| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-tools to version v1.23.0-26-g23f44eaa, which comprises the following commits:
e396a77d fix security test case for hostpid
670f1e50 fix log info for mount test case
3e01b9f2 fix seccomp test case for arm64
715ec019 Type cast error messages to `string`
f89ab075 add annotation for pull
ce8cbc3f Bump github.com/docker/distribution
cd38481e Update crictl ps to show pod name and image path
d5943543 Bump github.com/onsi/gomega from 1.18.0 to 1.18.1
e514433f Add backwards compatiblity to `Version` and `ListContainerStats` RPCs
9001d78a Switch to CRI v1 API
2694dc34 Bump google.golang.org/grpc from 1.43.0 to 1.44.0
4a54a037 Bump github.com/onsi/gomega from 1.17.0 to 1.18.0
5d213e82 Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
5828782d Bump docs to v1.23.0
c688ed1d Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
b93abd15 Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
5092844d Bump github.com/docker/docker
2816d415 Bump google.golang.org/grpc from 1.42.0 to 1.43.0
c15dbbc6 1.5.9
5a87849f Use same grpc max message size as Kubelet
1a64648a Add support for cri-dockerd
7bbcf895 Add support for specifying custom test container images.
f2091fc3 Fix cri-dockerd CI runs
61ba8b97 Fix Containerd main branch CI for Windows
e3e5375f fix ci for dockershim-critest
4611ba31 Update Windows images for ltsc2022
1a255046 images: use k8s-staging-test-infra/gcb-docker-gcloud
0f2d4138 Refactor fish completion
c52d97b1 Rename bash and zsh completion functions
cad0736a Add zsh compinit tag
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.23.1-16-g1607c6ec2, which comprises the following commits:
f2d8f69e3 config/sysctls: validate against invalid spaces
b1932286d server: stop deleting pod from idIndex if already gone
bccfd5110 [1.23] ci: use kubernetes 1.23, cri-tools 1.23
2630e0f88 contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
e50405e5a hack/build-rpms.sh: fix yum-builddep failures
574393461 image: use imageCache value for ImageStatus()
4559c3328 oci: fix a leaked goroutine
e19f812f9 Reuse createContainerIO in CreateContainer
c9b4eb84e Fix vm containers couldn't restore after CRI-O restart
3899601f9 release-notes: add args for checksum fields
abe57a58b Updated format
b2fba4cf7 Generate checksum files for artifacts
0c619fc21 bump to v1.23.1
24092dd77 test: add test for skipped sysctls
b2ac1b7ca server: skip sysctls that would affect the host
8d512cbac server: don't set memory swap when it's not enabled
ac75b6cf0 deep copy List{PodSandbox,Container} structs
76e9feca0 ci: use main branch for conmon
54b6b7932 server: fix race with kubelet
987bd1366 Fix runtime panic on pod sandbox stats retrieval
a8513868c ci: use main version of runc
a6d6d3dde openshift e2e: bump ci image
8520be5fc server: fix a potential NULL-pointer dereference.
bc38aa734 pass the main mount point to fix crypto profiles binding
dc4bea916 test: update tests for allowed_devices
0f57bf75c config: add AllowedDevices option
dc224daf3 server: drop duplicate log message
11ffa6cbe test: add test ensuring a stopped pod is restored
a1ada429a sandbox stop: remove namespaces
89eccb5fc restore: handle removed namespaces
873414dbf Partially revert "restore: restore stop before managing namespace"
fe0e69dc8 restore: ensure containers are wiped on reboot
b905626d9 use cmdrunner singleton
228f82dbb conmonmgr: refactor for new CommandRunner
97bbe0637 cmdrunner: update mocks and add target to makefile
8ec9ce138 config: prepend commands with taskset if InfraCtrCPUSet is configured
81761eb2e cmdrunner: add tests for prepended commands
9c915e269 cmdrunner: create singleton
499540011 Use timeout for conmon cgroup move
04e8e4081 Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
021b5ba00 vendor: bump c/image to 5.17.0
dba27ab7e Add new metrics that match Prometheus best practices and reduce cardinality * add metrics with new names that match naming best practices * use _total for all counters * use base unit seconds, bytes * metrics that do not follow best practices have been marked deprecated, these can be removed in a future release, it is to ensure non-breaking change for couple of releases
e7aa30fdc unit test: fix relative log test
acc746e52 unit tests: update pinns path in case it isn't found in PATH
9f584ca4c test: skip target tests for userns
972c29c2d test: add test for target namespace
0176d5f92 add support for target PID namespaces
da0de5373 test: give testunit sudo
4b0d40ad4 oci: add managed pidns to container object
1fa69c707 pkg/container: take container namespace configuration
546732eed nsmgrtest: take some namespace related test code
440ba9feb nsmgr: add function to pin existing namespace
e122cb4f0 nsmgr: take (and rename) NamespacePathFromProc
8db9a89a5 pkg/sandbox: take config initialization
6f4e7bf8c Bump Kubernetes to v1.23.0
da8f9a07e set user.max_user_namespaces in case it's not
b8a766213 lint: bump cyclo complexity
0864aed84 gh-actions/contrib: setup sub{g,u}id
067551101 docs: add tutorial for setting up user namespaces
5d3c5a67f oci: put conmon in infra ctr cpuset if it is in the pod cgroup
231a358d2 test: add tests for user namespace annotations
ce3699969 test: move workload creation function to helpers
87aede8d5 cni manager: catch server shutdown
f3d2c601e server: notify user when network isn't ready yet
99e93ee58 stop using hardcoded "pod" const
9f81e4a00 oci: always reap conmon zombies
ab1b1aaaa clarify some error messages
96679844e Drop intermediate CRI types
3162e0552 Relabel containerenv files
f154c7c3c Add minimum_mappable_(u|g)id settings
bbc944cf6 Fix runtime panic on stats server shutdown
efcf8afe6 restore: restore stop before managing namespace
dec3bf5c9 server: add {,List}SandboxStats
5ba5cb0be server: refactor sandbox list
64870e3d8 server: use stats server to get container stats
b17b7dfd9 container server: use stats server
7f136833c stats: add stats server
43db34fb6 config: add StatsCollectionPeriod field
2569255c9 cgmgr: move most of stats handling to cgmgr
c6efa96ee oci: make changes in preparation for moving stats functionality:
536c08423 server: stub {List,}PodSandboxStats
542eb5580 server/cri: add PodSandboxStats support
ad71bd9ff vendor: bump cri-api
c5dd30dd1 server/cri: refactor to make stats processing unified
a598debac pkg/config: use iota
40dcd6da9 Add go 1.17+ go:build tags
6fbd6773f Remove redundant build tags
3064a9d7a Add containerenv file to containers This file indicates that the current environment is inside a container environment. The same technique is used by podman and docker. The same file name/path as podman was used, as it is vendor agnostic.
86538358a build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8
5fb7618d5 config: merge runtime and workload allowed annotations
28b01dad2 Updates kubeadm.md: The cgroup property is removed in [kubeadm-config.v1beta3](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/)
5a510ad7f build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
99027c321 Specify runtime table format in the error message
1f7b886d7 build(deps): bump github.com/containerd/ttrpc from 1.0.2 to 1.1.0
cbfab09d5 server: fix segfault when using cgroupv2
0f99f3348 gh-actions: add sed for kube e2e
880744562 release-notes: update to main
60615f0a3 build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0
8530f0a38 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
8daa9039a Bug 2012838: fix override storage options from storage.conf
0ce45a372 oci: fix deadlock in container stop code
cf7f6f5af build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0
a216d3d24 oci: always close chControl
1e8e40aaa oci: make some channels buffered
3036101b0 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
cf3524471 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
2e1048422 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
10f8f17c4 Add annotation that makes /sys/fs/cgroup writable
7f747dde0 Add support for CNI plugins v1.0.1
ec6305762 bump(deps-opentelemetry)
37418e122 pin go.opentelemetry grpc/otelgrpc v0.25.0
c16429eb1 opentelemetry: add gRPC tracing
2a5623a2e build(deps): bump k8s.io/klog/v2 from 2.20.0 to 2.30.0
3571d9c74 build(deps): bump github.com/go-logr/logr from 1.1.0 to 1.2.0
ca38caa74 version: bump to 1.23.0
808681227 build(deps): bump github.com/containers/podman/v3 from 3.3.1 to 3.4.1
0b1b2061f build(deps): bump github.com/containers/common from 0.43.2 to 0.46.0
8f1daefc6 test: drop swap disable playbook
f253acb15 server: add support for CRI unified field
cd8bc4c1f server: implement swap support
9ab385d44 server/cri: add support for 1.22 features
aca331db3 test: bump cri-tools version
518fceb63 scripts: pin cri-tools version
97773983e server: reduce needless copying for sb.NamespaceOptions
b8b2f308d oci: refactor internal structure to use CRI type
9c813715d oci: use server CRI metadata type for containers
91289b929 sandbox: refactor internal structure to use CRI type
e45403022 sandbox: save createdAt as a int64
99cb4a362 build(deps): bump github.com/containerd/cgroups from 1.0.1 to 1.0.2
c119e253d build(deps): bump github.com/creack/pty from 1.1.16 to 1.1.17
6845b4233 build(deps): bump github.com/Microsoft/go-winio from 0.5.0 to 0.5.1
f61a4e097 Bump Kubernetes to v1.22.2
2cf307d2e sandbox: use server CRI metadata type
01ee37390 docs: emphasize deprecation notice
b7a80f137 update documentation for workloads
83518f098 add allowed annotations to workloads
b6b3f4cbb Log HTTP response writer message instead an error
20ad4f609 oci: use c/common signal parsing function
13182e64b Skip volume relabel for super privileged containers
cd2b0028a oci: chown stdin pipe to user in the container
c0a8f339c test: fix selinux test failures
f27efb28a build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
cd7f7cb46 Fix runtime handler docs
63d69d2a7 build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.1
b753b04a2 scripts: fix release branch forward script
87b8e5d05 server: FilterDisallowedAnnotations of containers earlier
0e02798d6 server: conditionally relabel volumes given annotation
99dac5fb8 build(deps): bump github.com/containers/storage from 1.36.0 to 1.37.0
6ec1ec47c test: refactor allowed_annotation tests
e70542f26 server: reduce args in addOCIBindMounts
f3106693c build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
74177a645 test: add label for openshift e2e in dockerfile
b2e665754 build(deps): bump github.com/containerd/containerd from 1.5.5 to 1.5.7
28043f5a9 test: skip certificate check for downloading parallel
086386bb1 Remove usge of deprecated apt-key in Ubuntu install
7ca329409 Fix install.md links
0f455e285 build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0
245a88040 use a more appropriate console with code block
8c088319f build(deps): bump k8s.io/api from 0.22.1 to 0.22.2
ef861e8c7 build(deps): bump k8s.io/cri-api from 0.22.1 to 0.22.2
c7e8c26f5 build(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
757c863d5 build(deps): bump github.com/creack/pty from 1.1.15 to 1.1.16
5dd999e05 build(deps): bump k8s.io/apimachinery from 0.22.1 to 0.22.2
683428d75 fix node e2e
756543ec8 build(deps): bump github.com/intel/goresctrl from 0.1.0 to 0.2.0
d56449c4c bump crio commit used by node e2e installer
615ba94fd server: mount cgroup if hostNetwork
77b1a6e62 server: use container level host network setting
45366c8c7 server: don't recalculate hostnet
6493d8640 Fix typo in install.md
7071e5b3d Remove one of the explanations for `bind_mount_prefix` because it is duplicated.
7fe435d7d node e2e: keep infra container
c6f1ed4d5 add unit test for the `server/sandbox_remove`.
ce96d93c2 test: fix journald test for new conmon
9ada36be0 fix shfmt
19fb1db10 update `install.md` for debian and ubuntu
5b1c43bbb build(deps): bump github.com/json-iterator/go from 1.1.11 to 1.1.12
0833f62f3 build(deps): bump k8s.io/client-go from 0.22.1 to 0.22.2
f5ebb6c23 fix shfmt
61e08418a server: set spec when dropping infra
68c8989f8 Update 'master' branch links to 'main'
7fc2f88ce bumps pause image to 3.6
3fd1cd226 server: don't wait forever on conmon cgroup move fail
a9add6909 build(deps): bump github.com/containers/storage from 1.34.1 to 1.36.0
d7cc66fe8 Remove bashism in sh script
15f7f7e4e Do not log if Intel RDT is not supported
b9ad2de69 build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
eb45b4891 Fix cluster.yaml for kubectl create
69e88512a call cmd.Wait() in all cases we call Start()
07328622a oci: call wait on conmon if cgroup move fails
a377aec52 build(deps): bump github.com/go-logr/logr from 1.0.0 to 1.1.0
38f41c16a Fix `crio_image_pulls_layer_size_` metrics docs
9195a3417 Adapt to klog incompatible changes
a5716420b build(deps): bump k8s.io/klog/v2 from 2.10.0 to 2.20.0
6b96358ef Add `--profile-cpu` and `--profile-mem` options
ed0eca0f1 build(deps): bump github.com/containers/podman/v3 from 3.3.0 to 3.3.1
88f5e154d server: remove ineffective `updateLock`.
