Age | Commit message (Collapse) | Author |
|
Bumping runc to version v1.1.12-2-ga9833ff3, which comprises the following commits:
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
d0b1a374 keyring: update AkihiroSuda key expiry
d561e5da keyring: update cyphar@cyphar.com key expiry
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.12-2-ga9833ff3, which comprises the following commits:
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
d0b1a374 keyring: update AkihiroSuda key expiry
d561e5da keyring: update cyphar@cyphar.com key expiry
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.11-2-g452f520c, which comprises the following commits:
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
617db785 configs: make id mappings int64 to better handle 32-bit
e65d4cac specconv: temporarily allow userns path and mapping if they match
2dd8368e integration: add mega-test for joining namespaces
8f8cb455 configs: disallow ambiguous userns and timens configurations
0c8e2cc6 *: actually support joining a userns with a new container
87792ce0 libct/cg: add swapOnlyUsage in MemoryStats
32a26a71 build(deps): bump github.com/cyphar/filepath-securejoin
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
b426e9b7 libct/cgroups.OpenFile: clean "file" argument
8214e634 libct/cg: support hugetlb rsvd
f8be7009 [1.1] tests/int/helpers: add get_cgroup_path
1f66027a ci/gha: fix downloading Release.key
5a5b2cc3 Fix directory perms vs umask for tmpcopyup
b365458f fix a typo in cloned_binary.c: re-use -> reuse
8f66c9fb fix two typos
016b2b42 Handle kmem.limit_in_bytes removal
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.11-2-g452f520c, which comprises the following commits:
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
617db785 configs: make id mappings int64 to better handle 32-bit
e65d4cac specconv: temporarily allow userns path and mapping if they match
2dd8368e integration: add mega-test for joining namespaces
8f8cb455 configs: disallow ambiguous userns and timens configurations
0c8e2cc6 *: actually support joining a userns with a new container
87792ce0 libct/cg: add swapOnlyUsage in MemoryStats
32a26a71 build(deps): bump github.com/cyphar/filepath-securejoin
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.10-2-gf3446b1e, which comprises the following commits:
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
b426e9b7 libct/cgroups.OpenFile: clean "file" argument
8214e634 libct/cg: support hugetlb rsvd
f8be7009 [1.1] tests/int/helpers: add get_cgroup_path
1f66027a ci/gha: fix downloading Release.key
5a5b2cc3 Fix directory perms vs umask for tmpcopyup
b365458f fix a typo in cloned_binary.c: re-use -> reuse
8f66c9fb fix two typos
016b2b42 Handle kmem.limit_in_bytes removal
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.9-2-g26a98ea2, which comprises the following commits:
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
f44190e0 libct/intelrdt: check if available iff configured
6cf9ac15 libct/intelrdt: skip remove unless configured
4796f49c libct/intelrdt: elide parsing mountinfo
6a7a6a57 libct/intelrdt: skip reading /proc/cpuinfo
7c83dbe6 libct/intelrdt: delete IsMBAScEnabled()
5ebcfa62 [1.1] libct: rm intelrtd.Manager interface, NewIntelRdtManager
69473d0a libct: rm TestGetContainerStats, mockIntelRdtManager
dfdc7d07 libct/intelrdt: explain why mountinfo is required
5ba1b8ec libct/intelrdt: faster init if rdt is unsupported
a5407b9a libct/intelrdt: remove findMountpointDir test
dc8d0cc1 libct/intelrdt: wrap Root in sync.Once
929d04fc libct/cg/fs2: use `file` + `anon` + `swap` for usage
bdbfe042 ci: bump golangci-lint, remove fixed exception
d398ad2a gha: disable setup-go cache for golangci job
5888c55d ci/gha: rm actions/cache from validate/deps job
a47c15b4 build(deps): bump actions/setup-go from 3 to 4
44a53f08 ci: fix TestOpenat2 when no systemd is used
cff41a89 ci: fix TestNilResources when systemd not available
37405ca0 Fix running tests under Docker/Podman and cgroup v2
1c524242 [1.1] ci/gha: rm unsup Go 1.19.x, add 1.21.x
ac310917 ci/cirrus: improve host_info
ecccc432 [1.1] ci/cirrus: use Go 1.19.x not 1.19
bb2401ee [1.1] ci/cirrus: use Go 1.20
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.9-2-g26a98ea2, which comprises the following commits:
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
f44190e0 libct/intelrdt: check if available iff configured
6cf9ac15 libct/intelrdt: skip remove unless configured
4796f49c libct/intelrdt: elide parsing mountinfo
6a7a6a57 libct/intelrdt: skip reading /proc/cpuinfo
7c83dbe6 libct/intelrdt: delete IsMBAScEnabled()
5ebcfa62 [1.1] libct: rm intelrtd.Manager interface, NewIntelRdtManager
69473d0a libct: rm TestGetContainerStats, mockIntelRdtManager
dfdc7d07 libct/intelrdt: explain why mountinfo is required
5ba1b8ec libct/intelrdt: faster init if rdt is unsupported
a5407b9a libct/intelrdt: remove findMountpointDir test
dc8d0cc1 libct/intelrdt: wrap Root in sync.Once
929d04fc libct/cg/fs2: use `file` + `anon` + `swap` for usage
bdbfe042 ci: bump golangci-lint, remove fixed exception
d398ad2a gha: disable setup-go cache for golangci job
5888c55d ci/gha: rm actions/cache from validate/deps job
a47c15b4 build(deps): bump actions/setup-go from 3 to 4
44a53f08 ci: fix TestOpenat2 when no systemd is used
cff41a89 ci: fix TestNilResources when systemd not available
37405ca0 Fix running tests under Docker/Podman and cgroup v2
1c524242 [1.1] ci/gha: rm unsup Go 1.19.x, add 1.21.x
ac310917 ci/cirrus: improve host_info
ecccc432 [1.1] ci/cirrus: use Go 1.19.x not 1.19
bb2401ee [1.1] ci/cirrus: use Go 1.20
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.8-7-gaa68c400, which comprises the following commits:
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
7c36375a Update github actions packages in validate workflow
1fa89476 VERSION: back to development
82f18fe0 VERSION: release 1.1.8
ef6491ec tests/int/delete: make sure runc delete removes failed unit
ebdd4fa6 [1.1] tests/int: add "requires systemd_vNNN"
1188c5a1 runc delete: call systemd's reset-failed
71e76007 libct/cg/sd: remove logging from resetFailedUnit
3a4b3af6 tests/int/cgroups: remove useless/wrong setting
6bc3f22a libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.8-7-gaa68c400, which comprises the following commits:
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
7c36375a Update github actions packages in validate workflow
1fa89476 VERSION: back to development
82f18fe0 VERSION: release 1.1.8
ef6491ec tests/int/delete: make sure runc delete removes failed unit
ebdd4fa6 [1.1] tests/int: add "requires systemd_vNNN"
1188c5a1 runc delete: call systemd's reset-failed
71e76007 libct/cg/sd: remove logging from resetFailedUnit
3a4b3af6 tests/int/cgroups: remove useless/wrong setting
6bc3f22a libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* fixes:
ld: --no-dynamic-linker: unknown option
* you might need to clean the build for updated LDFLAGS to be corectly re-configured
* lld and bfd are fine:
$ ld.gold --help | grep dynamic-linker
-I PROGRAM, --dynamic-linker PROGRAM
$ ld.bfd --help | grep dynamic-linker
-I PROGRAM, --dynamic-linker PROGRAM
--no-dynamic-linker Produce an executable with no program interpreter header
$ ld.lld --help | grep dynamic-linker
--dynamic-linker=<value>
--no-dynamic-linker Inhibit output of .interp section
* not sure where this came from only place where I see --no-dynamic-linker
in runc-opencontainers WORKDIR is:
aarch64-oe-linux/13.1.1/plugin/include/config/aarch64/aarch64-linux.h: %{static-pie:-Bstatic -pie --no-dynamic-linker -z text} \
aarch64-oe-linux/13.1.1/plugin/include/aarch64-linux.h: %{static-pie:-Bstatic -pie --no-dynamic-linker -z text} \
so my guess is:
923ae4da Makefile: add support for static PIE
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.7-37-gca73c9fd, which comprises the following commits:
0d93d7d1 release: add riscv64 binary
9164fe17 libct/seccomp: add riscv64
ed47e31a Makefile: set CGO_ENABLED=1 when needed
923ae4da Makefile: add support for static PIE
2abca872 Makefile: fix GO_BUILDMODE setting
120ec5bd Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
b9940113 Dockerfile: don't use crossbuild-essential-*
028fc57a Dockerfile: rm dpkg --add-architecture lines
4449ce84 Dockerfile: nit
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
02e065ef docs/systemd: fix a broken link
9af462e4 Fix tmpfs mode opts when dir already exists
7d1bdc7d .codespellrc: update for 2.2.5
8397943e man/runc: fixes
f9da684d tests/int: increase num retries for oom tests
7fa912ed ci/cirrus: limit numcpu
e9c1ca08 Fix Vagrant caching
e2265a92 ci: bump bats 1.8.2 -> 1.9.0
bbddb6bd Vagrantfile.fedora: bump to 38
27b86b4c ci/cirrus: use vagrant from hashicorp repo
98a1b76c tests/int: fix some checks
1eadcede ci: bump bats 1.3.0 -> 1.8.2
63af8b00 init: do not print environment variable value
