features
5dcf88604 test/image.bats: rm useless code
c5d29b355 test/*bats: fix excessive use of export
616b7855e test/ctr_seccomp.bats: unify common code
2a45877ae test/ctr_seccomp.bats: unify/simplify seccomp check
149e13b07 test/ctr.bats: properly declare readonly var
2c4d5de9b test/apparmor.bats: fix shellcheck SC2030,SC2031
f2469036e Remove duplicate check for enabled seccomp
d9ea3921d Bump test images to go1.15
61736cbe3 runtime_vm: Store logs in the correct format
8e45b939e Revert "Fix potentially unclosed file in runtimeVM#CreateContainer"
e3e4385d1 selinux: override only specified values
8cbe37722 Fix container cgroup under cgroupfs
3609f6475 server: reduce complexity of getSourceMount
7a48cf993 server/addOCIBindMounts: speed up
6dd52f2ac Reuse Kubernetes API consts for seccomp profiles
dca828597 oci_linux: fix working set calculation for cgroupv2
18fa73d9e Switch to go 1.15
49d121594 Add /sys/dev as a masked path path
eddf148a1 oci_linux: fix working set calculation
059934138 test/image_volume.bats: fixes
79c52eb1e Revert "tests: adjust test to not depend on runc behavior"
76c7e8657 test/*.bats: fix checks that id is not present
bf10fcafe test/*bats: fix shellcheck SC2076
a881562a2 Fix logs that have wrong func names
f90a1dda0 Ensure CloseIO is called after Start for exec
e21f21edd Add layer reuse metrics
ae5630f72 Bump golangci-lint to v1.30.0
e790775d9 Vendor Kubernetes v1.19.0-rc.4
dfcd1691a config: create hooks dir if not present
cbc7c514c docs: Move logo location
d69d6d728 docs: update installation instructions
371a60093 use errors.Is() instead of errors.Cause()
e1eb96fc8 Fix lint pipeline by gofumpt'ing cgmgr_test.go
c99023d50 Parameterize strip binary in pinns/Makefile for cross-compilation
0bfefee51 Make filter container list be able to filter short pod IDs
44e0c0db7 drop findprocess
009ccb65e oci: rarely access Pid directly
5b3c5b655 exec sync: check pid instead of calling runtime state
1d672d139 server/createSandboxContainer: minor optimization
b44a6cafa setCPUSLoadBalancing: nit
042a4a76c setCPUSLoadBalancing: optimize
82b339265 setCPUSLoadBalancing: rm repeated call to c.Spec()
484551e15 shouldCPULoadBalancingBeDisabled: simplify
5a5aa34cb Remove unused global vars in memory storer
e8d4b0bc6 exec sync: be more careful about temp files
814c1bb01 runtime_vm: Cleanup process when the Container is Stopped
8b4ffe784 docs: fix cni documentation
79de63e63 contrib: update the crun version to the last release
b55168f78 test: fix regex to look at the beginning of the line
4d21cd3f0 add stats list unit tests
857bcd34c stats: skipped stopped containers on container list stats
ae69fd7f6 crio: use json-iterator/go instead of encoding/json
91d3d2791 Do not remove existing runtime handler
964d0d3a2 Speedup static build by utilizing CI cache on `/nix` folder
3f7d13e62 Add `make release` target
f64d6d5e9 runtime_vm: set container creation time
cd9e835c2 test/command: add test for --profile
1aa5f89a4 test/helpers: rm start_crio_* twins
eb9321386 Remove unnecessary err assignment
faad1a446 runtime_vm: Avoid possible deadlock on UpdateContainerStatus()
1313a9a2b Fix unit-tests and regenerate mocks
e6e3c4ad0 Bring back pprof
9d4195941 Add testcase for createdAt timestamp restore
f7f4a8664 Restore Sandbox createdAt timestamp on cri-o restart
2a260703f Fix gofumpt lints
300380462 name is reserved: give more informative error
fb3cb0a2f Restore CPU load balancing just when an error appears
d34d57c94 Add unittest for the high-performance hooks
fe69fd2b1 Add RuntimeHandlerHooks interface
dd5abc1c5 Add gofumpt linter and apply lint fixes
