| Age | Commit message (Collapse) | Author |
|---|
|
Bumping runc to version v1.1.12-2-ga9833ff3, which comprises the following commits:
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
d0b1a374 keyring: update AkihiroSuda key expiry
d561e5da keyring: update cyphar@cyphar.com key expiry
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.11-2-g452f520c, which comprises the following commits:
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
617db785 configs: make id mappings int64 to better handle 32-bit
e65d4cac specconv: temporarily allow userns path and mapping if they match
2dd8368e integration: add mega-test for joining namespaces
8f8cb455 configs: disallow ambiguous userns and timens configurations
0c8e2cc6 *: actually support joining a userns with a new container
87792ce0 libct/cg: add swapOnlyUsage in MemoryStats
32a26a71 build(deps): bump github.com/cyphar/filepath-securejoin
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.10-2-gf3446b1e, which comprises the following commits:
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
b426e9b7 libct/cgroups.OpenFile: clean "file" argument
8214e634 libct/cg: support hugetlb rsvd
f8be7009 [1.1] tests/int/helpers: add get_cgroup_path
1f66027a ci/gha: fix downloading Release.key
5a5b2cc3 Fix directory perms vs umask for tmpcopyup
b365458f fix a typo in cloned_binary.c: re-use -> reuse
8f66c9fb fix two typos
016b2b42 Handle kmem.limit_in_bytes removal
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.9-2-g26a98ea2, which comprises the following commits:
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
f44190e0 libct/intelrdt: check if available iff configured
6cf9ac15 libct/intelrdt: skip remove unless configured
4796f49c libct/intelrdt: elide parsing mountinfo
6a7a6a57 libct/intelrdt: skip reading /proc/cpuinfo
7c83dbe6 libct/intelrdt: delete IsMBAScEnabled()
5ebcfa62 [1.1] libct: rm intelrtd.Manager interface, NewIntelRdtManager
69473d0a libct: rm TestGetContainerStats, mockIntelRdtManager
dfdc7d07 libct/intelrdt: explain why mountinfo is required
5ba1b8ec libct/intelrdt: faster init if rdt is unsupported
a5407b9a libct/intelrdt: remove findMountpointDir test
dc8d0cc1 libct/intelrdt: wrap Root in sync.Once
929d04fc libct/cg/fs2: use `file` + `anon` + `swap` for usage
bdbfe042 ci: bump golangci-lint, remove fixed exception
d398ad2a gha: disable setup-go cache for golangci job
5888c55d ci/gha: rm actions/cache from validate/deps job
a47c15b4 build(deps): bump actions/setup-go from 3 to 4
44a53f08 ci: fix TestOpenat2 when no systemd is used
cff41a89 ci: fix TestNilResources when systemd not available
37405ca0 Fix running tests under Docker/Podman and cgroup v2
1c524242 [1.1] ci/gha: rm unsup Go 1.19.x, add 1.21.x
ac310917 ci/cirrus: improve host_info
ecccc432 [1.1] ci/cirrus: use Go 1.19.x not 1.19
bb2401ee [1.1] ci/cirrus: use Go 1.20
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.8-7-gaa68c400, which comprises the following commits:
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
7c36375a Update github actions packages in validate workflow
1fa89476 VERSION: back to development
82f18fe0 VERSION: release 1.1.8
ef6491ec tests/int/delete: make sure runc delete removes failed unit
ebdd4fa6 [1.1] tests/int: add "requires systemd_vNNN"
1188c5a1 runc delete: call systemd's reset-failed
71e76007 libct/cg/sd: remove logging from resetFailedUnit
3a4b3af6 tests/int/cgroups: remove useless/wrong setting
6bc3f22a libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* fixes:
ld: --no-dynamic-linker: unknown option
* you might need to clean the build for updated LDFLAGS to be corectly re-configured
* lld and bfd are fine:
$ ld.gold --help | grep dynamic-linker
-I PROGRAM, --dynamic-linker PROGRAM
$ ld.bfd --help | grep dynamic-linker
-I PROGRAM, --dynamic-linker PROGRAM
--no-dynamic-linker Produce an executable with no program interpreter header
$ ld.lld --help | grep dynamic-linker
--dynamic-linker=<value>
--no-dynamic-linker Inhibit output of .interp section
* not sure where this came from only place where I see --no-dynamic-linker
in runc-opencontainers WORKDIR is:
aarch64-oe-linux/13.1.1/plugin/include/config/aarch64/aarch64-linux.h: %{static-pie:-Bstatic -pie --no-dynamic-linker -z text} \
aarch64-oe-linux/13.1.1/plugin/include/aarch64-linux.h: %{static-pie:-Bstatic -pie --no-dynamic-linker -z text} \
so my guess is:
923ae4da Makefile: add support for static PIE
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.7-37-gca73c9fd, which comprises the following commits:
0d93d7d1 release: add riscv64 binary
9164fe17 libct/seccomp: add riscv64
ed47e31a Makefile: set CGO_ENABLED=1 when needed
923ae4da Makefile: add support for static PIE
2abca872 Makefile: fix GO_BUILDMODE setting
120ec5bd Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
b9940113 Dockerfile: don't use crossbuild-essential-*
028fc57a Dockerfile: rm dpkg --add-architecture lines
4449ce84 Dockerfile: nit
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
02e065ef docs/systemd: fix a broken link
9af462e4 Fix tmpfs mode opts when dir already exists
7d1bdc7d .codespellrc: update for 2.2.5
8397943e man/runc: fixes
f9da684d tests/int: increase num retries for oom tests
7fa912ed ci/cirrus: limit numcpu
e9c1ca08 Fix Vagrant caching
e2265a92 ci: bump bats 1.8.2 -> 1.9.0
bbddb6bd Vagrantfile.fedora: bump to 38
27b86b4c ci/cirrus: use vagrant from hashicorp repo
98a1b76c tests/int: fix some checks
1eadcede ci: bump bats 1.3.0 -> 1.8.2
63af8b00 init: do not print environment variable value
404ea7ab libct: fix a race with systemd removal
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
We refresh one patch for context changes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.7-2-gb6109acd, which comprises the following commits:
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
c1063b1c runc.keyring: add Akihiro Suda
b0fae8c4 scripts: keyring validate: print some more information
79a52b43 libct/cg/sd: use systemd version when generating dev props
6a806d4d runc.keyring: add Kolyshkin
b6f686f2 keyring: add Aleksa's <cyphar@cyphar.com> signing key
63355bf8 keyring: add Aleksa's <asarai@suse.com> signing key
3bdb63bf keyring: verify runc.keyring has legitimate maintainer keys
853d5e38 scripts: release: add verification checks for signing keys
bd1d5370 release: add runc.keyring file and script
7cd72cc3 VERSION: go back to development
0f48801a VERSION: release 1.1.6
e4ce94e2 libct/cg: add misc controller to v1 drivers
10cfd816 libctr/cgroups: don't take init's cgroup into account
d30d240b tests/int: test for CAP_DAC_OVERRIDE
840b9539 Fix runc run "permission denied" when rootless
165d2323 tests/int: add a "update cpuset cpus range via v2 unified map" test
26a58fdb cgroups: cpuset: fix byte order while parsing cpuset range to bits
8d9d1d25 libct/int: make TestFdLeaks more robust
b66d6d56 libct/int: wording nits
ddbb6d41 libc/int: add/use runContainerOk wrapper
3531cc2d ci: add call to check-config.sh
ed9a0e1d ci/gha: bump actions/cache to v3
7683e508 ci/gha: switch to Go 1.19.x for validate
568d4407 ci/gha: bump golangci-lint to 1.48
1f9e36c0 libct: fixes for godoc 1.19
50f06554 ci: bump golangci-lint to 1.46
77472ef6 libct: fix staticcheck warning
9994fe3f libct: suppress strings.Title deprecation warning
403ea1f0 ci/gha: convert lint-extra from a job to a step
d2c83bdf ci/gha: switch to Go 1.18.x for validate
03a631df ci: switch to golangci-lint 1.45
e5a5522a Add supported Go releases (1.19, 1.20)
3ce12483 Dockerfile: fix build wrt new git
bac06cf6 ci/gha: remove stable: when installing Go
e74040e0 build(deps): bump actions/setup-go from 2 to 3
55462355 Require Go 1.17, bump x/sys and x/net
3ce9c1e2 tests: Fix weird error on centos-9
abd6adde ci: bump shfmt to 3.5.1, simplify CI setup
1a4bf049 man/*sh: fix shellcheck warnings, add to shellcheck
9201794a script/check-config.sh: fix remaining shellcheck warnings
8b976428 shfmt: add more files
b0fbd2f8 script/check-config.sh: fix SC2166 warnings
7f8cb3d6 script/check-config.sh: fix wrap_color usage
f6562f19 [1.1] libct/cg/dev: skip flaky test of CentOS 7
12f2f03f [1.1] runc run: refuse a non-empty cgroup for systemd driver
e618ec36 libct/cg/sd: reset-failed and retry startUnit on UnitExists
931b9bf3 libct/cg/sd: ignore UnitExists only for Apply(-1)
b46ac860 libct/cg/sd: refactor startUnit
822623b6 CHANGELOG.md: move 1.1.5 CVEs to Security section
54cfb25d Makefile: add verify-changelog as release dependency
7b3ac330 verify-changelog: allow non-ASCII
37e586ab CHANGELOG: fix a typo
de0c2277 [1.1] CHANGELOG: fix 1.1.5 git compare link
1fe2ec53 tests/int/mounts: only check non-shadowed mounts
9b8ebe4d tests/int/mount: fix issues with ro cgroup test
17a2d451 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-10-gbd4d05c0, which comprises the following commits:
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
3b958289 Fixes inability to use /dev/null when inside a container
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We refresh our patch context and pickup the following commits:
Bumping runc to version v1.0.2-2-g04bcb7c7, which comprises the following commits:
86d83333 VERSION: back to development
52b36a2d VERSION: release 1.0.2
8ec57628 libct/cg/sd/v1: add SkipFreezeOnSet knob
1850dc16 libct/cg/sd/v1: add freezeBeforeSet unit test
4ce440f2 libct/cg/sd/v1: Fix unnecessary freeze/thaw
13b45cb4 libct/nsenter: fix unused-result warning
7cf1952f libct/nsenter: fix logging race in nsexec
e2e5267c [1.0] script/release.sh: make builds reproducible
960182fd libct/seccomp: skip redundant rules
4c70105b libct/cg/v1: workaround CPU quota period set failure
1d454045 Do not use Vagrant for CentOS 7/8
c8d8fd5b tests/rootless.sh: fixup for "update rt" test
