jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,902 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

3902 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 21498b8e54
bump mrunalp/fileutils 7d4729fb36185a7c1719923406c9d40e54fb93c7 
no significant changes, other than some linting fixes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-06 01:44:28 +02:00
Sebastiaan van Stijn eb86f6037e
bump syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2 
relevant changes:

  - syndtr/gocapability#14 capability: Deprecate NewPid and NewFile for NewPid2 and NewFile2
  - syndtr/gocapability#16 Fix capHeader.pid type

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-06 01:44:26 +02:00
Sebastiaan van Stijn 1150ce9c6e
bump urfave/cli v1.20.0 
previous version was somewhere between v1.18 and v1.19

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-06 01:44:23 +02:00
Sebastiaan van Stijn 8e4f645fca
bump docker/go-units v0.3.3 
relevant changes:

  - docker/go-units#8 Enhance FromHumanSize to parse float64 string
  - docker/go-units#20 Add `HumanSizeWithPrecision` function

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-06 01:43:44 +02:00
Sebastiaan van Stijn 0fc0662338
bump cyphar/filepath-securejoin v0.2.2 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-06 01:43:42 +02:00
Sebastiaan van Stijn 414a39dedb
bump containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f 
relevant changes:

- containerd/console#27 console_linux: Fix race: lock Cond before Signal

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-06 01:43:39 +02:00
Sebastiaan van Stijn de24d73350
bump github.com/pkg/errors 0.8.1 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-06 01:43:37 +02:00
Sebastiaan van Stijn 4be3c48e05
Reformat vendor.conf and pin all deps by git-sha 
to make it better readable, and to encourage pinning by
sha, but align to a tagged release.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-06 01:43:33 +02:00
Mrunal Patel 0fd4342a92
Merge pull request #2028 from thaJeztah/bump_golang_versions 
Update to Go 1.12 and drop obsolete versions
 2019-09-05 16:30:01 -07:00
Mrunal Patel 92ac8e3f84
Merge pull request #2113 from giuseppe/cgroupv2 
libcontainer: initial support for cgroups v2
 2019-09-05 13:14:29 -07:00
Giuseppe Scrivano 524cb7c318
libcontainer: add systemd.UnifiedManager 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2019-09-05 13:02:27 +02:00
Giuseppe Scrivano ec11136828
libcontainer, cgroups: rename systemd.Manager to LegacyManager 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2019-09-05 13:02:26 +02:00
Giuseppe Scrivano 1932917b71
libcontainer: add initial support for cgroups v2 
allow to set what subsystems are used by
libcontainer/cgroups/fs.Manager.

subsystemsUnified is used on a system running with cgroups v2 unified
mode.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2019-09-05 13:02:25 +02:00
Mrunal Patel 92d851e03b
Merge pull request #2123 from carlosedp/riscv64 
Bump x/sys and update syscall for initial Risc-V support
 2019-09-04 14:10:26 -07:00
Carlos de Paula 4316e4d047 Bump x/sys and update syscall to start Risc-V support 
Signed-off-by: Carlos de Paula <me@carlosedp.com>
 2019-08-29 12:09:08 -03:00
Mrunal Patel 51f2a861da
Merge pull request #2122 from AkihiroSuda/cleanup 
nsenter: minor fixes
 2019-08-28 12:28:36 -07:00
Akihiro Suda 0bc069d795 nsenter: fix clang-tidy warning 
nsexec.c:148:3: warning: Initialized va_list 'args' is leaked [clang-analyzer-valist.Unterminated]