404ea7ab libct: fix a race with systemd removal
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
We refresh one patch for context changes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.7-37-gca73c9fd, which comprises the following commits:
0d93d7d1 release: add riscv64 binary
9164fe17 libct/seccomp: add riscv64
ed47e31a Makefile: set CGO_ENABLED=1 when needed
923ae4da Makefile: add support for static PIE
2abca872 Makefile: fix GO_BUILDMODE setting
120ec5bd Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
b9940113 Dockerfile: don't use crossbuild-essential-*
028fc57a Dockerfile: rm dpkg --add-architecture lines
4449ce84 Dockerfile: nit
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
02e065ef docs/systemd: fix a broken link
9af462e4 Fix tmpfs mode opts when dir already exists
7d1bdc7d .codespellrc: update for 2.2.5
8397943e man/runc: fixes
f9da684d tests/int: increase num retries for oom tests
7fa912ed ci/cirrus: limit numcpu
e9c1ca08 Fix Vagrant caching
e2265a92 ci: bump bats 1.8.2 -> 1.9.0
bbddb6bd Vagrantfile.fedora: bump to 38
27b86b4c ci/cirrus: use vagrant from hashicorp repo
98a1b76c tests/int: fix some checks
1eadcede ci: bump bats 1.3.0 -> 1.8.2
63af8b00 init: do not print environment variable value
404ea7ab libct: fix a race with systemd removal
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.7-2-gb6109acd, which comprises the following commits:
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
c1063b1c runc.keyring: add Akihiro Suda
b0fae8c4 scripts: keyring validate: print some more information
79a52b43 libct/cg/sd: use systemd version when generating dev props
6a806d4d runc.keyring: add Kolyshkin
b6f686f2 keyring: add Aleksa's <cyphar@cyphar.com> signing key
63355bf8 keyring: add Aleksa's <asarai@suse.com> signing key
3bdb63bf keyring: verify runc.keyring has legitimate maintainer keys
853d5e38 scripts: release: add verification checks for signing keys
bd1d5370 release: add runc.keyring file and script
7cd72cc3 VERSION: go back to development
0f48801a VERSION: release 1.1.6
e4ce94e2 libct/cg: add misc controller to v1 drivers
10cfd816 libctr/cgroups: don't take init's cgroup into account
d30d240b tests/int: test for CAP_DAC_OVERRIDE
840b9539 Fix runc run "permission denied" when rootless
165d2323 tests/int: add a "update cpuset cpus range via v2 unified map" test
26a58fdb cgroups: cpuset: fix byte order while parsing cpuset range to bits
8d9d1d25 libct/int: make TestFdLeaks more robust
b66d6d56 libct/int: wording nits
ddbb6d41 libc/int: add/use runContainerOk wrapper
3531cc2d ci: add call to check-config.sh
ed9a0e1d ci/gha: bump actions/cache to v3
7683e508 ci/gha: switch to Go 1.19.x for validate
568d4407 ci/gha: bump golangci-lint to 1.48
1f9e36c0 libct: fixes for godoc 1.19
50f06554 ci: bump golangci-lint to 1.46
77472ef6 libct: fix staticcheck warning
9994fe3f libct: suppress strings.Title deprecation warning
403ea1f0 ci/gha: convert lint-extra from a job to a step
d2c83bdf ci/gha: switch to Go 1.18.x for validate
03a631df ci: switch to golangci-lint 1.45
e5a5522a Add supported Go releases (1.19, 1.20)
3ce12483 Dockerfile: fix build wrt new git
bac06cf6 ci/gha: remove stable: when installing Go
e74040e0 build(deps): bump actions/setup-go from 2 to 3
55462355 Require Go 1.17, bump x/sys and x/net
3ce9c1e2 tests: Fix weird error on centos-9
abd6adde ci: bump shfmt to 3.5.1, simplify CI setup
1a4bf049 man/*sh: fix shellcheck warnings, add to shellcheck
9201794a script/check-config.sh: fix remaining shellcheck warnings
8b976428 shfmt: add more files
b0fbd2f8 script/check-config.sh: fix SC2166 warnings
7f8cb3d6 script/check-config.sh: fix wrap_color usage
f6562f19 [1.1] libct/cg/dev: skip flaky test of CentOS 7
12f2f03f [1.1] runc run: refuse a non-empty cgroup for systemd driver
e618ec36 libct/cg/sd: reset-failed and retry startUnit on UnitExists
931b9bf3 libct/cg/sd: ignore UnitExists only for Apply(-1)
b46ac860 libct/cg/sd: refactor startUnit
822623b6 CHANGELOG.md: move 1.1.5 CVEs to Security section
54cfb25d Makefile: add verify-changelog as release dependency
7b3ac330 verify-changelog: allow non-ASCII
37e586ab CHANGELOG: fix a typo
de0c2277 [1.1] CHANGELOG: fix 1.1.5 git compare link
1fe2ec53 tests/int/mounts: only check non-shadowed mounts
9b8ebe4d tests/int/mount: fix issues with ro cgroup test
17a2d451 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.7-2-gb6109acd, which comprises the following commits:
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
c1063b1c runc.keyring: add Akihiro Suda
b0fae8c4 scripts: keyring validate: print some more information
79a52b43 libct/cg/sd: use systemd version when generating dev props
6a806d4d runc.keyring: add Kolyshkin
b6f686f2 keyring: add Aleksa's <cyphar@cyphar.com> signing key
63355bf8 keyring: add Aleksa's <asarai@suse.com> signing key
3bdb63bf keyring: verify runc.keyring has legitimate maintainer keys
853d5e38 scripts: release: add verification checks for signing keys
bd1d5370 release: add runc.keyring file and script
7cd72cc3 VERSION: go back to development
0f48801a VERSION: release 1.1.6
e4ce94e2 libct/cg: add misc controller to v1 drivers
10cfd816 libctr/cgroups: don't take init's cgroup into account
d30d240b tests/int: test for CAP_DAC_OVERRIDE
840b9539 Fix runc run "permission denied" when rootless
165d2323 tests/int: add a "update cpuset cpus range via v2 unified map" test
26a58fdb cgroups: cpuset: fix byte order while parsing cpuset range to bits
8d9d1d25 libct/int: make TestFdLeaks more robust
b66d6d56 libct/int: wording nits
ddbb6d41 libc/int: add/use runContainerOk wrapper
3531cc2d ci: add call to check-config.sh
ed9a0e1d ci/gha: bump actions/cache to v3
7683e508 ci/gha: switch to Go 1.19.x for validate
568d4407 ci/gha: bump golangci-lint to 1.48
1f9e36c0 libct: fixes for godoc 1.19
50f06554 ci: bump golangci-lint to 1.46
77472ef6 libct: fix staticcheck warning
9994fe3f libct: suppress strings.Title deprecation warning
403ea1f0 ci/gha: convert lint-extra from a job to a step
d2c83bdf ci/gha: switch to Go 1.18.x for validate
03a631df ci: switch to golangci-lint 1.45
e5a5522a Add supported Go releases (1.19, 1.20)
3ce12483 Dockerfile: fix build wrt new git
bac06cf6 ci/gha: remove stable: when installing Go
e74040e0 build(deps): bump actions/setup-go from 2 to 3
55462355 Require Go 1.17, bump x/sys and x/net
3ce9c1e2 tests: Fix weird error on centos-9
abd6adde ci: bump shfmt to 3.5.1, simplify CI setup
1a4bf049 man/*sh: fix shellcheck warnings, add to shellcheck
9201794a script/check-config.sh: fix remaining shellcheck warnings
8b976428 shfmt: add more files
b0fbd2f8 script/check-config.sh: fix SC2166 warnings
7f8cb3d6 script/check-config.sh: fix wrap_color usage
f6562f19 [1.1] libct/cg/dev: skip flaky test of CentOS 7
12f2f03f [1.1] runc run: refuse a non-empty cgroup for systemd driver
e618ec36 libct/cg/sd: reset-failed and retry startUnit on UnitExists
931b9bf3 libct/cg/sd: ignore UnitExists only for Apply(-1)
b46ac860 libct/cg/sd: refactor startUnit
822623b6 CHANGELOG.md: move 1.1.5 CVEs to Security section
54cfb25d Makefile: add verify-changelog as release dependency
7b3ac330 verify-changelog: allow non-ASCII
37e586ab CHANGELOG: fix a typo
de0c2277 [1.1] CHANGELOG: fix 1.1.5 git compare link
1fe2ec53 tests/int/mounts: only check non-shadowed mounts
9b8ebe4d tests/int/mount: fix issues with ro cgroup test
17a2d451 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-10-gbd4d05c0, which comprises the following commits:
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
3b958289 Fixes inability to use /dev/null when inside a container
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-10-gbd4d05c0, which comprises the following commits:
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
3b958289 Fixes inability to use /dev/null when inside a container
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
While the insane.bbclass upstream-status check hasn't been made
default, users of meta-virtualization may have it enabled in their
distros .. so the effect is the same. We must have this tracking
tag in out patches.
This is a bulk update to add the tag and silence the QA message.
As packages get updated, the normal/routine process of checking
the patches will continue, and the status fields may (or may not)
get more useful.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Similar to the oe-core commit:
commit 93ac180d8c389f16964bce8bd5538d9389e970e6
Author: Michael Opdenacker <michael.opdenacker@bootlin.com>
Date: Wed Sep 1 11:20:20 2021 +0200
meta: stop using "virtual/" in RPROVIDES and RDEPENDS
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
We stop rproviding virtual/runc to keep the namespace clean.
There aren't many users of this virtual provides, but we keep
it around (for now) to maintain compatibility.