e115e4cc8 Cleanup nix derivation for static builds
496f1e426 Provide unittest for the CPU load balancing method
8a48ff5d3 Provide functionality to disable and enable back the CPU load balancing
6886573e6 makes containerstats just get one container instead of whole pod
5cbbd289d Update UpdateContainerResources unittests
e29c3ffe4 Update the container resources under the spec
1ee062c85 Make integration-cgroupfs tests depdent on results
a2ec1d40d Copy spec to not touch original spec on exec(sync)
74a94b546 Add volume mount option for SELinux labeling
00c33525f Implement BigFilesTemporaryDir
65b692268 Perform log directory validation early in Server#runPodSandbox
ce5825f1a Remove resolvPath when Relabel fails
abecfdf31 remove all cases of returning an error named err
fdb2df175 container: handle SelinuxLabels
9b881b0b5 container: add ReadOnly()
b852ad675 container: add Image()
6e883db15 container: add fips disable handling
1f51d6d5d Revert "container_server: disable fdatasync() for atomic writes"
77cf58c91 node: fix panic if /sys/fs/cgroup failed to stat
4810ca3e3 Use /usr/bin/env bash in crio-shutdown.service
c4795b496 Fix static binary mode retrieval for musl toolchains
c180faac7 change variable name err to retErr for deferred comparisons
705381c46 runtime_vm: Improve CreateContainer cleanup in case of failures
d785c14fc runtime_vm: Create deleteContainer() helper
11ae5b78d Close the done channel in runtimeOCI#ReopenContainerLog
d5920c866 Update golang dependencies
924a8e983 Fix potentially unclosed file in runtimeVM#CreateContainer
65fe2c5fb Bump testimage versions including golang
15264b7e5 Enable more feature tests
9bf8e5397 Vendor Kubernetes v1.19.0-rc.1
7170231d8 internal/oci/runtime_vm: lock around map access
cbd32ae9d internal/oci/runtime_vm: fix resizePty signature
11ec0bcda circle: save output for debugging
ce0921e74 test: add circle job that runs with cgroupfs
d8615ec46 managed ns: don't remove namespaces on sandbox stop
d33995bd8 managed ns fixes
02d8bb96f runtime_vm: Ignore ttrpc.ErrClosed when shutting the container down
b6b4d1023 Update golangci lint to v1.28.3
c2255b718 oci: add debug logs for runtime state calls
b058683c5 Return empty DecryptConfig when no keys to force decryption
fd07083b4 test: drop cgroupfs override
fa9e413c2 Make release notes generator capable of handling tags
a97c66840 Validate cgroupfs conmon cgroup on start
83e8282c4 contrib: enable debugging on the kubelet
77bb73c29 contrib, e2e: force systemd system session
b803107b0 server, root: unset XDG_RUNTIME_DIR, DBUS_SESSION_BUS_ADDRESS
945adb00b contrib, cgroup v2: use kubernetes master
aee425b19 pods.bats: force usage of the system bus
04c44932f config: fix systemd version parsing
ceb473cf3 skip another failing test
a69782498 e2e: skip failing test
0a2c92d17 use cgroupfs to fix tests temporarily
e8c12b348 Streamline how done channel is closed in Runtime#WaitContainerStateStopped
83ec8f8ed test: bump go version to 1.14
23193ea43 Add runtime_type as an option of "--runtimes"
bb54e152e runtime_vm: Apply the correct label before the sandbox is created
56140296b sandbox_run_linux: Use libconfig alias
c0da93f0d test: use node readiness as an indicator to run kubetest
ab8f1acdc Add logic for running openshift e2e-aws tests
164f46cc6 server: re-add gocyclo skip
6b6a604e2 Restore version output from crio --version
00af53a89 Enable SCTP and seccomp e2e tests
6b9dfc6e8 criocli: Avoid parsing the config twice
35a8caf8a StringSliceTrySplit: return a copy of the underlying slice
3d2cd5a4c Remove the protocol filter from the portMappings constructor.