05e662469 Fix missing quantile in `latency_microseconds_total` metrics
681aa32ed Update crio commit for node e2e
94b9b8688 build(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1
c8ecab3da Bump runc binary to 1.0.2
0d640e6f9 Switch to go1.17 for CI
8bbbbf2b5 fix debian 10 build doc
639d494cd test/testdata/sandbox_config.json: fix the dns_config
af555c038 adds updating instructions to install.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v1.6.1-4-gd12516713, which comprises the following commits:
b13d3e05c cri: relax test for system without hugetlb
b325d5647 update to go 1.16.15, 1.17.8 to address CVE-2022-24921
787b4671d Prepare release notes for v1.6.1
444eba43d containerd-shim-runc-v1: return init pid when clean dead shim
37bb915c6 containerd-shim-runc-v2: return init pid when clean dead shim
9f316fa4b Use fs.RootPath when mounting volumes
8713c0472 Prepare release notes for v1.6.0
f261498e0 Update Go to 1.16.14, 1.17.7
fa19714db Update go-cni to v1.1.3
6e3cc28a6 Wait for containerd installation in GCE scripts
c0f818846 Update go-cni to v1.1.2
dea7ae27a Add instructions on using go with admin perms
4f0d5f0ee Enable TestContainerPTY and TestContainerUsername
732103271 Change the context to avoid misunderstandings
6827eec7a Prepare release notes for v1.6.0-rc.4
b0623a06e Change file name for shim binary path
daaf031e2 Use white logo in github dark mode
efc6ca4c4 Prepare release notes for v1.6.0-rc.3
7e821fb61 fix: .dockerignore makes git working tree dirty
ac2692d30 containerd-stress: introduce option for specifying image
8b9571e34 containerd-stress: start task ctr before starting execs
9b1fb8258 cri: fix handling of ignore_rdt_not_enabled_errors config option
dcbe3e471 docs: add Talos Linux to the list of adopters
821c961c8 pkg/oom/v2: handle EventChan routine shutdown quietly
2d9d5fddb Document fs_type and fs_options in snapshots/devmapper/README.md
a31e28e2c Prepare release notes for v1.6.0-rc.2
8944c12f5 Update releases document
8d69c041c Update cgroups to v1.0.3
bec6e4dd6 platforms.Normalize(): do not reset OSVersion and OSFeatures
34f717349 seccomp: kernel 5.16 (futex_waitv)
8632bdcb7 seccomp: kernel 5.15 (process_mrelease)
c013db696 seccomp: kernel 5.14 (quotactl_fd, memfd_secret)
17a2831f7 seccomp: kernel 5.13 (landlock_{add_rule,create_ruleset,restrict_self})
1329ea371 seccomp: kernel 5.12 (mount_setattr)
cc59ae4d9 tracing: return (ctx, span) from StartSpan
e751f1f44 tracing: support OTLP/HTTP in addition to gRPC
813a061fe oci: use readonly mount to read user/group info
c0e00f19a fix acr fetch token 400
4cd9f37f5 Fix windows periodic workflow
4aff7431f Fix possibly incorrect media type default on import
3ffb6a611 shimv2: handle sigint/sigterm
f048a2593 docs: add doc-comments on GC-related methods
31a710c49 fix: should not send 137 code event if cmd is notfound
936faf9c9 fix empty scopes return
c1e17d8ba Prepare release notes for v1.6.0-rc.1
4f552b077 Compile binaries for go1.16 and go1.17 in CI
7d7064e6b Integration: Change to Windows Server 2022 build number constant
2898004a5 Update kubernetes vendor to 0.22.5
4e9e14c2b Fix rdt build tags for go 1.16
af83e9af1 platforms: add support for matching amd64 variants
af39d2ad7 go.mod: Update hcsshim to v0.9.2
fcb7bd699 Remove api go submodule
46312f4a1 Update makefile to remove API submodule
ed0828bb6 delete useless code
21a748e38 go.mod: github.com/opencontainers/runc v1.1.0
dba897c35 update runc binary to v1.1.0
d5e8edf2d Do not automatically inject client traces
69ae95531 tracing: fix OTLP tracer's initialization
8dd36423b Revert "Add shared content label to namespaces"
a1ba38056 Update caching logic to avoid map access
ce3871966 services/introspection: support to show introspection grpc service
a018ae3f6 Prepare release notes for v1.6.0-rc.0
919797163 Integration: Switch to `upload-cloud-storage` Gcloud action.
8a2b61356 Integration: Switch to using `auth` Gcloud action in Windows workflow.
c0a31a7a4 Add ppc64 support for test images
a303d552a ctr: Unify the delete subcommand alias
b35fb7d44 remove io/ioutil
d05194f0a ctr: flag to toggle non-distributable blob push
f77989036 Add image handler to skip non-distributable blobs.
8c194d8f3 gha: run CodeQL scan on pull requests
f99e92359 Enable critest tests on Windows Server 2022.
55b89eabf Parametrize CRITest test images in Windows Periodic workflow.
18592b2f5 Fix wrong log message
bdc852190 test: e2e node COS cgroupv2 script
e38946d86 Updating adoption of containerd for AKS
8aca314dd Update error message for apparmor parser
48c7529de Fix incorrect error wrapped when closing ingest file
0c2c289d4 Fix seek error used without nil check
8816006d1 Fix followup items from errors replacement
a94f32ce0 update the adoption status of containerd in GKE
adee2c797 seccomp: add support for "swapcontext" syscall in default policy
4f0f36350 corrected link in cri architecture documentation
d3724a6c1 go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
bbe46b8c4 feat: replace github.com/pkg/errors to errors
e43d4206a Update k/k to 1.23.0
8d5af6be8 Prepare release notes for v1.6.0-beta.5
9c2e3835f cri: add ignore_rdt_not_enabled_errors config option
eba104816 Update dependencies
f4a191917 cri: annotations for controlling RDT class
eae14688c tasks: add Linux rdt support
9e755d12e cmd: add --rdt-class command line option
2946db890 oci: implement WithRdt
df21828d2 content/local: use syscall.Timespec.Unix
85326d76f fix: only test abstract unix socket on linux
90426378e Integration: Check GCP secrets on Windows CI artifact upload.
97623ab0c remotes/docker: allow fetching "refresh token" (aka "identity token")
8094f50dd remotes/docker/config: allow setting custom AuthorizerOpts
8e6afaa20 Fix $(PWD) issue for Windows makefile
653b8b02a Expect ErrorNotFound on Windows after Kill()
ac8129706 fix: use _ for consistency
f39b3ac7e fix(ctr): enable networking for Windows containers
0ff87a892 Replace tskill with taskkill
aadae6d50 Fix flakiness on Windows for list stats
d53c43133 Fix no-daemon flag for integration/client tests
5c2edeffb Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
2ee3ce510 Use insecure.NewCredentials instead of grpc.WithInsecure
2fb739aa2 Upgrade OpenTelemetry dependencies
34c4abc34 Fix default makefile target for windows
78ad7a2d3 cri-integration: Add Windows default paths
abcf7c2f6 Disable TestContainerHook on Windows
f1c799331 seutil: Fix setting the "container_kvm_t" label
c8a009d18 add-list-stat: return container list if filter is nil
f83ab813d Use task plugin for runc shim
04e57d71b Seperate shim manager and task service
44b28b61f medatada: make namespaces' deletion error less cryptic
20419feaa cri, sandbox: pass sandbox resource details if available, applicable
9e9ee66bf integration: deflake TestContainerdRestart
dd26d3d09 feat: support custom timeout for blot open
c0d07094b feat: Errorf usage
0e472420b Update Go to 1.17.5
569042e6d Prepare release notes for v1.6.0-beta.4
552a27081 Disable restart monitor test in Windows
b7f673790 OCI: Mount (accessible) host devices in privileged rootless containers
7f70ff967 oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
2c96d5b06 Run windows parallel integration test as short
807213fd3 Update restart monitor test to output daemon logs on failure
9b0303913 only relabel cri managed host mounts
90cdc6c9a images/converter: remove deprecated types
fc8138468 go.mod: update image-spec to latest (v1.0.3-dev)
2d3009038 cri/server: use consistent alias for pkg/ioutil
dc13bcd51 Enable lazy init for ext4 with devicemapper
68dabdcc6 Use RFC3339 format so rg cleanup works
6f9d80907 Remove Windows integration testing for 2004.
77a321a07 Replace find with native Go code
22dc60e05 Enable TestVolumeOwnership on Windows
441bcb56d Skip WithAdditionalGIDs on Darwin
4c1e26cd5 Don't fail-fast on Windows integration tests
c9d1e155c go.mod: github.com/opencontainers/runc v1.0.3
44995d483 update runc binary to v1.0.3
416899fc8 Allow native snapshotter on Darwin
6b0e2414c Do not use `go get` to install executables
d2f1dda0f Include runtime v2 in default builtins
392f604eb Use a single RUN command
533dd1c0e fixup: check for swap accounting
f33d38c7c integration: align tags of test images
c5b0a18b6 fixup: handle diff between cgroupsv1 and v2
9cc0d1f07 Set explicit ACL on test files
4ccf287da Set CONTAINERD_ROOT in Windows cri-integration
ff77dd112 Add Windows Server 2022 CI runs
fd0850e9e Update continuity dependency
ff9d7aef3 Update volume test images
2fa4e9c0e cri: add support for configuring swap
bae0d88ae Add error logging on cleanup
6bccd67e8 Revert shim plugin migration
665877a5b Move volume images from gcr to ghcr
323a62d7b Add permissions
f3195b3b5 export oci.DeviceFromPath()
c6d26f0d3 Authenticate against ghcr.io
2a6857d06 Skip TestExportAndImportMultiLayer on Windows
6ff1a5934 fix when kernel version < 4.13rc1 by using index=off cause overlay test error
94462d8f5 oci/deviceFromPath(): correctly check device types
7a4415dd5 Add VMware TKG & TCE to Containerd adopters
46892d340 Vagrantfile: update to Fedora 35
8de1117c9 integration: add stats result in error message
6681cc4b9 ctr/snapshots/diff: don't show the media-type in output
a97564411 remotes: fix dockerPusher to handle abort correctly
1698d061c Build volume test images on Windows
7ccd733d2 Add image build workflow
95b3ab2a4 ctr: Add Linux Capabilities control flags
3d318b3bb docs: mark 1.4 as Extended
9a994877c docs: fix RELEASES.md gRPC API anchor
0a25bc1aa Integration: Separate Windows Periodic Tests workflow trigger.
507bfc91b feat: skip ci for fork
9dfbcbbc4 content/local: Close the file if Seek fails
5015130f7 Fix executable file not found when restoring shims
2b28dd363 Fix wrong make target on documentation
cb1359fa8 Integration: Remove explicit version passing to `azure/CLI`.
fa6759ae5 fix: server error return
5e4b033ec Update README.md repo->org
5f293d9ac [CRI] Fix panic when registry.mirrors use localhost
674b94c42 Prepare release notes for v1.6.0-beta.3
f5863e22f Update API version in go.mod
5df9ec366 Update release name to use consistent format
f8d734e40 fix: make max recv/send msg size setting default
63895de45 Add support for TMP override on toml
444ef2f6d Generalize Windows CI setup script for any user.
3d6bfa3f5 Standardize cmdlet capitalization in Windows CI scripts.
6835a9470 Split runc shim into plugin components
6eea8f3f6 Add shutdown package
547040cd5 feat:support custom callopts on client side
bef792b96 feat: use rwmutex instead
2f31dcda7 release: change tar name to match prior releases
70c88f507 schema1: reject ambiguous documents
eb9ba7ed8 images: validate document type before unmarshal
2a81c9f67 CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
db124c560 Close file if permission modification fails
526defb57 Fix containerd fails to pull OCI image with non-`http(s)://` urls
89eebc4c0 Fix wrong error returned for image index lookup
be84932e1 Rename release dockerfile to omit distro name
28126fd60 release: improve dockerfile
27d7c5038 Add arm64 to releases
6765524b7 use write lock when updating container stats
b103bee4c go.mod: Bump hcsshim to v0.9.1
e17fe37e0 Fix package alias
920b24793 go.mod: Bump ttrpc to 1.1.0
6870f3b1b Support custom runtime path when launching tasks
91bbaf679 [cri] add sandbox and container latency metrics
a3b756ce1 Prepare release notes for v1.6.0-beta.2
574800633 cleanup: add more description on comment
a22346622 CI: bump up crun: 1.0 -> 1.3
97073c943 go.mod: github.com/moby/sys/mountinfo v0.5.0
19d9d0d2a go.mod: github.com/moby/sys/signal v0.6.0
9c455ded6 go.mod: github.com/moby/sys/symlink v0.2.0
fa12f4e69 go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
869ccc01c Update Go to 1.17.3
3196e65f5 docs: document the runtime shim plugin config options
0d8e07681 docs: use proper markdown lists in containerd-config.toml.5.md
54c0cdae6 Update TestRestartMonitor expected time check
d4f4c1380 Add runtime path in CreateTaskRequest
548579d0e Pin az CLI version
2e6d5709e Implement CRI container and pods stats
b69bbe25a Vendor latest k8s.io/cri-api and netlink
9bfec3980 test: Add grace period for restart monitor test
d022fbe78 Address PR comments
82cb0a63e Add mkdir on Dockerfile
6fa1bb4a5 Fix build after rebase
2cec3a34b Migrate task directory
8b788d9df Expose shim process interface
733519677 Fix after rebase
df8c206a9 Cleanup shim loading
b554b577b Move shim restore to a separate file
a3d298193 Fix backward compatibility with old task shims
33786ee4d Add plugin dependency between shim and shim services
fb5f6ce3c Rework task create and cleanup flow
7c4ead285 Add task manager
2d5d3541e Rename task manager to shim manager
ea8978810 adds additional debug out to timebox cni setup
6fa9f22fa compression: support zstd with skippable frame
f0d3ea96c converter: Allow hooks during image conversion
6ee8577e5 sys/reaper: avoid leaky goroutine when exec timeout
88fc5cf2d Adding scope tests for ParseAuthHeader
3e51312a6 fix shim reaper wait command execute blocked
7438edc7e Adding tests for GenerateTokenOptions
9b4a6f129 Generate token options with each scope as a separate string.
b8f3ebb03 vendor: update moby/sys for darwin support
0ccc386c8 Prepare release notes for v1.6.0-beta.1
e5fc3b38e Update mailmap
37720fc6f Update api vendor
a217b5ac8 bump CNI to spec v1.0.0
010a9e2bc content: close stream after commit request
ebc5cf19a feat(doc): update to version 2 syntax
294143bf3 Inject otel traces to grpc client.