At the same time we convert the RPROVIDES to virtual-runc, to keep
it available and consistent with oe-core use virtual-libc, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping runc to version v1.0.2-2-g04bcb7c7, which comprises the following commits:
86d83333 VERSION: back to development
52b36a2d VERSION: release 1.0.2
8ec57628 libct/cg/sd/v1: add SkipFreezeOnSet knob
1850dc16 libct/cg/sd/v1: add freezeBeforeSet unit test
4ce440f2 libct/cg/sd/v1: Fix unnecessary freeze/thaw
13b45cb4 libct/nsenter: fix unused-result warning
7cf1952f libct/nsenter: fix logging race in nsexec
e2e5267c [1.0] script/release.sh: make builds reproducible
960182fd libct/seccomp: skip redundant rules
4c70105b libct/cg/v1: workaround CPU quota period set failure
1d454045 Do not use Vagrant for CentOS 7/8
c8d8fd5b tests/rootless.sh: fixup for "update rt" test
257018e7 tests/int: fix "update rt period and runtime" for rootless
76c047f1 Evaluate Cirrus CI for Vagrant tests
466d1a1a VERSION: back to development
4144b638 VERSION: release 1.0.1
4efb7a69 libct/cg/sd: add TestPodSkipDevicesUpdate
82d3eb69 libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
2fc2e3d6 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
ef0aa849 libct/int/TestFreeze: test freeze/thaw via Set
01cd4b5f libct/int: allow subtests
22b2ff0f libct/cg/sd/v1: Set: don't overwrite r.Freezer
04edd79d libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
298a3100 Update device update tests
257723b3 ci/gha: run on release-* branches after a push
4dc207a6 cgroupv2: ebpf: ignore inaccessible existing programs
90d01a04 vendor: update github.com/cilium/ebpf
3f40fbff libct/cg/sd: Add freezer tests
c1a5b3e1 libct/cg/fs/freezer.GetState: report current cgroup state
0a5d8ba4 libct/user: fix parsing long /etc/group lines
5fd7b3b7 libct/user: ParseGroupFilter: use TrimSpace
0025bf68 libct/user: use []byte more, avoid allocations
3745b2be [1.0] retry unix.EINTR for container init process
e99c0f5e tests/int/no_pivot: fix for new kernels
84113eef VERSION: release runc 1.0.0
29168172 tests/int/cgroups: add test for bfq per-device weight
1036f3f9 libct/cg/fs2: set per-device io weight if available
30d83d4d libct/cg/fs/blkio: do not set weight == 0
d7fc3028 libct/cg/fs*: mark {Open,Read,Write}File as deprecated
8f1b4d4a libct/cg: mv fscommon.{Open,Read,Write}File to cgroups
322c8fd3 Returns clearer error message for setenv
46940ed8 update cilium/ebpf to fix haveBpfProgReplace() check
6339d8a0 libcontainer/cgroups/fs/blkio: support BFQ weight[_device]
01f5dcae build(deps): bump tim-actions/get-pr-commits from 1.0.0 to 1.1.0
bd8e0701 libct/cg/sd: fix "SkipDevices" handling
1b2abc89 github: workflows: fix tiny typo
b31a9340 libcontainer: relax validation for absolute paths
dbb35411 configs/validator: move cgroup validation to the list of checks
9573e4b6 libct/cg/fs: don't forget to close a file
9ebc573a cgroupv2: ebpf: debug info when detaching programs in fallback mode
a3ca7b47 cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully
d06bda60 libct/cg/sd/dbus: fix NewDbusConnManager
535f25c4 Allow restoring with a different LSM profile
508f5bf6 libct/int: add device update test
8fe3dfbb libcontainer/system: remove alias for deprecated RunningInUserNS
3f23a736 libcontainer/configs: remove stubs for deprecated Devices funcs
b2d28c5d libct/cg/sd: fix dbus error handling
bf7492ee runc update: skip devices
c3831d64 libct/cg/fs/stats_util_test: use t.Helper
9eb0371b libct/cg/fs/memory_test: fix formatting
e969d421 libct/int/testPids: logging nits
a5bd78ef vendor: willf/bitset@v1.1.11 -> bits-and-blooms/bitset@v1.2.0
65cf0e61 Bump selinux to v1.8.2
f99d252d docs/terminals.md: add troubleshooting
49ea4b37 update crosbymichael email
3e1bcb1f libcontainer/keys: var should be sessKeyID/ringID (golint)
1fb56f9f libcontainer/cgroups/devices: if block ends with a return statement
c2416fb4 libcontainer/system: fix godoc (golint)
9be156cb libcontainer/devices: fix godoc (golint)
340fdd93 libcontainer/nsenter: fix captalization (golint)
81fc5c87 libcontainer/user: fix capitalization (golint)
e204d6a9 libcontainer/configs: add / fix godoc (golint)
c0643046 libcontainer/apparmor: split api (exported) from implementation
02fb18ed libcontainer/user: remove unused ErrUnsupported
9e964dfc build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
470610d0 build(deps): bump github.com/cilium/ebpf from 0.5.0 to 0.6.0
31f58829 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
c836265b build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1
074aa044 build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0
7ca54562 Enable dependabot
e6048715 Use gofumpt to format code
1eea9253 cgroup2: io: add io.stats parsing test
0fef122f cgroup2: io: handle 64-bit values correctly on 32-bit architectures
efca32c7 cgroup2: io: map io.stats to v1 blkio.stats correctly
49d293a5 cgroup2: capitalize io stats read and write Op values
0e16e7c2 libct/cg/sd: add SkipDevices unit test
f5a2c9cc tests/int/dev: only call lsblk once
aa934af0 runc -v: set default for, always show main.version
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
752e7a82 libct/cg/sd: fix SkipDevices for systemd
fdc28957 Makefile: use git describe for $COMMIT
33c9f8b9 libct/cg/sd: return error from stopUnit
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We refresh our patch context and pickup the following commits:
Bumping runc to version v1.0.2-2-g04bcb7c7, which comprises the following commits:
86d83333 VERSION: back to development
52b36a2d VERSION: release 1.0.2
8ec57628 libct/cg/sd/v1: add SkipFreezeOnSet knob
1850dc16 libct/cg/sd/v1: add freezeBeforeSet unit test
4ce440f2 libct/cg/sd/v1: Fix unnecessary freeze/thaw
13b45cb4 libct/nsenter: fix unused-result warning
7cf1952f libct/nsenter: fix logging race in nsexec
e2e5267c [1.0] script/release.sh: make builds reproducible
960182fd libct/seccomp: skip redundant rules
4c70105b libct/cg/v1: workaround CPU quota period set failure
1d454045 Do not use Vagrant for CentOS 7/8
c8d8fd5b tests/rootless.sh: fixup for "update rt" test
257018e7 tests/int: fix "update rt period and runtime" for rootless
76c047f1 Evaluate Cirrus CI for Vagrant tests
466d1a1a VERSION: back to development
4144b638 VERSION: release 1.0.1
4efb7a69 libct/cg/sd: add TestPodSkipDevicesUpdate
82d3eb69 libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
2fc2e3d6 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
ef0aa849 libct/int/TestFreeze: test freeze/thaw via Set
01cd4b5f libct/int: allow subtests
22b2ff0f libct/cg/sd/v1: Set: don't overwrite r.Freezer
04edd79d libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
298a3100 Update device update tests
257723b3 ci/gha: run on release-* branches after a push
4dc207a6 cgroupv2: ebpf: ignore inaccessible existing programs
90d01a04 vendor: update github.com/cilium/ebpf
3f40fbff libct/cg/sd: Add freezer tests
c1a5b3e1 libct/cg/fs/freezer.GetState: report current cgroup state
0a5d8ba4 libct/user: fix parsing long /etc/group lines
5fd7b3b7 libct/user: ParseGroupFilter: use TrimSpace
0025bf68 libct/user: use []byte more, avoid allocations
3745b2be [1.0] retry unix.EINTR for container init process
e99c0f5e tests/int/no_pivot: fix for new kernels
84113eef VERSION: release runc 1.0.0
29168172 tests/int/cgroups: add test for bfq per-device weight
1036f3f9 libct/cg/fs2: set per-device io weight if available
30d83d4d libct/cg/fs/blkio: do not set weight == 0
d7fc3028 libct/cg/fs*: mark {Open,Read,Write}File as deprecated
8f1b4d4a libct/cg: mv fscommon.{Open,Read,Write}File to cgroups
322c8fd3 Returns clearer error message for setenv
46940ed8 update cilium/ebpf to fix haveBpfProgReplace() check
6339d8a0 libcontainer/cgroups/fs/blkio: support BFQ weight[_device]
01f5dcae build(deps): bump tim-actions/get-pr-commits from 1.0.0 to 1.1.0
bd8e0701 libct/cg/sd: fix "SkipDevices" handling
1b2abc89 github: workflows: fix tiny typo
b31a9340 libcontainer: relax validation for absolute paths
dbb35411 configs/validator: move cgroup validation to the list of checks
9573e4b6 libct/cg/fs: don't forget to close a file
9ebc573a cgroupv2: ebpf: debug info when detaching programs in fallback mode
a3ca7b47 cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully
d06bda60 libct/cg/sd/dbus: fix NewDbusConnManager
535f25c4 Allow restoring with a different LSM profile
508f5bf6 libct/int: add device update test
8fe3dfbb libcontainer/system: remove alias for deprecated RunningInUserNS
3f23a736 libcontainer/configs: remove stubs for deprecated Devices funcs
b2d28c5d libct/cg/sd: fix dbus error handling
bf7492ee runc update: skip devices
c3831d64 libct/cg/fs/stats_util_test: use t.Helper
9eb0371b libct/cg/fs/memory_test: fix formatting
e969d421 libct/int/testPids: logging nits
a5bd78ef vendor: willf/bitset@v1.1.11 -> bits-and-blooms/bitset@v1.2.0
65cf0e61 Bump selinux to v1.8.2
f99d252d docs/terminals.md: add troubleshooting
49ea4b37 update crosbymichael email
3e1bcb1f libcontainer/keys: var should be sessKeyID/ringID (golint)
1fb56f9f libcontainer/cgroups/devices: if block ends with a return statement
c2416fb4 libcontainer/system: fix godoc (golint)
9be156cb libcontainer/devices: fix godoc (golint)
340fdd93 libcontainer/nsenter: fix captalization (golint)
81fc5c87 libcontainer/user: fix capitalization (golint)
e204d6a9 libcontainer/configs: add / fix godoc (golint)
c0643046 libcontainer/apparmor: split api (exported) from implementation
02fb18ed libcontainer/user: remove unused ErrUnsupported
9e964dfc build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
470610d0 build(deps): bump github.com/cilium/ebpf from 0.5.0 to 0.6.0
31f58829 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
c836265b build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1
074aa044 build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0
7ca54562 Enable dependabot
e6048715 Use gofumpt to format code
1eea9253 cgroup2: io: add io.stats parsing test
0fef122f cgroup2: io: handle 64-bit values correctly on 32-bit architectures
efca32c7 cgroup2: io: map io.stats to v1 blkio.stats correctly
49d293a5 cgroup2: capitalize io stats read and write Op values
0e16e7c2 libct/cg/sd: add SkipDevices unit test
f5a2c9cc tests/int/dev: only call lsblk once
aa934af0 runc -v: set default for, always show main.version
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
752e7a82 libct/cg/sd: fix SkipDevices for systemd
fdc28957 Makefile: use git describe for $COMMIT
33c9f8b9 libct/cg/sd: return error from stopUnit
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Synchronize the 'runc-docker' with the opencontainers variant. This
allows the common patch to be used once again, and we refresh our docker
specific patch to the new content.