a296edd66 test: fix seccomp tests
3e063339a pkg/container: handle logPath
859a65099 Use the container_kvm_t label when using kata as the runtime
978a0bc3d use inactive-or-failed CollectMode if appropriate
861297e93 Close the done channel in waitContainerStop
dee450550 Send only single error to stdinDone
8e4a4b774 config: add ulimits package
3752167dc logs: fix some problems
63e8f1f07 oci: check state before stop atomically
c0f5c1679 Container should only be added once after passing filter
5571a88dd Add info logs for image pull and status CRI calls
490d651cc server: store container privilege bool in pkg/container
44607af0d bump runc to v1.0.0-rc90
1fed461fe config: add node package
ac966530c oci: make failure to move conmon to new cgroup fatal
058d6b926 config: add cgmgr
fa6114234 managed_ns: deflake tests
a083494ff Add crun to static binary bundle
764d5caac Add crun to config template
87c26e6bb Update k/release to 0.3.2
954585ddc Add sandbox IPs if there is no error in IP retrieval
832e6fc19 Cleanup default info logs
aa8f005d9 Check whether seccomp is enabled before making assertion
2e5aad445 Close the done channel when there is watcher error
4033c7ac4 vendor: update seccomp/containers-golang to v0.4.1
99d7f7256 Add unit test for sandbox response verbose mode
83e01c296 sandbox_status: Fix typo in error message
cd85ebf7f Use correct format for logPath removal log
b689ae675 Use one deferred func to execute cleanup func's
a5bc7193d test: Add a test for pod pause image
166bd36d8 Return verbose information for a pod
525b1d335 Store pause image information for a pod
9197a5568 Added signature - Fixed standard cidr and typo
52dadcf42 Update golang dependencies
613cbdbee Add image pull success and failure metrics
3584fa451 attach: Don't return early for non-tty attach if there is no stdin
35c0c79e2 Fix the kubeadm command
7512d3166 Remove socat runtime dependency
de262316f sandbox iface: don't fail if uid is not specified
67fc28844 Exclude failing conntrack e2e test
247d465e8 Add `privileged` indicator to container status
e7e0746e3 Check that SecurityContext is not nil before dereferencing
3c7f385b3 Allow release notes for release branches
d686db64c crio wipe: log less
1ffd66949 Update nix image and dependencies
92f9f68f9 container_server: disable fdatasync() for atomic writes
a02f21766 vendor: update containers/storage to v1.19.2
25fcca87a bump version of libpod to get selinux
e62039468 Automatically label containers running systemd with the correct label
0fda6777d Add metrics exporter and documentation
9a53c232e crio wipe: add version-file-persist
e1f3fe0af Update k/release repo and use go templates
4a841df26 Update golangci lint to v1.26.0
0c3a5dff5 Switch to logrus 1.6.0
a9ff43ce9 Remove containerd/release-tool dependency
a6e8db404 Update Kubernetes to 1.19.0-alpha.3
de45cf1dd Avoid unnecessary locking on runtimeImplMap
2ec6e6a73 Add `--metrics-socket`/`metrics_socket` config option
a96823544 Cleanup go modules and vendor
cffb00c88 Missing `cd ~/.ansible/roles` Before `git clone`
fac15d5da Close done channel if the wait for ContainerStateStopped times out
086eeaa5f version: return empty link mode on failure
de0f51822 version: omitempty on String()
3007180b0 Delete container Id only when impl.DeleteContainer(c) passes
727b3a116 Delete container Id from ctrIDIndex if podIDIndex.Add fails
0540afc0a Add support for making reproducible builds
8e7d4d2c0 Adds Ubuntu 20.04 to install instructions
604eeb1b3 oci: drop container level privileged flag
7b6696b65 port error: check for error
4d6d96c1e port forward: add stream nil check to pass unit tests
7016c3e13 port forward: drain the stream on error
351af8519 Vendor in v1.9.1 containers/libpod
93420c499 Fix naming unit test
c83b0040a Check error return from os.Create before closing file
ed3d80f87 Close channels in runtimeOCI
192621d9d Remove latest-version script
0b105b24a Remove crio-wipe and crio-shutdown systemd units from bundle
9b80a5818 Avoid removing container twice
d04755a08 Return an error if context has been cancelled or deadline exceeded
b5fdabc22 Use correct upload URL for binary uploads