cd2f2b0af client: expose (*image).platform
535191abf fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
3b73922fb feat(doc): add Core Scheduling documentation
c18c2e735 Fix spelling mistake in Windows snapshotter
130a9c7dd Ensure namespace is proxied to grpc/ttrpc plugins
2a8dac12a Output a warning for label image labels instead of erroring
602018900 integration: Enable some tests for Windows
1f1cad391 io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
46be06937 close Writer after use which may leak mem
1abe50512 Prepare release notes for v1.6.0-beta.0
c5947557d Add error message to in TestContainerdRestart integration test
072a7074b Fix typo in the NewContainer function documentation
ac2df3ba9 test: check file content after mount
18d483b23 Update cgroups to v1.0.2
4ed3c524c Update test timeout based on recent cancellations
d252a293d Remove extra test_teardown
4a569c889 Check the pid in cri test teardown
f1054dbbd fix integration client vendor
e48bbe839 add runc shim support for sched core
de1a39bf3 Update Go to 1.17.2
46b152f81 vendor: Bump hcsshim to 0.9.0
fb4432c24 integration: Enables TestVolumeCopyUp for Windows
0ba3532f5 integration: Enables TestRuntimeHandler for Windows
830b3c26e integration: Enable some tests for Windows (part 2)
3a713811b run `gofmt` with Go 1.17
96018b7db vendor: Updates go-cni
703b86533 pkg/cap: remove an outdated comment
1ee2bff0e Update go otel 1.0.1
b9a0c5080 modify the way for checking cos
c528d2c39 Update ADOPTERS.md with additional uses
5b222d54a commands: Enables task metrics for Windows
9734b4039 Pin mingw to version 10.2.0
d19af5afb Update to golang 1.17.1
3cb0ec01e Install nssm
02e77bcdc task service: return known error type
791e175c7 Windows: Fixes Windows containers with image volumes
049042382 fix: update vendor
5c2426a7b cleanup: import from k8s.io/utils/clock/testing instead
6484fab1e cleanup: import from k8s.io/utils/clock instead
d16942cf1 feat: enable cri remote client to call with grpc calloptions
ca35f4e82 Windows: Cleanup rm- prefixed layers
f6b7e07fd cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
933ddaa6f fix: wrong flag type
da16d492c feat: support import image for specific platform
67b883146 Update mirror images to take target image name
e6ddffc2a fix: make exec-id flag required in exec command
09c9270fe images: enable converter to uncompress zstd
694a00754 replace deprecated function
2bc77b8a2 Adds Windows resource limits support
224454062 Fix main branch build is broken
7c621e1fc btrfs: reduce permissions on plugin directories
fcffe0c83 switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
b9cf0d75a Fix panic in metadata content writer on copy error
6886c6a2e v1 runtime: reduce permissions for bundle dir
7d56b24f1 v2 runtime: reduce permissions for bundle dir
7a7a9a282 integration: Adds test for multilayer image import
f7658e37d runtime: should fail fast if dial error on shim
483d2e947 go.mod: update opentelemetry modules to v1.0.0
084387e0b Move tracing to plugin
45c3453a7 Add open telemetry logging hook for logrus
16f3d67b5 add current process state to the error message
407d60694 Add github action to mirror image
97df73004 gha: collect Vagrant VMs' IP addresses
2bffb5f9b FreeBSD: fix tar headers & the nil check on getxattr
7854e0bff bump continuity and console version that remove pkg/errors
16d3f48a2 ctr namespaces: improve usage string
50da67359 refactor: move from io/ioutil to io and os package
a68fb7add bump console version to v1.0.3 that remove pkg/errors
3e72e335f Use github images for integration tests
55893b9be Add CNI conf based on runtime class
50a568595 Change oci.WithUser behavior for LCOW
65f6a896c Fuzzing: Add 4 fuzzers + small modifications
2fecf5b02 Make sure exit signals trigger an exit during init
f40df3d72 Enable image config labels in ctr and CRI container creation
6875aa5d3 import: Add option to skip creating digest image
f700ae873 CI: bump up crun to 1.0
55923daa9 seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
8596d1188 Fix typo
73dbbf5bf Update to Go 1.17.1
498e5b27f fix error string format
6d961f967 CI: Switch to available latest images
e087b47e9 import: Raise error if the imported image is filtered out
91b64c58b add xfs support to devicemapper snapshotter
8ff8b1b82 vendor: update continuity for darwin support
1efed4309 add ip_pref CNI options for primary pod ip
16cd6ed13 Additional integration tests for pulling image with labels
756f4a314 cri: add devices for privileged container
9954147c0 pin protobuild version to tag
2458afeb1 Fix content copy to not ignore unexpected EOF
6bec0d39b use a const metric for build_info
ae27a6b05 Add metric exposing build version&revision
8e850bc0f replace deprecated Dail with DailContext
aeea697d8 Add WS2022 support in Windows Periodic tests
55faa5e93 task delete: Closes task IO before waiting
f42513112 integration: Adds Windows HostProcess tests
ccc5ee303 archive: Add WriteDiff error logs
820bd9269 fix document non-synchronous in crictl.md
2bcd6a4e8 cri: patch update image labels
789abc936 using Hosts replace deprecated field
57e10439d Fixes task kill --force on Windows
abf4de498 integration: Enables Windows containerd restart test
96ec0b6f3 content fuzzer: Clean up tempdir
eb2530be8 Makefile.linux: build on riscv with PIE
6b0b64a51 ctr: Fixes Windows image import
a43fa9f28 darwin: runtime support
5dd38792a darwin: use the default values for socketRoot variable
27046a9e0 Fix cwd flag for `ctr tasks exec`
24cec9be5 sandbox: Allows the sandbox to be deleted in NotReady state
1dd0d59b7 go.mod: Update hcsshim to v0.8.21
6d3d34b85 Update Pause image in tests & config
278176db1 Address issue forms feedback
838afd211 Adding testing of two devices
e0f8c04da cri: Devices ownership from SecurityContext
7bc5aa74c Fix pull fails on unexpected EOF
11ab3cba0 Use issue forms for bug reporting
e2c769d6f windows: The DefaultSpec platform should match the Default matcher
7826a21ac Update RELEASES.md
2ac996840 replace uses of os/exec with golang.org/x/sys/execabs
25644b461 Add RunAsUserName functionality for the Windows Pod Sandbox Container
e18516767 go.mod: update runc to v1.0.2
3f8ea1b6a update runc binary to v1.0.2
429296910 go.mod: github.com/pelletier/go-toml v1.9.3
f8dfbee17 add cri test case
9a8bf1315 feature: add field LinuxContainerResources.Unified on cri
d3aa7ee9f Run `go fmt` with Go 1.17
c3609ff4c cri: filter selinux xattr for image volumes
4dd5ca70f script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
f7b1ceb9f integration: investigate TestRestartMonitor's failure
acb81bbda integration: fix TestContainerPids
9fe7bc938 Bump integration timeout to 35 min
7fba86264 Fix dir support for devices V3 (#4847)
6f60b3016 [ctr] add HOSTNAME env for host network
8d135d284 Add support for shim plugins
f8602c372 Update to Go 1.17
c9b1b2fd5 Fuzzing: Add fuzzer
9e1b57ca0 Add env for SystemdCgroup driver
1224060f8 Allow expanded DNS configuration
538d93d2f Fuzzing: Add 4 fuzzers
79b369a0b Added windows hostProcess cni skip
82fe0db9a Fix bad `make protos` failure
1c47fb17f docs: remove FOSSA's badge
bc4cea4e4 docs: rename main to master
5e49ec27d Use http.Get to download binaries instead of exec.Command
e6538b8bc Add trap to cri-integration test script
d2f3b7146 add cpu-shares to ctr
30b832e49 archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
9cc179aa7 BUILDING.md: remove some bits about building runc
42b57cc73 BUILDING.md: markdown fixes
a3d6edc0e content: return the error with its timestamp
a5468852f docs: list all snapshotter-related build flags
e634f04d8 go.mod: update kubernetes to v1.22.0
11a90c7ff Fuzzing: Add experimental version of container fuzzer
42a28ad2c Update Go to 1.16.7
534685f95 Fix Linux CI Linter using go 1.15.14
10eab21a4 Cleanup CI
0a0621bb4 Move plugin context events into separate plugin
6f027e38a Remove redundant build tags
3c5424454 [otel-tracing] vendor and go modules changes
3597ac859 [otel-tracing] Initial opentelemetry support
7917da764 Change default directories on Darwin
10824eaf2 remove go 1.13 from containerd
d30d897ef Cleanup v2 shim
c3c276ae1 Fuzzing: Fix for OSS-fuzz issue 36825
6c257552a scripts: declare ROOT closer to where it's used, and some DRY changes
dba0ef4eb scripts: add missing quotes, and minor linting issues
0cb656860 test/build-utils.sh: remove support for Debian Jessie
41a04246f Fuzzing: Add two more fuzzers
2c699cc35 Fuzzing: Remove panics of container_fuzzer
f2c3122e9 platforms: Format(): use path.Join() instead of joinNotEmpty()
acecd6603 Change protoc link
ce437864b mergo: Upgrade to 0.3.12 to fix panic
d1e868c83 ci: install criu from PPA
e692a0192 Add shared content label to namespaces
3a8622e30 Updates the location of protobuf downloads in docs
0d9393650 Update protobuf install to use correct repository
d62d6c11d Split release steps into multiple tasks
b4807122d Update release workflow to upload binary without CNI
67406b373 overlay: add an optional label of upperdir location of each snapshot
43117cf91 Script to check if entries in go.mod files are in sync
4ab3e7a53 runtime: fix the issue of create new socket with abstract address
cc88f8e0a Split fuzzer to two fuzzers
7a10fd4fc respect context timeout in shim binary call
23bc3db91 Enable critest on Windows
494b940f1 Introduce a new go module - containerd/api for use in standalone clients
4fdb88464 add CRI support matrix to RELEASES.md
b5fc7846c adding a little more clarity
1d3d08026 Support SIGRTMIN+n signals
18d6cc1b0 update gotestsum to v1.7.0
efa8ab715 Add runtime label to metrics
6294235d8 Fuzzing: Add container fuzzer
2405671d4 platforms: add "ios" as known OS, "loong64" as known ARCH
2556aac67 Fuzzing: Add archive fuzzer
0d45ac14e interface about shim build check
00d52bb15 integration: log all processes to investigate the test failure
f1d79d33b Discard blocks when removing a thin device
d2b6d192d Update cpuguy83/go-md2man binary to v2.0.1
53ec1abec remotes/docker/pusher.go: Fix missing Close()
67d07fe5c remotes/docker/fetcher.go: Fix missing Close()
0789a0c02 Add docker fetch fuzzer
b483177ee Support custom compressor for walking differ
150e07b64 Use systemd cgroup driver for cgroupv2 tests
603962bc8 update gotestsum to current master
a12c7bd1c go.mod: runc v1.0.1
43e0594ae update runc binary to v1.0.1
9537bc265 Dockerfile.test: build containerd in separate stage
36be5ef3a Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
8faacfca1 Dockerfile.test: clean up apt indexes after installing
9f7e6335c Dockerfile.test: build critools in a separate stage
7ec8e2d36 Dockerfile.test: build cni in a separate stage
f9f423c07 Dockerfile.test: standard directory to collect build aftifacts
e9f26eb87 Dockerfile.test: split dev stage, and optimize order
25fada0cc Dockerfile.test: skip curl, gcc, git and make install
546538971 install-critools: make sure DESTDIR exists
dbef1d56d runtime: runc v2: remove redundant validation
18321f539 Move loop check to before sleep
2e8a572df Add timestamp to flaky restart monitor test
55fd2ab5d integration/client: go mod tidy
e72046f86 Update Go to 1.16.6
bc4e416c8 Add test for archive breakout test for lchmod
894b6ae39 Fix missing Body.Close() calls on push to docker remote
ac75071b4 remove pkg/cri/platforms package
0a8802df6 Allow WithServices to use custom implementations
aefabe546 Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
53835221f Cleanup lchmod logic in archive
d1c105192 use fu wei's suggeted interface pick for marshaling
14962dcbd add alpha version
4c6e4a06f gha: make release workflow work in forks
73d28ddeb client: surface a connection error more clearly
a7ad6b3be Add support for registry host path override
3a0b9ec6b Add unit test for plugin
95c708572 Update documenation for OCI distribution 1.0
a81f05f36 [Vendor] Update hcsshim to 0.8.18
16deba098 integration: Windows volume-copy-up images
63fe34add grpc config add options tcp_tls_ca
a5c417ac0 move up to CRI v1 and support v1alpha in parallel
bda7b5866 feat: Add snapshotter label to the new snapshot for container.
2019a1e68 Makefile: fix DESTDIR and PREFIX concatenation
04ab4418f test integration: Adds a test that restarts a failed container
03ee45006 snapshot/devmapper: log exported methods correctly
a964cf0cc un-export mount.FMountat
21f532d51 move sys.FMountat() into mount package
dac2543a0 sandbox: send pod UID to CNI plugins as K8S_POD_UID
5a0beaefb sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
f913a4275 go.mod: runc v1.0.0
28bb59c08 update runc binary to v1.0.0 GA
63c185da9 content/local: inline sys.StatATimeAsTime()
09d78bb6b allow multi gpu to be specified via ctr
560e7d479 fixing some doc links
d9694b297 Sync integration/go.mod with root go.mod
4a46ea2f4 archive: Expose ChangeWriter to allow customized diff computing
cd33c007c CI: Switch to available latest images
75b4c83f0 fix deprecation config for default runtime
1bbee573a github.com/golang/protobuf/proto is deprecated
91c8fa452 Update github.com/golang/protobuf from v1.3.5 to v1.4.3
b7e79dc5a Update google.golang.org/grpc from v1.27.1 to v1.38.0
8d2e156dd Increase golangci-lint timeout
87a2e0b2a runtime,v2: Enable debug when containerd is on debug+ log level
05e51539a command line flags of setting container rootfs propagation
394f86475 Re-enable criu in main integration runs
1dada3fc2 add cgroupv2 setup for cos with a flag
bfbebf02b Update gotestsum to add timestamps to junit output
2bb8ad7c9 Makefile: pass build tags to manpage build process
f60d447c1 Makefile: fix tags parameter computation
9c01fe20d Allow to pass --no-cgroup option to nvidia-container-cli
77374e8b3 Makefile: FHS conformant manpage installation pathes
3ab974433 Add proper Go version before project checks
af5a130bc Enable cri-integration in Windows Periodic Tests
7a2b04758 adds explanation for seccomp unset/unconfined default vs runtime default
01585595a update integration/client go.sum
419d616fe Install specific golang version in Windows CI.
69f43d458 Revert diff/walking error change
728743eb2 Fix cleanup context of teardownPodNetwork
014748bc0 fix invalid validation error checking
cabe67736 tests: Use EnsureImageExists for image pulling
a78bdf22d tests: Refactors PodSandbox creation
9a451d103 Update opencontainers/selinux to v1.8.2
93e268f62 tests: Symlink volume tests
edfd8d599 Change Wrapf of non-error to an actual error
a93b5cbc2 Install apparmor parser for arm64 environment
5f0fc4893 Add creation timestamp to RG
75daf45be docs: explicitly mention containerd's Prometheus path
2f870aa89 integration: Cleanup containerd on test teardown
558fdc680 diff/walking: fix defer cleanup
b5f530a15 Makefile: fix DESTDIR environment variable behaviour
498bb36f6 scrub the stale TODO
93d4541a2 docs/cri: update ocicrypt link
792466495 docs/cri: fix broken links
05c03de94 Update Windows periodic tests
9fcea1d3f Rename atomicWrite to writeToCompletion
b996e49c5 Do not run btrfs tests if btrfs kernel module is not loaded
50ad4b96c Fix incorrect UA used for registry authentication
923ab5b7c Makefile: use $@ for target file names
535d9cc59 ctr: parse mount options with embedded = character
a4f97d45d Add ruleset=4 option
5dec27b6f ctr: exec handle pty resize after Start
e1c845df5 Fix small typo
b9378b452 ctr: exec setup IO with console
869375a41 Remove useless lines
79e345221 update the link
1acca8bba Don't check for apparmor_parser to be present
ec28288f4 bump runc version to v1.0.0-rc95
599127f4d update runc binary to v1.0.0-rc95
a5b1740bb fixed typos
77285e311 Schedule Windows job daily after midnight.