Bumping runc to version v1.0.0-rc95-28-gbfcbc947, which comprises the following commits:
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
00119c85 integration: add repeated "runc update" test
d0f2c25f cgroup2: devices: replace all existing filters when attaching
98a3c0e4 cgroup2: devices: switch to emulator for cgroupv1 parity
dcc1cf7c devices: add emulator.Rules shorthand
54904516 libcontainer: fix integration failure in "make test"
c7c70ce8 *: clean t.Skip messages
a95237f8 libctr/cg/systemd: export rangeToBits
df0206a6 errcheck: utils
0c65f833 errcheck: signals
3b31e3ea errcheck: tty
b45fbd43 errcheck: libcontainer
463ee5e1 errcheck: libcontainer/nsenter
7e7ff872 errcheck: libcontainer/configs
a8995053 errcheck: libcontainer/integration
b93666eb libct/cg/fs2: setFreezer: wait until frozen
1069e4e9 libct/cg/fs2: optimize setFreezer more
5d193188 libct/cg/fs2: optimize setFreezer
8a7a374f VERSION: back to development
b9ee9c63 VERSION: release v1.0.0-rc95
0ca91f44 rootfs: add mount destination validation
c61f6062 libcontainer: honor seccomp defaultErrnoRet
d519da5e Dockerfile, Vagrantfile.centos7, .github: bats 1.3.0
bdad2859 Dockerfile, Vagrantfile.centos7: use go 1.16
f96530f2 EMERITUS: recognise previous maintainers
c73a6626 VERSION: back to development
2c7861bc VERSION: release v1.0.0-rc94
12e9cac9 Vagrantfile.fedora: set Delegate=yes
ac70a9a1 tests/int: run rootless_cgroup tests for v2+systemd
601cf582 tests/int/cgroups: don't check for hugetlb
40b97919 tests/int: enable/use requires cgroups_<ctrl>
44fcbfd6 tests/int/helpers: generalize require cgroups_freezer
353f2ad1 tests/int/update.bats: don't set cpuset in setup
4f8ccc5f libct/cg/sd/v2: call initPath from Path
0ed1f802 tests/int/helpers: rm old code
af2e03c5 ci/gha: bump shellcheck 0.7.1 -> 0.7.2
2d1bb91d ci/gha: bump shfmt 3.2.0 -> 3.2.4
a7feb423 libct/int: add TestFdLeaksSystemd
c7f847ed libct/cg/sd: use global dbus connection
99c5c504 libct/cg/sd: introduce and use getManagerProperty
0fabed76 libct/int/checkpoint_test: use kill(0) for pid check
7eb1405b libct/int/checkpoint_test: use waitProcess helper
72d7a824 libct/int/checkpoint_test: use t.Helper
bcca7968 libct/int: simplify/fix showing errors
524abc59 freezer: add delay after freeze
e1d842cf libct/intelrdt: fix unit test
541fc19e Makefile: allow overriding go command by environment
06a9ea36 script/release.sh: add -a to force rebuild
91b01682 Update golang.org/x/sys to add linux/ppc support
ee4612bc CI: enable Go 1.13 again
e2dd9220 go.mod: demote to Go 1.13
45f49e8f libcontainer: avoid using t.Cleanup
1a659bc6 Revert "Makefile: rm go 1.13 workaround"
abf12ce0 libc/cg: improve Manager docs
3f659467 libct/cg: make Set accept configs.Resources
af0710a0 libct/cg/sd/v2: fix Set argument
850b2c47 libct/cg/fscommon.OpenFile: speed up ro case
71a8aee8 cgroups/systemd: replace deprecated dbus functions
47ef9a10 libct/cg/sd: retry on dbus disconnect
6122bc8b Privatize NewUserSystemDbus
15fee989 libct/cg/sd: add renew dbus connection
bacfc2c2 libct/cg/sd: add isDbusError
cdbed6f0 libct/cg/sd: add dbus manager
9efd8466 libct/cg/fscommon.OpenFile: reverse checks order
0bee5e0b libct/cg/fs: add GetStats benchmark
7e7eb1c3 CI: update Fedora to 34
d3cee12a cloned_binary: switch from #error to #warning for SYS_memfd_create
23e3794d checkpoint: validate parent path
fcd7fe85 libct/cg/fs/freezer: make sure to thaw on failure
0216716c tests/int: add a case for cgroupv2 mount
5ffcc568 tests/int: use bfq test with rootless
ff692f28 Fix cgroup2 mount for rootless case
3826db19 libct/rootfs/mountCgroupV2: minor refactor
1e476578 libct/rootfs: introduce and use mountConfig
deb8a8dd libct/newInitConfig: nit
2192670a libct/configs/validate: validate mounts
1f1e91b1 libct/specconv: check mount destination is absolute
73f22e7f libcontainer/cgroups/systemd: replace use of deprecated dbus.New()
aa622723 tiny fix iterative checkpoint test case
ee3b563d Add cfs throttle stats to cgroup v2
6faed0e4 libct/int: use ok(t, err)
af3c5699 libct/int: remove unused code
7b802a7d libct/int: better test container names
9f3d7534 logging: enable file/line info if --debug is set
ef9922c2 libct/cg: don't return OOMKillCount error when rootless
5cdd9022 libct/cg/fs[2]: fix comments about m.rootless
31dd1e49 tests/int: add rootless + host pidns test case
a2050ea4 runc run: fix start for rootless + host pidns
2f1a3ed3 Fix vendored dependencies
d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0
f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach
928ef7af libct/nsenter: add json msg escaping
52390d68 Ignore kernel memory settings
b7c315ad vendor: bump containerd/console to 1.0.2
b6cdb8ae fix a typo
64bb59f5 nsenter: improve debug logging
6ce2d63a libct/init_linux: retry chdir to fix EPERM
c5029c00 tests: fix hello-world tarball name in testdata for arm64
289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1
4316df8b libcontainer/system: move userns utilities to separate package
e7fd383b libcontainer/system: un-export UIDMapInUserNS()
249356a1 libcontainer/system: remove unused GetParentNSeuid()
dc52ed25 libcontainer/user: remove outdated MAINTAINERS file
72ecf59c libcontainer/user: fix windows compile error
2515b0c2 libct/user: rm windows code
0596f6e1 libcontainer/devices/device_windows.go: rm
b1deba8c libcontainer/configs/config_windows_test.go: rm
f1586dbd libcontainer/configs/validate: make Validate() less DRY
4126b807 libcontainer/configs: add missing type for hooknames
48125179 go.mod: github.com/cilium/ebpf v0.4.0
44611630 docs/systemd: add
27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default
d748280a make release: build/include libseccomp
aa6da82c script/release.sh: fix shellcheck warnings
3eb46d89 ci: make static built binary available
f0dec0b4 libct/specconv/CreateCgroupConfig: nit
36fe3cc2 tests/int/cpt: fix lazy-pages flakiness
2dd62b3d libct/checkCriuFeatures: rm excessive debug
0e089002 tests/int/checkpoint: close lazy_r fd
b09030a5 tests/int/checkpoint: close fds in check_pipes
e63df1e6 tests/int: really randomize cgroup/unit names
6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE
adf733fa vendor: update go-systemd and godbus
f09a3e1b tests/int: don't set/use CGROUP_XXX variables
4ecff8d9 start: don't kill runc init too early
b1184302 libct/configs/validator: add some cgroup support
0f8d2b6b libct/cg/fs2.Stat: don't look for available controllers
85416b87 libct/cg/fs2.statPids: fall back directly
10f9a982 libct/cg/fs2/getPidsWithoutController: optimize
6121f8b6 libct/cg/fs2.Stat: always call statCpu
9455395b libct/cg/fs2/memory.Stat: add usage for root cgroup
a9c47fe7 libct/cg/fs[2]/getMemoryData[V2]: optimize
b99ca25a libct/cg/fs2/memory: fix swap reporting
79a8647b libct/int: add TestFdLeaks
b3be2b0b libct: close execFifo after start
08b52797 Make test specific to disassembleFilter function
7b3e0bcf Ensure the scratch pipe is read during ExportBPF
62f1f0e4 tests/int/checkpoint: check all logs for errors
346cb359 Revert "tests/checkpoint: show full log lazy pages cpt"
c9b3787b script/check-config.sh: add SELinux and AppArmor
5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities
e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
2726146b runc --debug: more tests
201d60c5 runc run/start/exec: fix init log forwarding race
c06f999b libct/logs/test: refactor
688ea99e runc init: fix double call to ConfigureLogs
dd6c8d76 main: cast Chmod argument to os.FileMode
69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner
0300299a tests/int/debug.bats: fixups
d38d1f9f libcontainer/logs: use int for Config.LogPipeFd
ac93746c libct/seccomp: rm IsEnabled
9b2f1e6f runc version: don't use seccomp.IsEnabled
c8e0486f Fix oss-fuzz build
d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER
997e8942 capabilities.Caps: use a map for capability-types
41f466d8 nsexec.c: fix formatting for netlink defines
522bd641 Fix checking C code formatting
1948b4ce cloned_binary.c: rm redundant comments
b67deb56 nsexec.c: rm a block
513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias
dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection
d6e89248 Fix build-tags in libcontainer/devices
f585cec7 libct/cg/v2: always enable TasksAccounting
8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight
74299a1c CI: cache ~/.vagrant.d/boxes
97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set
051646a3 tests: test nested bind mount restore
705b6cc7 Re-create mountpoints during restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Updating to the latest runc, which includes the following commits:
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
00119c85 integration: add repeated "runc update" test
d0f2c25f cgroup2: devices: replace all existing filters when attaching
98a3c0e4 cgroup2: devices: switch to emulator for cgroupv1 parity
dcc1cf7c devices: add emulator.Rules shorthand
54904516 libcontainer: fix integration failure in "make test"
c7c70ce8 *: clean t.Skip messages
a95237f8 libctr/cg/systemd: export rangeToBits
df0206a6 errcheck: utils
0c65f833 errcheck: signals
3b31e3ea errcheck: tty
b45fbd43 errcheck: libcontainer
463ee5e1 errcheck: libcontainer/nsenter
7e7ff872 errcheck: libcontainer/configs
a8995053 errcheck: libcontainer/integration
b93666eb libct/cg/fs2: setFreezer: wait until frozen
1069e4e9 libct/cg/fs2: optimize setFreezer more
5d193188 libct/cg/fs2: optimize setFreezer
8a7a374f VERSION: back to development
b9ee9c63 VERSION: release v1.0.0-rc95
0ca91f44 rootfs: add mount destination validation
c61f6062 libcontainer: honor seccomp defaultErrnoRet
d519da5e Dockerfile, Vagrantfile.centos7, .github: bats 1.3.0
bdad2859 Dockerfile, Vagrantfile.centos7: use go 1.16
f96530f2 EMERITUS: recognise previous maintainers
c73a6626 VERSION: back to development
2c7861bc VERSION: release v1.0.0-rc94
12e9cac9 Vagrantfile.fedora: set Delegate=yes
ac70a9a1 tests/int: run rootless_cgroup tests for v2+systemd
601cf582 tests/int/cgroups: don't check for hugetlb
40b97919 tests/int: enable/use requires cgroups_<ctrl>
44fcbfd6 tests/int/helpers: generalize require cgroups_freezer
353f2ad1 tests/int/update.bats: don't set cpuset in setup
4f8ccc5f libct/cg/sd/v2: call initPath from Path
0ed1f802 tests/int/helpers: rm old code
af2e03c5 ci/gha: bump shellcheck 0.7.1 -> 0.7.2
2d1bb91d ci/gha: bump shfmt 3.2.0 -> 3.2.4
a7feb423 libct/int: add TestFdLeaksSystemd
c7f847ed libct/cg/sd: use global dbus connection
99c5c504 libct/cg/sd: introduce and use getManagerProperty
0fabed76 libct/int/checkpoint_test: use kill(0) for pid check
7eb1405b libct/int/checkpoint_test: use waitProcess helper
72d7a824 libct/int/checkpoint_test: use t.Helper
bcca7968 libct/int: simplify/fix showing errors
524abc59 freezer: add delay after freeze
e1d842cf libct/intelrdt: fix unit test
541fc19e Makefile: allow overriding go command by environment
06a9ea36 script/release.sh: add -a to force rebuild
91b01682 Update golang.org/x/sys to add linux/ppc support
ee4612bc CI: enable Go 1.13 again
e2dd9220 go.mod: demote to Go 1.13
45f49e8f libcontainer: avoid using t.Cleanup
1a659bc6 Revert "Makefile: rm go 1.13 workaround"
abf12ce0 libc/cg: improve Manager docs
3f659467 libct/cg: make Set accept configs.Resources
af0710a0 libct/cg/sd/v2: fix Set argument
850b2c47 libct/cg/fscommon.OpenFile: speed up ro case
71a8aee8 cgroups/systemd: replace deprecated dbus functions
47ef9a10 libct/cg/sd: retry on dbus disconnect
6122bc8b Privatize NewUserSystemDbus
15fee989 libct/cg/sd: add renew dbus connection
bacfc2c2 libct/cg/sd: add isDbusError
cdbed6f0 libct/cg/sd: add dbus manager
9efd8466 libct/cg/fscommon.OpenFile: reverse checks order
0bee5e0b libct/cg/fs: add GetStats benchmark
7e7eb1c3 CI: update Fedora to 34
d3cee12a cloned_binary: switch from #error to #warning for SYS_memfd_create
23e3794d checkpoint: validate parent path
fcd7fe85 libct/cg/fs/freezer: make sure to thaw on failure
0216716c tests/int: add a case for cgroupv2 mount
5ffcc568 tests/int: use bfq test with rootless
ff692f28 Fix cgroup2 mount for rootless case
3826db19 libct/rootfs/mountCgroupV2: minor refactor
1e476578 libct/rootfs: introduce and use mountConfig
deb8a8dd libct/newInitConfig: nit
2192670a libct/configs/validate: validate mounts
1f1e91b1 libct/specconv: check mount destination is absolute
73f22e7f libcontainer/cgroups/systemd: replace use of deprecated dbus.New()
aa622723 tiny fix iterative checkpoint test case
ee3b563d Add cfs throttle stats to cgroup v2
6faed0e4 libct/int: use ok(t, err)
af3c5699 libct/int: remove unused code
7b802a7d libct/int: better test container names
9f3d7534 logging: enable file/line info if --debug is set
31dd1e49 tests/int: add rootless + host pidns test case
a2050ea4 runc run: fix start for rootless + host pidns
0f8d2b6b libct/cg/fs2.Stat: don't look for available controllers
85416b87 libct/cg/fs2.statPids: fall back directly
10f9a982 libct/cg/fs2/getPidsWithoutController: optimize
6121f8b6 libct/cg/fs2.Stat: always call statCpu
9455395b libct/cg/fs2/memory.Stat: add usage for root cgroup
a9c47fe7 libct/cg/fs[2]/getMemoryData[V2]: optimize
b99ca25a libct/cg/fs2/memory: fix swap reporting
c8e0486f Fix oss-fuzz build
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
This reverts commit dda5ae36b44c61e61439341ea3153e6be5cb015e.