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-08-29 00:18:02 +09:00
Akihiro Suda b225ef58fb nsenter: minor clean up 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-08-28 19:50:35 +09:00
Mrunal Patel dd075602f1
Merge pull request #2120 from rhatdan/master 
Rename cgroups_windows.go to cgroups_unsupported.go
 2019-08-27 07:29:21 -07:00
Daniel J Walsh e4aa73424b
Rename cgroups_windows.go to cgroups_unsupported.go 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2019-08-26 18:13:52 -04:00
Mrunal Patel c61c7370f9
Merge pull request #2103 from sipsma/cgnil 
cgroups/fs: check nil pointers in cgroup manager
 2019-08-26 14:05:44 -07:00
Mrunal Patel 68d73f0a2e
Merge pull request #2107 from sashayakovtseva/public-get-devices 
Make get devices function public
 2019-08-26 09:58:10 -07:00
Mrunal Patel f061842f2c
Merge pull request #2119 from KentaTada/fix-proc-settings 
libcontainer: update masked paths of /proc
 2019-08-26 09:53:17 -07:00
Kenta Tada c740965a18 libcontainer: update masked paths of /proc 
This commit updates the masked paths of /proc.

Related issues:
* https://github.com/moby/moby/pull/37404
* https://github.com/moby/moby/pull/38299
* https://github.com/moby/moby/pull/36368

Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
 2019-08-26 12:25:56 +09:00
Mrunal Patel 3525eddec5
Merge pull request #2117 from filbranden/detection1 
Remove libcontainer detection for systemd features
 2019-08-25 13:15:15 -07:00
Mrunal Patel f7b658854c
Merge pull request #2116 from filbranden/running1 
Avoid the dependency on cgo through go-systemd/util package
 2019-08-25 13:13:56 -07:00
Filipe Brandenburger 518c855833 Remove libcontainer detection for systemd features 
Transient units (and transient slice units) have been available for quite a
long time and RHEL 7 with systemd v219 (likely the oldest OS we care about at
this point) supports that. A system running a systemd without these features is
likely to break a lot of other stuff that runc/libcontainer care about.

Regarding delegated slices, modern systemd doesn't allow it and
runc/libcontainer run fine on it, so we might as well just stop requesting it
on older versions of systemd which allowed it. (Those versions never really
changed behavior significantly when that option was passed anyways.)

Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
 2019-08-22 21:53:24 -07:00
Filipe Brandenburger 4ca00773ee Update vendored dependencies to remove go-systemd/util 
This removes "github.com/coreos/go-systemd/util", no longer needed after
removing the dependency on it.

It also gets rid of "github.com/coreos/pkg/dlopen", since that was only
referred to by the aforementioned "util" package.

Tested that everything builds and works as expected.

Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
 2019-08-22 21:09:40 -07:00
Filipe Brandenburger 588f040a77 Avoid the dependency on cgo through go-systemd/util package 
This dependency is only needed in package "github.com/coreos/go-systemd/util"
and we only use it for IsRunningSystemd(), which is a simple Go function that
just stats a file.

Let's just borrow it here, so we remove the dependency and can remove that
package from vendored build.

This also removes dependencies on dlopen and on trying to find libsystemd.so
or libsystemd-login.so in the system.

Tested that this still builds and works as expected.

Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
 2019-08-22 21:07:24 -07:00
sashayakovtseva afc24792dc Make get devices function public 
Signed-off-by: sashayakovtseva <sasha@sylabs.io>
 2019-08-15 17:16:47 +03:00
Erik Sipsma 9c822e4847 cgroups/fs: check nil pointers in cgroup manager 
Signed-off-by: Erik Sipsma <sipsma@amazon.com>
 2019-08-14 09:50:45 -07:00
Mrunal Patel 2e94378464
Merge pull request #2094 from sipsma/2093-nodotudev 
Skip searching /dev/.udev for device nodes.
 2019-08-05 10:41:54 -07:00
Mrunal Patel 44f9ec138d
Merge pull request #2089 from anx-astocker/master 
doc: First process in container needs `Init: true`
 2019-08-05 10:40:54 -07:00
Erik Sipsma f08cdaeec9 Skip searching /dev/.udev for device nodes. 
Closes: #2093

Signed-off-by: Erik Sipsma <sipsma@amazon.com>
 2019-07-31 19:41:33 +00:00
Andreas Stocker 808e809f8a doc: First process in container needs `Init: true` 
`Init` on the `Process` struct specifies whether the process is the first process in the container. This needs to be set to `true` when running the container.