2b58782df Update windows-periodic.yml
5dbae87c5 Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
1093f05ab Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
b6a251749 bump hcsshim version to v0.8.17
b1d4140a2 Update docker resolver to authorize redirects
09a0c9471 tests: Adds support for Windows cri-integration tests
315739251 just release ctd-decoder not ctr-enc
1442fee22 Remove mountpoints not commonly mounted on FreeBSD
fc4da9728 Pin integration test image for alpine
9643c9965 Makefile: allow overriding install command via environment
4b1b8346b Makefile: make sure manpages are built before install-man
6e249b1ae adds credentials description
de04b3243 Add copyright header & make sure compilation succeeds on all platforms
e1fd6be7e Fix mounts for FreeBSD
de6db4038 Update vendored runc to v1.0.0.0-rc94
5c99f150a Update the runc binary used with containerd to runc v1.0.0-rc94
b890f056e Fix content.ReaderAt close
c5797c8fc Update releases doc with updated support timeline
c74a6c419 update to new cri-tools make install
e37ddafab metadata: modify NewLeaseManager to return leases.Manager
79d800b9b Update Go to 1.16.4
0ba7303ee Prepare default branch rename
7d70992d3 tests: add test for adaptor
e120261ee windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
0b786908c doc: add missing namespaces package
b0d3b35b2 windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
9ea25634b Makefile: allow overriding go command by environment
81402e475 Fix different registry hosts referencing the same auth config.
b56527cb7 update seccomp version
8014d9fee Skip TLS verification for localhost
b538d8f1a Update golang.org/x/sys to add linux/ppc support
b59e29773 adds description for hosts.toml
e26fc8472 go.mod: cut circular dependency on github.com/containerd/containerd
15e0bd513 integration/client: go mod tidy
98f5922b5 plugin: optimize the check for the last registration
273c2bb16 tests: Prepull images used in tests
402acd7c1 Small typo fix "reimporst"
f21627059 Use DeactivateLayer to recover layers that we cannot rename
421fc6ea7 Add CI periodic Windows Jobs.
c0e2f4b5d Try next mirror in case of non-404 errors, too
f8538b5e1 Fix error case in Windows layer cleanup
b592a4c1e oci: fix WithDevShmSize
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping conmon to version v2.1.0-316-g4c41ec2, which comprises the following commits:
4c41ec2 meson: Handle journald
d1565ee bump to v2.1.0
96b8688 logging: buffer partial messages to journald
f20bbbe ci: add podman system to different cache
bde1b3c ci: install rootlessport right
2b10f9a ci: install go correctly
4f0b7f8 ci: add subid ranges for crio tests
e827355 ci: install all binaries for podman-system
ad092b1 ci: run vendor on podman job
b6025be ci: set host IP
ca12794 ci: give conmon job sudo
d6bdb97 ci: bump to go 1.17
e2215a1 exit: close all fds >= 3
830e644 fix: cgroup: Free memory_cgroup_file_path if open fails. Call g_free instead of free.
5a2cf98 Make libdl optional in meson definition
4edfc92 bump to v2.0.33-dev
436b460 bump to v2.0.32
f1fee3a Avoid mainfd_std{in,out} sharing the same file descriptor.
7c784a0 exit_command: unset subreaper attribute before running exit command
dc197c9 bump to 2.0.32-dev
7e7eb74 bump to 2.0.31
a854c52 conmon: fix error message
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
These changes are the result of running the convert-spdx-licenses.py
oe-core script.
There's no impact to the build, but we will avoid issues when
interacting with core QA by the alignment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
oe-core has remove PNBLACKLIST in favour of SKIP_RECIPE, so we update
our recipe accordingly to avoid warnings.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to version v1.23.2-rc.0-26-gfa546d8cc76, which comprises the following commits:
cce0b96068c fix nil pointer in create secret commands
27a66989d0f Fix order of commands in the snapshot tests for persistent volumes
cc6c36f286d client-go: Clear the ResourceVersionMatch on paged list calls
271a9f0e58d Improving performance of EndpointSlice controller metrics cache
98cc4f9e96a fix the error when cleaning up jobs for cronjob
6ca361089db Update CHANGELOG to add missing release notes.
40d718778d4 apf: ensure exempt request notes the classification
77b0a633575 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.1
aef116487af Release commit for Kubernetes v1.23.2-rc.0
86ec240af8c Release commit for Kubernetes v1.23.1
1292aee8707 add gce loadbalancer no-op finalizer and existingFwdRule tests
40c6f562eb3 disable gce service handling if has rbs forwarding rule
41b00595137 add ELBRbsFinalizer
036fd24b91c add gce elb rbs opt-in annotation
78e8cb0743c cherry pick of knp 0.0.27
0072226ca87 Re-introduce removed kubectl --dry-run values.
c237c5c78fc Point flowcontrol users at v1beta2
c836ebae52f [go1.17] Update to go1.17.5
d065f7ffe77 dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63
ea103cb23a9 mount-utils: Detect potential stale file handle
1346242fd57 Skip creating HNS loadbalancer with empty endpoints
38a678fccfb Add regression test for CPUManager distribute NUMA algorithm
6d437c7e827 Add unit test for CPUManager distribute NUMA algorithm verifying fixes
53fd9db1629 Fix accounting bug in CPUManager distribute NUMA policy
9cb973ac5ee Fix error handling in CPUManager distribute NUMA tests
462f3c90b05 Add a sum() helper to the CPUManager cpuassignment logic
03666ecf4fc Allow the map.Values() function in the CPUManager to take a set of keys
22b6be8c2cb Fix CPUManager algo to calculate min NUMA nodes needed for distribution
471dd78f5ea Fix unit tests following bug fix in CPUManager for map functions (2/2)
1db0c5136e7 Fix unit tests following bug fix in CPUManager for map functions (1/2)
18392c0c4ca Fix bug in CPUManager map.Keys() and map.Values() implementations
4c7bcbddd62 Ensure we balance across *all* NUMA nodes in NUMA distribution algo
d1248480b20 Short-circuit CPUManager distribute NUMA algo for unusable cpuGroupSize
3a9b3072612 Round the CPUManager mean and stddev calculations to the nearest 1000th
5fc309181ab updated deprecation messages from 1.23 to 1.24
f94a022c1bb kubelet: set failed phase during graceful shutdown
b63d5a805b3 kubeadm: avoid requiring a CA key during kubeconfig expiration checks
a18dbc12a46 kubeadm: print the CA of kubeconfig files in "check expiration"
880e0ac50f7 kubeadm: validate local etcd certficates during expiration checks
f9c8af54ccb publishing-bot/doc: add component-helpers to the readme
3245fe216f2 publishing-bot/rules: remove non existing component-helpers branch 1.19 from the rules
57f88ec404e Changelog: mention kube-scheduler bits deprication
f42cbbbff43 rbd: initialize ceph monitors slice with an empty value.
0a1d2914614 Direct v2betaX users to migrate to HPA v2
064a272ee03 DelegateFSGroupToCSIDriver e2e: skip tests with chgrp
dd1b0a12471 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.0
8aef834386e [go1.17] Update to go1.17.4
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
The startup of kubernetes relies on some kernel/runtime configuration.
We create a sysctl.d snippet to ensure that critical ones are set when
installing our packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Adding a simple helper to setup a host to the NodeReady state.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bumbing kubernetes to the latest release branch (now that our go
compiler meets the minium standards).
We also add a networking configuration similar to the k3s one, but
named appropriately so that CNI will read and do basic configuration.
We also add some missing rdepends that were preventing the controller
node from fully initializing.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping skopeo to version v1.5.2-3-g1d24e657, which comprises the following commits:
4dcd28df Use a dynamic temp dir for test
789ee8be Bump to 1.5.3-dev
8a88191c Release 1.5.2
69728fdf Update to c/image v5.17.0
47066f2d Cirrus: Bump Fedora to release 35 & Ubuntu to 21.10
adfa1d4e Bump github.com/docker/docker
05a2ed49 proxy: Uncapitalize all errors
e9535f86 tests: Add new "procutils" that exposes PDEATHSIG
fa86297c proxy_test: Test `GetConfig`
2bb6f27d proxy_test: Add helper to read all from a reply
f90725d8 proxy_test: Add a helper method to call without fd
644074cb proxy: Add support for manifest lists
83416068 tests/integration/proxy_test: New test that exercises `proxy.go`
a3adf36d proxy: Use float → int helper for pipeid
6510f101 proxy: Add a helper to return a byte array
e7b7be57 proxy: Add an API to fetch the config upconverted to OCI
942cd6ec Fix bug that prevented useful diagnostics on registry fail
41de7f2f use fedora:latest in contrib/skopeoimage/*/Dockerfile
c264cec3 Move to v1.5.2-dev
2b357d82 Bump to v1.5.1
4acc9f0d main: Error out if an unrecognized subcommand is provided
7885162a move optional-flag code to c/common/pkg/flag
36d860eb Add --dest-precompute-digests option for docker
c8777f3b bump containers/image to 2541165
985d4c09 Add instructions to generate static binaries
11b59898 Add new `experimental-image-proxy` hidden command
2144a37c issue#785 inspect command - introduce a way to skip querying available tags for an image
60c98cac Document container images as an alternative to installing packages
89ecd5a4 Introduce --username and --password to pass credentials
119eeb83 Move to v1.5.1-dev
209a9931 Bump to v1.5.0
3e4d4a48 Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
3a97a0c0 Bump github.com/docker/docker
ff88d3fc Remove leftover Nix packaging files
e19b57c3 Update github.com/containerd/containerd to v1.5.7
b950f83c issue#1466 - Introduce a --keep-going option to allow "sync" command to continue syncing even after a particular image sync fails
12d01037 Bump github.com/containers/storage from 1.36.0 to 1.37.0
e0c53dfd Update installation doc with latest steps
aba57a88 Makefile: drop nix support
93c42bcd Bump github.com/containers/common from 0.45.0 to 0.46.0
c0f07d3d Bump github.com/containers/common from 0.44.1 to 0.45.0
0ce7081e Bump github.com/containers/common from 0.44.0 to 0.44.1
52dafe8f Update to github.com/vbauerster/mpb v7.1.5
ee8b8e77 Explain the usage of DISABLE_DOCS in the installation doc
1d204fb1 Update VM Images + Drop prior-ubuntu references
61310777 issue#1411 Introduce DISABLE_DOCS to skip doc generation while building from source
ed96bf04 Bump github.com/containers/common from 0.43.2 to 0.44.0
a837fbe2 Bump github.com/containers/storage from 1.35.0 to 1.36.0
9edeb69f Remove the extra (defaults to true) help msg
a2d083ca Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0
0e87d4d1 Run (gofmt -s -w)
c399909f Update non-module dependencies
102e2143 Bump github.com/containers/image/v5 from 5.15.1 to 5.15.2
7d5ef9d9 Bump github.com/containers/common from 0.43.1 to 0.43.2
70eaf171 Add OWNERS file
61969472 Bump github.com/containers/image/v5 from 5.15.0 to 5.15.1
ec1ac5d0 Bump github.com/containers/storage from 1.34.0 to 1.34.1
082db20f Bump github.com/containers/common from 0.43.0 to 0.43.1
8dce403b Add codespell fixes
f6ae7865 systemtests: if registry times out, show container logs
9acb8b6a Bump github.com/containers/common from 0.42.1 to 0.43.0
a23b9f53 Bump github.com/containers/storage from 1.33.2 to 1.34.0
be821b4f Bump github.com/containers/storage from 1.33.1 to 1.33.2
ab87b15f Cirrus: Run checks directly on the host
1aa98bab Github: Add workflow to monitor Cirrus-Cron builds
fbf96998 Bump github.com/docker/docker
a3bb1cc5 Bump github.com/containers/common from 0.42.0 to 0.42.1
0667a1e0 Bump to 1.4.1-dev
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping podman-compose to version 0.1.8-2-g1555417, which comprises the following commits:
1555417 FIXES #361: key error _service
1f989ed FIXES #356: respect pull_policy
66ce2a3 release 0.1.8
d8e11d5 FIXES #312: run starts dependencies
72c3572 #289: exit code and test for that
c187e88 up and down specific containers
31b8bb4 simpler passing of env
f177712 Fix `up` arguments parsing
ae3deb1 #355: fix dry run
117b7fb command list of strings
5acb997 command list of strings
02b2f65 Update issue templates
a36b6f1 Update issue templates
e3be6dd Update issue templates
4b75678 Update issue templates
dcb038e remove tabs
a2fef56 FIXES #353: down in reverse order
c753b8e FIXES #167: support ContainerFile
c9486c9 #115: handle string entrypoint
f2aeaba #348: conditional --infra-name
2d80e43 remove print
d1a77de external name
c49f070 volumes with names
6d69b7c Add support external volumes
ab13503 add support for long port publishing format
069018c #342: set infra container name
b33c42b Readability fix for missing commands
785f7ad Get version info with setup.cfg
b6a9f8e #335: report version with -v
4a5fd23 #275 make pipx happy
dc0ac0d docs: added the transform_policy default and description
502d7cc #327: accept ports as string
e85d79d added cpu_shares flag for v2
bfb57b9 added cpu_shares flag for v2
2d0aad6 Also pull images with a build section
ff5b9f1 Support for logging
62aa337 feat(secrets): :sparkles: Add support for secrets
3836094 Update podman_compose.py
d97a20d #308: fix environment
f417c9a #120: extend not add
5ed5528 FIXES #120: parse mem and cpu limits
3d6ca3c FIXES #120: parse mem and cpu limits
6e3383d Convert numeric command arguments to string (fixes #77)
8ef7587 Fix some typos (found by codespell)
039fe30 Make sure port entries are converted to strings
62d2024 Add stop_signal service attribute
9317f98 #278: args
045cef2 #289: report exit code when --exit-code-from
a7f97b6 implement -e in run
0ea18b4 Force adding an .env file for the tests
00840d0 resolve conflict
2ad7daa Test variable interpolation in the YAML
080b8a3 Prefer 'compose.yaml' as per compose spec
226ac4f fix missing --label flag in volume creation
030a196 Fix README typo
901213e Update podman_compose.py
b337060 Add support for sysctls in compose file
b3090c3 Mode Python installation and test deps to requirement files
5fabfee Support annotations
75a63df fix: check `.env` in current dir with `isfile` instead of `exists`
08dd36f Add docker-compose labels for interoperability
669953b Rework argument generation to adhere directly to what podman accepts.
d3df688 Remove test code
bda7b5e Add exec support
6289d25 fixes #236: compatible with docker-compose
abc0813 Only pull each image once
9cd837f Fixes #236: Ensure project name works with podman
a4b8b5e Fix 'podman-compose version' with no compose file in the working directory
5971f57 FIXES #249: update dotenv with some envs
ab96f12 FIXES #249: update dotenv with some envs
f6a3cb0 Allow environment variables to be unset
497355f Re-order environment/env_files to match compose
20a86ea add --no-cache arg to build
4e2e960 build specific service
efba3a1 support str style configuration for env_file
9063976 BUG: 'podman stop -t 360.0' called for float, expects int on cli
3712b54 ENH: add timeout option to podman-compose down, as in https://docs.docker.com/compose/reference/down/
294f8ee Hashlib to generate SHA256 instead of MD5 for FIPS
105b129 Fix infinite loop
d3f3711 FIXES #181: accept init and init-path
7eacf14 MAINT: resolve https://github.com/containers/podman-compose/pull/180#issuecomment-632722974
8cd98ab MAINT: extend instead of append
047820d ENH: Added restart policy forwarding to podmann run, compose build args added to up args
e7b1382 Add --build-arg to 'up' (Fixes #161)
64ed554 Allow empty default/error value in substitution
93bf39e Add Security Policy
5915ba3 Catch error when compose file is empty
1ca6a88 target once
7b40079 Pass "target" parameter when building an image.
f9915c4 Check for target property when building images
1973340 Add support for --build-arg option
e8147e3 Add support for cap_add/cap_drop
7f210ff fixing "Error: unknown flag: --shm_size"
cbed801 start detached
6a42d68 add ports test
07a2430 Fixes #152: validate that podman is useable
5215782 Fixes #152: validate that podman is useable
03cbd29 pass volumes using -v
796e6a4 Avoid crash when no services are defined
efcbc75 Pass ulimit parameters when building container
dacc753 Add Code of Conduct
8c3b7e6 Added mount option delegated and cached
147f0ae Update README with dnf install instructions.