binutils gold linker was fixed with:
https://git.openembedded.org/openembedded-core/commit/?id=d07d4d739ae17787017f771dd2068fda0e836722
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* just a work around for internal error in binutils-2.36 gold:
http://errors.yoctoproject.org/Errors/Details/580099/
CGO_ENABLED=1 x86_64-oe-linux-go build -trimpath -tags "seccomp seccomp netgo osusergo" -ldflags "-w -extldflags -static -X main.gitCommit="fce58ab2d5c488bc573d02712db476a6daa9a60c-dirty" -X main.version=1.0.0-rc93+dev " -o runc .
TOPDIR/tmp-glibc/work/core2-64-oe-linux/runc-opencontainers/1.0.0-rc93+gitAUTOINC+fce58ab2d5-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/11.0.1/ld: internal error in format_file_lineno, at ../../gold/dwarf_reader.cc:2278
collect2: error: ld returned 1 exit status
* it fails like this only together with gcc-11, with gcc-10.3 it
builds fine even with gold
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping the SRCREV to include the following commits:
ef9922c2 libct/cg: don't return OOMKillCount error when rootless
5cdd9022 libct/cg/fs[2]: fix comments about m.rootless
2f1a3ed3 Fix vendored dependencies
d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0
f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach
928ef7af libct/nsenter: add json msg escaping
52390d68 Ignore kernel memory settings
b7c315ad vendor: bump containerd/console to 1.0.2
b6cdb8ae fix a typo
64bb59f5 nsenter: improve debug logging
6ce2d63a libct/init_linux: retry chdir to fix EPERM
c5029c00 tests: fix hello-world tarball name in testdata for arm64
289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1
4316df8b libcontainer/system: move userns utilities to separate package
e7fd383b libcontainer/system: un-export UIDMapInUserNS()
249356a1 libcontainer/system: remove unused GetParentNSeuid()
dc52ed25 libcontainer/user: remove outdated MAINTAINERS file
72ecf59c libcontainer/user: fix windows compile error
2515b0c2 libct/user: rm windows code
0596f6e1 libcontainer/devices/device_windows.go: rm
b1deba8c libcontainer/configs/config_windows_test.go: rm
f1586dbd libcontainer/configs/validate: make Validate() less DRY
4126b807 libcontainer/configs: add missing type for hooknames
48125179 go.mod: github.com/cilium/ebpf v0.4.0
44611630 docs/systemd: add
27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default
d748280a make release: build/include libseccomp
aa6da82c script/release.sh: fix shellcheck warnings
3eb46d89 ci: make static built binary available
f0dec0b4 libct/specconv/CreateCgroupConfig: nit
36fe3cc2 tests/int/cpt: fix lazy-pages flakiness
2dd62b3d libct/checkCriuFeatures: rm excessive debug
0e089002 tests/int/checkpoint: close lazy_r fd
b09030a5 tests/int/checkpoint: close fds in check_pipes
e63df1e6 tests/int: really randomize cgroup/unit names
6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE
adf733fa vendor: update go-systemd and godbus
f09a3e1b tests/int: don't set/use CGROUP_XXX variables
4ecff8d9 start: don't kill runc init too early
b1184302 libct/configs/validator: add some cgroup support
79a8647b libct/int: add TestFdLeaks
b3be2b0b libct: close execFifo after start
08b52797 Make test specific to disassembleFilter function
7b3e0bcf Ensure the scratch pipe is read during ExportBPF
62f1f0e4 tests/int/checkpoint: check all logs for errors
346cb359 Revert "tests/checkpoint: show full log lazy pages cpt"
c9b3787b script/check-config.sh: add SELinux and AppArmor
5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities
e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
2726146b runc --debug: more tests
201d60c5 runc run/start/exec: fix init log forwarding race
c06f999b libct/logs/test: refactor
688ea99e runc init: fix double call to ConfigureLogs
dd6c8d76 main: cast Chmod argument to os.FileMode
69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner
0300299a tests/int/debug.bats: fixups
d38d1f9f libcontainer/logs: use int for Config.LogPipeFd
ac93746c libct/seccomp: rm IsEnabled
9b2f1e6f runc version: don't use seccomp.IsEnabled
d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER
997e8942 capabilities.Caps: use a map for capability-types
41f466d8 nsexec.c: fix formatting for netlink defines
522bd641 Fix checking C code formatting
1948b4ce cloned_binary.c: rm redundant comments
b67deb56 nsexec.c: rm a block
513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias
dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection
d6e89248 Fix build-tags in libcontainer/devices
f585cec7 libct/cg/v2: always enable TasksAccounting
8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight
74299a1c CI: cache ~/.vagrant.d/boxes
97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set
051646a3 tests: test nested bind mount restore
705b6cc7 Re-create mountpoints during restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
runc can be built with both selinux and seccomp tags. These tags
are a requirement for proper operation with some frameworks (like
k3s).
So we add checks for the appropriate distro features and then
automatically add them to the build tags, allowing us a coordinated
enabling of the functionality.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
When using podman (or other seccomp enabled container runtimes),
you will get an OCI container startup error if runc hasn't been
built with seccomp.
Adding a distro feature to runc and to the README to make it easier
to coordinate the support.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping to the next -rc, which comprises the following commits:
1e0016cf Show error stack trace if --debug is set
5c0342ba libcontainer: fix bad conversion from syscall.Errno to error
a9e99b6d ci/gha/fedora: retry vagrant up
f26768a8 VERSION: back to development
12644e61 VERSION: release 1.0.0~rc93
c348b982 tests/rootless.sh: fix/ignore shellcheck warnings
11437593 tests/rootless.sh: use set -e -u -o pipefail
5ab05884 ci: untangle getting test images
bc175ba4 tests/helpers.bash: rm GOPATH
dc025792 ci/gha: bump golangci-lint to v1.36
4d3a8d5e .golangci.yml: add
76ae1f5c libct/cg/fs/freezer: fix freezing race
c4bc3b08 Remove "PatchAndLoad" stub as it's not used without seccomp enabled
6ddfaa5e cgroupfs: cpuset: fix broken build
ca422896 Makefile: add -trimpath go build flag
d89c9629 Fix typo in README
b1195b76 ci: test with golang 1.16-rc1
164e0adb tests/int/spec.bats: fix for go 1.16
4160d743 seccomp: add enosys unit tests
8bd19cd5 tests: add seccomp -ENOSYS integration test
7a8d7162 seccomp: prepend -ENOSYS stub to all filters
2be806d1 libcontainer/configs: improve CommandHook unit tests
f4d153b0 Fix int overflow in test on 32 bit system
4e98eec1 libct/cg: demote "systemd is too old" to debug
c7357aad libct/cg/ebpf/testDeviceFilter: rm verbose logging
6a9f5ac9 libct/cg/fs: fix a linter warning
63c44e27 libct/cg/fs: getPageUsageByNUMA: rewrite/optimize
e9248dd5 cgroup: fix panic in parse memory.numa_stat
426aa416 libct/int/TestExecInTTY: skip
c30cd3cd libct/int/TestExecInTTY: fix error reporting
dac0c1e3 console.ClearONLCR: move it back
ab27e12c Implement GetStat for cpuset cgroup.
