meta-virtualization

mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 20:59:41 +02:00

Author	SHA1	Message	Date
Bruce Ashfield	3012689f5e	runc: update to 1.1.2 Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits: bf1cd884 ci: use golangci-lint-action v3, GO_VERSION 1feafc31 ci: bump golangci-lint to v1.44 89f79ff0 libct: StartInitialization: fix %w related warning 3b7f2605 Format sources using gofumpt 0.2.1 eeac4e77 build(deps): bump actions/checkout from 2 to 3 cd7fa00d Vagrantfile.fedora: fix build wrt new git cdfdbe55 VERSION: back to development a916309f VERSION: release 1.1.2 364ec0f1 runc: do not set inheritable capabilities 8959e372 VERSION: back to development 52de29d7 VERSION: release 1.1.1 2636e1cb CHANGELOG.md: add 1.1.1 release notes 036cc348 CI/cirrus: add centos-stream-9 db953158 README.md: add cirrus-ci badge ea19181e README,libct/README: fix pkg.go.dev badges 8290c4cf libct/cg: IsCgroup2HybridMode: don't panic ee7ba6cb configs/validate: looser validation for RDT 96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation 35784a3e ensure the path is a sub-cgroup path 986e7c53 libct: fixStdioPermissions: ignore EROFS 5053a065 libct: fixStdioPermissions: skip chown if not needed d2939b6b libct: fixStdioPermissions: minor refactoring Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2022-06-03 09:32:13 -04:00
Bruce Ashfield	e1c1b9dfd0	runc-opencontainers: update to 1.1.0-tip Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits: 986e7c53 libct: fixStdioPermissions: ignore EROFS 5053a065 libct: fixStdioPermissions: skip chown if not needed d2939b6b libct: fixStdioPermissions: minor refactoring d7f7b22a VERSION: back to development Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2022-03-21 17:31:28 -04:00
Bruce Ashfield	1af45b1490	runc: update to v1.1.0 Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits: d7f7b22a VERSION: back to development 067aaf85 VERSION: release runc v1.1.0 c0e300f1 Refuse to build runc without nsenter e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5 5c7e8981 libct/cg: rm go 1.15 compatibility 4773769c VERSION: back to development 55df1fc4 VERSION: release v1.1.0-rc.1 a8f9d5de CHANGELOG: add an in-repo changelog file 6d2067a4 script/seccomp.sh: fix argc check 457ca62f script/release_.sh: fix usage c729594c deps: update libseccomp to 2.5.3 5d779620 tests/int: use update_config in hooks test 9e798e26 tests/int: ability to specify binary 97688ddf types/features: clarify MountOptions deb0a5f2 Mark `runc features` experimental 382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...) ba935a51 Support nosymfollow mount option (kernel 5.10) f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c acd8f12f release: correctly handle binary signing for "make releaseall" d72d057b runc init: avoid netlink message length overflows 25112dd1 libct/intelrdt: remove unused type c4a61aa9 ci: enable extra linters for new code 520702da Add `runc features` command 02475d9c .golangci.lint: add unparam linter 953e56c5 libct/int: runContainer: drop console arg 6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning 06b3fd9d libct/cg/ebpf: drop finalize return value 86733013 notify_socket: setupSpec: drop ctx arg and return value 741568eb libct/cg/devices: addRule: ignore unparam warning fc44e3f6 tty: Close: rm return value 36483465 tty: ClosePostStart: rm return value f3f4b6d1 tty: recvtty: rm process arg e6318635 tty: rm inheritStdio return value d23b8109 checkpoint: rm getDefaultImagePath arg dd140401 libct: fixStdioPermissions: rm config arg b357bc13 libct/factory: rm id param from loadState b950b778 libct/utils: ResolveRootfs: remove 35d20c4e chown cgroup to process uid in container namespace ec0f35bc libct/system/xattrs: remove e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0 e3dd80fa Vagrantfile.fedora: revert excluding systemd 1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run 1362291a Avoid non-op when the list of `Hooks` is empty f13a9325 libct/cg: HugePageSizes: simplify code and test 39d4c8d5 libct/cg: lazy init for HugePageSizes a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes dde509df specconv: do not permit null bytes in mount fields 50105de1 Fix failure with rw bind mount of a ro fuse 982b9a1d libct/standard_init: fix linter warning 643f8a2b libct/specconv: nits b247cd39 runc run: fix ro /dev 029b73c1 libct/spec: replace isValidName regex with a function 6907beca libct/specconv: remove isSecSuffix regex 37c5fd55 libct/specconv: make parseMountOptions return Mount 2c3792ba libct/specconv: make mountFlags and