257018e7 tests/int: fix "update rt period and runtime" for rootless
76c047f1 Evaluate Cirrus CI for Vagrant tests
466d1a1a VERSION: back to development
4144b638 VERSION: release 1.0.1
4efb7a69 libct/cg/sd: add TestPodSkipDevicesUpdate
82d3eb69 libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
2fc2e3d6 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
ef0aa849 libct/int/TestFreeze: test freeze/thaw via Set
01cd4b5f libct/int: allow subtests
22b2ff0f libct/cg/sd/v1: Set: don't overwrite r.Freezer
04edd79d libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
298a3100 Update device update tests
257723b3 ci/gha: run on release-* branches after a push
4dc207a6 cgroupv2: ebpf: ignore inaccessible existing programs
90d01a04 vendor: update github.com/cilium/ebpf
3f40fbff libct/cg/sd: Add freezer tests
c1a5b3e1 libct/cg/fs/freezer.GetState: report current cgroup state
0a5d8ba4 libct/user: fix parsing long /etc/group lines
5fd7b3b7 libct/user: ParseGroupFilter: use TrimSpace
0025bf68 libct/user: use []byte more, avoid allocations
3745b2be [1.0] retry unix.EINTR for container init process
e99c0f5e tests/int/no_pivot: fix for new kernels
84113eef VERSION: release runc 1.0.0
29168172 tests/int/cgroups: add test for bfq per-device weight
1036f3f9 libct/cg/fs2: set per-device io weight if available
30d83d4d libct/cg/fs/blkio: do not set weight == 0
d7fc3028 libct/cg/fs*: mark {Open,Read,Write}File as deprecated
8f1b4d4a libct/cg: mv fscommon.{Open,Read,Write}File to cgroups
322c8fd3 Returns clearer error message for setenv
46940ed8 update cilium/ebpf to fix haveBpfProgReplace() check
6339d8a0 libcontainer/cgroups/fs/blkio: support BFQ weight[_device]
01f5dcae build(deps): bump tim-actions/get-pr-commits from 1.0.0 to 1.1.0
bd8e0701 libct/cg/sd: fix "SkipDevices" handling
1b2abc89 github: workflows: fix tiny typo
b31a9340 libcontainer: relax validation for absolute paths
dbb35411 configs/validator: move cgroup validation to the list of checks
9573e4b6 libct/cg/fs: don't forget to close a file
9ebc573a cgroupv2: ebpf: debug info when detaching programs in fallback mode
a3ca7b47 cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully
d06bda60 libct/cg/sd/dbus: fix NewDbusConnManager
535f25c4 Allow restoring with a different LSM profile
508f5bf6 libct/int: add device update test
8fe3dfbb libcontainer/system: remove alias for deprecated RunningInUserNS
3f23a736 libcontainer/configs: remove stubs for deprecated Devices funcs
b2d28c5d libct/cg/sd: fix dbus error handling
bf7492ee runc update: skip devices
c3831d64 libct/cg/fs/stats_util_test: use t.Helper
9eb0371b libct/cg/fs/memory_test: fix formatting
e969d421 libct/int/testPids: logging nits
a5bd78ef vendor: willf/bitset@v1.1.11 -> bits-and-blooms/bitset@v1.2.0
65cf0e61 Bump selinux to v1.8.2
f99d252d docs/terminals.md: add troubleshooting
49ea4b37 update crosbymichael email
3e1bcb1f libcontainer/keys: var should be sessKeyID/ringID (golint)
1fb56f9f libcontainer/cgroups/devices: if block ends with a return statement
c2416fb4 libcontainer/system: fix godoc (golint)
9be156cb libcontainer/devices: fix godoc (golint)
340fdd93 libcontainer/nsenter: fix captalization (golint)
81fc5c87 libcontainer/user: fix capitalization (golint)
e204d6a9 libcontainer/configs: add / fix godoc (golint)
c0643046 libcontainer/apparmor: split api (exported) from implementation
02fb18ed libcontainer/user: remove unused ErrUnsupported
9e964dfc build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
470610d0 build(deps): bump github.com/cilium/ebpf from 0.5.0 to 0.6.0
31f58829 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
c836265b build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1
074aa044 build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0
7ca54562 Enable dependabot
e6048715 Use gofumpt to format code
1eea9253 cgroup2: io: add io.stats parsing test
0fef122f cgroup2: io: handle 64-bit values correctly on 32-bit architectures
efca32c7 cgroup2: io: map io.stats to v1 blkio.stats correctly
49d293a5 cgroup2: capitalize io stats read and write Op values
0e16e7c2 libct/cg/sd: add SkipDevices unit test
f5a2c9cc tests/int/dev: only call lsblk once
aa934af0 runc -v: set default for, always show main.version
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
752e7a82 libct/cg/sd: fix SkipDevices for systemd
fdc28957 Makefile: use git describe for $COMMIT
33c9f8b9 libct/cg/sd: return error from stopUnit
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Updating to the latest runc, which includes the following commits:
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
00119c85 integration: add repeated "runc update" test
d0f2c25f cgroup2: devices: replace all existing filters when attaching
98a3c0e4 cgroup2: devices: switch to emulator for cgroupv1 parity
dcc1cf7c devices: add emulator.Rules shorthand
54904516 libcontainer: fix integration failure in "make test"
c7c70ce8 *: clean t.Skip messages
a95237f8 libctr/cg/systemd: export rangeToBits
df0206a6 errcheck: utils
0c65f833 errcheck: signals
3b31e3ea errcheck: tty
b45fbd43 errcheck: libcontainer
463ee5e1 errcheck: libcontainer/nsenter
7e7ff872 errcheck: libcontainer/configs
a8995053 errcheck: libcontainer/integration
b93666eb libct/cg/fs2: setFreezer: wait until frozen
1069e4e9 libct/cg/fs2: optimize setFreezer more
5d193188 libct/cg/fs2: optimize setFreezer
8a7a374f VERSION: back to development
b9ee9c63 VERSION: release v1.0.0-rc95
0ca91f44 rootfs: add mount destination validation
c61f6062 libcontainer: honor seccomp defaultErrnoRet
d519da5e Dockerfile, Vagrantfile.centos7, .github: bats 1.3.0
bdad2859 Dockerfile, Vagrantfile.centos7: use go 1.16
f96530f2 EMERITUS: recognise previous maintainers
c73a6626 VERSION: back to development
2c7861bc VERSION: release v1.0.0-rc94
12e9cac9 Vagrantfile.fedora: set Delegate=yes
ac70a9a1 tests/int: run rootless_cgroup tests for v2+systemd
601cf582 tests/int/cgroups: don't check for hugetlb
40b97919 tests/int: enable/use requires cgroups_<ctrl>
44fcbfd6 tests/int/helpers: generalize require cgroups_freezer
353f2ad1 tests/int/update.bats: don't set cpuset in setup
4f8ccc5f libct/cg/sd/v2: call initPath from Path
0ed1f802 tests/int/helpers: rm old code
af2e03c5 ci/gha: bump shellcheck 0.7.1 -> 0.7.2
2d1bb91d ci/gha: bump shfmt 3.2.0 -> 3.2.4
a7feb423 libct/int: add TestFdLeaksSystemd
c7f847ed libct/cg/sd: use global dbus connection
99c5c504 libct/cg/sd: introduce and use getManagerProperty
0fabed76 libct/int/checkpoint_test: use kill(0) for pid check
7eb1405b libct/int/checkpoint_test: use waitProcess helper
72d7a824 libct/int/checkpoint_test: use t.Helper
bcca7968 libct/int: simplify/fix showing errors
524abc59 freezer: add delay after freeze
e1d842cf libct/intelrdt: fix unit test
541fc19e Makefile: allow overriding go command by environment
06a9ea36 script/release.sh: add -a to force rebuild
91b01682 Update golang.org/x/sys to add linux/ppc support
ee4612bc CI: enable Go 1.13 again
e2dd9220 go.mod: demote to Go 1.13
45f49e8f libcontainer: avoid using t.Cleanup
1a659bc6 Revert "Makefile: rm go 1.13 workaround"
abf12ce0 libc/cg: improve Manager docs
3f659467 libct/cg: make Set accept configs.Resources
af0710a0 libct/cg/sd/v2: fix Set argument
850b2c47 libct/cg/fscommon.OpenFile: speed up ro case
71a8aee8 cgroups/systemd: replace deprecated dbus functions
47ef9a10 libct/cg/sd: retry on dbus disconnect
6122bc8b Privatize NewUserSystemDbus
15fee989 libct/cg/sd: add renew dbus connection
bacfc2c2 libct/cg/sd: add isDbusError
cdbed6f0 libct/cg/sd: add dbus manager
9efd8466 libct/cg/fscommon.OpenFile: reverse checks order
0bee5e0b libct/cg/fs: add GetStats benchmark
7e7eb1c3 CI: update Fedora to 34
d3cee12a cloned_binary: switch from #error to #warning for SYS_memfd_create
23e3794d checkpoint: validate parent path
fcd7fe85 libct/cg/fs/freezer: make sure to thaw on failure
0216716c tests/int: add a case for cgroupv2 mount
5ffcc568 tests/int: use bfq test with rootless
ff692f28 Fix cgroup2 mount for rootless case
3826db19 libct/rootfs/mountCgroupV2: minor refactor
1e476578 libct/rootfs: introduce and use mountConfig
deb8a8dd libct/newInitConfig: nit
2192670a libct/configs/validate: validate mounts
1f1e91b1 libct/specconv: check mount destination is absolute
73f22e7f libcontainer/cgroups/systemd: replace use of deprecated dbus.New()
aa622723 tiny fix iterative checkpoint test case
ee3b563d Add cfs throttle stats to cgroup v2
6faed0e4 libct/int: use ok(t, err)
af3c5699 libct/int: remove unused code
7b802a7d libct/int: better test container names
9f3d7534 logging: enable file/line info if --debug is set
31dd1e49 tests/int: add rootless + host pidns test case
a2050ea4 runc run: fix start for rootless + host pidns
0f8d2b6b libct/cg/fs2.Stat: don't look for available controllers
85416b87 libct/cg/fs2.statPids: fall back directly
10f9a982 libct/cg/fs2/getPidsWithoutController: optimize
6121f8b6 libct/cg/fs2.Stat: always call statCpu
9455395b libct/cg/fs2/memory.Stat: add usage for root cgroup
a9c47fe7 libct/cg/fs[2]/getMemoryData[V2]: optimize
b99ca25a libct/cg/fs2/memory: fix swap reporting
c8e0486f Fix oss-fuzz build
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
This reverts commit dda5ae36b44c61e61439341ea3153e6be5cb015e.
binutils gold linker was fixed with:
https://git.openembedded.org/openembedded-core/commit/?id=d07d4d739ae17787017f771dd2068fda0e836722
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* just a work around for internal error in binutils-2.36 gold:
http://errors.yoctoproject.org/Errors/Details/580099/
CGO_ENABLED=1 x86_64-oe-linux-go build -trimpath -tags "seccomp seccomp netgo osusergo" -ldflags "-w -extldflags -static -X main.gitCommit="fce58ab2d5c488bc573d02712db476a6daa9a60c-dirty" -X main.version=1.0.0-rc93+dev " -o runc .