27d3caf Add support for privileged option
e7a9bd3 Show stopped containers in ps
ddd582c Add support for logs subcommand
169eaee Fix override of the run command
c5f8973 Mixed-case directory names break 'podman create'
12036aa FIXES #76: a service extends a service with same name
7222fdb exit if not files
bb7120f Fix stop command runs start instead
7ebbe2e Fix KeyErrors encountered with extended services
29d4cdc Remove unused funtion in setup.py
a9216c3 podman volume inspect mountPoint/Mountpoint
e538852 #57: better ps via label
b1c2b02 podman_compose.py
9e0dd2d extends with external file
72c1992 Remove never-shared options.
3e2381f Support extends
dee813a #47: version command
9684429 #52: fix how we split commands
87e7211 #54: fix ulimits
7269701 Fixed get of ulimit tag, according to docker-compose specification
b369073 Fix podman-compose run command parsing
62f0cc4 Changed -l flag to --label in order to be compatible with Podman 1.0.2.dev
c152d28 Support for generic container-compose format
8e43e69 FIX #41: compare original volume name
751aaa8 Add support for devices in a service
243bdb6 Add support for setting container ulimit
2202e7f Add support for setting container ulimit
f505e49 a test showing yaml anchor magic
2e4378f add string check for cmd line args
2a8d430 FIXES #35: now support multiple composer files
a512c0c #35: test for multiple -f
f008986 release 0.1.5
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v3.4.2-4-g72031783c, which comprises the following commits:
25f35ac9e Use CGO_ENABLED=1 when building natively on darwin
7c98d542b Bump to v3.4.3-dev
2ad1fd355 Bump to v3.4.2
1d6397e5c Add release notes for v3.4.2
6d9b1e4b8 Fix partial log line handling with journald log driver
8b368b5e1 Fix Zsh completion command documentation
c2fb170b8 Fix flake in upgrade tests
6770fede7 VOLUME must be declared after RUN chown command
cedf1a3d4 podman-generate-kube - remove empty structs from YAML
e456873c0 Exclude already built sources for static build
e9f6e5194 Match .c files in Makefile
de852ebd0 shm_lock: Handle ENOSPC better in AllocateSemaphore
fc1707dfe Minor test tweaks
c8b7ca2ba pod/container create: resolve conflicts of generated names
2dc8db773 Add some information about disabling SELinux when using system volumes
93a3e720d Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
b1ac02dcb tweak a couple of flag descriptions in help output
718de67f3 Fix bindings container log test
dd6551055 test: run --cgroups=split in new cgroup
df9e0fdcb Fix tests of podman image trust --raw and --json
df736396e Tighten the expected output of the "podman image trust show" test
18c322d1c Use INTEGRATION_ROOT instead of current directory
3bd80ac9a Handle HTTP 409 error messages properly for Pod actions
a8332f694 Fix swagger definitions
5889c2c24 Cirrus: Authorize rootless user self-ssh
2a0aad6be Add information on how podman machine is updated
0ded340e6 Fix help message case for `podman version`
fa29ca710 Fix pause usage example
6bf6d7237 Set Checkpointed state to false after restore
2d6252b98 runtime: change PID existence check
a208bc24d Set DOCKER_HOST in the VM
246782133 runtime: check for pause pid existence
0519e7ef8 utils: do not overwrite the err variable
2b85684ad Fix systemd PID1 test
0e1f67b72 cgroups: use SessionBusPrivateNoAutoStartup
9707ff5d4 vendor: update godbus to v5.0.6
a67bf0f92 Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
47afa6d96 Fix a few problems in 'podman logs --tail' with journald driver
729310a85 If Dockerfile exists in same directory as service, we should not use it.
7275d389b Document to not set K8S envars for CNI
955d01f5a [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
2ff511798 Fix some typos in documentation and comments (found by codespell)
eead06b9d [CI:DOCS] Fix typo keep_id -> keep-id
8887cc7e4 podman run --memory=0 ... should not set memory limit
6f779b230 systemd: compatible with rootless mode
465e27cf1 Use exponential backoff when waiting for a journal entry
3b67336b6 Pod Rm Infra Improvements
f8ede7c5e System tests: confirm that -a and -l clash
c3f3e6d3b Remove infra ID from DB before removing containers
b3eaa08c5 Generate Kube should not print default structs
d489abf26 fuse-overlay probably means fuse-overlayfs.
34739f441 Replace 'an user' => 'a user'
9c94530bb network reload without ports should not reload ports
eca1b6c0b pod create: read network mode from config
9e78185e3 volumes: be more tolerant and fix infinite loop
5c2d17e1c [backport] tag: Support tagging manifest list instead of resolving to images
46f7d2af1 Bump to v3.4.2-dev
a6493ae69 Bump to v3.4.1
56a4372c2 Update release notes for v3.4.1
f05e206bd Fix test failures from backports
437ec951d system tests: socket activation: clean up
5aa89c88f Checkpoint/Restore test fixes
d39e41283 Set targetPort to the port value in the kube yaml
7923bfcb0 Test-hang fix: Wait for ready + timeout on connect.
c135ff76d Don't include ctr.log if not using file logging
9168db8bc Do not add TCP to protocol in generated kube yaml
b5dd62f31 Don't use docker/pkg/archive, use containers/storage/pkg/archive
a213661ae Fix panic in container create compat api
92ed439d2 Don't add image entrypoint to the generate kube yaml
16fb4161a Kube Gen run as user/group issues
3082ba8b7 No space in kube annotations for bind mounts
b470de05b cgroups: use cgroup.controllers to read controllers
8b87793d4 Use SplitN(2) when copying env variables
d458bc304 [CI:DOCS] Include manifest example usage
fbe94088f podman stats: move cgroup validation to server
338e01f04 [CI:DOCS] oci-hooks.5.md: fixup section in header
de6a4af5a Change podman.1 man page to show corret log-level default
326eae3b7 Add podman-plugins to upstream image
ca33df146 Ensure `podman ps --sync` functions
7bbf774e8 Allow `podman stop` to be run on Stopping containers
2cd206d0f libpod: fix race when closing STDIN
37347c321 It really should be no **NEW** tests needed
62d12a2ad Add guard for BuildOptions.CommonBuildOpts
c6be71486 machine: silently cleanup dangling sockets before rm if possible
835d74ac6 sdnotify test: accept MAINPID anywhere
14509a92b Allow a value of -1 to set unlimited pids limit
deb7517cc Gating tests: fix permissions error
cd4e10fdf [v3.4] bump c/common to v0.44.3
91f9682c7 Bump to v3.4.1-dev
6e8de00bb Bump to v3.4.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping docker-distribution to version v2.7.1-38-gf7365390, which comprises the following commits:
97f6dace [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
9a3ff113 fix go check issues
19b573a6 Change should to must in v2 spec
d836b23f [release/2.7] update to go1.16
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-tools to version v1.22.0-64-ga9898388, which comprises the following commits:
794d57a4 Bump github.com/onsi/gomega from 1.16.0 to 1.17.0
0f2d4138 Refactor fish completion
c52d97b1 Rename bash and zsh completion functions
cad0736a Add zsh compinit tag
569d1769 Bump google.golang.org/grpc from 1.41.0 to 1.42.0
082da7c6 Bump github.com/docker/docker
0aade2a4 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
4e03be78 Add release publishing workflow
5c0c14e2 Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
b4e1615c Add SHA512 sum for release files
22bdc0b9 Bump github.com/docker/docker
06422104 Bump google.golang.org/grpc from 1.40.0 to 1.41.0
b153327c Bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
c5fac65f Bump k8s.io/api from 0.22.1 to 0.22.2
36c9ae70 Bump k8s.io/cri-api from 0.22.1 to 0.22.2
c104c3a7 Bump k8s.io/apimachinery from 0.22.1 to 0.22.2
65509de9 Bump k8s.io/client-go from 0.22.1 to 0.22.2
59cf0fb9 Bump k8s.io/kubectl from 0.22.1 to 0.22.2
8d019343 Updates E2E test images registry
6824a581 Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
057a0a48 Switch to go1.17 for CI
d9fe19b8 Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
56a2c456 Added dropping/adding `ALL` capabilities case to critest
1817da64 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0
9c01f4d5 Bump k8s.io/cri-api from 0.22.0 to 0.22.1
e3ca48ad Bump k8s.io/client-go from 0.22.0 to 0.22.1
1e108dfb Bump k8s.io/api from 0.22.0 to 0.22.1
79ff09e9 Bump k8s.io/apimachinery from 0.22.0 to 0.22.1
f3863189 Bump k8s.io/kubectl from 0.22.0 to 0.22.1
32d96cbe Bump google.golang.org/grpc from 1.39.1 to 1.40.0
de44545a Bump github.com/onsi/gomega from 1.14.0 to 1.15.0
44385679 Bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
dd011a46 Bump google.golang.org/grpc from 1.39.0 to 1.39.1
3db8a88c Bump Kubernetes to v1.22.0
231cf44f Bump k8s.io/api from 0.21.3 to 0.22.0
032832ec Bump k8s.io/cri-api from 0.21.3 to 0.22.0
64e1ad02 Bump k8s.io/kubectl from 0.21.3 to 0.22.0
918e5c77 Bump k8s.io/apimachinery from 0.21.3 to 0.22.0
6ccbb79b Bump github.com/docker/docker
a2e29a4c Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0cfc8b32 crictl: Adds support for updating resource limits for Windows Containers
d6c95411 Bump k8s.io/api from 0.21.2 to 0.21.3
a9dc7558 Bump k8s.io/kubectl from 0.21.2 to 0.21.3
88e4d31b Bump k8s.io/apimachinery from 0.21.2 to 0.21.3
d7f79299 Bump k8s.io/cri-api from 0.21.2 to 0.21.3
5a43f6cd Bump github.com/onsi/gomega from 1.13.0 to 1.14.0
e89ffa50 Update GitHub actions to go 1.16 and remove .travis.yml
e5045b08 Bump google.golang.org/grpc from 1.38.0 to 1.39.0
31e70ff9 Update critest Windows tests.
03fa217f chore: switch containerd branch to main
aef70e40 Bump k8s.io/cri-api from 0.21.1 to 0.21.2
f6f6a393 Bump k8s.io/api from 0.21.1 to 0.21.2
b90eefd5 Bump k8s.io/kubectl from 0.21.1 to 0.21.2
85fa1307 Bump k8s.io/apimachinery from 0.21.1 to 0.21.2
bb845cfd rm_force_while_container_running_fix
e866f8ff Bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
a8e055d2 Bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4
9de2a5e4 Bump github.com/docker/docker
c83bed06 Bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3
c9cb3790 Bump github.com/onsi/gomega from 1.12.0 to 1.13.0
1d34ea0c Add global handler for Interrupt signal
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.22.1-5-ge3dfe61ca, which comprises the following commits:
d89a55e91 gh-actions: add sed for kube e2e
b1ac0896f release-notes: update to main
a90fcad56 test: add label for openshift e2e in dockerfile
1495b80e8 bump to 1.22.1
4ce3396b9 Skip volume relabel for super privileged containers
66e3210e0 test: skip certificate check for downloading parallel
91acfb2e7 test: fix shmft
325ec64d5 vendor: update to selinux 1.9.1
8bacf3132 test: fix selinux test failures
116eff337 server: FilterDisallowedAnnotations of containers earlier
e595eeb06 server: conditionally relabel volumes given annotation
69dfc4bc4 test: refactor allowed_annotation tests
92810c137 server: reduce args in addOCIBindMounts
54f343719 server: mount cgroup if hostNetwork
b40d9220b server: use container level host network setting
53755727a server: don't recalculate hostnet
a220ddf71 server: set spec when dropping infra
85043dab6 server: don't wait forever on conmon cgroup move fail
764e83f44 Do not log if Intel RDT is not supported
4542e5166 call cmd.Wait() in all cases we call Start()
2bd8e315b oci: call wait on conmon if cgroup move fails
d45f1f112 Fix missing quantile in `latency_microseconds_total` metrics
6a8cb41cd oci: use conmon for exec again
ddef4d063 install dependency in test step
f74d274fa blockio: apply annotations and blockio classes to Linux.Resources
7b3f68fa8 blockio: handle class configuration file if set
d7444c86d blockio: enable setting blockio class configuration file
5aacbedb2 fix checking in openpgp_tag.sh
2bfcfb6fb config: set internal_wipe to true by default, and deprecate the option
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
cri-o has joined the projects switching their default branch to
main (and removing the old one).