extensionFlags global 81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions 8fe1e8bf libct/specconv: rm some init allocations 712157f6 Revert "ci: temporarily disable criu repo gpg check" f252eb54 test/int/mount.bats: refer to github issue 7563a8f0 libct: wrap more unix errors db4ad6a7 libcontainer/system: rm Prlimit 0880c001 .cirrus.yml: silence vagrant up b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade 12a36265 ci/cirrus: update to Go 1.17.3 02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0 0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359 b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5 a9bb11ec Fix the conversion of sysctl variable dots and slashes 0f933d54 Rename package validate_test to package validate 68c2b6a7 runc run: refuse a frozen cgroup d08bc0c1 runc run: warn on non-empty cgroup dd696235 runc exec: reject paused container unless --ignore-paused 4b25a4e8 CI: update Fedora to 35 7324496f tests/int: fix userns for Fedora 35 05272718 tests/int/cgroups: fix for misc controller fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6 972aea3a libct/configs/validate: allow / in sysctl names 95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil` dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0 8542322d libcontainer: Add unit tests with userns and mounts 55162941 Remove io/ioutil use 6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+ 12e99a0f Require Go >= 1.16 3d986766 ci/gha: install latest stable Go version c5ca778f ci: temporarily disable criu repo gpg check 81fdc8ce New integration tests for user namespaces bind sources 9c444070 Open bind mount sources from the host userns a80e1217 libct/intelrdt: add Root() 794cd66d libct/system: Exec: wrap the error 6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1 e395d2dc libct: Init: remove LockOSThread 916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public 2e0ceaa9 fix createDevices when no Linux section fae5d8b5 release: add s390x f95063ed Dockerfile: fix for seccomp 7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively 580e43ec contrib: rm init from bash completion 0202c398 runc exec: implement --cgroup cc15b887 tests: add integration test for cgroups hybrid a8435007 cgroups: join cgroup v2 when using hybrid mode 39914db6 runc exec: don't skip non-existing cgroups 7d446c63 libct/cg.WriteCgroupProcs: improve errors cc1d7466 exec.go: nit 0d297b71 ci/gha: test criu-dev with latest go 16aedc31 ci/gha: remove debug info 3fd1851c CI/GHA: switch to OBS criu repo 81dc5599 Dockerfile: fix apt-key warning 2bf560fb Dockerfile: use Debian_11 repo for criu 99ddc1be libct/cg/fs: rm m.config == nil checks 57edce46 libct/cg: add Resources=nil unit test 1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager 9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager 39be6e97 libct/cg/fs2: minor optimization b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager fcc48168 libct/cg/fs: document path removal 6c5441e5 libct/cg/fs: move paths init to NewManager 097c6d74 libct/cg: simplify getting cgroup manager 3c8db638 script/release.sh: update libseccomp to 2.5.2 f30244ee make release: add cross-build 23d79aae Makefile: only build runc for static target d2b6899e Makefile: fixes for seccompagent 43b36dc4 Support changing of lsm mount context on restore 412d68d1 Vendor in go-criu v5.1.0 163e2523 libct/cg: replace bitset with std math/big library 6806b2c1 runc delete -f: fix for cg v1 + paused container e6928865 libct/cg/fs: refactor 7d1cb320 libct/cg/fs: rename join to apply 5c7cb837 libct/cg/fs: micro optimization 19b542a5 libct/cg/fs: move internal code out of fs.go eb09df74 libct/cg/sd/v1: initPaths: minor optimization 63c84917 libct/cg/sd/v1: optimize initPaths c7e0864d libct/cg/sd/v1: factor out initPaths dc907e8d libct/cg/sd/v.go: nit d974b22a create, run: amend final errors 9ba2f65d startContainer: minor refactor 1545ea69 delete, start: remove newline from errors af641cd5 seccomp: Add test using the seccomp agent example 08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1 622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 47abdcee ci/gha: update golangci-lint to 1.42.1 704a1878 contrib/cmd/seccompagent: fix build tags 49137c2a ci/gha: bump shfmt to 3.3.1 f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int d2f49d45 libct/nsenter/nsexec.c: improve bail 6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int 0a3577c6 utils_linux: simplify newProcess 51cd519e seccomp agent: Return non-zero on failures 8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64 