Signed-off-by: Andreas Stocker <astocker@anexia-it.com>
 2019-07-29 22:24:28 +02:00
Mrunal Patel 80d35c7ce4
Merge pull request #2082 from AkihiroSuda/blkio-kernel50 
integration: remove blkio.weight (unavailable in kernel 5.0)
 2019-07-29 12:54:32 -07:00
Mrunal Patel dd8b9b1414
Merge pull request #2081 from AkihiroSuda/criu312 
Bump CRIU to 3.12
 2019-07-29 12:50:41 -07:00
Qiang Huang 9ae790178e
Merge pull request #2080 from zhlhahaha/pr_id 
Update busybox source and fix runc exec bug
 2019-07-27 09:26:32 +08:00
Akihiro Suda 351bfb4baf integration: remove blkio.weight (unavailable in kernel 5.0) 
weight, leafWeight, and weightDevice are removed in kernel 5.0

f382fb0bce
https://github.com/opencontainers/runtime-spec/issues/1015

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-07-08 18:08:50 +09:00
Akihiro Suda 7e67862542 Bump CRIU to 3.12 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-07-08 17:22:57 +09:00
Howard Zhang 68cc1a772a Update busybox source and fix runc exec bug 
Currently, the id verification in integration test failed on arm
platform due to the inconsistent /etc/group in the busybox images
for arm and x86. To be specific, the nogroup id in x86 is 99 while
that in arm is 65534.

99 is old id for nogroup, and no longer be used in recent system,
so sync the busybox image for arm and x86 to the image in busybox
github. Also change the id verification rule in integration test.

Signed-off-by: Howard Zhang <howard.zhang@arm.com>
 2019-07-07 19:36:23 -07:00
Michael Crosby 6cccc1760d
Merge pull request #2075 from KentaTada/fix-bash-completion 
Update bash completion for v1.0.0 release
 2019-06-26 12:58:14 -04:00
Kenta Tada 371d13c995 Update bash completion for v1.0.0 release 
Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
 2019-06-25 11:17:31 +09:00
Mrunal Patel f4982d86f7
Merge pull request #2074 from odinuge/dep/libseccomp-golang 
Update dependency libseccomp-golang
 2019-06-21 13:37:24 -07:00
Odin Ugedal 652297c7c7
Update dependency libseccomp-golang 
Diff here: https://github.com/seccomp/libseccomp-golang/compare/1b506fc7c24e...v0.9.1

Fixes https://nvd.nist.gov/vuln/detail/CVE-2017-18367

Signed-off-by: Odin Ugedal <odin@ugedal.com>
 2019-06-20 22:35:57 +02:00
Michael Crosby 6cc5158888
Merge pull request #2071 from judu/patch-1 
Allow to define `COMMIT` by env
 2019-06-11 08:12:36 -04:00
Julien Durillon 6770c8695a Allow to define `COMMIT` by env 
Some package managers download the archive instead of cloning the git repo.
When they do that, the call to git fails.

This commit allows package managers to provide the COMMIT value via environment.

Signed-off-by: Julien Durillon <julien.durillon@clever-cloud.com>
 2019-06-11 13:41:20 +02:00
Mrunal Patel b4a0b1d737
Merge pull request #2065 from odinuge/master 
Fix cgroup hugetlb size prefix for kB
 2019-06-06 12:38:57 -07:00
Aleksa Sarai a77c3195e9
merge branch 'pr-2067' 
libcontainer: change seccomp test for clone syscall

LGTMs: @crosbymichael @cyphar
Closes #2067
 2019-06-05 11:12:22 +10:00
Kenta Tada b54fd85bbf libcontainer: change seccomp test for clone syscall 
This commit changes the value of seccomp test for clone syscall.
Also hardcoded values should be changed because it is unclear to
understand what flags are tested.

Related issues:

* https://github.com/containerd/containerd/pull/3314
* https://github.com/moby/moby/pull/39308
* https://github.com/opencontainers/runtime-tools/pull/694

Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
 2019-06-04 18:52:00 +09:00