Bumping runc to version v1.3.0-rc.1-171-gb1722d79, which comprises the following commits:
da909478 deps: bump cgroups to v0.0.3, fix tests
f24aa06e libct: State: ensure Resources is not nil
1b39997e Preventing containers from being unable to be deleted
d22a4211 libct/configs: stop using deprecated id
b25bcaa8 libct/configs: fix/improve deprecation notices
a10d338e libct/configs: add package docstring
8d180e96 Add support for Linux Network Devices
889c7b27 update runtime-spec
ed5df5f9 libcontainer/configs package doc
0b01dccf runc update: handle duplicated devs properly
7696402d runc update: support per-device weight and iops
99a4f198 build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17
31d141e2 build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0
8b0e7511 build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5
04be81b6 fix rootfs propagation mode
995a39a4 ci: add scheduled run of GHA CI
74209b73 ci/gha: allow to run jobs manually
62e6ab6d gha/ci: allow validate/all-done to succeed for non-PRs
b39bd105 ci/gha: fix exclusion rules
b206a015 deps: bump opencontainers/cgroups to v0.0.2
ae00c2bd tests/int: simplify using check_cpu_quota
fbf1a320 build(deps): bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1
5cdfeea7 CHANGELOG: forward-port entries from 1.3.0
0623ea10 build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
c1958d88 build(deps): bump golangci/golangci-lint-action from 7 to 8
9f86496c ci: Check for exclude/replace directives
67b8a685 go.mod: Delete exclude directives
b0aa863f ci: bump golangci-lint to v2.1
d920a722 build(deps): bump github.com/seccomp/libseccomp-golang
8e3ee502 ci/cross-i386: retry adding ppa
c12c99b7 runc: embed version from VERSION file
d54eaaf2 runc --version: use a function
3e3e0482 ci: upgrade to criu-4.1-2 in Fedora
58c3ab77 rootfs: improve error messages for bind-mount vfs flag setting
30302a28 mount: add string representation of mount flags
87ae2f84 Unify and fix rootless key setup
b520f750 ci: install newer criu for almalinux-8
d7285e46 Fix "invalid workflow file" github actions error
5f4d3f36 libct/apparmor: don't use vars for public functions
08ebbfc8 tests/cmd/remap-rootfs: fix mips builds
1d78cb21 Completely remove --criu option
c8991936 ci: add check for toolchain in go.mod
e34c1a04 CHANGELOG: Port 1.2.x changes
c5ab4b6e runc pause/unpause/ps: get rid of excessive warning
fda034c9 pause: refactor
75a4546b go.mod: rm toolchain
0a9639e3 build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
c5e0ece4 build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0
19c65154 tests: Add env var tests
09501d96 libct: Override HOME if its set to the empty string
bb5aa116 build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0
bf386464 libct: we should set envs after we are in the jail of the container
4a0e282b test: check whether runc set a correct default home env or not
7fdec327 Use any instead of interface{}
17570625 Use for range over integers
f64edc4d ps: use slices.Contains
ef5acfab libct/configs: use slices.Delete
0fc2338d libct/specconv: use maps.Clone
7a58d823 .golanci-extra: disable staticcheck QF1008
0b536265 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
5cfd1a62 build(deps): bump bats-core/bats-action from 3.0.0 to 3.0.1
131bdac1 tests/int/selinux: test keyring security label
c735c073 tests/integration/selinux: collect user_avc as well
491326cd int/linux: add/use Recvfrom
e655abc0 int/linux: add/use Dup3, Open, Openat
c690b66d int/linux: add/use Exec
431b8bb4 int/linux: add/use Getwd
8cc1eb37 Introduce and use internal/linux
b68cbdff criu: Add time namespace to container config after checkpoint/restore
127e8e68 ci: bump to golangci-lint v2.0
9b3ccc19 libct/intelrdt: fix staticcheck ST1020 warnings
30f8acab Fix staticcheck ST1020/ST1021 warnings
9510ffb6 Fix a few staticcheck QF1001 warnings
6405725c libct: fix staticcheck QF1006 warning
fdb69163 notify_socket.go: fix staticcheck warning
4622bb87 build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6
a638f133 .golangci.yml: add nolintlint, fix found issues
d00c3be9 ci: bump codespell to v2.4.1, fix some typos
65e0f2b7 libct/int: use destroyContainer
1aebfa3e libct/int: don't use _ = runContainerOk
f55400dc .github: Improve issue template description
bac33825 build(deps): bump github.com/opencontainers/selinux
6a3f8ea3 skip read /proc/filesystems if process_label is null
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We've only had one type of runc for a while, this is another step
in the direction of moving to just 'runc' versus the old runc-<foo>
variants
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since there are two implementations of runc and containerd that may
not always be in sync, the docker variant, and the opencontainers
variable, we create a virtual/* namespace for these components.
Anything requiring runc or containerd should set a preferred provider
to get the desired/tested variant.
We set the default provider to the docker variants, since they are
the primary use case for these components.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
At the moment we only use runc in conjunction with docker. In order to
allow docker to function correctly we need to use the version
specified in docker's vendor.conf file. Uprev runc to this version.
NOTE that the docker folks have actually forked runc and I have used
this fork as the SRC_URI. I could have chosen instead to use the old
SRC_URI along with the fork point commit as the SRCREV, and then
applied the 2 commits the docker team have added beyond the fork. I
opted instead to use the fork such that 'docker info' would not
complain about a version mismatch. This also makes it easier to google
for issues since the commit ID matches.
NOTE when we eventually have more users of runc we will have to
determine a strategy to either have them all use the same version or
allow for multiple versions of runc on the system. This is also true
for containerd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Since we are building a cross tool which produces something which is
ARCH specific we should stick to the <toolname>-cross-<arch> naming
convention. A variant of this patch has been floating around for a
while but with the changes around per recipe sysroots, distributed
builds, shared builds... we are best served to adopt this convention
now.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Similar to commit 01aa8f1, runc and containered also need to set GOROOT
explicitly.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Bumping the version of docker and dependencies. This gets us closer to
runc 1.0, which is the foundation for future OCI efforts.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When building for qemux86 the following error was encountered due to GOARCH
being set incorrectly:
compile: unknown architecture "i586"
This can be fixed by using the go-osarchmap class.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
With the update to docker 1.11.x, we must also introduce runc. From the
runc site:
runC is a CLI tool for spawning and running containers according to the OCP specification.
Containers are started as a child process of runC and can be embedded into various other
systems without having to run a Docker daemon.
runC is built on libcontainer, the same container technology powering millions of
Docker Engine installations.
Docker images can be run with runC.
So not only is runc required for docker, it is useful for any system that wants
to run OCP containers AND docker containers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