TOPDIR/tmp-glibc/work/core2-64-oe-linux/runc-opencontainers/1.0.0-rc93+gitAUTOINC+fce58ab2d5-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/11.0.1/ld: internal error in format_file_lineno, at ../../gold/dwarf_reader.cc:2278
collect2: error: ld returned 1 exit status
* it fails like this only together with gcc-11, with gcc-10.3 it
builds fine even with gold
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping the SRCREV to include the following commits:
ef9922c2 libct/cg: don't return OOMKillCount error when rootless
5cdd9022 libct/cg/fs[2]: fix comments about m.rootless
2f1a3ed3 Fix vendored dependencies
d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0
f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach
928ef7af libct/nsenter: add json msg escaping
52390d68 Ignore kernel memory settings
b7c315ad vendor: bump containerd/console to 1.0.2
b6cdb8ae fix a typo
64bb59f5 nsenter: improve debug logging
6ce2d63a libct/init_linux: retry chdir to fix EPERM
c5029c00 tests: fix hello-world tarball name in testdata for arm64
289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1
4316df8b libcontainer/system: move userns utilities to separate package
e7fd383b libcontainer/system: un-export UIDMapInUserNS()
249356a1 libcontainer/system: remove unused GetParentNSeuid()
dc52ed25 libcontainer/user: remove outdated MAINTAINERS file
72ecf59c libcontainer/user: fix windows compile error
2515b0c2 libct/user: rm windows code
0596f6e1 libcontainer/devices/device_windows.go: rm
b1deba8c libcontainer/configs/config_windows_test.go: rm
f1586dbd libcontainer/configs/validate: make Validate() less DRY
4126b807 libcontainer/configs: add missing type for hooknames
48125179 go.mod: github.com/cilium/ebpf v0.4.0
44611630 docs/systemd: add
27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default
d748280a make release: build/include libseccomp
aa6da82c script/release.sh: fix shellcheck warnings
3eb46d89 ci: make static built binary available
f0dec0b4 libct/specconv/CreateCgroupConfig: nit
36fe3cc2 tests/int/cpt: fix lazy-pages flakiness
2dd62b3d libct/checkCriuFeatures: rm excessive debug
0e089002 tests/int/checkpoint: close lazy_r fd
b09030a5 tests/int/checkpoint: close fds in check_pipes
e63df1e6 tests/int: really randomize cgroup/unit names
6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE
adf733fa vendor: update go-systemd and godbus
f09a3e1b tests/int: don't set/use CGROUP_XXX variables
4ecff8d9 start: don't kill runc init too early
b1184302 libct/configs/validator: add some cgroup support
79a8647b libct/int: add TestFdLeaks
b3be2b0b libct: close execFifo after start
08b52797 Make test specific to disassembleFilter function
7b3e0bcf Ensure the scratch pipe is read during ExportBPF
62f1f0e4 tests/int/checkpoint: check all logs for errors
346cb359 Revert "tests/checkpoint: show full log lazy pages cpt"
c9b3787b script/check-config.sh: add SELinux and AppArmor
5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities
e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
2726146b runc --debug: more tests
201d60c5 runc run/start/exec: fix init log forwarding race
c06f999b libct/logs/test: refactor
688ea99e runc init: fix double call to ConfigureLogs
dd6c8d76 main: cast Chmod argument to os.FileMode
69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner
0300299a tests/int/debug.bats: fixups
d38d1f9f libcontainer/logs: use int for Config.LogPipeFd
ac93746c libct/seccomp: rm IsEnabled
9b2f1e6f runc version: don't use seccomp.IsEnabled
d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER
997e8942 capabilities.Caps: use a map for capability-types
41f466d8 nsexec.c: fix formatting for netlink defines
522bd641 Fix checking C code formatting
1948b4ce cloned_binary.c: rm redundant comments
b67deb56 nsexec.c: rm a block
513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias
dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection
d6e89248 Fix build-tags in libcontainer/devices
f585cec7 libct/cg/v2: always enable TasksAccounting
8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight
74299a1c CI: cache ~/.vagrant.d/boxes
97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set
051646a3 tests: test nested bind mount restore
705b6cc7 Re-create mountpoints during restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping to the next rc of runc, which comprises the following commits:
1e0016cf Show error stack trace if --debug is set
5c0342ba libcontainer: fix bad conversion from syscall.Errno to error
a9e99b6d ci/gha/fedora: retry vagrant up
f26768a8 VERSION: back to development
12644e61 VERSION: release 1.0.0~rc93
c348b982 tests/rootless.sh: fix/ignore shellcheck warnings
11437593 tests/rootless.sh: use set -e -u -o pipefail
5ab05884 ci: untangle getting test images
bc175ba4 tests/helpers.bash: rm GOPATH
dc025792 ci/gha: bump golangci-lint to v1.36
4d3a8d5e .golangci.yml: add
76ae1f5c libct/cg/fs/freezer: fix freezing race
c4bc3b08 Remove "PatchAndLoad" stub as it's not used without seccomp enabled
6ddfaa5e cgroupfs: cpuset: fix broken build
ca422896 Makefile: add -trimpath go build flag
d89c9629 Fix typo in README
b1195b76 ci: test with golang 1.16-rc1
164e0adb tests/int/spec.bats: fix for go 1.16
4160d743 seccomp: add enosys unit tests
8bd19cd5 tests: add seccomp -ENOSYS integration test
7a8d7162 seccomp: prepend -ENOSYS stub to all filters
2be806d1 libcontainer/configs: improve CommandHook unit tests
f4d153b0 Fix int overflow in test on 32 bit system
4e98eec1 libct/cg: demote "systemd is too old" to debug
c7357aad libct/cg/ebpf/testDeviceFilter: rm verbose logging
6a9f5ac9 libct/cg/fs: fix a linter warning
63c44e27 libct/cg/fs: getPageUsageByNUMA: rewrite/optimize
e9248dd5 cgroup: fix panic in parse memory.numa_stat
426aa416 libct/int/TestExecInTTY: skip
c30cd3cd libct/int/TestExecInTTY: fix error reporting
dac0c1e3 console.ClearONLCR: move it back
ab27e12c Implement GetStat for cpuset cgroup.
867ba38e events: simplify some conversion functions
8ce51611 GHA: tune timeouts for VM jobs
510e404e make shfmt: run for all script/* files
90d02ecc Vagrantfile.centos7: clean up after bats install
a91210f4 gha: use ssh -tt to have a tty
1f4a3b1e gha: don't check commits on push
4a30ada4 gha: cache docker layers to speed up make runcimage
58c31003 README: rm travis badge
a21e57d7 tests/int/hooks.bats: skip earlier
657a24ce libct/cg/TestGetHugePageSizeImpl: only log errors
3394e374 libct/cg/sd/TestRangeToBits: be less verbose
230a46b7 systemd: fix rootful-in-userns regression
c751ba3f systemd: show more helpful error
a35cad3b libct/cg/sd/v2: warn about old systemd
03b512e5 libc/cg: convert r.CPU.Cpus/Mems to systemd props
eee425f5 libct/cg/sd/systemdVersion: don't return error
5de00ad9 tests/int/multi-arch.bash: fix for busybox
b3cf4831 script/check-config.sh: fix IOSCHED_CFQ CFQ_GROUP_IOSCHED
1a00cd8f script/check-config.sh: fix MEMCG_SWAP_ENABLED
ecb9d73c script/check-config.sh: fix NF_NAT_NEEDED
483abaac script/check-config.sh: fix NF_NAT_IPV4
91eba84a script/check-config.sh: support for cgroupv2
25987d03 libcontainer/intelrdt: adjust the file mode
c8e89b8d Remove script/install-vagrant.sh
06a684d6 libct/int/TestExecInTTY: repeat the test 300 times
fedaa2ab TestExecInTTY: simplify, improve error reporting
719d70d2 setupIO: simplify code
24c05b71 tty: fix ClearONLCR race
039c47ab libcontainer: signalAllProcesses(): log warning when failing to thaw
18972177 libcontainer: move capabilities to separate package
692fab09 libct/checkProcMounts: optimize
72f46389 libct: add TODO about os.ErrProcessDone
d7df3018 libct: suppress bogus "unable to terminate" warnings
637f82d6 runc run: resolve tmpfs mount dest in container scope
d64c3afe tests/int/mount.bats: reformat
a2c9866e tests/int/mounts.bats: cleanup
9f2153c6 libct/cgroups/fs/cpuset: don't use MkdirAll
c85cd2b3 libct/cg/fs/cpuset: don't parse mountinfo
c0e14b8b libct/cg/fs.getCgroupRoot: reuse (cached) cgroup mountinfo
ed70dfa7 libct/cgroups/v1_utils: implement mountinfo cache
17a0dc31 README: add note about not using runc directly
4bc2aab9 README: add links to misc docs
2dc1bf91 ci: move Fedora 33 and CentOS 7 tests to gha
e431fe60 ci: move misc validate tasks from travis to gha
7ecba232 ci: move cross compile check from travis to gha
8ccd39a9 ci: move commit length check from travis to gha
1125ae78 tests/events.bats: unify duplicated code
27268b1a tests/int/cwd: add test case for cwd not owned by runc
d869d05a libctr/init_linux: reorder chdir
8bd3b878 test: add case for GH #2086
cb3dd9d8 libct/configs/validate: test for bind-mounted netns
8e8661e1 libct/configs/validate/sysctl: fix repeated netns checks
2dce0699 libct/configs/validate: fix host netns check
2143b368 libct/int/execin_tty: do help debug a flake
e709b8ab libctl/cgroups/fscommon: close fd
325a74dd libcontainer/intelrdt: rm init() from intelrdt.go
cb269306 remove "selinux" build tag (Always compile SELinux support)
552a1c7b remove "apparmor" build tag (Always compile AppArmor support)
48b8eb09 checkProcMount: add /proc/slabinfo to whitelist
1909051b libct/int/execin_tty: help debug a flake
97929295 libct/intelrdt: fix a staticcheck warning
6437086e libct/addCriu*Mount: fix gosimple warning
d0b59548 libct/checkCriuFeatures: fix gosimple linter warning
3de5c514 libct/int: don't hardcode CAP_NET_ADMIN
3387422b libct/int: fix "simple" linter warnings
11680cd2 libct: fix "unused" linter warning
a99ecc9e libct/cg/utils: silence a linter warning
3c9b03fd libct/cg/fscommon: log openat2 init failures
6bda4600 libcontainer/cgroups/fscommon: add openat2 support
31b0151f move blkio stat gathering to loop
990a6c57 cgroups: update blkio GetStats
be56333f bats: update to 1.2.1
f15c4cca Update umoci to 0.4.6
4344bd8f Dockerfile: use binary criu release
3aead32e nsenter: hard-code memfd_create(2) syscall numbers
5d1b0268 .github/workflows/validate: nits
7cd062d7 libct/cgroup/utils: fix GetCgroupMounts(all=true)
4fc2de77 libcontainer/devices: remove "Device" prefix from types
677baf22 libcontainer: isolate libcontainer/devices
de80aae4 recvtty: fix errcheck linter warnings
6b41b463 recvtty: fix waiting for both goroutines
4bbfd2e1 recvtty: use ioutil.Discard
c1ef0cf6 ci: add integration+unit tests to github actions
fce8dd4d tests/int/tty.bats: increase timeout
c6ed1854 ci: add shellcheck to github actions
27835a9e Makefile: move shellcheck out of validate
33bda24a ci: move verify-deps from travis to github actions
c60f23b3 ci: add shfmt to github actions
717a73b3 ci: renamed golangci-lint to validate
06b204e5 Makefile: move shfmt out of validate, add -w
7856c340 Dockerfile: bump criu to 3.15
ee1bdb80 vendor: github.com/cilium/ebpf v0.2.0
f0d5e839 Dockefile: fix path to skopeo repo
d9010b0e integration: update README to link to bats-core
3f2f06df Move cgroup v2 out of experimental
f62ad4a0 libcontainer/intelrdt: rename CAT and MBA enabled flags
620f4c5c libcontainer/intelrdt: fix CMT feature check
896da0b9 docs: terminals: modify the example of Pass-Through mode.