4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess 4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines 72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5 00772cae tests: add functional tests for seccomp notify 5ae831d9 tests: add functional tests for seccomp e21a9ee8 contrib: add sample seccomp agent c64aaf0e libcontainer/specconv: extend SetupSeccomp tests 2b025c01 Implement Seccomp Notify 4e7aeff6 libcontainer/utils: introduce SendFds c55530be vendoring: Use libseccomp with notify support 64358c4d optimize log: move WriteJSON defer as early as possible 39d0ee18 script/release.sh: fix for opensuse a20c8b29 runc --debug: shorter caller info b55b3081 libct/logs: do not show caller in nsexec logs c3910e73 libct/logs: parse log level implicitly c4826905 libct/logs: test: make more robust 33dcb994 libct/nsenter/nsenter_test.go: logging nits 78b27155 libct/nsenter: test: rm misleading comments 2c46455c libct/nsenter: test: improve TestNsenterChildLogging feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths 3df6a02f libct/nsenter: test: improve newPipe 347c371b CI: Mark CGO warnings as errors d8da0035 : add go-1.17+ go:build tags 1b17ec95 libct/cg: rm "unsupported.go" files dbb9fc03 libct/: remove linux build tag from some pkgs c5b0be78 Rm build tags from main pkg 9ff64c3d : rm redundant linux build tag 895e0a5c nsenter: fix typo in bail message 1f5798f7 improve error message when dbus-user-session is not installed 63944578 tests/int: add a "update cpu period with pod limit set" test 1b2adcfe libct/cg/v1: workaround CPU quota period set failure 09b80811 Revert "libct/devices: change devices.Type to be a string" 538ba846 libct/error.go: rm ConfigError 6145628f configs/validate: audit all returned errors bbcf96f9 libct/cg/devices: stop using regex fb629db6 tests/int/helpers: fix shellcheck warnings f65276db tests/int/helpers: rm $bundle handling b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11 8d8415ee libct/logs: remove ConfigureLogging f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging 93937000 libcontainer/intelrdt: update code comments a37a89f4 libct/system: add I and P process states f90008ae libct/system.Stat: fix/improve/speedup 412c6f06 libct/system/proc_test: fix, improve, add benchmark 74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken) 24d318b8 Dockerfile: switch to bullseye 9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test 41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw a5871801 ci: add go1.17 75761bcc Fix codespell warnings, add codespell to ci db8330c9 libct/nsenter: fix unused-result warning 844d6774 CI: Validate compilation without buildtags 51508210 libct/nsenter: nullify pointer on asprintf error 2ab6484f libct/nsenter: no need to check size_t less than 0 f0dbefac .cirrus.yum: retry yum if failed 814f3ae1 libct/devices: change devices.Type to be a string 74b5c34e .cirrus.yml: simplify 77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3 bd50e7c4 libct/cg/OpenFile: check cgroupFd on error ab577f6f MAINTAINERS: add Sebastiaan van Stijn 2bab4a56 libct/nsenter: fix logging race in nsexec bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4 c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir 1b4c30fd libcontainer/intelrdt: always run unit tests 79d292b9 libcontainer/intelrdt: verify ClosID existence 17e3b41d libcontainer/intelrdt: support ClosID parameter 7296dc17 libcontainer/intelrdt: refactor clos path handling 1cbfe234 libct/cg: rm dead code d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+ 363468d0 libct/cg: improve GetAllPids and readProcsFile 504271a3 libct/cg: move GetAllPids out of utils.go fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 0f94799e man/runc-run.8: document --keep option cb824629 proposal: add --keep to runc run e06465ac ci/cirrus: remove unused code 120f7406 ci/gha: add latest criu-dev test run 60e02b4b runc exec: fail with exit code of 255 18f434e1 script/release.sh: make builds reproducible 61e201ab makefile: update ldflags and add strip for static builds 5110bd2f nsenter: remove cgroupns sync mechanism 7a0302f0 runc init: simplify a91ce306 libct/_test.go: use t.TempDir 3bc606e9 libct/int: adapt to Go 1.15 1eeaf113 libct/intelrdt/_test.go: use t.TempDir f6a56f60 libct/cg/fs/_test.go: use t.TempDir 2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility 6215b2f3 ci/gha: drop Go 1.13 a952b5aa README, go.mod: require go 1.15+ 12a1dccb Revert "libcontainer: avoid using t.Cleanup" 015fa29a Revert "Revert "Makefile: rm go 1.13 workaround"" 5dd92fd9 libct/seccomp: skip redundant