867ba38e events: simplify some conversion functions
8ce51611 GHA: tune timeouts for VM jobs
510e404e make shfmt: run for all script/* files
90d02ecc Vagrantfile.centos7: clean up after bats install
a91210f4 gha: use ssh -tt to have a tty
1f4a3b1e gha: don't check commits on push
4a30ada4 gha: cache docker layers to speed up make runcimage
58c31003 README: rm travis badge
a21e57d7 tests/int/hooks.bats: skip earlier
657a24ce libct/cg/TestGetHugePageSizeImpl: only log errors
3394e374 libct/cg/sd/TestRangeToBits: be less verbose
230a46b7 systemd: fix rootful-in-userns regression
c751ba3f systemd: show more helpful error
a35cad3b libct/cg/sd/v2: warn about old systemd
03b512e5 libc/cg: convert r.CPU.Cpus/Mems to systemd props
eee425f5 libct/cg/sd/systemdVersion: don't return error
5de00ad9 tests/int/multi-arch.bash: fix for busybox
b3cf4831 script/check-config.sh: fix IOSCHED_CFQ CFQ_GROUP_IOSCHED
1a00cd8f script/check-config.sh: fix MEMCG_SWAP_ENABLED
ecb9d73c script/check-config.sh: fix NF_NAT_NEEDED
483abaac script/check-config.sh: fix NF_NAT_IPV4
91eba84a script/check-config.sh: support for cgroupv2
25987d03 libcontainer/intelrdt: adjust the file mode
c8e89b8d Remove script/install-vagrant.sh
06a684d6 libct/int/TestExecInTTY: repeat the test 300 times
fedaa2ab TestExecInTTY: simplify, improve error reporting
719d70d2 setupIO: simplify code
24c05b71 tty: fix ClearONLCR race
039c47ab libcontainer: signalAllProcesses(): log warning when failing to thaw
18972177 libcontainer: move capabilities to separate package
692fab09 libct/checkProcMounts: optimize
72f46389 libct: add TODO about os.ErrProcessDone
d7df3018 libct: suppress bogus "unable to terminate" warnings
637f82d6 runc run: resolve tmpfs mount dest in container scope
d64c3afe tests/int/mount.bats: reformat
a2c9866e tests/int/mounts.bats: cleanup
9f2153c6 libct/cgroups/fs/cpuset: don't use MkdirAll
c85cd2b3 libct/cg/fs/cpuset: don't parse mountinfo
c0e14b8b libct/cg/fs.getCgroupRoot: reuse (cached) cgroup mountinfo
ed70dfa7 libct/cgroups/v1_utils: implement mountinfo cache
17a0dc31 README: add note about not using runc directly
4bc2aab9 README: add links to misc docs
2dc1bf91 ci: move Fedora 33 and CentOS 7 tests to gha
e431fe60 ci: move misc validate tasks from travis to gha
7ecba232 ci: move cross compile check from travis to gha
8ccd39a9 ci: move commit length check from travis to gha
1125ae78 tests/events.bats: unify duplicated code
27268b1a tests/int/cwd: add test case for cwd not owned by runc
d869d05a libctr/init_linux: reorder chdir
8bd3b878 test: add case for GH #2086
cb3dd9d8 libct/configs/validate: test for bind-mounted netns
8e8661e1 libct/configs/validate/sysctl: fix repeated netns checks
2dce0699 libct/configs/validate: fix host netns check
2143b368 libct/int/execin_tty: do help debug a flake
e709b8ab libctl/cgroups/fscommon: close fd
325a74dd libcontainer/intelrdt: rm init() from intelrdt.go
cb269306 remove "selinux" build tag (Always compile SELinux support)
552a1c7b remove "apparmor" build tag (Always compile AppArmor support)
48b8eb09 checkProcMount: add /proc/slabinfo to whitelist
1909051b libct/int/execin_tty: help debug a flake
97929295 libct/intelrdt: fix a staticcheck warning
6437086e libct/addCriu*Mount: fix gosimple warning
d0b59548 libct/checkCriuFeatures: fix gosimple linter warning
3de5c514 libct/int: don't hardcode CAP_NET_ADMIN
3387422b libct/int: fix "simple" linter warnings
11680cd2 libct: fix "unused" linter warning
a99ecc9e libct/cg/utils: silence a linter warning
3c9b03fd libct/cg/fscommon: log openat2 init failures
6bda4600 libcontainer/cgroups/fscommon: add openat2 support
31b0151f move blkio stat gathering to loop
990a6c57 cgroups: update blkio GetStats
be56333f bats: update to 1.2.1
f15c4cca Update umoci to 0.4.6
4344bd8f Dockerfile: use binary criu release
3aead32e nsenter: hard-code memfd_create(2) syscall numbers
5d1b0268 .github/workflows/validate: nits
7cd062d7 libct/cgroup/utils: fix GetCgroupMounts(all=true)
4fc2de77 libcontainer/devices: remove "Device" prefix from types
677baf22 libcontainer: isolate libcontainer/devices
de80aae4 recvtty: fix errcheck linter warnings
6b41b463 recvtty: fix waiting for both goroutines
4bbfd2e1 recvtty: use ioutil.Discard
c1ef0cf6 ci: add integration+unit tests to github actions
fce8dd4d tests/int/tty.bats: increase timeout
c6ed1854 ci: add shellcheck to github actions
27835a9e Makefile: move shellcheck out of validate
33bda24a ci: move verify-deps from travis to github actions
c60f23b3 ci: add shfmt to github actions
717a73b3 ci: renamed golangci-lint to validate
06b204e5 Makefile: move shfmt out of validate, add -w
7856c340 Dockerfile: bump criu to 3.15
ee1bdb80 vendor: github.com/cilium/ebpf v0.2.0
f0d5e839 Dockefile: fix path to skopeo repo
d9010b0e integration: update README to link to bats-core
3f2f06df Move cgroup v2 out of experimental
f62ad4a0 libcontainer/intelrdt: rename CAT and MBA enabled flags
620f4c5c libcontainer/intelrdt: fix CMT feature check
896da0b9 docs: terminals: modify the example of Pass-Through mode.
4690064f update vendor
9403afd7 CI: Fedora 33: print kernel version, systemd version, and rootfs type
0a097615 CI: update Fedora to 33
41aa7640 linux: drop MS_REC for readonly remount
a4e6955e linux: fix remount readonly in a user namespace
2e968a83 libct/cg/sd/v2: "support" (ignore) memory.oom.group
c013be56 libct/cg/sd/v2: support memory.* / Memory* unified
13afa58d libct/cg/sd/v2: support cpuset.* / Allowed*
5be8b97a libct/cg/sd/v2: support cpu.weight / CPUWeight
390a98f3 runc update: support unified resources
ab80eb32 libct/cg/sd/v2: support cpu.max unified resource
7f24098d tests/int: move check_cpu* to helpers
fd5226d0 libct/cg/sd: add defCPUQuotaPeriod
0cb8bf67 Initial v2 resources.unified systemd support
ed548376 tests/int/update.bats: add checks for runc status
d0991db2 tests/int/cgroups.bats: reformatting
a66a8238 ci: pin shfmt to v3.2.0
2ceb9719 tests/integration: rm excessive run use
e32716d3 tests/int: simplify teardown_running_container
c114919f tests/int: fix "runc exec --preserve-fds"
7b8c4e98 shfmt mounts.bats to pass `make validate`
ac5ec5e3 libcontainer/integration: fix unit test
f5c345c3 test: add "runc run --no-pivot must not expose bare /proc"
17de6f80 vendor: bump mountinfo to v0.4.0
70538b39 Update bash completion to support systemd-cgroup
933c4d31 libcontainer/intelrdt: privatize IntelRdtManager and its fields
2c004a10 libcontainer/intelrdt: introduce NewManager()
abcc1aae fix some typos about libcontainer
939ad4e3 don't panic when /sys/fs/cgroup is missing for rootless
7613c718 Update bash completion to support new capabilities
b8bf5728 rootfs: handle nested procfs mounts for MS_MOVE
5903b0ce libcontainer/intelrdt: remove 'omitempty' property from CMT and MBM counters
0253a08d CI: add shfmt for sh files
ff9852c4 *.sh: use shfmt
069fddfa CI: add shfmt for bats
fc8c7797 tests/integration/*.bats: reformat with shfmt
0aa0fae3 Kill all processes in cgroup even if init process Wait fails
978fa6e9 Fixing some lint issues
f0fdde79 libct/cg/systemd/v1: fix err check in enableKmem
c1bba720 libct/cg/systemd/v1: do not use c.Path
fa47f958 libct/int/newTemplateConfig: add systemd support
9135d99c libct/int/newTemplateConfig: add userns param
73d93eeb libct/int: make newTemplateConfig argument a struct
fb4c27c4 Fix mount error when chmod RO tmpfs
002c92f1 libct/cg.WriteCgroupProc: use fscommon.OpenFile
c95e6900 libct/cg/fs*: use fscommon.OpenFile
d55729f1 libct/cg/fs/blkio: use fscommon.OpenFile
0228226e libcontainer/cgroups/fscommon: introduce OpenFile
b4483305 Add error message
e25b8cfc libct/cg/utils: use fscommon.ReadFile
6bae53f5 libct/cg/fs2: use fscommon.ReadFile
2588e6f1 libct/cg/fs/cpuset: use fscommon.ReadFile
1d20cf49 libct/cg/fs/cpuacct: use fscommon.ReadFile
9e78b66e libct/cg/systemd/v1.enableKmem: use fscommon.ReadFile
31634436 libct/cg/fs2.CreateCgroupPath: use fscommon.*File
b7092d84 libct/cg/fs.setKernelMemory: use fscommon.WriteFile
619de977 libct/cg/fscommon_test: rm cgroups dependency
ede8a86e Convert root path to absolute path on create command
e8eb8000 fix some linting issues
fcf210d6 Fix goreport warnings of ineffassign and misspell
644c107e libcontainer/intelrdt: modify the incorrect file mode
87412ee4 vendor: bump mountinfo v0.3.1
28b452bf libcontainer: unconvert
b3a8b074 libcontainer: prefer bytes.TrimSpace() over strings.TrimSpace()
3d5dec2f libcontainer: remove the unused variable from spec
b76652fb libcontainer: remove `removePath` from cgroups
faaecac7 libcontainer: remove loadConfig which is the unused function
c6ac3c4b libcontainer/system: remove deprecated GetProcessStartTime
3eb469b0 libcontainer: remove redundant strings.Join()
bc9a7bda setFreezer: explicitly return nil
2a644a7d CI: add golangci-lint via github actions
360981ae libct/cgroups: rewrite getHugePageSizeFromFilenames
819fd683 go.mod: sirupsen/logrus v1.7.0
0eb66c95 go.mod: github.com/containerd/console v1.0.1
8bf21672 use string-concatenation instead of sprintf for simple cases
a4d5e8a2 libcontainer/ignoreTerminateError: ignore SIGKILL
dc424591 libct/(*initProcess).start: fix removing cgroups on error
8699596d libct/(*setnsProcess).Start: use retErr
38447895 libct/cgroups/systemd: eliminate runc/systemd race
6c83d23f libcontainer/cgroups/fscommon: improve doc
31f0f5b7 libct/cg/fscommon.GetCgroupParamUint: improve
e76ac1c0 libct/cg/fscommon.GetCgroupParamString: use ReadFile
aac4d1f5 libct/cg/fscommon/GetCgroupParamKeyValue: nits
d167be29 libct/cgroups/fs2/statHugeTlb: error message nits
2c70d238 libct/intelrdt: add TestFindIntelRdtMountpointDir
ab2b5dfa libcontainer/cgroups: use const for templates
b7c446b3 checkpoint: setPageServer: use net.SplitHostPort instead of strings.Split
f1c1fdf9 libcontainer/intelrdt: use moby/sys/mountinfo
4929c05a tests/int: add cgroupv2 unified resources tests
6e2159be tests/int/cgroups: make sure to rm containers
b006f4a1 libct/cgroups: support Cgroups.Resources.Unified
8ceae9f7 libct/cgroups/GetHugePageSize: use Readdirnames
9aff7aae libct/utils: add GetHugePageSize benchmark
30601efa tests/int/spec.bats: simplify
6c21de38 tests/int/spec: only run once for rootless
186a38ba tests/int: whitespace cleanup
792d2c3b tests/int/cgroups.bats: rm unused code
908b7076 tests/int/*.bats: make sure to delete containers
1c3af275 libcontainer: newContainerCapList() refactor to reduce duplicated code
8820a145 libcontainer: initialize slices with length
f5c96b74 libcontainer: remove unneeded sprintf and intermediate variable
b9e26ad8 libcontainer: remove workaround for RHEL6 kernels
373811ba libcontainer: rename cap variable as it collides with built-in
074e67ad Makefile: fix vendor and verify-dependencies
2ccefa63 restore: tell CRIU to use existing namespaces
71c10e3c vendor: github.com/moby/sys/mountinfo v0.2.0
ba8687fc tests/int/helpers: fix indentation
fdb0590c tests/int/helpers: simplify set_cgroup_mount_writable
74b57fea fscommon.WriteFile: simplify error message
a3f91b98 vendor: bump runtime-spec
b682e8cf vendor: bump fileutils to v0.5.0
d1d13d9a tests/int/checkpoint: don't hide stderr
627074d0 tests/int/checkpoint: rm useless code
bca5f24c tests/int/checkpoint.bats: fix showing logs on fail
ce24d603 Add integration tests for cgroup devices
8297ae45 Makefile: fix DESTDIR handling
dd3e0da3 tests/int/dev.bats: fixes for new busybox
bcd30954 tests/int: fix runc exec --preserve-fds
ba0246da libcontainer: Store state.json before sync procRun
cbb0a793 Make sure signalAllProcesses is invoked in the function of destroy
940e1547 cgroupv1/systemd: (re)use m.paths
f075084a cgroupv1/systemd: rework Apply/joinCgroups
fad92bbf cgroupv1/Apply: do not overuse d.path/getSubsystemPath
0445fd60 Since no kernels support direct labeling of /dev/mqueue remove label
bfb4ea1b Remove check for apparmor_parser in apparmor.IsEnabled()
a63f99fc Add support for umask
42d9a6b4 tty.bats: add test cases when stdin is not a tty
b79cb048 runc run/exec: fix terminal wrt stdin redirection
b8efb020 tests/int/delete.bats: fix shellcheck warnings
28204ce7 tests/int/delete: rm useless code
34b4b106 tests/int: alt fix for shellcheck SC2034
d34f1c81 CI: add shellcheck of bats files
f36fb46b tests/int/*bats: ignore SC2016
598d8b73 tests/int/checkpoint.bats: ignore SC2206
08766b98 tests/int/*bats: fix/ignore shellcheck SC2046
4ba4baea tests/int/*bats: fix shellcheck SC2086, SC2006
b02ca2dc tests/int: fix shellcheck warning SC2002
3b80850e tests/int/update.bats: fix a shellcheck warning
612d0790 tests/int/update.bats: fix a shellcheck warning
82836d24 tests/int/cgroups.bats: fix a shellcheck warning
4b8ff6a1 tests/int/checkpoint.bats: ignore some shellcheck warnings
ce50e1da test/int/spec.bats: simplify setup/teardown
699fdf89 tests/int/mount.bats: fix a check
85a30698 test/int/hooks.bats: fix here-doc
9a699e1a Skip redundant setup for /dev/ptmx when specified explicitly in the OCI spec.