4690064f update vendor
9403afd7 CI: Fedora 33: print kernel version, systemd version, and rootfs type
0a097615 CI: update Fedora to 33
41aa7640 linux: drop MS_REC for readonly remount
a4e6955e linux: fix remount readonly in a user namespace
2e968a83 libct/cg/sd/v2: "support" (ignore) memory.oom.group
c013be56 libct/cg/sd/v2: support memory.* / Memory* unified
13afa58d libct/cg/sd/v2: support cpuset.* / Allowed*
5be8b97a libct/cg/sd/v2: support cpu.weight / CPUWeight
390a98f3 runc update: support unified resources
ab80eb32 libct/cg/sd/v2: support cpu.max unified resource
7f24098d tests/int: move check_cpu* to helpers
fd5226d0 libct/cg/sd: add defCPUQuotaPeriod
0cb8bf67 Initial v2 resources.unified systemd support
ed548376 tests/int/update.bats: add checks for runc status
d0991db2 tests/int/cgroups.bats: reformatting
a66a8238 ci: pin shfmt to v3.2.0
2ceb9719 tests/integration: rm excessive run use
e32716d3 tests/int: simplify teardown_running_container
c114919f tests/int: fix "runc exec --preserve-fds"
7b8c4e98 shfmt mounts.bats to pass `make validate`
ac5ec5e3 libcontainer/integration: fix unit test
f5c345c3 test: add "runc run --no-pivot must not expose bare /proc"
17de6f80 vendor: bump mountinfo to v0.4.0
70538b39 Update bash completion to support systemd-cgroup
933c4d31 libcontainer/intelrdt: privatize IntelRdtManager and its fields
2c004a10 libcontainer/intelrdt: introduce NewManager()
abcc1aae fix some typos about libcontainer
939ad4e3 don't panic when /sys/fs/cgroup is missing for rootless
7613c718 Update bash completion to support new capabilities
b8bf5728 rootfs: handle nested procfs mounts for MS_MOVE
5903b0ce libcontainer/intelrdt: remove 'omitempty' property from CMT and MBM counters
0253a08d CI: add shfmt for sh files
ff9852c4 *.sh: use shfmt
069fddfa CI: add shfmt for bats
fc8c7797 tests/integration/*.bats: reformat with shfmt
0aa0fae3 Kill all processes in cgroup even if init process Wait fails
978fa6e9 Fixing some lint issues
f0fdde79 libct/cg/systemd/v1: fix err check in enableKmem
c1bba720 libct/cg/systemd/v1: do not use c.Path
fa47f958 libct/int/newTemplateConfig: add systemd support
9135d99c libct/int/newTemplateConfig: add userns param
73d93eeb libct/int: make newTemplateConfig argument a struct
fb4c27c4 Fix mount error when chmod RO tmpfs
002c92f1 libct/cg.WriteCgroupProc: use fscommon.OpenFile
c95e6900 libct/cg/fs*: use fscommon.OpenFile
d55729f1 libct/cg/fs/blkio: use fscommon.OpenFile
0228226e libcontainer/cgroups/fscommon: introduce OpenFile
b4483305 Add error message
e25b8cfc libct/cg/utils: use fscommon.ReadFile
6bae53f5 libct/cg/fs2: use fscommon.ReadFile
2588e6f1 libct/cg/fs/cpuset: use fscommon.ReadFile
1d20cf49 libct/cg/fs/cpuacct: use fscommon.ReadFile
9e78b66e libct/cg/systemd/v1.enableKmem: use fscommon.ReadFile
31634436 libct/cg/fs2.CreateCgroupPath: use fscommon.*File
b7092d84 libct/cg/fs.setKernelMemory: use fscommon.WriteFile
619de977 libct/cg/fscommon_test: rm cgroups dependency
ede8a86e Convert root path to absolute path on create command
e8eb8000 fix some linting issues
fcf210d6 Fix goreport warnings of ineffassign and misspell
644c107e libcontainer/intelrdt: modify the incorrect file mode
87412ee4 vendor: bump mountinfo v0.3.1
28b452bf libcontainer: unconvert
b3a8b074 libcontainer: prefer bytes.TrimSpace() over strings.TrimSpace()
3d5dec2f libcontainer: remove the unused variable from spec
b76652fb libcontainer: remove `removePath` from cgroups
faaecac7 libcontainer: remove loadConfig which is the unused function
c6ac3c4b libcontainer/system: remove deprecated GetProcessStartTime
3eb469b0 libcontainer: remove redundant strings.Join()
bc9a7bda setFreezer: explicitly return nil
2a644a7d CI: add golangci-lint via github actions
360981ae libct/cgroups: rewrite getHugePageSizeFromFilenames
819fd683 go.mod: sirupsen/logrus v1.7.0
0eb66c95 go.mod: github.com/containerd/console v1.0.1
8bf21672 use string-concatenation instead of sprintf for simple cases
a4d5e8a2 libcontainer/ignoreTerminateError: ignore SIGKILL
dc424591 libct/(*initProcess).start: fix removing cgroups on error
8699596d libct/(*setnsProcess).Start: use retErr
38447895 libct/cgroups/systemd: eliminate runc/systemd race
6c83d23f libcontainer/cgroups/fscommon: improve doc
31f0f5b7 libct/cg/fscommon.GetCgroupParamUint: improve
e76ac1c0 libct/cg/fscommon.GetCgroupParamString: use ReadFile
aac4d1f5 libct/cg/fscommon/GetCgroupParamKeyValue: nits
d167be29 libct/cgroups/fs2/statHugeTlb: error message nits
2c70d238 libct/intelrdt: add TestFindIntelRdtMountpointDir
ab2b5dfa libcontainer/cgroups: use const for templates
b7c446b3 checkpoint: setPageServer: use net.SplitHostPort instead of strings.Split
f1c1fdf9 libcontainer/intelrdt: use moby/sys/mountinfo
4929c05a tests/int: add cgroupv2 unified resources tests
6e2159be tests/int/cgroups: make sure to rm containers
b006f4a1 libct/cgroups: support Cgroups.Resources.Unified
8ceae9f7 libct/cgroups/GetHugePageSize: use Readdirnames
9aff7aae libct/utils: add GetHugePageSize benchmark
30601efa tests/int/spec.bats: simplify
6c21de38 tests/int/spec: only run once for rootless
186a38ba tests/int: whitespace cleanup
792d2c3b tests/int/cgroups.bats: rm unused code
908b7076 tests/int/*.bats: make sure to delete containers
1c3af275 libcontainer: newContainerCapList() refactor to reduce duplicated code
8820a145 libcontainer: initialize slices with length
f5c96b74 libcontainer: remove unneeded sprintf and intermediate variable
b9e26ad8 libcontainer: remove workaround for RHEL6 kernels
373811ba libcontainer: rename cap variable as it collides with built-in
074e67ad Makefile: fix vendor and verify-dependencies
2ccefa63 restore: tell CRIU to use existing namespaces
71c10e3c vendor: github.com/moby/sys/mountinfo v0.2.0
ba8687fc tests/int/helpers: fix indentation
fdb0590c tests/int/helpers: simplify set_cgroup_mount_writable
74b57fea fscommon.WriteFile: simplify error message
a3f91b98 vendor: bump runtime-spec
b682e8cf vendor: bump fileutils to v0.5.0
d1d13d9a tests/int/checkpoint: don't hide stderr
627074d0 tests/int/checkpoint: rm useless code
bca5f24c tests/int/checkpoint.bats: fix showing logs on fail
ce24d603 Add integration tests for cgroup devices
8297ae45 Makefile: fix DESTDIR handling
dd3e0da3 tests/int/dev.bats: fixes for new busybox
bcd30954 tests/int: fix runc exec --preserve-fds
ba0246da libcontainer: Store state.json before sync procRun
cbb0a793 Make sure signalAllProcesses is invoked in the function of destroy
940e1547 cgroupv1/systemd: (re)use m.paths
f075084a cgroupv1/systemd: rework Apply/joinCgroups
fad92bbf cgroupv1/Apply: do not overuse d.path/getSubsystemPath
0445fd60 Since no kernels support direct labeling of /dev/mqueue remove label
bfb4ea1b Remove check for apparmor_parser in apparmor.IsEnabled()
a63f99fc Add support for umask
42d9a6b4 tty.bats: add test cases when stdin is not a tty
b79cb048 runc run/exec: fix terminal wrt stdin redirection
b8efb020 tests/int/delete.bats: fix shellcheck warnings
28204ce7 tests/int/delete: rm useless code
34b4b106 tests/int: alt fix for shellcheck SC2034
d34f1c81 CI: add shellcheck of bats files
f36fb46b tests/int/*bats: ignore SC2016
598d8b73 tests/int/checkpoint.bats: ignore SC2206
08766b98 tests/int/*bats: fix/ignore shellcheck SC2046
4ba4baea tests/int/*bats: fix shellcheck SC2086, SC2006
b02ca2dc tests/int: fix shellcheck warning SC2002
3b80850e tests/int/update.bats: fix a shellcheck warning
612d0790 tests/int/update.bats: fix a shellcheck warning
82836d24 tests/int/cgroups.bats: fix a shellcheck warning
4b8ff6a1 tests/int/checkpoint.bats: ignore some shellcheck warnings
ce50e1da test/int/spec.bats: simplify setup/teardown
699fdf89 tests/int/mount.bats: fix a check
85a30698 test/int/hooks.bats: fix here-doc
9a699e1a Skip redundant setup for /dev/ptmx when specified explicitly in the OCI spec.
0709202d Remove runc default devices that overlap with spec devices.
6249136a add libseccomp version to `runc --version`
1d85333a add runtime.Version() to `runc --version`
1e9f8059 cleancode: adjust and make it more readability
335f0806 tests/int/delete: cgroupv1 with sub-cgroups removal case
19be8e5b libct/cgroups.RemovePaths: speedup
3f14242e libct/cgroups: move RemovePath from fs2
254d23b9 libc/cgroups: empty map in RemovePaths
bf8bb477 Modify from space to tab
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Refresh patches for new context, drop CVE patch that has been integrated
into the main repository.