4a6beaa9b Close the channel for syncStruct
0806f14e2 Remove unnecessary error wrapping for runtimeVM#StartContainer
65d8bb6cd Fix CI by re-generating mocks
2079196f8 cni ctx: call cancel func
6171dcf39 give fraction of timeout to network{start,stop} calls
1ad8ce652 Pass context from caller to ocicni
870cd9b7d Update ocicni vendor code to get new methods that support context argument
926daa840 Use bats v1.2.0 release for CI
ae353585c Fix Linkmode path resolution
78badc81c test: check for rw mounts
c6233a2b4 Makefile: include -nobuild install targets
ed34636da Close childStartPipe if cmd.Start() fails
d1172d693 Do not hold lock when ExponentialBackoff() is called
3eff5407b readme: drop support for unsupported branches
8f01225a4 Fix incorrect image digest for test image
83257214a test: update digests and test
fa2db8d8a test: update image digest to fix test
2843f551e Fix linkmode for static binaries
e785dd2fd Check for context erroring before returning from longer requests
5daa5ac79 Allow comma separated string slice parsing
cd5d1a08c Add info logs where needed
dc945b31d Add Installation Guide with Ansible
39a35cb30 Use absolute path to binary when retrieving linkmode
dff32318b Makefile: allow customization of go commands
3261c2a75 vendor: bump ocicni to b197cd13855bae919c7c75c191c976fcc48610b9
5d2494793 Add Codecov badge to README
f7896341f Fix static build DNS resolving with netgo
9b2ee751e Add docs and completions for default_env
b92a3e6f7 Add a test for container default env
cfcee0126 Add support for default_env in crio configuration
c0b466e86 Stop container when there is error in createSandboxContainer
0c8b231c1 contrib,crun: use version which correctly writes swap
9f334aabd test: refactor handling of mem swap
7bdf93819 only set swap if we have the swap cgroup
51cfd5c76 SetLinuxResourcesMemorySwap to the LinuxResourcesMemoryLimit
44dda8b52 Add release-1.18 reference to documentation
3816fb11f Update cri-tools to v1.18.0
307be36a7 Validate capabilities on CRI-O start
d67eea300 stats: spoof stats on a cgroupless ctr
f25db77b3 add haircommander to OWNERS file
0361c5e37 Fix GitHub artifact upload via new upload-artifacts target
a7e117e44 Update libpod to v1.9.0
ec26619e3 more retErr fixes
2e494c323 Use named error return for container_server
66dc81696 config migrate: add pause image and namespace dir
62c02af51 add stop container for StorageRuntimeServer on error
95d5ab215 bump default PauseImage to 3.2
39aef1a09 Add shellcheck linter and apply fixes
b7be5b673 Update go-mod-outdated to v0.6.0
b5242b807 Add dependency report badge
be8e876cd Add runtimeSpec field to container stats info
99388a706 Add OCI image spec to image stats info
7f4ac3b7d Move crio defaults back to /etc/crio/crio.conf
4e795832a Fix lint reports for setnameandid test
3f89b9539 Use proper variable for error return in Server#createSandboxContainer
10f522002 Update installation steps for CentOS
89ff7c1b9 Fix CircleCI job race accessing gh-pages branch
5ae550efd manage ns: don't remove top level directories on pod teardown
fabb871e4 manage ns: debug output of pinns
ffede601e branch foward: skip release candidates
55bec4dae server: skip setting memory limit to 0
c36a8ebb9 Upload release bundle automatically to GitHub
ac1112c45 Update dependencies
c24e99945 Generate dependencies file in gh-pages root
086982d61 systemd unit: drop requirement of crio wipe
1e0419df5 makefile: allow version to be overridden
af2509fe1 Update kubeadm docs
e5397f81b Add dependency report to gh-pages and CircleCI
d8a709f8a Assume hugetlb is not supported by default
80d1a2466 Update shfmt to 3.1.0
96e76dd2e Enable debug symbols for binaries when make DEBUG=1
2e5b40a62 Vendor in latest containers/storage
7501a08aa Skip already uploaded artifacts with gsutil
d0d099a90 restore tests: verify some namespace lifecycle cases work
92aeb50b6 fail on failed pinns
c443e9b88 pinns: pin to /var/run/*ns instead of /var/run/crio/ns/*
1dcf7b931 Fix typo in apparmor tests
92863e3b3 sandbox: Make sure the label annotation is proper JSON
9afd5ff71 container_server: Wrap a few more errors in LoadSandbox