0709202d Remove runc default devices that overlap with spec devices.
6249136a add libseccomp version to `runc --version`
1d85333a add runtime.Version() to `runc --version`
1e9f8059 cleancode: adjust and make it more readability
335f0806 tests/int/delete: cgroupv1 with sub-cgroups removal case
19be8e5b libct/cgroups.RemovePaths: speedup
3f14242e libct/cgroups: move RemovePath from fs2
254d23b9 libc/cgroups: empty map in RemovePaths
bf8bb477 Modify from space to tab
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping to the next rc of runc, which comprises the following commits:
1e0016cf Show error stack trace if --debug is set
5c0342ba libcontainer: fix bad conversion from syscall.Errno to error
a9e99b6d ci/gha/fedora: retry vagrant up
f26768a8 VERSION: back to development
12644e61 VERSION: release 1.0.0~rc93
c348b982 tests/rootless.sh: fix/ignore shellcheck warnings
11437593 tests/rootless.sh: use set -e -u -o pipefail
5ab05884 ci: untangle getting test images
bc175ba4 tests/helpers.bash: rm GOPATH
dc025792 ci/gha: bump golangci-lint to v1.36
4d3a8d5e .golangci.yml: add
76ae1f5c libct/cg/fs/freezer: fix freezing race
c4bc3b08 Remove "PatchAndLoad" stub as it's not used without seccomp enabled
6ddfaa5e cgroupfs: cpuset: fix broken build
ca422896 Makefile: add -trimpath go build flag
d89c9629 Fix typo in README
b1195b76 ci: test with golang 1.16-rc1
164e0adb tests/int/spec.bats: fix for go 1.16
4160d743 seccomp: add enosys unit tests
8bd19cd5 tests: add seccomp -ENOSYS integration test
7a8d7162 seccomp: prepend -ENOSYS stub to all filters
2be806d1 libcontainer/configs: improve CommandHook unit tests
f4d153b0 Fix int overflow in test on 32 bit system
4e98eec1 libct/cg: demote "systemd is too old" to debug
c7357aad libct/cg/ebpf/testDeviceFilter: rm verbose logging
6a9f5ac9 libct/cg/fs: fix a linter warning
63c44e27 libct/cg/fs: getPageUsageByNUMA: rewrite/optimize
e9248dd5 cgroup: fix panic in parse memory.numa_stat
426aa416 libct/int/TestExecInTTY: skip
c30cd3cd libct/int/TestExecInTTY: fix error reporting
dac0c1e3 console.ClearONLCR: move it back
ab27e12c Implement GetStat for cpuset cgroup.
867ba38e events: simplify some conversion functions
8ce51611 GHA: tune timeouts for VM jobs
510e404e make shfmt: run for all script/* files
90d02ecc Vagrantfile.centos7: clean up after bats install
a91210f4 gha: use ssh -tt to have a tty
1f4a3b1e gha: don't check commits on push
4a30ada4 gha: cache docker layers to speed up make runcimage
58c31003 README: rm travis badge
a21e57d7 tests/int/hooks.bats: skip earlier
657a24ce libct/cg/TestGetHugePageSizeImpl: only log errors
3394e374 libct/cg/sd/TestRangeToBits: be less verbose
230a46b7 systemd: fix rootful-in-userns regression
c751ba3f systemd: show more helpful error
a35cad3b libct/cg/sd/v2: warn about old systemd
03b512e5 libc/cg: convert r.CPU.Cpus/Mems to systemd props
eee425f5 libct/cg/sd/systemdVersion: don't return error
5de00ad9 tests/int/multi-arch.bash: fix for busybox
b3cf4831 script/check-config.sh: fix IOSCHED_CFQ CFQ_GROUP_IOSCHED
1a00cd8f script/check-config.sh: fix MEMCG_SWAP_ENABLED
ecb9d73c script/check-config.sh: fix NF_NAT_NEEDED
483abaac script/check-config.sh: fix NF_NAT_IPV4
91eba84a script/check-config.sh: support for cgroupv2
25987d03 libcontainer/intelrdt: adjust the file mode
c8e89b8d Remove script/install-vagrant.sh
06a684d6 libct/int/TestExecInTTY: repeat the test 300 times
fedaa2ab TestExecInTTY: simplify, improve error reporting
719d70d2 setupIO: simplify code
24c05b71 tty: fix ClearONLCR race
039c47ab libcontainer: signalAllProcesses(): log warning when failing to thaw
18972177 libcontainer: move capabilities to separate package
692fab09 libct/checkProcMounts: optimize
72f46389 libct: add TODO about os.ErrProcessDone
d7df3018 libct: suppress bogus "unable to terminate" warnings
637f82d6 runc run: resolve tmpfs mount dest in container scope
d64c3afe tests/int/mount.bats: reformat
a2c9866e tests/int/mounts.bats: cleanup
9f2153c6 libct/cgroups/fs/cpuset: don't use MkdirAll
c85cd2b3 libct/cg/fs/cpuset: don't parse mountinfo
c0e14b8b libct/cg/fs.getCgroupRoot: reuse (cached) cgroup mountinfo
ed70dfa7 libct/cgroups/v1_utils: implement mountinfo cache
17a0dc31 README: add note about not using runc directly
4bc2aab9 README: add links to misc docs
2dc1bf91 ci: move Fedora 33 and CentOS 7 tests to gha
e431fe60 ci: move misc validate tasks from travis to gha
7ecba232 ci: move cross compile check from travis to gha
8ccd39a9 ci: move commit length check from travis to gha
1125ae78 tests/events.bats: unify duplicated code
27268b1a tests/int/cwd: add test case for cwd not owned by runc
d869d05a libctr/init_linux: reorder chdir
8bd3b878 test: add case for GH #2086
cb3dd9d8 libct/configs/validate: test for bind-mounted netns
8e8661e1 libct/configs/validate/sysctl: fix repeated netns checks
2dce0699 libct/configs/validate: fix host netns check
2143b368 libct/int/execin_tty: do help debug a flake
e709b8ab libctl/cgroups/fscommon: close fd
325a74dd libcontainer/intelrdt: rm init() from intelrdt.go
cb269306 remove "selinux" build tag (Always compile SELinux support)
552a1c7b remove "apparmor" build tag (Always compile AppArmor support)
48b8eb09 checkProcMount: add /proc/slabinfo to whitelist
1909051b libct/int/execin_tty: help debug a flake
97929295 libct/intelrdt: fix a staticcheck warning
6437086e libct/addCriu*Mount: fix gosimple warning
d0b59548 libct/checkCriuFeatures: fix gosimple linter warning
3de5c514 libct/int: don't hardcode CAP_NET_ADMIN
3387422b libct/int: fix "simple" linter warnings
11680cd2 libct: fix "unused" linter warning
a99ecc9e libct/cg/utils: silence a linter warning
3c9b03fd libct/cg/fscommon: log openat2 init failures
6bda4600 libcontainer/cgroups/fscommon: add openat2 support
31b0151f move blkio stat gathering to loop
990a6c57 cgroups: update blkio GetStats
be56333f bats: update to 1.2.1
f15c4cca Update umoci to 0.4.6
4344bd8f Dockerfile: use binary criu release
3aead32e nsenter: hard-code memfd_create(2) syscall numbers
5d1b0268 .github/workflows/validate: nits
7cd062d7 libct/cgroup/utils: fix GetCgroupMounts(all=true)
4fc2de77 libcontainer/devices: remove "Device" prefix from types
677baf22 libcontainer: isolate libcontainer/devices
de80aae4 recvtty: fix errcheck linter warnings
6b41b463 recvtty: fix waiting for both goroutines
4bbfd2e1 recvtty: use ioutil.Discard
c1ef0cf6 ci: add integration+unit tests to github actions
fce8dd4d tests/int/tty.bats: increase timeout
c6ed1854 ci: add shellcheck to github actions
27835a9e Makefile: move shellcheck out of validate
33bda24a ci: move verify-deps from travis to github actions
c60f23b3 ci: add shfmt to github actions
717a73b3 ci: renamed golangci-lint to validate
06b204e5 Makefile: move shfmt out of validate, add -w
7856c340 Dockerfile: bump criu to 3.15
ee1bdb80 vendor: github.com/cilium/ebpf v0.2.0
f0d5e839 Dockefile: fix path to skopeo repo
d9010b0e integration: update README to link to bats-core
3f2f06df Move cgroup v2 out of experimental
f62ad4a0 libcontainer/intelrdt: rename CAT and MBA enabled flags
620f4c5c libcontainer/intelrdt: fix CMT feature check
896da0b9 docs: terminals: modify the example of Pass-Through mode.