The following changes are part of this refresh:
49a73463 Merge pull request #2547 from kolyshkin/moar-v2-tests
9ada2e6d Merge pull request #2539 from kolyshkin/ext-pidns-nits
b70de388 Merge pull request #2540 from kolyshkin/unify-test-inval-cgroup
0509b5ba Merge pull request #2553 from AkihiroSuda/support-kernel59-caps
6dfbe9b8 support CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
54c53b10 Merge pull request #2533 from XiaodongLoong/fix_cgMode_redundant
a2d1f85b Merge pull request #2542 from AkihiroSuda/go1.15
4c71a68c upgrade Go to 1.15
dedadbf9 Merge pull request #2545 from kolyshkin/go-mod-vendor
809dc640 Merge pull request #2548 from kolyshkin/int-cr-fix
7f64fb47 use criu cgroup mode const from go-criu
5026bfab tests/int: fix error handling and logging
2de0b5aa libct/integration: enable some tests for cgroupv2
985bd24f Makefile: fix go vet/fmt
a340fa9b Merge pull request #2543 from mrunalp/release_1.0.0-rc92
1ff1bf34 VERSION: back to development
ff819c7e VERSION: release 1.0.0-rc92
f6688549 Merge pull request #2499 from kolyshkin/find-cgroup-mountpoint-fastpath
234d15ec Merge pull request #2520 from thaJeztah/bump_runtime_spec
78d02e85 Merge pull request #2534 from adrianreber/go-criu-4-1-0
637d54b7 cgroups/fs tests: unify TestInvalid*Cgroup*
e54d1e47 libct: initialize inheritFD in place
8b973997 libct: criuNsToKey doesn't have to be a method
3de3112c Merge pull request #2525 from adrianreber/external-pidns
6f4616dd Pass location of CRIU binary to go-criu
267b7148 Upgrade go-criu to 4.1.0
d6f5641c Merge pull request #2507 from kolyshkin/alt-to-2497
46243fce Merge pull request #2500 from kolyshkin/fs-apply
e0c0b0cf libct/cgroups/GetCgroupRoot: make it faster
901dccf0 vendor: update runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6
97b02cf9 Merge pull request #2531 from JFHwang/gomod_update
59352963 Update go.mod
67169a9d merge branch 'pr-2529'
95a59bf2 devices: correctly check device types
09e103b0 Tell CRIU to use an external pid namespace if necessary
610c5ad7 Factor out checkpointing with external namespace code
d65df61d Merge pull request #2521 from zvier/master
92e2175d cleancode: clean code for utils_linux.go
86d9399c Merge pull request #2524 from adrianreber/fix-travis
b7683d6b Fix .travis.yml warnings
f8749ba0 merge branch 'pr-2509'
f9850afa Merge pull request #2518 from XiaodongLoong/redundant_chroot_param
af283b3f remove redundant the parameter of chroot function
b7d8f3bf Merge pull request #2516 from ide-rea/fix-typo
47fbafb7 Merge pull request #2510 from kolyshkin/criu-el7
76b05e6d fix small typo
cf1273ab Merge pull request #2498 from kolyshkin/v1-code-cleanups
545ebdd1 Merge pull request #2511 from kolyshkin/fedora-dnf-fix
fbf047bf Merge pull request #2501 from XiaodongLoong/systemderror-fix
f57bb2fe fix TestPidsSystemd and TestRunWithKernelMemorySystemd test error
ce54a9d4 Merge pull request #2514 from rhatdan/windows
6d5125f8 tests/int/checkpoint: don't remove readonly flag
9806eb55 Merge pull request #2513 from lsm5/custom-PREFIX-in-Makefile
d78ee471 Allow libcontainer/configs to be imported on Windows
5517d1d7 Merge pull request #2505 from XiaodongLoong/redundant-copy-src
ffe9f0b0 Vagrantfile.centos7: do not ignore script failures
bc1a9c11 allow customizable PREFIX variable
a73ce38d cgroupv1/FindCgroupMountpoint: add a fast path
c27b8e7f tests/fedora32: retry dnf
92f49821 tests/centos7: add criu
98c7c01d tests/int/checkpoint: require cgroupns
c1adc99a cgroup/fs: rework Apply()
417f5ff4 tests/int/checkpoint: fds and pids cleanup
819fcc68 merge branch 'pr-2495'
2a322e91 cgroupv1: remove subsystemSet.Get()
daf30cb7 cgroups/fs: rm getSubsystems
2e225799 libct/cgroups/fs.GetStats: drop PathExists check
11fb9496 cgroups/fs: rm Remove method from controllers
30dc54a9 Merge pull request #2503 from giuseppe/cgroup-fixes
3f811318 Merge pull request #2490 from kolyshkin/dev-opt
32034481 cgroup, systemd: cleanup cgroups
46a304b5 Merge pull request #2502 from tjucoder/master
e638eda0 Merge pull request #2496 from kolyshkin/freeze-nits
a4cb88f3 redundant souce code copy There is a docker -v flag for test in Makefile
2deaeab0 cgroup: store the result of IsRunningSystemd
ab35cfe2 make sure pty.Close() will be called and fix comment
62a30709 cgroups/fs/path: optimize
46b26bc0 cgroups/fs/Freeze: simplify
cd479f9d cgroupv1/freezer: don't use subsystemSet.Get()
3cb1909c Merge pull request #2493 from thaJeztah/bump_ebpf
108ee85b libct/cgroups: add SkipDevices to Resources
f49adb52 vendor: update cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775
6f5edda9 merge branch 'pr-2491'
d0e92896 VERSION: back to development
24a3cf88 VERSION: release 1.0.0-rc91
1b94395c Merge pull request #2476 from kolyshkin/cpt-err-log
834c4573 Merge pull request #2482 from kinvolk/alban/integration-tests
327284eb integration tests: fix typo in README.md
0fa097fc merge branch 'pr-2481'
dff7685c Merge pull request #2459 from tedyu/linux-cont-set-cfg
e643db6e Merge pull request #2479 from haircommander/fix-systemd-version
04806abd nsenter: fix repeat close() operations
9748b487 Merge pull request #2229 from RenaudWasTaken/create-container
861afa75 Add integration tests for the new runc hooks
2f7bdf9d Tests the new Hook
6a0f64e7 systemd: add unit tests for systemdVersion
6369e388 systemd: parse systemdVersion in more situations
819c40b3 Merge pull request #2478 from kolyshkin/get-pids
89516d17 libct/cgroups/readProcsFile: ret errorr if scan failed
406298fd Merge pull request #2466 from kolyshkin/systemd-cpu-quota-period
12a7c8fc Merge pull request #2411 from kolyshkin/v1-specific
ccdd7576 Add the CreateRuntime, CreateContainer and StartContainer Hooks
e232a71a tests/int/checkpoint: fix checks, add logs
a6ddabd6 tests/int/checkpoint: whitespace cleanups
e751a168 cgroups/systemd: add setting CPUQuotaPeriod prop
8c5a19f7 libct/cgroups/fs: rename some files
cec5ae7c libct/cgroupv1/getCgroupMountsHelper: minor nit
0626c150 libct/cgroupv1: fix TestGetCgroupMounts test cases
0681d456 libct/cgroups/utils: move cgroup v1 code to separate file
7db2d3e1 libcontainer/cgroups: rm FindCgroupMountpointDir
d244b405 libct/cgroups: improve ParseCgroupFile docs
5785aabc libct/cgroups: make isSubsystemAvailable v1-specific
d5c57dce libct/criuApplyCgroups: don't set cgroup paths for v2
52b56bc2 libc/criuSwrk: remove applyCgroups param
142d0f2d libct/cgroups/utils: make FindCgroupMountpoint* v1-specific
44b75e76 libct/cgroups: separate getCgroupMountsV1
82d2fa4e Merge pull request #2453 from AkihiroSuda/vagrant-centos7
3834222d libct/cgroups/utils: getControllerPath return err for v2
55c77cb9 Merge pull request #2472 from kolyshkin/paths-nits
dd2426d0 libct/cgroups: fix m.paths map access
a77d7b1d libct: don't use GetPaths
5b247e73 Merge pull request #2338 from lifubang/systemdcgroupv2
c76af1d2 Merge pull request #2470 from katarzyna-z/kk-fix-numa-stats
601fa557 Merge pull request #2414 from kolyshkin/criu-notif
71e63de4 Fix #2469 omit memory.numa_stat when not available
fdc48376 Merge pull request #2458 from kolyshkin/cpu-quota-II
3ddb913a Merge pull request #2467 from mrunalp/save_state_atomic
ed9d93e2 Merge pull request #2455 from AkihiroSuda/docs-cgroup2
a4a306d2 Write state.json atomically
499357d6 add Vagrantfile.centos7
262ef563 update.bats: support systemd <= 226
1f366c6a tests/rootless.sh: fix executing bats in non-root PATH
6246bb11 spec.bats: avoid using `git -C`
bd236e50 integration: skip checkpoint tests if criu binary not found
b2163040 Merge pull request #2454 from AkihiroSuda/ci-fix-rt
1b03e725 tests/int/update: more cpu period/quota cases
a92b0327 cgroups/systemd: fix set CPU quota if period is unset
1832bf0b tests/int/update: add cpu-quota -1 tests
7c2b2349 tests/integration/update: enable cpu quota for v2
32746fb3 update: do not overwrite old cpu quota/period
4189cb65 cgroups: remove cgroup.Resources.CpuMax
8b964677 cgroups/systemd: unify adding CpuQuota
2ce20ed1 cgroups/systemd: simplify gen*ResourcesProperties
9d275d32 Set configs back when intelrdt configs cannot be set
4be54355 add integration test for ps/kill after the container stopped
1b97c04f merge branch 'pr-2445'
2a046695 merge branch 'pr-2446'
79fe41d3 Replace sed with jq for more readable json manipulation in tests
13865704 add cgroup v2 documentation
10d1e1ed test "update rt period and runtime": fix up runtime and period
0853956d Merge pull request #2452 from AkihiroSuda/silence-criu-not-found
13020202 Merge pull request #2449 from katarzyna-z/kk-fix-2440
9087f2e8 fix path error in systemd when stopped
4ad326a3 silence "which: no criu"
92f831bf Fix #2440 omit cpuacct.usage_all when not available
d1ba8e39 (*initProcess).start: rm second Apply
dbe5acad Merge pull request #2439 from kolyshkin/int-noswap
332a8458 Merge pull request #2443 from kolyshkin/kmem-fixup
0f7ffbeb Merge pull request #2416 from AkihiroSuda/exec-join-init-cgroup
a30f2556 merge branch 'pr-2018'
c91fe9ae cgroup2: exec: join the cgroup of the init process on EBUSY
ed1f14af tests/int/events: skip oom test if no swap
755b1016 test/int/update: simplify mem+swap presence check
8d943633 test/int/update: simplify mem+swap checks
e664e732 merge branch 'pr-2442'
2679754a Merge pull request #2441 from kolyshkin/check-cpushares
3fe6e045 cgroupv1/systemd.Set: don't enable kernel memory acct
3249e237 cgroupv1: check cpu shares in place
774a9e76 Merge pull request #2420 from tedyu/criu-proc-wait
3ba3d9b1 Wait for criuProcess once
0f3d6bec Remove pullapprove integration
64dbdb86 Merge pull request #2437 from kolyshkin/remove-faster
a78e21b5 tests/int/delete.bats: fixups
0ac92aab cgroups/fs2: make removeCgroupPath faster
4f0bdafc Merge pull request #2412 from lifubang/removecgpath
a891fee8 Merge pull request #2434 from kolyshkin/cpu-quota-fix-minimal
be546787 cgroupv1: minimal fix for cpu quota regression
82fa1941 remove cgroup path recursively in cgroup v2
1f737eeb Merge pull request #2426 from kolyshkin/mem-swap-unlim
7673bee6 Merge pull request #2395 from lifubang/updateCgroupv2
68391c0e use lazy-pages ready notification for criu >= 3.15
7ab13298 libct/criuNotifications: simplify switch
3c6e8ac4 cgroupv2: set mem+swap to max if mem set to max
27515719 add testcase for enable all supported controllers in cgroupv2
a67dab0a Revert "CreateCgroupPath: only enable needed controllers"
3c8da9da Merge pull request #2422 from kolyshkin/criu-j
d57f5bb2 cgroupv1: don't ignore MemorySwap if Memory==-1
21cb2360 merge branch 'pr-2427'
6a6ba0c0 Merge pull request #2423 from kolyshkin/systemd-v2-pids-max
8cd84e35 Merge pull request #2333 from opencontainers/add-cii-badge
59897367 cgroups/systemd: allow to set -1 as pids.limit
95413ecd tests/int/update: add cgroupv1 systemd CPU checks
06d7c1d2 systemd+cgroupv1: fix updating CPUQuotaPerSecUSec
7abd93d1 tests/integration/update.bats: more systemd checks
e4a84bea cgroupv2+systemd: set MemoryLow
4fc9fa05 tests/int: simplify check_systemd_value use
716079f9 Merge pull request #2406 from cyphar/devices-cgroup-header
5b601c66 README.md: fix a dead link
cd4b71c2 Merge pull request #2409 from adrianreber/go-criu-4-0-0
28cd9d9c Merge pull request #2419 from tianon/buildmode-arch-toggle
9a808dd0 Merge pull request #2424 from giuseppe/errno-ret
944e0570 Update to latest go-criu (4.0.2)
41aa1966 libcontainer: honor seccomp errnoRet
510c79f9 vendor: update runtime-specs to 237cc4f519e
236ec045 Dockerfile: speed up criu build
be66519c Remove "-buildmode=pie" from platforms that don't support it
b207d578 Merge pull request #2418 from AkihiroSuda/fix-bad-rebase-2413
2fa3c286 fix "libcontainer/cgroups/fs/cpuset.go:63:14: undefined: fmt"
f369199f Merge pull request #2413 from JFHwang/2392-spec-check
53a46497 Merge pull request #2401 from kolyshkin/fs-cpuset-mountinfo
825e91ad Merge pull request #2341 from kolyshkin/test-cpt-lazy
67fac528 Merge pull request #2410 from lifubang/swap0patch
5aa0601a validateProcessSpec: prevent SEGV when config is valid json, but invalid.