We update our recipe to avoid fetcher errors.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v1.5.8, which comprises the following commits:
ef071b07b mailmap: Add Kevin Parsons
2385fd14d Prepare release notes for v1.5.8
15d8c03e3 schema1: reject ambiguous documents
833407fbf images: validate document type before unmarshal
01428ec40 Fix containerd fails to pull OCI image with non-`http(s)://` urls
2bd3f18d9 [release/1.5] go.mod: Bump hcsshim to v0.8.23
047ea15d2 [release/1.5] go.mod: Bump ttrpc to 1.1.0
7b20299bc [release/1.5] update Go to 1.16.10
641976bea [release/1.5] update Go to 1.16.9
b988fc918 Output a warning for label image labels instead of erroring
3109820f5 Update test timeout based on recent cancellations
16762f3e5 Fix spelling mistake in Windows snapshotter
6094bc770 Use DeactivateLayer to recover layers that we cannot rename
bf02a8330 task delete: Closes task IO before waiting
aa7c9d9da Fix pull fails on unexpected EOF
bc2f973ff Prepare release notes for v1.5.7
f95fca079 btrfs: reduce permissions on plugin directories
68119b417 v1 runtime: reduce permissions for bundle dir
97db45e83 v2 runtime: reduce permissions for bundle dir
bc8fdf832 Update release notes and mailmap
77dafa20c Prepare release notes for v1.5.6
a4b51d119 Fix panic in metadata content writer on copy error
147705920 Use github images for integration tests
514137aa0 cri: add devices for privileged container
6bfd09f7c Enable image config labels in ctr and CRI container creation
923088852 seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
4133c775c go.mod: update runc to v1.0.2
011fb4c0b update runc binary to v1.0.2
210d3bc15 Fix content copy to not ignore unexpected EOF
a863339c5 [release/1.5] update Go to 1.16.8
f3d46f828 CI: Switch to available latest images
c7ed09d55 Adding testing of two devices in a directory
0ca2e2751 Fix dir support for devices V3 (#4847)
0fd19511e go.mod: Update hcsshim to v0.8.21
c0534c168 [release/1.5 backport] cri: filter selinux xattr for image volumes
27e164648 Allow expanded DNS configuration
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping conmon to version v2.0.1-288-ge67bb4d, which comprises the following commits:
a854c52 conmon: fix error message
5d5b853 logging: set SYSLOG_IDENTIFIER= with --log-tag
ed0b60c conmon: free userdata files before exec cleanup
42cecdf Cirrus: Remove disused scripts
1c7b233 test: drop seccomp tests
eb808d2 fix gh action yaml
e7a5e0c ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
f263cf4 logging: new mode -l passthrough
f231c7f ctrl: delete the fifo if it exists
7cfb1ac conmon_test: fix race condition on os.RemoveAll
c657db7 integration: use the built binary
fa1fa36 bump to v2.0.31-dev
2792c16 bump to v2.0.30
fec62f1 bump go version for podman tests
89072ea Update VM Images + Drop prior-ubuntu references
53c9f75 Remove unreachable code path
9e54dda exit: report if the exit command was killed
4d3dba9 exit: fix race zombie reaper
c834521 conn_sock: allow watchdog messages through the notify socket proxy
423c391 Add seccomp to build dependency
9c23760 Update nixpkgs
3a8c913 make: only define use_seccomp if we're using it
1d67d9e Makefile: correctly check seccomp notify support
e796a80 Makefile: make conditional-compilation variable setting uniform
e83c392 Makefile: unify condition checking
7381063 Cirrus: Remove outdated/wrong documentation
4a8762d Cirrus: Fix references to 'master' branch
1ef2468 Fix docs links due to branch rename
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.10-9-g7bd682c48c, which comprises the following commits:
7677aeafd7 TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage
34eb6fbe60 testutil: daemon.Cleanup(): cleanup more directories
c7edd308ad [20.10] Update Go to 1.16.10
6611c72b65 cmd/dockerd: create panic.log file without readonly flag
4b9a3dac46 Fix race in TestCreateServiceSecretFileMode, TestCreateServiceConfigFileMode
acb4f263b3 Fix racey TestHealthKillContainer
59d2a2c397 dockerd-rootless.sh: Fix variable not double quotes cause unexpected behavior
2c6aa5aad9 Remove needless check
3285c27503 Fix log statement 'failed to exit' timeout accuracy
a4bcd4c64f docker daemon container stop refactor
bed624fdc9 docker kill: fix bug where failed kills didnt fallback to unix kill
80b7e8b5d7 buildkit: normalize build target and local platform
c2b9a32875 vendor: Update go-winio to v0.4.20
c580a02873 [20.10] Update Go to 1.16.9
129a2000cf [20.10] update containerd binary to v1.4.11
6835d15f55 [20.10] update containerd binary to v1.4.10
5730c139f7 Bump swarmkit to get fix for rollback
59f10e3435 quota: adjust build-tags to allow build without CGO
fa78afebcf Update Go to 1.16.8
567c01f6d1 seccomp: add support for "clone3" syscall in default policy
07728cd2bd update runc binary to v1.0.2
964768f200 cmd/dockerd: add the link of "the documentation"
80f1169eca chrootarchive: don't create parent dirs outside of chroot
93ac040bf0 Lock down docker root dir perms.
b0c0b73798 bump up rootlesskit to v0.14.4
decb56ac89 Update Go to 1.16.7
Bumping docker-cli to version v20.10.10, which comprises the following commits:
9989fdbc4 Update most links in docs to use https by default
0e20c1fd2 Update Go to 1.16.9
1c0927a04 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921 info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79 docs: some minor touch-ups in checkpoint reference
8260476a0 docs: remove trailing space to fix generated YAML format
bce2e1f95 docs: create.md: typo fix
44064f51c Fix typo in documentation - build.md
292779add Add doc for BUILDKIT_PROGRESS env var
f2e79b826 docs: use "console" code-hint for shell examples
fa46b9236 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089 experimental: fix broken link to "checkpoint and restore" page
c72057c8d docs: move checkpoint/restore doc from experimental into reference
77db97d59 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b docs: fix some broken anchors
d0014a86b docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55a docs: fix search results by filterd is-official
44fdac11f Update Go to 1.16.8
061051c24 docs: add missing redirect, and remove /go/experimental redirect
2012fbf11 Update Go to 1.16.7
42d1c0275 registry: ensure default auth config has address
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to version v1.22.4-rc.0-26-ga82c1e72259, which comprises the following commits:
a1bc265ce68 Fixed unit test SELinux support
9286d722d5e Add shortcut for SELinux detection
8ddc2963808 Don't guess SELinux support on error
24b725f29f1 Use separate pathSpec for local and remote to properly handle cleaning paths
3bf2248bda7 [go1.16] Update to go1.16.10
bd146ab0e1b Automated cherry pick of #105122: added keys for structured logging (#105137)
98ad7ac4ef4 Update debian, debian-iptables, setcap images to pick up CVE-2021-33910 fixes
b9236d7cd4a Fixing how EndpointSlice Mirroring handles Service selector transitions
9e778cb6ede Fix race condition in logging when request times out
dee25f4db12 Remove nodes with Cluster Autoscaler taint from LB backends.
e565102bce7 Support cgroupv2 in node problem detector test
33b5f0f1eaf Update CHANGELOG/CHANGELOG-1.22.md for v1.22.3
39f5a506c81 Release commit for Kubernetes v1.22.4-rc.0
c9203682049 Release commit for Kubernetes v1.22.3
6765a52acd9 Free APF seats for watches handled by an aggregated apiserver.
dd8563b0184 Run storage hostpath e2e test client pod as privileged
fc580a41252 support more than 100 disk mounts on Windows
176ba1d5236 [go1.16] Update to go1.16.9
cdfd8141855 Clear initial UDP conntrack entries for loadBalancerIPs
b30f24e2579 Verifying the auth headers are set for upgraded aggregated API requests
0dfe8e33143 apiserver aggregator upgrade unit test
36a9689ce81 Aggregator uses the regular transport even if the request requires upgrades
5fb05afd9f8 Fix PreferNominatedNode test
410c0413757 Remove Error Message Check Dynamic PV Tests
fcb66167905 go fmt
82cd11e646e Add e2e test to verify kubelet restart behaviour
8fa5ff3712c kubelet: set terminated podWorker status for terminated pods
bc392586f01 Fix quota controller hotloop in integration tests
af46778d58d remove StartedPodsErrorsTotal metrice message
13d852c73dc Copy VolumeSnapshotContent annotations in snapshottable.go test
ae10967d23f Fix bugs in e2e pod test
60e425c9009 Ensure terminal pods maintain terminal status
c44db53f2c2 Do not sync Waiting statuses for Terminated pods
4ca2cee155c Adds CancelRequest function to CommandHeadersRoundTripper
cd94fec74c9 Fixes kubectl command headers which hangs on kubectl run
60ee69c79bb Revert "Build non-static binaries with PIE buildmode"
e989925e232 Ignore VMs in vmss delete backend pools
407cc91f95a Fix CSR test to accept certs shorter than the requested duration
6bf5db2e3f7 fix: skip not found nodes when reconciling LB backend address pools
3ceb7b87649 fix: consolidate logs for instance not found error
e15dcbe404c Remove a duplicate StorageClass creation call
6763300949a Update Containerd version - GCE Windows
a135518af00 e2e scheduling priorities: do not reference control loop variable
cc1eb760389 storege e2etest: Delete restored PVC/Pod in snapshottable
614988c6626 pkg/kubelet/cm/memorymanager: Fix ErrorS key/value pair
2f850d636e8 v1.22: Fix test flake in old svc registry
20fa03d60ea 'New' Event namespace validate failed
2ff2780dcc5 kubelet: Handle UID reuse in pod worker
a6539a662cd Add test for recreating a static pod
2d9957274a4 Update CHANGELOG/CHANGELOG-1.22.md for v1.22.2
9f314ed137d Release commit for Kubernetes v1.22.3-rc.0
8b5a1914753 Release commit for Kubernetes v1.22.2
4fa7cdfa93c Refine locking in API Priority and Fairness config controller
b23fffb83ed kube-controller-manager: properly check generic ephemeral volume feature
38c7182897c Fix null JSON round tripping
aeff924339a Propagate conversion errors
a69920a9588 integration test
b7854d5f1c9 fix 104329: check for headless before trying to release the ClusterIPs
d8ead0e1c7b fix detach disk issue on deleting node
c948d8cc53b kubelet: fix sandbox creation error suppression when pods are quickly deleted
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping k3s to version v1.22.3+k3s1, which comprises the following commits:
61a2aab25e Upgrade containerd
e1883d0537 Bump klipper-lb image for arm fix
5eb13b6ba6 Fix log/reap reexec
259ceb452c Fix other uses of NewForConfigOrDie in contexts where we could return err
cc23fce0a7 Watch the local Node object instead of get/sleep looping
6349aed8e8 Block scheduler startup on untainted node when using embedded CCM
db8f54e6af Update to v1.22.3 (#4348)
46eea2f10a Revert "Add ability to reconcile bootstrap data between datastore and disk (#3398)"
9a4ca5978b reset buffer after use (#4279) (#4329)
c9f6fa0be0 remove integration test
07f844cf95 Copy old bootstrap buffer data for use during migration (#4215)
48355dce10 Add ability to reconcile bootstrap data between datastore and disk (#3398)
84e9b829e0 Update peer address when running cluster-reset
06b8639068 Bump klipper-helm version
f98934980d Added configuration input to etcd-snapshot (#4280) (#4281)
7ede7d2e7c Update to the newest flannel
971854c15b Refactor log and reaper exec to omit MAINPID
3988edef25 Add containerd ready channel to delay etcd node join
b65bcdf963 Bump klog fork version
7c78e1c802 [Release-1.22] - Add etcd s3 timeout (#4207) (#4230)
c10a0a2163 Fix race condition in cloud provider
6193b1af97 Display cluster tls error only in debug mode (#4200)
737f722315 set transport to skip verify if se skip flag passed (#4102) (#4103)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the following kernel modules for k3s:
* xt-physdev
* xt-nflog
* xt-limit
* nfnetlink-log
Without them, the k3s network-policy-controller reports failures in the log
related to iptables-restore.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
bitbake is going to start warning about the combination of +=
and :append, which is rarely correct.
We can use use :append and add the space.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* apply the same also for recipes using PKG_NAME starting
with github.com which the conversion script doesn't update
automatically
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
master has become main in the runtime spec, so we update our recipe to
match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
runtime-spec has moved to main instead of master, so we tweak our branch
name to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As introduced in the oe-core post:
https://lists.openembedded.org/g/openembedded-core/message/157623
SRC_URIs without an explicit branch will generate warnings, and
eventually be an error.
We run the provided conversion script to make sure that meta-virt
is ready for the change.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
update to 4.0.11
1.drop two patches that have been integrated to upstream repo.
2.drop tests-add-no-validate-when-using-download-template.patch
because it is no longer appropriate as the "download" has been
replaced with "busybox"
3.fix the apply failure of templates-use-curl-instead-of-wget.patch
4.update lxc from 4.0.10 to 4.0.11
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Include the xt-statistic kernel module required by K3S for iptables
configuration.
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: I7592261c65c7c0831ce553ee907fba9e3e458b6f
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update k3s.service with the latest changes from install.sh script.
Add k3s-killall.sh script to stop all of the K3s containers and reset
the containerd state.
The killall script cleans up containers, K3s directories, and networking
components while also removing the iptables chain with all the associated
rules. The cluster data will not be deleted.
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: If1794367cabfc18fc8e3ecaf26badd4d0bc25114
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Podman requires nsenter (for obvious reasons) .. and while this
dependency is normally satisfied on images (via busybox), it is
possible to build a minimal container image that excludes
busybox .. and hence will not have nsenter present.
Rather than making this a hard rdepends on util-linux-nsenter,
we use a variable: VIRTUAL-RUNTIME_base-utils-nsenter, which
can either be set to busybox or util-linux-nsenter (the current
default).
The VIRTUAL-RUNTIME_base-utils- format follows similarly named
OEcore providers and variables .. which the exception that there
is no entry in the preferred providers file there, and there's
no package created called busybox-nsenter (but perhaps there
could be in the future).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Like many other projects, umoci has switch to main instead of master.
(and then deleted master)
We change our branch specification to main, so the fetcher can once
again find our desired SRCREV.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Our storage.conf is a bit stale and is throwing warnings during
load (due to thin provisioning changing). We refreshin it from
the skopeo repository.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
recipes that use multiple SCMs in the SRC_URI, must supply
SRCREV_FORMAT or SRCPV triggers an expansion error. While
this isn't fatal during the build, it can cause issues with
setscene (and possibly) other tasks failing, which then
leads to no sstate re-use, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
recipes that use multiple SCMs in the SRC_URI, must supply
SRCREV_FORMAT or SRCPV triggers an expansion error. While
this isn't fatal during the build, it can cause issues with
setscene (and possibly) other tasks failing, which then
leads to no sstate re-use, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
recipes that use multiple SCMs in the SRC_URI, must supply
SRCREV_FORMAT or SRCPV triggers an expansion error. While
this isn't fatal during the build, it can cause issues with
setscene (and possibly) other tasks failing, which then
leads to no sstate re-use, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping image-spec to version v1.0.1-97-g54a822e, which comprises the following commits:
fc4df0a Fix very minor oversight in config example
08dd547 media-types.md: clarify differences from Docker media types
170393e Embedded other platform fields in image spec
ebb32fd Use registry.example.com as example default registry
0e20f8a Add CPU variant to image config
a2b7b2f expected type/subtype test for descriptors should have comment that references failure, not success
875b7e5 pullapprove: remove defunct config
3b938ac Drop link to OCI scope table
ee4bfe1 Add background to png images
eaa222c image.base.ref.name -> image.base.name based on stevvooe's feedback
4221034 CODEOWNERS: switching from pullapprove to github builtin
4feeaac Describe how index manifests should work with base image annotations
a25f547 Removing Link Introduction
54bc9b7 Fix typo
b619890 Makefile: switch to the new OCI container image
9ed9683 adding github workflow to render docs and lint
87bb9f8 Create EMERITUS.md to recognize old maintainers
71ccc68 Add standard base image annotations
c435dd5 Remove Keyang Xie as a maintainer
a4ddb1f MAINTAINERS: update jonboulle email address
37e228a Update vbatts email address in MAINTAINERS
5f0d52c Replace Jason B with Jon J in image-spec maintainers
4366201 pandoc: point to a joint OCI org image
8211213 fixed typo in image-layout
78c42f4 Remove go4.org dependency
43022b9 MAINTAINERS: remove Brandon Philips @philips
8c25739 mediatype of layers should be application/vnd.oci.image.layer.v1.tar+gzip
c3a73dc zstd: add constants to specs-go/v1
d420390 README.md: return to one-sentence-per-line format
ea8062d Reference "org" repo for meeting info
1a29e86 media-types: Define layer media types suffix '+zstd'
042b4d7 Run tests with go 1.12
3d3783d Fix linting error
bd4f8fc annotations.md: Fix a small typo
c5f603f Fix table header grammar in annotations
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runtime-spec to version v1.0.2-71-gab23082, which comprises the following commits:
411082c add youki to implementations.md
6641127 alphabetize the implementation list.