4690064f update vendor
9403afd7 CI: Fedora 33: print kernel version, systemd version, and rootfs type
0a097615 CI: update Fedora to 33
41aa7640 linux: drop MS_REC for readonly remount
a4e6955e linux: fix remount readonly in a user namespace
2e968a83 libct/cg/sd/v2: "support" (ignore) memory.oom.group
c013be56 libct/cg/sd/v2: support memory.* / Memory* unified
13afa58d libct/cg/sd/v2: support cpuset.* / Allowed*
5be8b97a libct/cg/sd/v2: support cpu.weight / CPUWeight
390a98f3 runc update: support unified resources
ab80eb32 libct/cg/sd/v2: support cpu.max unified resource
7f24098d tests/int: move check_cpu* to helpers
fd5226d0 libct/cg/sd: add defCPUQuotaPeriod
0cb8bf67 Initial v2 resources.unified systemd support
ed548376 tests/int/update.bats: add checks for runc status
d0991db2 tests/int/cgroups.bats: reformatting
a66a8238 ci: pin shfmt to v3.2.0
2ceb9719 tests/integration: rm excessive run use
e32716d3 tests/int: simplify teardown_running_container
c114919f tests/int: fix "runc exec --preserve-fds"
7b8c4e98 shfmt mounts.bats to pass `make validate`
ac5ec5e3 libcontainer/integration: fix unit test
f5c345c3 test: add "runc run --no-pivot must not expose bare /proc"
17de6f80 vendor: bump mountinfo to v0.4.0
70538b39 Update bash completion to support systemd-cgroup
933c4d31 libcontainer/intelrdt: privatize IntelRdtManager and its fields
2c004a10 libcontainer/intelrdt: introduce NewManager()
abcc1aae fix some typos about libcontainer
939ad4e3 don't panic when /sys/fs/cgroup is missing for rootless
7613c718 Update bash completion to support new capabilities
b8bf5728 rootfs: handle nested procfs mounts for MS_MOVE
5903b0ce libcontainer/intelrdt: remove 'omitempty' property from CMT and MBM counters
0253a08d CI: add shfmt for sh files
ff9852c4 *.sh: use shfmt
069fddfa CI: add shfmt for bats
fc8c7797 tests/integration/*.bats: reformat with shfmt
0aa0fae3 Kill all processes in cgroup even if init process Wait fails
978fa6e9 Fixing some lint issues
f0fdde79 libct/cg/systemd/v1: fix err check in enableKmem
c1bba720 libct/cg/systemd/v1: do not use c.Path
fa47f958 libct/int/newTemplateConfig: add systemd support
9135d99c libct/int/newTemplateConfig: add userns param
73d93eeb libct/int: make newTemplateConfig argument a struct
fb4c27c4 Fix mount error when chmod RO tmpfs
002c92f1 libct/cg.WriteCgroupProc: use fscommon.OpenFile
c95e6900 libct/cg/fs*: use fscommon.OpenFile
d55729f1 libct/cg/fs/blkio: use fscommon.OpenFile
0228226e libcontainer/cgroups/fscommon: introduce OpenFile
b4483305 Add error message
e25b8cfc libct/cg/utils: use fscommon.ReadFile
6bae53f5 libct/cg/fs2: use fscommon.ReadFile
2588e6f1 libct/cg/fs/cpuset: use fscommon.ReadFile
1d20cf49 libct/cg/fs/cpuacct: use fscommon.ReadFile
9e78b66e libct/cg/systemd/v1.enableKmem: use fscommon.ReadFile
31634436 libct/cg/fs2.CreateCgroupPath: use fscommon.*File
b7092d84 libct/cg/fs.setKernelMemory: use fscommon.WriteFile
619de977 libct/cg/fscommon_test: rm cgroups dependency
ede8a86e Convert root path to absolute path on create command
e8eb8000 fix some linting issues
fcf210d6 Fix goreport warnings of ineffassign and misspell
644c107e libcontainer/intelrdt: modify the incorrect file mode
87412ee4 vendor: bump mountinfo v0.3.1
28b452bf libcontainer: unconvert
b3a8b074 libcontainer: prefer bytes.TrimSpace() over strings.TrimSpace()
3d5dec2f libcontainer: remove the unused variable from spec
b76652fb libcontainer: remove `removePath` from cgroups
faaecac7 libcontainer: remove loadConfig which is the unused function
c6ac3c4b libcontainer/system: remove deprecated GetProcessStartTime
3eb469b0 libcontainer: remove redundant strings.Join()
bc9a7bda setFreezer: explicitly return nil
2a644a7d CI: add golangci-lint via github actions
360981ae libct/cgroups: rewrite getHugePageSizeFromFilenames
819fd683 go.mod: sirupsen/logrus v1.7.0
0eb66c95 go.mod: github.com/containerd/console v1.0.1
8bf21672 use string-concatenation instead of sprintf for simple cases
a4d5e8a2 libcontainer/ignoreTerminateError: ignore SIGKILL
dc424591 libct/(*initProcess).start: fix removing cgroups on error
8699596d libct/(*setnsProcess).Start: use retErr
38447895 libct/cgroups/systemd: eliminate runc/systemd race
6c83d23f libcontainer/cgroups/fscommon: improve doc
31f0f5b7 libct/cg/fscommon.GetCgroupParamUint: improve
e76ac1c0 libct/cg/fscommon.GetCgroupParamString: use ReadFile
aac4d1f5 libct/cg/fscommon/GetCgroupParamKeyValue: nits
d167be29 libct/cgroups/fs2/statHugeTlb: error message nits
2c70d238 libct/intelrdt: add TestFindIntelRdtMountpointDir
ab2b5dfa libcontainer/cgroups: use const for templates
b7c446b3 checkpoint: setPageServer: use net.SplitHostPort instead of strings.Split
f1c1fdf9 libcontainer/intelrdt: use moby/sys/mountinfo
4929c05a tests/int: add cgroupv2 unified resources tests
6e2159be tests/int/cgroups: make sure to rm containers
b006f4a1 libct/cgroups: support Cgroups.Resources.Unified
8ceae9f7 libct/cgroups/GetHugePageSize: use Readdirnames
9aff7aae libct/utils: add GetHugePageSize benchmark
30601efa tests/int/spec.bats: simplify
6c21de38 tests/int/spec: only run once for rootless
186a38ba tests/int: whitespace cleanup
792d2c3b tests/int/cgroups.bats: rm unused code
908b7076 tests/int/*.bats: make sure to delete containers
1c3af275 libcontainer: newContainerCapList() refactor to reduce duplicated code
8820a145 libcontainer: initialize slices with length
f5c96b74 libcontainer: remove unneeded sprintf and intermediate variable
b9e26ad8 libcontainer: remove workaround for RHEL6 kernels
373811ba libcontainer: rename cap variable as it collides with built-in
074e67ad Makefile: fix vendor and verify-dependencies
2ccefa63 restore: tell CRIU to use existing namespaces
71c10e3c vendor: github.com/moby/sys/mountinfo v0.2.0
ba8687fc tests/int/helpers: fix indentation
fdb0590c tests/int/helpers: simplify set_cgroup_mount_writable
74b57fea fscommon.WriteFile: simplify error message
a3f91b98 vendor: bump runtime-spec
b682e8cf vendor: bump fileutils to v0.5.0
d1d13d9a tests/int/checkpoint: don't hide stderr
627074d0 tests/int/checkpoint: rm useless code
bca5f24c tests/int/checkpoint.bats: fix showing logs on fail
ce24d603 Add integration tests for cgroup devices
8297ae45 Makefile: fix DESTDIR handling
dd3e0da3 tests/int/dev.bats: fixes for new busybox
bcd30954 tests/int: fix runc exec --preserve-fds
ba0246da libcontainer: Store state.json before sync procRun
cbb0a793 Make sure signalAllProcesses is invoked in the function of destroy
940e1547 cgroupv1/systemd: (re)use m.paths
f075084a cgroupv1/systemd: rework Apply/joinCgroups
fad92bbf cgroupv1/Apply: do not overuse d.path/getSubsystemPath
0445fd60 Since no kernels support direct labeling of /dev/mqueue remove label
bfb4ea1b Remove check for apparmor_parser in apparmor.IsEnabled()
a63f99fc Add support for umask
42d9a6b4 tty.bats: add test cases when stdin is not a tty
b79cb048 runc run/exec: fix terminal wrt stdin redirection
b8efb020 tests/int/delete.bats: fix shellcheck warnings
28204ce7 tests/int/delete: rm useless code
34b4b106 tests/int: alt fix for shellcheck SC2034
d34f1c81 CI: add shellcheck of bats files
f36fb46b tests/int/*bats: ignore SC2016
598d8b73 tests/int/checkpoint.bats: ignore SC2206
08766b98 tests/int/*bats: fix/ignore shellcheck SC2046
4ba4baea tests/int/*bats: fix shellcheck SC2086, SC2006
b02ca2dc tests/int: fix shellcheck warning SC2002
3b80850e tests/int/update.bats: fix a shellcheck warning
612d0790 tests/int/update.bats: fix a shellcheck warning
82836d24 tests/int/cgroups.bats: fix a shellcheck warning
4b8ff6a1 tests/int/checkpoint.bats: ignore some shellcheck warnings
ce50e1da test/int/spec.bats: simplify setup/teardown
699fdf89 tests/int/mount.bats: fix a check
85a30698 test/int/hooks.bats: fix here-doc
9a699e1a Skip redundant setup for /dev/ptmx when specified explicitly in the OCI spec.
0709202d Remove runc default devices that overlap with spec devices.
6249136a add libseccomp version to `runc --version`
1d85333a add runtime.Version() to `runc --version`
1e9f8059 cleancode: adjust and make it more readability
335f0806 tests/int/delete: cgroupv1 with sub-cgroups removal case
19be8e5b libct/cgroups.RemovePaths: speedup
3f14242e libct/cgroups: move RemovePath from fs2
254d23b9 libc/cgroups: empty map in RemovePaths
bf8bb477 Modify from space to tab
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|