7fc291fd Replace formatted errors when unneeded
9ad1beb4 never write empty string to memory.swap.max
dc9a7879 cgroups: add copyright header to devices.Emulator implementation
3f1e8869 Merge pull request #2391 from cyphar/devices-cgroup
2db3240f libct/cgroups: rm GetClosestMountpointAncestor
f1603526 libct/cgroup: prep to rm GetClosestMountpointAncestor
85d4264d Merge pull request #2390 from lifubang/threadedordomain
4b71877f Merge pull request #2292 from Creatone/creatone/extend-intelrdt
41855317 Merge pull request #2271 from katarzyna-z/kk-cpuacct-usage-all
fe0669b2 don't enable threaded mode by default
ba6eb282 tests: add integration test for paused-and-updated containers
4438eaa5 tests: add integration test for devices transition rules
b810da14 cgroups: systemd: make use of Device*= properties
afe83489 cgroupv1: devices: use minimal transition rules with devices.Emulator
2353ffec cgroups: implement a devices cgroupv1 emulator
24388be7 configs: use different types for .Devices and .Resources.Devices
60e21ec2 specconv: remove default /dev/console access
b2bec980 cgroup: devices: eradicate the Allow/Deny lists
859a780d cgroups: add GetFreezerState() helper to Manager
a79fa7ca contrib: recvtty: add --no-stdin flag
df3d7f67 Merge pull request #2393 from kolyshkin/criu-pi
58bf0835 Merge pull request #2400 from kolyshkin/bats-1.2.0
17aee8c4 Dockerfile: bump bats to 1.2.0
2b9a36ee Merge pull request #2398 from pkagrawal/master
867c9f5b Merge pull request #2386 from kolyshkin/gordian-knot
ca1d135b runc checkpoint: fix --status-fd to accept fd
4aa91014 Honor spec.Process.NoNewPrivileges in specconv.CreateLibcontainerConfig
f0daf651 Vagrantfile: use criu from stable repo
714c91e9 Simplify cgroup path handing in v2 via unified API
2c8d668e Merge pull request #2387 from kolyshkin/g-knot-prepare
1d143562 libct/cgroups/fs: access m.paths under lock
51e1a084 libct/cgroups/systemd/v1: privatize v1 manager
d827e323 libct/cgroups/systemd/v1: add NewLegacyManager
fc620fdf libct/cgroups/fs: privatize Manager and its fields
5935bf8c libct/cgroups/fs: introduce NewManager()
24f945e0 libct/cgroups/systemd/v2: return a public interface
63854b0e newSetnsProcess: reuse state.CgroupPaths
9a3e6326 notify: simplify usage
6621af89 merge branch 'pr-2381'
828e4ad8 epbf: update github.com/cilium/ebpf
b18a9650 test: update devicefilter tests
128cb60f ebpf: fix big endian issue for s390x
2b31437c Merge pull request #2281 from AkihiroSuda/rootless-systemd
47a73431 Merge pull request #2373 from kolyshkin/logging-nits
492cfd8b Merge pull request #2352 from lifubang/eventsv2
bf15cc99 cgroup v2: support rootless systemd
657407ff fix runc events error in cgroup v2
64416d34 Merge pull request #2382 from thaJeztah/bump_selinux
b48bbdd0 vendor: opencontainers/selinux v1.5.1, update deprecated uses
407e9f9d Add reading of information from cpuacct.usage_all
a57358e0 Merge pull request #2370 from lifubang/swap0
96310f04 Merge pull request #2377 from thaJeztah/ticks_simplify
402d645c Simplify ticks, as the value is a constant
a0ddd02b Merge pull request #2378 from thaJeztah/bump_logrus
12ba2a73 Merge pull request #2380 from thaJeztah/userns_sync_once
9df0b5e2 libcontainer: RunningInUserNS() use sync.Once
e8bece65 vendor: sirupsen/logrus v1.6.0
609ba79f Merge pull request #2371 from kolyshkin/criu314
6161d255 Merge pull request #2375 from tedyu/wait-lazy-close
a70f3546 let runc disable swap in cgroup v2
db29dce0 Close fd in case fd.Write() returns error
f6439a84 Merge pull request #2372 from thaJeztah/improve_error_readability
1b84a21c Don't print errors twice
64ca5481 libcontainer: simplify error message
2adfd20a libcontainer: don't double-quote errors
c52a598d Remove fatalf()
d2061ee5 Vagrantfile: install less packages
e9e31f70 Vagrantfile: use criu 3.14 from testing
9634a80c Dockerfile: bump criu to version π (3.14)
dd8d48ed Merge pull request #2358 from kolyshkin/fs2-nit
c3b0b13f cgroups/fs2: don't always parse /proc/self/cgroup
051d6705 Merge pull request #2363 from AkihiroSuda/vagrant-f32
85c44b19 Vagrantfile: use Fedora 32
c18485ad Merge pull request #2359 from cyphar/terminal-docs-subreaper
0a4dcc02 Merge pull request #2331 from lifubang/StartTransientUnit
eea0fbfe docs: terminals: mention subreaper requirement
bfa1b2aa check that StartTransientUnit and StopUnit succeeds
80e2d1f1 Merge pull request #2357 from kolyshkin/makefile-2
a1f007e0 Merge pull request #2340 from AkihiroSuda/fix-2339
772d0909 Makefile: rm RELEASE_DIR and SHELL
731947d5 Makefile: fix/clean install-man
df72e898 Makefile: rm uninstall* targets
a036e890 Makefile: add -mod=vendor to go test
2fe9e31a Makefile: don't use -mod=vendor if GO111MODULE=off
19ba7688 Makefile: test, localtest: no need to invoke make
fc54f6d7 Makefile: rm $(SOURCES), mark targets as PHONY
b7dadf0f Makefile: rm $(allpackages)
60c647e3 fs2: fix cgroup.subtree_control EPERM on rootless + add CI
53fb4a5e Merge pull request #2342 from kolyshkin/vagrant-rm-ct
799d9481 intelrdt: Add Cache Monitoring Technology stats
b19f9cec Merge pull request #2343 from lifubang/updateSystemdScope
0fd8d468 Merge pull request #2318 from lifubang/linuxResources
baa20026 Merge pull request #2327 from kolyshkin/cpt-err
084144a6 travis: run vagrant tests on the host
634e51b5 Merge pull request #2335 from kolyshkin/cgroupv2-cpt
10ba72a6 add integration test for runc update with systemd
49ca1fd0 Merge pull request #2347 from kolyshkin/v2-allow-all-devs
78ff2797 Merge pull request #2334 from kolyshkin/makefile
c420a3ec Merge pull request #2324 from kolyshkin/criu-freezer
5b4bff96 Merge pull request #2336 from kolyshkin/bats-core-2
44024426 Merge pull request #2330 from KentaTada/use-linuxnamespace-const
fbeed522 Makefile: add -mod=vendor
1fe709a0 Makefile: use $(FOO) not ${FOO}
d09a6ea9 Makefile: split long lines
64ec3557 Makefile: abstract go build flags
55d5c99c libct/mountToRootfs: rm useless code
20959b16 libcontainer/integration/checkpoint_test: simplify
1d4ccc8e fix data inconsistent when runc update in systemd driven cgroup v1
7682a2b2 fix data inconsistent when runc update in systemd driven cgroup v2
dbe44cbb merge branch 'pr-2348'
fb99bbc7 merge branch 'pr-2326'
44747953 libcontainer: use x/sys/unix instead of the hardcoded value
d4bc7c10 Dockerfile: use bats-core
32d52a0f tests/checkpoint: enable for Fedora 31 / cgroup v2
9280e356 checkpoint/restore: fix cgroupv2 handling
00a2844a tests/checkpoint: add simple c/r test for cgroupns
75a92ea6 cgroupv2: allow to set EnableAllDevices=true
cdce577d Merge pull request #2332 from kolyshkin/cgroupv2-cr
7376bdc1 Fix reference to badge
d5e68ceb tests/checkpoint.bats: fix test hang/failure
bf172ef4 tests/checkpoint.bats: consolidate requires checks
e216457e tests/checkpoint.bats: simplify status checks
69d599dd tests/checkpoint.bats: fix $? checks
46be7b61 Merge pull request #2299 from kolyshkin/fs2-init-ctrl
5c2a9782 Add CII Badge to README
5b38ef71 Merge pull request #2320 from kolyshkin/vgr
ab276b1c cgroups/fs2/Destroy: use Remove, ignore ENOENT
992d5cad travis: enable fs2 driver test on fedora
4b4bc995 CreateCgroupPath: only enable needed controllers
bb47e358 cgroup/systemd: reorganize
de113415 cgroups/fs2/CreateCgroupPath: nit
b5c1949f cgroups/fs2/CreateCgroupPath: reinstate check
813cb3eb cgroupv2: fix fs2 cgroup init
60eaed2e cgroupv2: move sanity path check to common code
dbeff894 cgroupv2/systemd: privatize UnifiedManager
88c13c07 cgroupv2: use SecureJoin in systemd driver
9c80cd67 cgroupv2: rm legacy Paths from systemd driver
b6cc3975 travis: rm BUILDTAGS
5f0424c9 Vagrantfile: rm disabling weak deps
cd5f4fd9 Merge pull request #2325 from kolyshkin/nits-2
3006db2b checkpoint: don't print error if --pre-dump is set
3de86133 libcontainer: use consts of Namespace from runtime-spec
480bca91 cgroups/fs2: move type decl to beginning
353e9177 cgroups/fs2: do not use securejoin
9ae21e8d MAINTAINERS: add Kir Kolyshkin
58f970a0 cgroups/fscommon: use errors.Is
af6b9e7f nit: do not use syscall package
b3a481eb libcontainer: fix Checkpoint wrt cgroupv2
bf0a8e17 Merge pull request #2322 from lifubang/forceCgroupNS
d0f9b9ce default join cgroup namespace in runc example
e4981c91 merge branch 'pr-2317'
d2a9c5da using default allowed devices when linux resources is null
7a978e35 Defer netns.Close() after error check
9f6a2d4d Merge pull request #2305 from kolyshkin/fs2-fix-default
191def70 Merge pull request #2308 from kolyshkin/exec-no-tty
d1e4c7b8 intelrdt: add mbm stats
56aca5aa Merge pull request #2295 from kolyshkin/integration-cgroups
5c6216b1 Merge pull request #2278 from iwankgb/memory.numa_stats
84583eb1 Enable integration tests in cgroupv2 env
0965c970 tests/integration: disable swap tests for v2
483f9a0c tests/integration: add some cgroup v2 tests
3dfa5434 tests/integration/update.bats: simplify file creation
b8b46419 tests/integration: rm kmem from upgrade tests
ba3ee7fe tests/integration/update.bats: rm obsoleted comment
3f6a31b7 tests/integration: simplify cgroup paths init
3ae93580 tests/integration: check_cgroup_value: simplify
13431e0e Merge pull request #2312 from tedyu/cgrp-path-rollback
614bb966 cgroupv2/systemd: Properly remove intermediate directory
939bed2a runc exec: don't enable terminal unless -t is set
ccbb3364 Merge pull request #2304 from AkihiroSuda/travis-do-not-ignore-cgroup2-failures
d65ba5fa Merge pull request #2303 from KentaTada/remove-unneeded-syscall-import
ea36045f cgroupv2: fix fs2 driver default path
16d21e2d travis: move `cgroup-v2` out of `allow_failures`