2bc9e13f5 Add image labels to ImageStatus Info
5281f1382 bump to conmon 2.0.15
5146d6c63 Add the mounts that are required by systemd
b297abab6 Skip already uploaded artifacts with gsutil
1806cabfa Add release branch forward to CircleCI
5cc33b558 Update Kubernetes to v1.18.0
474d29407 Test for master tag if release branch contains none
2d5cedabe Add SetNameAndID to Sandbox interface
e540ef3a8 Make release notes require results in CircleCI
ab431e66d Add crio config --migrate feature
717425df0 vendor: use directly github.com/creack/pty
9e10f54d3 Use HEAD for runc built from source
b91d80994 Do not take config dir into account on config creation
360177a6f Make docs-generation and completions work rootless
63230017a Move CNI plugin into NetworkConfig
3027070ca build: clean generated bin/ dir
f2ffe39fb Downgrade golangci-lint to v1.23.8
856ad18aa test: drop make install.{systemd,config}
c2ec5aed7 test: set cri-o systemd restart policy to no
3d110a307 build: Makefile - add shfmt target to help
dfed40b4a contrib: Add kube-local tool
759f498ae Add description to magic test value
d672ed1de Do not Wrapf errors if no format is specified
9d6326b4a config: remove unneeded empty values
b4808eac5 skip ipv6 ping pod from pod for rhel 7
7c535f29e return default-mounts-file
66b5814ab use fedora-ping image
6a0f33ae0 unify sysctl handling
b35ecf1ab test: switch from dnf to yum
88e0c419c Fix specifying string slices
a5db2aee2 drop net raw: add some test fixes to update ami
63b9f4ec9 Remove NET_RAW and SYS_CHROOT capabilities
58657488e Add cni-default-network option
c2b25b4ea Add hint to release notes on gh-pages to README.md
b9db8f3b8 Drop musl build from nix to update to go 1.14
1963aea3e Add shell format check and apply diff
e265ad0ce server/ContainerStatus: don't lock for c.State()
f8f35ba32 drop conmonmon
239ac2049 stats: fix some style nits
976e9b061 Add linkmode to crio version output
309a5bf3d Add release-branch-forward script
3e3725d5b Fix gh-pages push for remote branch
5f49b2c1f Added integration test to make sure annotations are passed through to the runtime
1ed7eb389 tree_status: show the git diff
ff7609400 Add kind/dependency-change label
648b94860 Add further kinds to pull request template
92ec88f99 Fix unit tests for locally configured registries
b039ef652 Add SetNameAndID to Container interface
6885d9088 Publish release notes on gh-pages branch
38ba09453 avoid parallel pulls of the same image
9ae49dad8 vendor github.com/containers/image/v5@v5.3.0
60c01cc24 Switch back to machine executor for CI lint stage
e1f6d2ab1 stats: prevent a segfault
15f1f14ac server: Return grpc code NotFound when we can't find container or pod
7615871d6 test: move readonly_rootfs and privileged to correct place
f757e0a2d Mention starting cri-o for running with kubernetes
64e46e789 Move bundle to contrib and reuse version vars
3ac1d93bb Simplify container log path handling
f3eeee275 build: make uninstall - remove systemd/config files
ad7125fcc Remove utils.ExecCmdWithStdStreams in favor of utils.ExecCmd
f7730c325 Add PodSandboxConfig (get/set) to Sandbox interface
03c7bd758 Avoid filename collisions in JUNIT_PATH
57b3b608d sandbox_run: import internal/lib/sandbox as libsandbox
dbbfd7865 Remove github.com/docker/docker dependency
9f556378a bump conmon to 2.0.12
e02dd7ead vendor: bump github.com/containers/libpod from v1.8.0 to v1.8.1
a3bab821c Update golangci-lint to v1.24.0
7e66be6f3 Remove Update() method
fb6525374 docs: add TOC to setup.md
f038600d4 Skip release notes generation for forks
e8ffd6e17 Add container config (set/get) to Container interface
d1d165abb crun: use version 0.13
97d990230 Add target release version to generated notes
01d40e5cf Add gRPC method name to logs
40d247042 Take localhost/ images into account during pull
0f4b6d6fd fix some remaining instances of assuming cgroupfs default
bb23a494d bundle/test: drop cgroupfs override
a6ae391a3 stats: fix stats when systemd cgroups are used
e4cc02850 integration tests: switch to systemd cgroups
9ccd5ac97 bump to conmon 2.0.11
c862e1fbd Support pulling image specified by tag and digest.