15f418e fix the lifecycle reference in the states listing
f0ac327 defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types.
cc7f6ec config-linux: Add Intel RDT CMT and MBM Linux support
c83b45e Introduce zos as platform.
0c021c1 config-linux: clarify the handling of ClosID RDT parameter
9e65944 config-linux: fix indentation on IntelRdt
0f84938 schema/defs-linux: Fix inconsistencies with seccomp notify
7c549cb seccomp: Add missing const for seccomp notify action
58798e7 Add Seccomp Notify support
8c363e8 Proposal: runtime should ignore capabilities that cannot be granted
f02cd4a config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED
76f7818 README: Fix broken link for charter
f7ef278 seccomp: allow to override default errno return code
ec964df seccomp: expect error with invalid errnoRet
2978430 config-linux: fix personality link
e9429bb Makefile: Fix golint URL used in go get
8f65443 travis: fix go_import_path
3866eec MAINTAINERS: update vbatts email
2fe0475 Add support for SCMP_ACT_KILL_THREAD
fd895fb Change all references from whitelist to allowed
11bfea2 Fix int64 and uint64 type value ranges
57a316b docs: Added enclave OCI runtime rune to implementations
938cf9f Update seccomp architectures to support RISCV64
d3f079a config.go: make umask a pointer
a02a293 Update State structure to use the new ContainerState type
7571d3d cgroup: add cgroup v2 support
66ad83f Use dedicated type for Container State
89419f0 Add State status constants to spec-go
09fc3b4 Remove superfluous 'an'
0e72101 Add Giuseppe Scrivano as runtime spec maintainer
6042999 Define State for container and runtime namespace
a9f1170 Add seccomp kill process
d759f35 MAINTAINERS: Add @cyphar as maintainer
f9df045 seccomp: fix go-specs for errnoRet
3bfcde2 seccomp: allow to override errno return code
1ac6f8d specs-go: bump master back to -dev
c4ee7d1 specs-go: update version to 1.0.2
ce773cb ChangeLog: changes v1.0.1...v1.0.2
5ef5c78 Makefile: avoid SELinux for making docs
d22e8e0 *: release process is duplicated in RELEASES.md
41c3e47 Review (tianon)
9be9595 Clarify case with pre-configured Intel RDT closID
76c0da2 config-linux: describe more about rootfs mount propagation
353ddcb config-linux: add SHOULD to linux.namespaces.type
37fab77 Fix typo in RELEASES.md
baa7978 remove unneeded indent
a87fe24 Makefile: no DCO with git-validation on travis
bacc285 MAINTAINERS: remove philips
d5bfb2b MAINTAINERS: remove Vishnu
dda13dc PullApprove: No need for 3 DCO checks
12fd09a RELEASE: document how to do the release
c166268 Add create-container, create-runtime and start-container hooks
e6e17ad schema: drop id from umask
fac34e2 schema: fix indentation
03c526b schema: add missing definition for personality
2b844a0 Add support for SCMP_ACT_LOG
66f4ffa Add new seccomp action.
d1ef109 config-linux: support seccomp flags
ff32f02 implementations.md: fix repository for crun
23c4be2 Update meeting info section to point to "org" repo
78ab98c Fix markdown escape in config-linux
5cc25d0 Add Linux personality support
234aa0b config-linux: Add Memory cgroup's use_hierarchy
6b04c63 config: add "umask" field to POSIX "user" section
dba5778 config: Collapse extensibility to a single MUST
574182a schema/defs-linux: change weight type to uint16
ec0fc3d runtime: Clarify ociVersion as based on the state schema
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The criu-dev branch is not constant/consistent, so we switch to main
for our SRCREV specification.
At the same time, we bump to 3.16.1, which comprises the following
commits:
4a1731891 criu: Version 3.16.1
62b377957 Makefile: add shellcheck test/others/libcriu/*.sh
59d0dfba9 test/libcriu: print logs on fail
53bf82bcf test/libcriu: add test case for join-ns
a8c5efe4c libcriu: define log level constants
5ec2a6aaa libcriu: add join_ns API
f2cdb062a Makefile: install criu-ns only with python3
a15a63fce criu-ns: change python shebang to python3
000ea8266 criu: Version 3.16
8567a0952 ci: Update openj9 container images
0b2a7223b mount: fix double-dump file system bug
bea9580e3 gitignore: add build directory
4db8ef15c podman-test: use crun from git repository
6a15dbdef lib: install images/rpc.pb-c.h
c6b5e7d92 sk-unix: fix prep_unix_sk_cwd root and cwd restoring
f0e968ffe binfmt_misc: restore current work directory after restoring mnt ns
776f3cff7 autofs: restore current work directory after restoring mnt ns
45409c35d mount: use swich_mnt_ns/restore_mnt_ns helpers to simplify code
f79d15c44 binfmt_misc: restore current work directory after restoring mnt ns
eea63587e namespaces: add helpers to switch/restore mnt ns
41f448968 remove tls parameter description if without GnuTLS support
d87922099 kerndat: create separate netns for has_nftables_concat check
aa772bf28 zdtm: fix network lock tests when run with --norst
9838d34de criu: use unique table names for nftables based locking
ca3e3c50b inventory: save network lock method to reuse in restore
cd1570b15 zdtm: add ipv6 variants of net_lock_socket_* tests
212db1d9a zdtm: add nftables per-socket locking test
826d3d740 criu: add nftables connection locking/unlocking
6e59b2bd7 zdtm: add iptables per-socket locking test
c15327656 zdtm: add nftables network namespace locking test
19cc0bfa6 criu: add nftables netns-wide locking/unlocking
f246ca56c criu: rename iptables network locking/unlocking functions
e9d24a2ba cr-check: add check for nftables based network locking
b85fad797 cr-service: add network_lock option to RPC and libcriu
2e30db5c3 criu: add --network-lock option to allow nftables alternative
ef7af1dd1 Run 'make indent' on criu/include/plugin.h
cf2b67375 workflows/lint: show changes
03cdbc4c0 criu/config: fix use-after-free in parse_join_ns
546a6dfd0 configs: fix used after free cases
399a53a43 lsm: do not print a warning if no LSM has been detected
960f26f90 files-reg: do not print a warning if a file has no build_id
90e175d52 zdtm/pthread_timers: make sure glibc allocated SIGEV_THREAD's stack
dd0e66149 ci: fix 'crit.sh: 3: source: not found'
e936a0f8a docker-test: refactor test scenario
78eb0dabf dump: suspend/resume lsm on pre-dump
5dc373385 util: add run_command()
9422383b6 zdtm/apparmor_stacking: don't include optional AppArmor namespace separator
dc4c3cd48 apparmor: actually enable suspend for AppArmor
ea1c89147 lsm: handle SELinux LSM correctly
06b5d2fa8 tests: add a test for apparmor_stacking
8723e3f99 check: add a feature test for apparmor_stacking
8d992a680 lsm: support checkpoint/restore of stacked apparmor profiles
0db135ac4 util: add rm -rf function
6085c37ba lsm: change when LSM profiles are collected
e2a45d786 ci: extend lint run to run 'make indent'
70833bcf2 Run 'make indent' on header files
93dd984ca Run 'make indent' on all C files
1e26f170c criu: introduce clang-format to format source code
cc2317ea4 zdtm: fix indentation in Makefile wait_stop target
d62e747e9 ci: fix Fedora Rawhide
b32c8c6fe posix-timers: fix getoverrun error handling
01fa34f1e ci: use pre-installed Podman
918901439 zdtm/pthread_timers: require ns_pid feature and add non-ns test
e1b1547c8 posix-timers: fallback notify thread id encoding for non-pidns and non-nspid
91d7203b8 proc_parse: make nspid field optional
a692a0d0a kerndat: Check that "/proc/[pid]/status" file has NS{pid, ..} lines
64f0012e4 zdtm: add a test for SIGEV_THREAD timers
7eab5a7dc timers: save tid from a task pid namespace
61e1334ab proc_parse: get a thread ID in a thread pidns from /proc/pid/status
80079fbb0 criu: dump and restore notify_thread_id of posix timer
6be9345fb criu-ns: add support for 'check' action
868bffba4 criu-ns: add top-level conditional execution
f70605ef1 criu-ns: update script name in help message
f472e2590 Documentation: Add man page for criu-ns
8891e51cd make: install criu-ns
4a9bcd884 zdtm: prioritize /lib/* dependencies in some tests
00ca2b519 scripts/build: add a docker file for archlinux
694eafa1f protobuf: remove leading underscores from protobuf structs
efb9fccd4 cgroup: cgroup_contains has to update the mask for cgroupv2
ac27562f0 ci: add msgque test case to crit-recode
7e86519fe lib: fix crit-recode msgque errors in Jenkins
503488597 ci/openj9: run mrproper before make
7ff785e1d zdtm: make --sbs also stop on each pre-dump/snap iteration
07316d15a restore: cleanup cgroup properly in error path
8f2b8c7be scripts: run lint also on criu-ns
bd648cc8d ci: also test tcp stream crit recoding
fa9acb9dc lib: fix broken crit-recode test
0ca36c95e ci: combine cross compile container definitions
2ebb1c741 crit: fix error on memfd files parsing
f57e45df5 cr-service: move pidfd_store initialization to cr-service
f7cd25400 pidfd_store: tidy up interface and hide unneeded details
083f0822e pidfd_store: move pidfd_store to a separate file
d55f34ed7 test/ci: sync netns_lock test and its --post-start hook
b290df9a6 test/jenkins: fix netns_lock test multiple iterations failure
75feb9635 ci: fix mips64el-cross test
f3cb15660 Keep inherit-fd strings alive until task restore
d3ce492cc pycrit: fix the broken of cli the `crit show xxx.img`
093fb0c87 Add test for new --lsm-mount-context option
64dd64e50 Enable changing of mount context on restore
5be71273f Remove unnecessary whitespace
fc7705a13 zdtm: add network namespace locking test
0cf79a360 test: remove exec test
1a197d4d8 criu: add unit testing for config file parser
45bde968a test: add tests for configuration file parsing
f695e6e10 config: make configuration file parser more robust
381d2e88f criu: add cleanup_free attribute
031a8d790 bfd: loop through read()/write() when the action is incomplete
24bc08365 ci: disable some tests on CentOS 7
63ca464bc ci: remove old workarounds
6ef01d3e6 ci: switch CentOS 7 test to Cirrus CI
1fbe87624 ci: disable -x during print_env()
b4c7267b0 zdtm: allow ignore taint via environment variable
a92833818 scripts/vagrant: Use vagrant 2.2.16
eda3ac2ff scripts/vagrant: Use Fedora 34
87ea13f6b add PKG_CONFIG default in a few more places
6db0f95db crtools: improve error handling on signal setting
2967bed64 build: respect $PKG_CONFIG settings
81a68ad3b docker-test: use latest containerd release
638e53c95 zdtm/tun_ns: add per-test dependencies
9d9ec73dd test: skip time namespaced tests on <= 5
e42083aa8 ci: update docker test matrix
ebc74668f cr_options: handle the case where __dest == __src in SET_CHAR_OPTS
d0511319e github: Add templates for new issues and pull requests
3c10d3335 criu(8): document --join-ns option
80ee4f8ae kdat: make uffd_open return errno from syscall separately
a8525c07d ci: no longer avoid overlayfs
2aa4185a6 test/others: refactor loop process
2b78d95e6 test/others: drop '_exit' function
34410b9e7 test: add a test to check that sigtrap handlers are restored
b310fbd31 ksigset: fix a typo in ksigdelset
c1b2d194e mem/pidfd: fix poll retry error checking
1c08709cd zdtm: add pidfd store based pid reuse test
ea0dc7807 zdtm: add --pidfd-store option in RPC mode
e79131e8c criu: add pidfd based pid reuse detection for RPC clients
ba882893c cr-check: add ability to check if pidfd_store feature is supported
e3c9c3429 cr-service: add pidfd_store_sk option to rpc.proto
a9508c986 criu: check if pidfd_getfd syscall is supported
30e8d8cad criu: check if pidfd_open syscall is supported
5d08f975a kerndat: Handle non-root mode when checking uffd
8c303d1a6 test/others/crit: add test for 'x'
e39300109 lib/cli.py: Open explore file as a binary
c8973d426 test/zdtm: check that a penging SIGTRAP handled properly
61c7cc5a9 parasite: don't block SIGTRAP
ed58fb221 test: create new tls certificates
6beeabcd4 zdtm: add sk-unix-dgram-ghost test case
2609e98ee sk-unix: ghost: fix deadlock between peer_fle->stage and fds wake up
655610e09 ci: remove hack for netns-nft zdtm test
ddefbbff1 zdtm: add combined nftables/iptables netns-nft-ipt test
4696e61ed zdtm: skip static/netns-nft test if nftables feature isn't supported
d8821d9a8 net: skip iptables dump if it has nft backend and nft dump is supported
e26949cfe lsm: handle half initialized SELinux setups
e2c352e4f tools.mk: Use Python 3 by default
177e4b4ba mips: remove empty gitignore
22142eedf mips: coding style fixes
99a6a17c2 Allow systemcfg proc file to be dumped
731cafa85 logging: pr_perror() -> pr_msg() when execvp fails in action scripts and others
24bdfa72d net: add a #define for increased compatiblity with old distributions
29c34386b restore: fix error message when fork fails
f10425e05 criu: end pr_(err|warn|msg|info|debug) with \n
96b7178ba Whitespace at EOL cleanup and check
7ea20e8f5 criu: make sure to use pr_perror to show errno
10c619adb test/zdtm: pr_err / pr_perror fixes
dca0eb5b4 test/others/bers: use pr_perror
e326889c0 criu/mount.c: fix \n in pr_debug
2166d4748 scripts: fix shellcheck warnings
5f3631916 Makefile: amend lint with pr_perror/fail checks
4cd23083b test/zdtm: don't pass errno to fail()
12a2bd0ed test/zdtm: don't use %m with fail
b20694835 test/zdtm: don't use \n with fail()
9cbcaaed3 test/zdtm: don't use errno for pr_perror
865a5e951 test/zdtm: don't use pr_perror where errno is unset