e58a406b libcontainer: remove unneeded import
7fa13b27 intelrdt: change parseCpuInfoFile to return struct
9a93b737 Merge pull request #2288 from kolyshkin/mem-swap
7fe0a98e Exposing memory.numa_stats
5c15da9e Merge pull request #2300 from kolyshkin/fix-max
568cd62f cgroupv2: only treat -1 as "max"
c86be8a2 cgroupv2: fix setting MemorySwap
d3fdacb9 Merge pull request #2296 from KentaTada/update-readme-for-go1.13
a4bbc39d Merge pull request #2297 from giuseppe/cgroups-use-newstats
8b7ac5f4 libcontainer: use cgroups.NewStats
d5e91b1c Merge pull request #2289 from AkihiroSuda/fix-TestGetContainerStateAfterUpdate
0c7a9c02 Merge pull request #2294 from tklauser/unused-consts
6cda0eac Merge pull request #2293 from tedyu/restore-svr-close
f8f03700 README.md: update Go version to build
21d7bb95 Close criuServer so that even if CRIU crashes or unexpectedly exits, runc will not hang
3e678c08 Remove unused consts testScopeWait and testSliceWait
e4363b03 Merge pull request #2291 from kolyshkin/errors-unwrap-v2
ec8c6950 Merge pull request #2235 from Zyqsempai/add-hugetlb-controller-to-cgroupv2
b2272b2c libcontainer: use errors.Is() and errors.As()
c39f87a4 Revert "Merge pull request #2280 from kolyshkin/errors-unwrap"
4540b596 Fix TestGetContainerStateAfterUpdate on cgroup v2
0c6659ac Merge pull request #2261 from AkihiroSuda/vagrant-kvm
f8e13885 Merge pull request #2280 from kolyshkin/errors-unwrap
6ca9d8e6 Merge pull request #2283 from tedyu/runc-path-in-prefix
b26e4f27 Merge pull request #2284 from tedyu/criu-svr-close
e3e26caf Merge pull request #2276 from kolyshkin/criu-v2
22a2c9a4 Merge pull request #2282 from kolyshkin/cgroupv2-getpaths
49896ab0 Avoid double close of criuServer
d02fc484 isPathInPrefixList return value should be reverted
8d7977ee libct/isPaused: don't use GetPaths from v2 code
12e156f0 libct.isPaused: use errors.Unwrap
272c83e1 libct/cgroups: use errors.Unwrap
bd737f1e libct/cgroups/fs: use errors.Unwrap
d2dfc635 libct/cgroups/fs2: use errors.Unwrap
e4e35b8d libct/cgroups/fscommon.WriteFile: use errors.Unwrap
66778b3c libct/setKernelMemory: use errors.Unwrap
b8eed86e vagrant: switch from VirtualBox to KVM + increase HW resources
fc840f19 cgroupv2: don't use GetCgroupMounts for criu c/r
9ec5b03e Merge pull request #2259 from adrianreber/v2-test
8221d999 Merge pull request #2279 from masters-of-cats/freezer
92a3f80e Merge pull request #2203 from mrunalp/systemd_conn_cleanup
2abc6a36 Actually check for syscall.ENODEV when checking if a container is paused
3e99aa36 Fix checkpoint/restore tests on Fedora 31
9a0184b1 cgroup2: use CRIU's new freezer v2 support
d05e5728 systemd: Lazy initialize the systemd dbus connection
33c6125d systemd: Export IsSystemdRunning() function
4a9e1747 Merge pull request #2234 from thaJeztah/debian_buster
dca34a04 Dockerfile: switch to "buster" variant (current stable)
48bf88c4 Dockerfile: prevent busting build-cache for busybox rootfs
a5963876 Dockerfile: sort dependencies, and cleanup apt cache
c4821c2b Dockerfile: set DEBIAN_FRONTEND=noninteractive
201152a9 Dockerfile: use build-args to allow overriding versions
8df45c89 Merge pull request #2268 from AkihiroSuda/vendor-20200325
ad6d577a travis: run `make verify-dependencies` with Go 1.14.x
dfc1b0cd update vendor
f1eea905 Merge pull request #2275 from kolyshkin/scan-nits
53ad1d51 Merge pull request #2256 from kolyshkin/mountinfo-alt
75ff40cd Merge pull request #2273 from kolyshkin/v2-untangle
aab2c8ba libcontainer/intelrdt: optimize parseCpuInfoFile
0af5cd20 Nit: fix use of bufio.Scanner.Err
d4a6a1d9 Merge pull request #2258 from masters-of-cats/eintr-retry
b45db5d3 libcontainer/cgroup: obsolete Get*Cgroup for v2
a949e4f2 cgroupv2: UnifiedManager.Apply: simplify
5406833a cgroupv2/systemd: add getv2Path
cebef0ee Merge pull request #2272 from kolyshkin/cgroupv2-max
ec1f957b cgroupv2: don't use getSubsystemPath in Apply
6905b721 cgroupv2: use "max" for negative values
96596cbb Merge pull request #2270 from kolyshkin/systemd-no-kmem
a675b5eb cgroupv2: don't try to set kmem for systemd case
be51398a Merge pull request #2193 from milkwine/fix-readSync
a7ee31fa Merge pull request #2260 from adrianreber/leave-running
7de5db3d Merge pull request #2263 from kolyshkin/nits
cc183ca6 Merge pull request #2242 from AkihiroSuda/vendor-systemd
4e6d8a0f Merge pull request #2267 from tedyu/runner-destroy
3087d43b Merge pull request #1826 from jingxiaolu/fix_specconv_process_nil
07bd2809 Merge pull request #2257 from kolyshkin/no-signal
0a7762c6 Avoid duplicate calls to runner#destroy
1797622f Merge pull request #2264 from kolyshkin/dockerfile
dd7b3461 libct/msMoveRoot: benefit from GetMounts filter
fc4357a8 libct/msMoveRoot: rm redundant filepath.Abs() calls
dce0de89 getParentMount: benefit from GetMounts filter
81d8452e libct/TestFactoryNewTmpfs: benefit from GetMounts
c7ab2c03 libcontainer: switch to moby/sys/mountinfo package
3147c320 Switch to golang 1.13, drop unsupported versions
88a02447 Dockerfile: add -f to curl
a572216f libcontainer/intelrdt: rm fmt.Sprintf
5542a2c7 libcontainer/cgroups: GetAllPids: optimize
12dc475d libcontainer: simplify createCgroupsv2Path
648295be Skip test for cgroups v2
f34eb2c0 Retry writing to cgroup files on EINTR error
87712d28 checkpoint: remove error message with --leave-running
34d47176 fix readSync
0e062a78 Remove signalmap, use unix.SignalNum
939cd0b7 Merge pull request #1737 from wking/remove-procConsole-comment
88474967 Merge pull request #1974 from openSUSE/unreachable-code
525b9f31 Merge pull request #2248 from AkihiroSuda/fix-cgroupv2-conversion
492d525e vendor: update go-systemd and godbus
981dbef5 Merge pull request #2226 from avagin/runsc-restore-cmd-wait
a15d2c3c merge branch 'pr-2073'
9167393c merge branch 'pr-2254'
89c108b1 Makefile: add selinux and apparmor build tags
69f6f32f README, travis.yml: rm ambient tag
8615da6f Merge pull request #1999 from lifubang/rootlesspath
167e33ca Merge pull request #1807 from giuseppe/notify-no-block
25fd4a67 sd-notify: do not hang when NOTIFY_SOCKET is used with create
aa269315 cgroup2: add CpuMax conversion
64e9a979 cgroup2: fix conversion
b477a159 Remove unreachable code paths
7d6e091f fix error when there is --root and XDG_RUNTIME_DIR env
0ff53526 Merge pull request #2252 from pkagrawal/2251-fix
71dfb559 Merge pull request #2238 from tedyu/init-proc-err-ret
89a87adb Changed hugetlb pagesizes info source
d804611d Added failcnt stats
62cfad97 specconv: add a test case to check null spec.Process
5b2b138d Synchronize the call to linuxContainer.Signal()
957da1f9 Use named error return for initProcess#start
bbaba4c0 Merge pull request #2228 from cpuguy83/no_whiches
2864bf46 Merge pull request #1877 from KentaTada/add-rootless-testpath-in-makefile
777f97d8 Run verify-dependencies only on go1.x
83f9b889 Don't add git utils to go.mod in CI
f7edcc3a Remove refrences to vndr
a08ab87f Make CI script to verify that vendor is in sync
df583b4c Fix file permissions for mounts.bats
38273546 Update spec test to use go.mod
69e8fb2a Add support for GO Modules
fc5759cf Merge pull request #2222 from cyphar/update-travis
af3a81e4 Add rootless testpath in Makefile
6503438f Merge pull request #2212 from Zyqsempai/2211-convert-blkio-weight-properly
c4730fa6 Merge pull request #2230 from thaJeztah/update_selinux_v1.3.1
42bfdf5f Use "command -v" shell builtin instead of "which"
93e5c4d3 merge branch 'pr-2232'
b6657fc3 Merge pull request #2231 from thaJeztah/nominate_akihiro
d8953334 vendor: update opencontainers/selinux v1.3.3
22e00ddc vendor: update golang.org/x/sys 52ab431487773bc9dd1b0766228b1cf3944126bf
c295a633 vendor: update opencontainers/selinux v1.3.1
3b7e32fe Merge pull request #2210 from Zyqsempai/2164-remove-deprecated-systemd-resources
7f37afa8 Added HugeTlb controller for cgroupv2
98de8426 libcontainer: dual-license nsenter/cloned_binary.c
bc43c4bd MAINTAINERS: add Akihiro Suda to maintainers
688cf6d4 merge branch 'pr-2223'
0f32b03d merge branch 'pr-2192'
13b1603f Merge pull request #2224 from kolyshkin/systemd-props
4b8134f6 Convert blkioWeight to io.weight properly
1cd71dfd systemd properties: support for *Sec values
2a81236e Document using annotations to set systemd props
4c5c3fb9 Support for setting systemd properties via annotations
81ef5024 Merge pull request #2213 from Zyqsempai/2166-convert-cpu-weight-poperly
7c439cc6 Added conversion for cpu.weight v2
269ea385 restore: fix a race condition in process.Wait()
f27c4e15 Fix the value corresponding to rlimitmap [key]
dc7d0bfa travis: update configuration
3b992087 Fix skip message for cgroupv2
e6555cc0 merge branch 'pr-2184'
e0385902 README.md: modify the explanation of make flags
ff107ee0 merge branch 'pr-2190'
7d23d1e1 Update README.md
0061cad8 Adding .pdf of audit
2b5730a5 Merge pull request #2221 from inductor/feature/fix_path_security
e4c4935a Merge pull request #2217 from cyphar/release-rc10
ed4a3e9b Apply review
c8ba9853 Fix path for security report line
e4de2b25 VERSION: back to development
dc9208a3 VERSION: update to 1.0.0~rc10
2fc03cc1 Merge pull request #2207 from cyphar/fix-double-volume-attack
3291d66b rootfs: do not permit /proc mounts to non-directories
f6fb7a03 merge branch 'pr-2133'
5b96f314 Exchanged deprecated systemd resources with the appropriate for cgroupv2
cf9b7c33 Fix MAJ:MIN io.stat parsing order
709377ca Merge pull request #2198 from AkihiroSuda/criu-master
55f8c254 temporarily disable CRIU tests
5c20ea14 fix merging #2177 and #2169
5cc0deaf Merge pull request #2169 from AkihiroSuda/split-fs