b0717fc3f Restore sandbox selinux labels directly from config.json
345952cb7 Update Makefile targets and docs to crio.conf.d
12918b25e Add runc, conmon, crictl and CNI plugins to bundle
c07429a56 Render latest release notes
73f42d35a Use static runc binary in CircleCI
5f745fa7d Let CRI-O start when `runc` is not in $PATH and not configured
2fae47c00 test/pod: TerminationGracePeriod: skip on CircleCI
34ee0d9ba test/pod: TerminationGracePeriod passthru test
23177bd84 Use `Value` field in CLI for non-default values
211393d25 Upload every successful built bundle to the GCS bucket
11b1fa661 Update golangci-lint to v1.23.8
97b9587f1 Add DEFAULTS_PATH to Makefile
eb9cc161c Flatten internal/pkg/* packages to internal/*
4bec101bd Fix 32bit build by vendoring latest go-selinux
3c48743f8 test/conmonmon: fix getting conmon pid
3d7c5ae58 skip failing storage test
c0f0c897c Add crio.conf.d(5) man-page to the bundle
4bf557482 Cleanup: minor wording adjustments in documentation
5110df3bf Fix some minor whitespace issues in crio documentation
b22b31c58 Add crio.conf.d man page
bb0a68503 Move pkg/config/seccomp package to internal/config/seccomp
f9f058f2f Update dependencies
6ab73e82e Upgrade CI to use go 1.14
b91cb5e56 Apply Kubernetes PR template
07d329e97 Add live configuration reload to AppArmor profile
1f856928c CreateContainer: pass TerminationGracePeriod
43a03bff8 Add CI bundle tests
d81de1839 Remove extra check for go modules in Makefile
917c3e764 Rebuild bin/* targets on *.go file changes
d1696ce6b Improve crio --version / version output
f13aad99c Make bin/pinns a PHONY target
fa3d37c0c Bump kubernetes to v1.18.0-beta.0
295240116 Fix markdown for generated crio/crio-status docs
3010195bb Cleanup config default values
d83645127 Drop support for golang < v1.12
eff11105a server, cgroupv2: do not create cgroupns
e48d23aab Automatically retrieve digest in test image builds
61f9ca072 Add high level Sandbox and Container interface
2c422eb42 Auto inject CRI-O version
c23a169d6 Change CircleCI config to build all jobs for all tags
56d48195c Uppercase first log char per default
ffda0f3be Add cgroup namespace unsharing to pinns
06257791d Add live configuration reload to seccomp profile
9ec3b8dc2 cgroups: parse cgroup.controllers once
d45ad21d7 Fix Fedora based integration tests
2e1d04393 Update docs and completions for crio wipe --force
153c0002e tests: update to crun 0.12.2.1
59c63a611 restore: specify runtime root to the OCI runtime
d1bcb14c9 test/ctr: adapt test to cgroupv2
94c9876d8 wipe: Add a force flag for skipping version check
dde9af43e Remove version marker from AppArmor profile
92d3eaf59 test: adapt to python3
0ed6aa6dd test: look for substring
c12fa5a5b contrib: install crun also at /usr/local/bin/runc
e502d70d3 contrib: fix ansible warning
94799c992 contrib: set crun in crio.conf when build_crun
032baf175 contrib: add tests for cgroup v2
8da112216 container: ignore hugetlb limits if not supported
5c5eb7124 Add user-notice about minimal ctr_stop_timeout
92f899ccb Update pinns build and add small cleanups
007080ec5 conmonmon: errorf when OOM killing
fd88a5bd5 klog: don't write to /tmp
f31362e45 Pass down the integer value of the stop signal
5a112abf4 exec: Close pipe fds to prevent hangs
23582bdd5 Add live reload to DecryptionKeysPath
ad75e22be Update nix package dependencies and cleanup default.nix
a5119bdc9 Make SIGHUP reload for drop-in config dir work
0bb5a2abc update installation info for debian and forks
c2535c68e Add pinns binary to static bundle
f838631f7 contrib: drop system containers
fa8d49cb1 contrib: use crun from the containers repository
a56b2f9a4 Remove trailing whitespaces from configuration template
1280b5d61 oci: Handle timeouts correctly for probes
f6fa7760e fix server restore to not remove podman containers
2c311967c Bump containers storage to v1.15.8