d55a65e93 criu: don't use errno for pr_error
f3be776cc Drop \n from pr_perror
5e3b07b95 test/zdtm: check that restore can handle precreated veth devices
f60f24bfb kerndat: check whether IFLA_NEW_IFINDEX is supported
3ca09f5c9 ci: exclude lazy-thp for remote pages over tls
6c77d7226 Makefile: docker-test don't use interactive tty
27b9ed53e Makefile: update excluded tests for docker-test
5d8ecee0a docker-test: use host cgroup & network ns
e3c0fa701 Dockerfile: add missing test dependencies
3074b6d5a Dockerfile: re-build criu after clean
f432186e7 Dockerfile: use 'git clean' before build
264b4a8d2 tiny fix on function dump_empty_fs
cdb0d4270 net: allow restoring of precreated veth devices
e3b694392 scripts/build: drop obsolete ENV1 variable
eb5726c44 images: re-license as Expat license (so-called MIT)
9c18c63d2 ci: enable crit tests in CI
b78c4e071 test: fix crit test and extend it
13e6e6899 lib: also handle extra pipe data correctly
bf9e502c6 lib: print nice error if crit gets wrong input
bf80fee4f lib: correctly handle stdin/stdout (Python 3)
9635d6496 criu: Replace faccessat with fstatat when using AT_SYMLINK_NOFOLLOW flag
96c1351d8 criu: Throw error when parent path is provided but invalid
8dc7ce3e7 cr-service: fix CRIU_REQ_TYPE__FEATURE_CHECK RPC request
b82f222d6 lib: fix crit-recode fix for Python 2
228e510d2 ci: move CentOS 8 based test to Cirrus
069d92e51 Use a real VM instead of a privileged container
90e03b1a1 pstree: don't change sid/gid-s if current sid/gid is the same
248b77367 lib: correctly handle padding of dump images
abe3405b2 lib: fromstring() and tostring() are deprecated
c10aae8f6 criu-ns: Merge comparisons with 'in'
5f59a7cc3 criu-ns: Add unsupported msg for restore-sibling
797422986 criu-ns: Handle restore-detached option
6b375ed75 criu-ns: Pass arguments to run_criu()
55a0557db criu-ns: Close namespace fd before raise
0e024bfce criu-ns: Extract set namespace functions
a80f08c2e criu-ns: Remove unused _umount
6fd59abc8 criu-ns: Use documentation strings
f8556f947 criu-ns: Extract wait for process into a function
a08aa4406 criu-ns: Extract mount new /proc into a function
a0a02c73e criu-ns: Remove space before/after bracket
8f69a58e0 criu-ns: Convert indentation to spaces
f3d071461 ci: run zdtm/transition/pid_reuse with pre-dumps in ci tests
288adfc59 ci: remove ccache setup
2e0107ead ci: run recode tests on more input files
71013465b lib: fix recode errors seen in Jenkins
c84dddf2f ci: remove '-Wl,-z,now' workaround
ed0f4608f lib/cli.py: Open out file as a binary
a433943a7 docker-test: set log file path
046cad8bf docker-test: use containerd v1.5.0-beta.0
25f378083 ci: move Travis CI Docker tests to GitHub Actions
7e6a1a701 pstree: check for pid collision before switching to new sid/gid
bb5bad532 test: move vt test to minor 65 on s390x
c66ca3aa2 zdtm/fpu03: Add .desc file to omit running on !x86
a87c61fe8 Revert "compel: add -ffreestanding to force gcc not to use builtin memcpy, memset"
1bac3a64b s390: Purge stale comment
39b7252c6 fault-injection: Run fpu corruption tests
21e3c5307 compel: Provide compel_set_task_ext_regs()
3613b6f15 compel: Store extended registers set in the thread context
7af06af10 zdtm/fpu03: Add a test to check fpu C/R in a thread
6c879c3c8 zdtm/fpu00: Simplify ifdeffery
e2e8be37f x86/compel/fault-inject: Add a fault-injection for corrupting extended regset
327e14933 namespaces: properly handle errors of snprintf
ffb848e6d x86: Use PTRACE_GET_THREAD_AREA instead of sys_get_thread_area()
72dc32850 ci/compat: Check if tests are 32-bit ELFs
10fe08c37 github/stale: separate labels with commas without following spaces
ff38944b9 ci: fix Fedora rawhide CI failures
79b3893ec plugin: check for plugin path truncation
878223560 sk-unix: check whether a socket name is NULL before printing it
9582a44ce bug: add __builtin_unreachable in BUG_ON_HANDLER
4eb43dc4d test: fix test compilation on rawhide
6f8e67135 zdtm: Add javaTests output to .gitignore
7b3eb03ab test: Reduce verbosity of mvn output
ae143161b javaTests: Add --file-locks option
56d7dbd7c file-lock: Add space in error message
950805bf1 ci: use runc instead of crun for podman tests
719e42fe1 seccomp: initialize seccomp_mode in all cases
2dc65a636 zdtm: add second fifo_upon_unix test
1f2e10771 zdtm: add fifo upon unix socket test case
7c5c81366 sk-unix: rework unix_resolve_name
d0308e5ec sk-unix: make criu respect existing files while restoring ghost unix socket fd
49889baa2 files-reg: rework strip_deleted
129cc7fbc files: Don't forget on stripping deleted postfix on linked files
3a4bffc14 ci: move coverage run to github
6be56e92c test/zdtm: check that locks are not dumped if --file-locks isn't set
7b5e7166e dump: dump has to fail if there is locks and --file-locks isn't set
37c09f890 ci: move compat tests to Github Actions
246c37ad3 README.md: remove unused badges; add a few new badges
fad9f805c README.md: remove trailing whitespaces
67ce4e46c ci: move asan and image streamer test to github
f983a55e6 vdso: fix segmentation fault caused by char pointer array
909ce55d8 Tell podman to use vfs as storage-driver
f4c5937ca ci: move Fedora Rawhide based tests away from Travis
ed7cefe21 ci: factor out Fedora Rawhide CI setup
95c4a8b40 ci: skip bpf tests on vagrant
bb2078f36 ci: upgrade vagrant and Fedora version
da2c83d87 ci: fix syntax error in stale.yml
fc5ba7de7 zdtm: handle a case when a test vma is merged with another one
d74353d77 util: zero the events pointer to avoid its double free
540141c7c namespaces: handle errors of snprintf
b83a1dd95 ci: also use clang for compel-host-bin
baad84efb ci: run aarch64 compile tests on Drone
95df2524c zdtm: cleanup thread-bomb test error handling and printing
50a96e9fa ci: move vagrant test to cirrus ci
f04e8517c workflows/stale: Don't close issue that has labels 'new feature' or 'enhancement'
2721d865f fsnotify: rework redundant code
c4f176b1e mount: adjust log level for mnt_is_dir
3fd3a376f mount: adjust log level for get_clean_mnt
8c53627dd dump: at exit do not call timing_stop if stats are not initialized
c405a0116 coverity: get_service_fd() is passed to a parameter that cannot be negative
6ff51fd8d restore: warning: Value stored to 'ret' is never read
0bb3d8586 memfd: use PROC_SELF instead of getpid in __open_proc
34024dfdc util: move open_proc_self_fd to service_fd
068672f39 servicefd: don't move service fds in case they remain in the same place
5364ca3da compel/test: Fix warn_unused_result
8aba7ae9f compel: Fix missing loff_t in Alpine
cffbeffed ci: Enable compel testing
fbb21b404 compel/test: Add main makefile
ae686848b compel/test: Resolve missing includes
c7544894f dump/ppc64,arm,mips: sanitize the ERESTART_RESTARTBLOCK -> EINTR transition
0cbfba778 github: auto-close stale issues and pull requests
fabd5be38 zdtm: look up iptables in /sbin and /usr/sbin
797f41e8a test/zdtm_ct: Run zdtm.py in the host time namespace
f736b8750 ci: Alpine's busybox based free does not understand -h
d2ed60b60 namespaces: don't set rst on error in switch_ns_by_fd
94fb7c36a ci: move alpine based tests to github actions
a28947bb8 ci: give an overview of the current CI environment
70088b66c ci: add Circle CI definition
a719a2f49 CONTRIBUTING.md: add component prefix to the subject example
adfec67c0 .gitignore: Remove qemu-user-static
82bddc4b2 scripts/Docerfile.centos8: Use 'powertools' repo name
898329b30 x86/asm: fix compile error in bitops.h
371d9c83d others/ns_ext: restore a process out of PID namespaces into the host PID namespace
eb9ed1aaf cr-restore: setup external pidns only for root task
c5064eda1 namespaces: make root_ns_mask more consistent
c629525ca cr-restore: make CLONE_NEWPID flag in clone_flags more consistent
98fbb766d compel/handle-elf: override unexpected precalculated addresses
6a7bb0b9f docs: fix simple typo, clietn -> client
b023f0ab5 vim: remove wrong 8-space tabs indent from python files
2c89954cc zdtm: on fail with no error also print the tail of the log
9bdae79d0 uffd: check for exited task when reading uffd_msg
3b2202151 uffd: cleanup read error handling in handle_uffd_event
8ca4d6e5b cr-restore: Properly inspect status in sigchld_process()
00bd72f32 ci: remove special handling for mips
2d68627dc CI: remove centos7 from Travis
5bb4406e9 ci: use graviton2 for arm64 tests on Travis
fb21643b2 tls: Add logging within send/recv callbacks
b28eb7b2d compel/log: Provide %u specifier parsing
c39ed518f compel/log: Stop parsing at unknown format specifier
b93fe2b2d vdso: Let zero-terminator in vdso_symbol_length
528ce2598 uffd: handle xrealloc() failure
56a70ff99 uffd: fix 'double free detected in tcache 2'
7db0c7c02 ci: add CentOS 8 based CI run
b0676302f ci: switch centos7 to github actions
247523c0c travis: rename centos test to centos7
b6e4dae22 criu-ns: Remove unreachable statement
ebea8f560 ci: fix lazy-pages test selection
20a83e77c ci: 'fix' lazy tests
1ecaee67a namespaces: fix 'Declaring variable "path" without initializer'
097c931ed coverity: img_raw_fd() returns a negative number
04d7b7157 sk-unix: ignore coverity chroot() warning
cfeb9c10f cr-dump: get_service_fd() is passed to a parameter that cannot be negative
ed905a002 util: fix double_close false positive
b47cb0539 dump: Potential leak of memory pointed to by 'si'
def84b8ef coverity: fix parameter_hidden: declaration hides parameter
c98eb0384 restore: Value stored to 'ret' is never read
8e5acdd2d cr-dump: Potential leak of memory pointed to by 'si'
cf4fe1fa1 vdso-compat: let coverity know that the function does not return
cfcc0b14a coverity: ignore CHECKED_RETURN
d0db53297 autofs: Potential leak of memory pointed to by 'token'
9b1921fb7 sk-unix: do not overwrite function parameter
1d403eb18 Use 'is None' instead of '== None'
820525fe8 bfd: remove unused line
a02986804 coredump: remove two unused variables
1543527bf lib/py: remove unused variable
7db0bb69e infect: initialize struct to avoid CLANG_WARNING
ee048e148 lock: disable clang_analyzer for the LOCK_BUG_ON() macro
70c8c12c6 compel: don't mmap parasite as RWX
6edcef740 cr-restore: Wait child & reap zombies if PID=1
4381043a7 criu-ns: Use PID 1 on restore
b2232f7f7 criu-ns: Convert c_char_p strings to bytes object
d16033658 criu-ns: Print usage info when no args provided
26371e56f criu-ns: Convert to python3 style print() syntax
72ca9673d python: Replace xrange with range
2598f64fa crns.py: New attempt to have --unshare option
0d691acba CI: distribute CI jobs between CI systems
e7cbeddff CI: rename 'travis' to 'ci'
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.2-16-g718b94e, which comprises the following commits:
979f6f0 criu: save the new descriptors after restore
cab3d52 crun: chown std streams
c68c4ce crun.1.md: fix formatting
62e9ba0 test: bump base and ubuntu to 1.16 for containerd tests
07303d8 exec: support --cgroup
9c96ca4 libcrun: allow to specify sub-cgroup for exec
e32af6c cgroup: allow to create missing dirs
baa786c exec: use new function
6d70af2 exec: new function libcrun_container_exec_with_options
97c2eac tests: add userns to sd_notify_proxy test
4f6c8e0 NEWS: tag 1.2
aee580f exec: fix containers being wrongly reported as paused
762269c test/criu: enable external ipc,uts,time namespaces
e334260 criu: Add support for shared ipc,uts,time ns
1353be8 configure: convert indentation to tabs
44bb0b2 artifacts: add libprotobuf-c-dev for protobuf headers
5b341a1 NEWS: tag 1.1
55d293c .github: add libprotobuf-c-dev
2162435 criu: store external descriptors as JSON string
9c7d928 .github: check tests leave the working dir clean
d99bb51 .github: report make check failures
0d64e1d linux: fix fix-test-mount-symlink-not-existing test
7260dc8 tests: fix number of tests
b0d64b6 tests: skip caps tests if rootless
a538e4e tests: disable exec_additional_gids when rootless
b055575 criu: fix save of external descriptors
c0f5460 criu: use has_prefix instead of strncmp
0fa5a11 criu: use write_file instead of open+write
1604c54 criu: drop \n from error messages
a967d78 criu: fix fd leak
f624c93 tests: disable unrelated failing Podman tests
ee35311 utils: add new function safe_readlinkat
ef24f0c README.md: ./configure.sh → ./configure
3e82d10 tests: add test for c/r with ext namespace
2257680 tests_utils: drop unused variable
f41c979 tests: drop unused imports
be18607 criu: Add support for external PID namespace
4810ac6 exec: refuse paused container/cgroup
7d35659 cgroup: drop cgroup_mode arg from libcrun_cgroup_is_container_paused
44377aa container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing
bc0b3d1 utils: retry openat2 on EAGAIN
8a70bcd cgroup: use cgroup.kill if available
c819e9c tests: update Podman to 3.3.0
74543d3 linux: silence two false positives reported by lgtm
c1798ad status: check for owner before using it
5399935 utils: NUL terminate readlinkat buffer
2557c81 NEWS: tag 1.0
dad6ef2 crun.1: regenerate
2199d10 tests: update containerd version
We also bump the oci/image/runtime spec SRCREVs to ensure that we have
all the source dependencies up to date.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