2b52db75 Merge pull request #2177 from devimc/topic/libcontainer/kata-containers
a88592a6 Merge pull request #2185 from liggitt/exec-race
8541d9cf Fix race checking for process exit and waiting for exec fifo
52951a7c Fix race in tty integration test with slow startup
8ddd8920 libcontainer: add method to get cgroup config from cgroup Manager
cd7c59d0 libcontainer: export createCgroupConfig
7496a968 merge branch 'pr-2086'
201b0637 merge branch 'pr-2141'
e1b5af06 Merge pull request #2161 from AkihiroSuda/makefile-overrride-docker
ec49f98d fs2: support legacy device spec (to pass CI)
88e8350d cgroup2: split fs2 from fs
5e636953 merge branch 'pr-2174'
8bb10af4 Merge pull request #2165 from AkihiroSuda/travis-f31
41a20b58 Expose network interfaces via runc events
48b055c4 Makefile: allow overriding `docker` command
c35c2c9c merge branch 'pr-2172'
42690e68 Make event types public
2186cfa3 Merge pull request #2168 from AkihiroSuda/ebpf-fix-rlimit
faf1e44e cgroup2: ebpf: increase RLIM_MEMLOCK to avoid BPF_PROG_LOAD error
46def4cc Merge pull request #2154 from jpeach/2008-remove-static-build-tag
b133feae Merge pull request #2145 from AkihiroSuda/ebpf
ccd4436f .travis.yml: add Fedora 31 vagrant box (for cgroup2)
faf673ee cgroup2: port over eBPF device controller from crun
e57a7740 Merge pull request #2149 from AkihiroSuda/cgroup2-ps
d239ca84 Merge pull request #2148 from AkihiroSuda/cg2-ignore-cpuset-when-no-config
03cf145f Merge pull request #2159 from AkihiroSuda/cgroup2-mount-in-userns
f04fb998 Merge pull request #2160 from AkihiroSuda/cgroup2-no-proc-cgroups
74a3fe5d cgroup2: do not parse /proc/cgroups
9c81440f cgroup2: allow mounting /sys/fs/cgroup in UserNS without unsharing CgroupNS
13919f5d Remove the static_build build tag.
c4d8e168 Merge pull request #2140 from crosbymichael/fs-unified
792af40d Merge pull request #1929 from kkallday/patch-1
8790f243 Merge pull request #2147 from AkihiroSuda/iov2-remove-v1-code
2cd9ba23 Merge pull request #2146 from AkihiroSuda/doc-not-prod-ready
dbd771e4 cgroup2: implement `runc ps`
9996cf7d README.md: clarify cgroup2 support is not ready for production
d918e7f4 cpuset_v2: skip Apply when no limit is specified
033936ef io_v2.go: remove blkio v1 code
a610a848 criu: Ensure other users cannot read c/r files
4e370170 Merge pull request #2139 from rst0git/desc-permisions
b28f58f3 Set unified mountpoint in find mnt func
f017e0f9 checkpoint: Set descriptors.json file mode to 0600
c1485a1e merge branch 'pr-2134'
1b8a1eee merge branch 'pr-2132'
ba16a38b Merge pull request #2135 from mrueg/security
4be50fe3 SECURITY: Add Security Policy
2111613c VERSION: back to development
d736ef14 VERSION: update to 1.0.0-rc9
cad42f6e Merge pull request #2130 from cyphar/apparmor-verify-procfs
d463f648 *: verify that operations on /proc/... are on procfs
9aef5044 vendor: update github.com/opencontainers/selinux
28e58a0f Support different field counts of cpuaact.stats
e63b797f Handle ENODEV when accessing the freezer.state file
84373aaa Add SCMP_ACT_LOG as a valid Seccomp action (#1951)
3e425f80 Merge pull request #2129 from crosbymichael/proc-mount
331692ba Only allow proc mount if it is procfs
7507c64f Merge pull request #2041 from jburianek/notify-socket-permissions
bf27c2f8 Merge pull request #2126 from flynn/fix-nsenter-unsupported
af7b6547 libcontainer/nsenter: Don't import C in non-cgo file
6c055520 Merge pull request #2125 from giuseppe/mount-cgroups
267490e3 Merge pull request #2010 from lifubang/checkpointrootless
e7a87dd2 Merge pull request #2098 from adrianreber/master
718a566e cgroup: support mount of cgroup2
a6606a7a Merge pull request #2029 from thaJeztah/bump_dependencies
115d4b9e bump golang/protobuf v1.0.0
85c02f3f bump coreos/go-systemd v19, godbus/dbus v5.0.1
21498b8e bump mrunalp/fileutils 7d4729fb36185a7c1719923406c9d40e54fb93c7
eb86f603 bump syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2
1150ce9c bump urfave/cli v1.20.0
8e4f645f bump docker/go-units v0.3.3
0fc06623 bump cyphar/filepath-securejoin v0.2.2
414a39de bump containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f
de24d733 bump github.com/pkg/errors 0.8.1
4be3c48e Reformat vendor.conf and pin all deps by git-sha
0fd4342a Merge pull request #2028 from thaJeztah/bump_golang_versions
92ac8e3f Merge pull request #2113 from giuseppe/cgroupv2
524cb7c3 libcontainer: add systemd.UnifiedManager
ec111368 libcontainer, cgroups: rename systemd.Manager to LegacyManager
1932917b libcontainer: add initial support for cgroups v2
92d851e0 Merge pull request #2123 from carlosedp/riscv64
4316e4d0 Bump x/sys and update syscall to start Risc-V support
51f2a861 Merge pull request #2122 from AkihiroSuda/cleanup
0bc069d7 nsenter: fix clang-tidy warning
b225ef58 nsenter: minor clean up
dd075602 Merge pull request #2120 from rhatdan/master
e4aa7342 Rename cgroups_windows.go to cgroups_unsupported.go
c61c7370 Merge pull request #2103 from sipsma/cgnil
68d73f0a Merge pull request #2107 from sashayakovtseva/public-get-devices
f061842f Merge pull request #2119 from KentaTada/fix-proc-settings
c740965a libcontainer: update masked paths of /proc
3525edde Merge pull request #2117 from filbranden/detection1
f7b65885 Merge pull request #2116 from filbranden/running1
518c8558 Remove libcontainer detection for systemd features
4ca00773 Update vendored dependencies to remove go-systemd/util
588f040a Avoid the dependency on cgo through go-systemd/util package
afc24792 Make get devices function public
9c822e48 cgroups/fs: check nil pointers in cgroup manager
1712af0e man: fix man-pages
2e943784 Merge pull request #2094 from sipsma/2093-nodotudev
44f9ec13 Merge pull request #2089 from anx-astocker/master
f08cdaee Skip searching /dev/.udev for device nodes.
808e809f doc: First process in container needs `Init: true`
80d35c7c Merge pull request #2082 from AkihiroSuda/blkio-kernel50
dd8b9b14 Merge pull request #2081 from AkihiroSuda/criu312
9ae79017 Merge pull request #2080 from zhlhahaha/pr_id
5e0e67d7 fix permission denied
351bfb4b integration: remove blkio.weight (unavailable in kernel 5.0)
7e678625 Bump CRIU to 3.12
68cc1a77 Update busybox source and fix runc exec bug
6cccc176 Merge pull request #2075 from KentaTada/fix-bash-completion
371d13c9 Update bash completion for v1.0.0 release
f4982d86 Merge pull request #2074 from odinuge/dep/libseccomp-golang
652297c7 Update dependency libseccomp-golang
7a9ffa89 Change the permissions of the notify listener socket to rwx for everyone
e7831f2a Update to Go 1.12 and drop obsolete versions
2e8efc1b add prompt when rootless users have no read access to runc bin
472fe623 criu image path permission error in rootless checkpoint
056909bd Adds note about user ns for rootless containers
d71b3f53 libcontainer/sync: Drop procConsole transaction from comments
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Add a new PACKAGECONFIG, static, which when enabled will build
runc as static. Default to enable it.
We need this because we should allow users to build runc as not
static so that when docker's cgroup driver is set to systemd,
we don't get error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Updating both the pure opencontainers runc and the docker opencontainers
variants to -rc8.
We track the tip of master for opencontainers and for docker we match
the -ce and moby -rc8 commit hashes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.
Changes in runc since
6635b4f0 merge branch 'cve-2019-5736'
0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
dd023c45 merge branch 'pr-1972'
Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
docker/k8s and other components have been refreshed to the 18.09 release
tags. So we update runc to keep in sync.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The upstream Makefile now calls `$(GO)` instead of just `go` so this patch isn't
needed anymore.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Uprev both variants of runc to v1.0.0-rc5.
We drop patches that have made it into the upstream runc, and we also
refresh the context of of two others.
The docker and opencontainers variants are virtually identical, but
we keep the two variants for now to protect against any future forks
in the support.
The runc-docker SRCREV comes from the docker-ce 18.04 logged commit,
while runc-opencontainers is updated to the tip of the master branch.
Runtime tested with docker on x86-64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The "vendor/src" symlink is already created in do_compile in runc.inc.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The makefiles for both providers of runc need to be patched in similar ways to
ensure that we use the binaries from go-cross and not go-native.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
These fixes are needed due to updates to go.bbclass in oe-core. See commit
01a8d4537012ad93dc8510e9b762acdc8c4536c7 for more information.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Since there are two implementations of runc and containerd that may
not always be in sync, the docker variant, and the opencontainers
variable, we create a virtual/* namespace for these components.
Anything requiring runc or containerd should set a preferred provider
to get the desired/tested variant.
We set the default provider to the docker variants, since they are
the primary use case for these components.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
Bruce Ashfield
Martin Jansa
Ralph Siemsen
Chen Qi
Stefan Agner
Bruce Ashfield
Paul Barker
Paul Barker