6cefdcca7 drop host_ip from crio.conf.5.md
f4449b681 vendor github.com/containers/image@v5.2.0
1d7d7a0fc Unwrap errors from label.Relabel() before checking for ENOTSUP
00fd41c97 Fix reload behavior for unqualified search registries
0eec45416 Skip invalid hooks directories by default
e48fa304b Add log context to container stats
f4214be7c contrib: 10-crio-bridge.conf change subnet
e962246a5 Update dependencies
720545fbf Add `crio version` subcommand
ee8b72e11 Update golangci-lint to v1.23.3
78e9ee352 Setup container environment variables before user
f7424e9c5 fail on network stop
5284c0a0a docs: improve setup.md
11535c489 Add the container IDs that cri-o assigns to various logs
1a12f8125 move default version file location a tmpfs
764bcf5fb sandbox: skip memory check if set to "max"
ff234bb71 build: make install providing systemd and config
14a2905bf fix nit from #3165
a1cdad7e9 drop host_ip and host_ips
1f1132700 Move SystemContext from Server into Config
0a8efeb0a Update Kubernetes to v1.18.0-alpha.2
2ef722b9d Update urfave/cli to latest version
ea0217e36 Use new containerd/release-tool path
437fb7356 Update libpod and ocicni
68e94e249 Remove unused getHostIPs and validateHostIPs functions
59ef3883d stream server: Bind to all addresses
0074990d6 Fix integration/unit tests
34b7b7008 Vendor in latest opencontainers/runtime-tools
faad45a91 Enable AppArmor tests in CircleCI
4cba27d88 docs: add a blurb about AppArmor profile precedence
0628b3dc8 Fix network ping integration test in CircleCI
b74ec1c3c Add support for crio drop-in config files
d43e2f359 Fix unit tests for rootless runs
65049475d Refactor sysctl handling and add unit tests
e34dad0b3 Log path location when using binaries discovered in $PATH
6a51b90a1 server: allow an apparmor-unconfined container
9ec532c7f Switch default cgroup manager to systemd
50942473b Add documentation about stream_port="0"
a014aa4de Fail to start when stream server port already allocated
964245f94 Run integration tests natively in CI
35e8ad4d6 Fail to start when already listening on socket
211fb388e Update golangci-lint to v1.23.1
ef1152b88 Allow server to start without config
49310bb02 Fix generated docs formatting
512fdb2f9 Take total_inactive_file into consideration for memory usage
66ef0b326 docs: remove mention to RHEL-8 beta repo in setup.md
5d38a07d6 Mention latest release branch in docs
eecbc3655 Fix typos in test descriptions
aa9293e95 Add image pull metrics
a94e0b779 container_create_linux: refactor common code
4bb04824b Fix man page header
31ce68627 persist exit: fix some nits
1ae3626d6 Fixes to better handle exit code
914adc516 Save exit file for container in persistent directory
62d09afcd doc: improve setup.md
8fd34a082 server: create cgroupns when running on cgroup v2
bcecd7941 Destroy the pod's network when it can't be restored
36b73a8c9 Add `namespaces{-_}dir` CLI and config option
9ddf6d7d4 Update CNI plugins to v0.8.4
ee1df54f0 Use UUID generator for namespace path
5fb3192f1 Add new NSType for available namespaces
a3afb54c3 Fix pinns path mismatch for install and uninstall
6c5ec8486 remove ErrClosedNS
9d7f8ed21 Fix possible segmentation fault in namespace removal
8bcefec51 Change AppArmor profile handling to fallback to the default
a0cb8161d Update to conmon v2.0.9
0c02f5453 Fix possible segmentation fault in error handling
20b449bbf Cleanup sandbox shared memory before removing it
1c28b2395 update createSandboxContainer to parse hugepages limit from CRI message
7646a7fd5 Update vendor to v1.18.0-alpha.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bumping to the latest available lxcfs. As part of this update,
the license has changed to LGPL-2.1+ (from Apache-2.0)
We also refresh our systemd patch to continue to apply.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