rules e44bee10 libct/seccomp: warn about unknown syscalls 073e085c libct/seccomp: ConvertStringToAction: fix doc 9f656dbb Do not use Vagrant for CentOS 7/8 d4480164 tests/rootless.sh: fixup for "update rt" test 86af5248 tests/int: fix "update rt period and runtime" for rootless cc0b1644 README.md: remove abandoned versioning policy 87bfd20f Evaluate Cirrus CI for Vagrant tests a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate 52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw 5dc32604 libct/int/TestFreeze: test freeze/thaw via Set af1688a5 libct/int: allow subtests 67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer d02b0061 ci/gha: run on release-* branches after a push 57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs fe518a06 vendor: update github.com/cilium/ebpf 3e5c1997 libct/cg/sd: Add freezer tests 294c4866 libct/cg/fs/freezer.GetState: report current cgroup state f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set d41a273d Update device update tests be1d5f83 ci: enable unconvert linter, fix its warnings 6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests 9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3 24d5daf5 libct/user: fix parsing long /etc/group lines 226dfab0 libct/user: ParseGroupFilter: use TrimSpace 120e3a77 libct/user: use []byte more, avoid allocations 83776dd8 libcontainer: Bail on close(2) failures 7d479e6b libcontainer: Don't close fds already closed e39ad650 retry unix.EINTR for container init process c508a7bc libct/rootfs: consolidate utils imports 1bbeadae tests/int/no_pivot: fix for new kernels 0229a77a libcontainer/intelrdt: privatize some ids 8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down 00d15629 libct/intelrdt: simplify NewLastCmdError e0ce428b libct/intelrdt: remove NotFoundError type feff2c45 libct/intelrdt: fix potential nil dereference 82498e3d libct/specconf: remove unneeded checks bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1 70fdc057 Revert "checkpoint: resolve symlink for external bind mount" e618c02d libct/stacktrace: remove e918d021 libcontainer: rm own error system 60c647a7 libct/error: rm ConsoleExists a7cfb23b : stop using pkg/errors b60e2edf libct/cg: stop using pkg/errors a6cc36a8 libct/cg/ebpf: stop using pkg/errors f137aaa2 libct/cg/devices: stop using pkg/errors ebb08128 .golangci.yml: enable errorlint 56e47804 : ignore errorlint warnings about unix.* errors f6a0899b : use errors.As and errors.Is 5d2a11ad tty.go: don't use pkg/errors, use errors.Is c6fed264 libct/keys: stop using pkg/errors adbac31d libct: fix errorlint warning about strconv.NumError 7be93a66 : fmt.Errorf: use %w when appropriate d8ba4128 libct/rootfs: improve some errors 36aefad4 libct: wrap unix.Mount/Unmount errors 825335b2 libct/cg/fs2: fix/unify parsing errors 5a186d39 libct/cg/fs: fix/unify parsing errors f813174d libct/cg/fscommon: introduce and use ParseError adcd3b44 libct/cg/fs[2]: simplify getting pid stats 4e330942 libct/cg/fs/stats_util_test: fix errors 563225d5 libct/StartInitialization: fix errors 3fee59f9 libct/cg/fs/_test: simplify errors fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err 627a06ad Replace fmt.Errorf w/o %-style to errors.New 242b3283 libct/cg/fscommon: rm unused var 92e8d9b9 libct/intelrdt: error message nits 041caf10 VERSION: back to development dfc0f069 man/: revamp 85aabe23 C/R: let criu use its default if --work-path is not set e8bd33ae runc --help: improve log options description cf4ecaed runc update: hide --kernel* options 4065c394 exec: rm --no-subreaper flag da22625f checkpoint: resolve symlink for external bind mount Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2022-02-02 22:45:37 -05:00
Bruce Ashfield	df3cc49550	runc: update to 1.0.3 Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits: 31f7b334 VERSION: back to development f46b6ba2 VERSION: release v1.0.3 b8dbe466 runc init: avoid netlink message length overflows e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15 2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively 42bfc63b script/release.sh: fix for opensuse 8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse cbb23675 runc run: fix ro /dev e802cfae test/int/mount.bats: refer to github issue 3640499a libct/rootfs: consolidate utils imports aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests fdee8658 libct/int/checkpoint_test: fix ParentImage cbb5ef5c improve error message when dbus-user-session is not installed 86d83333 VERSION: back to development Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-12-10 09:41:42 -05:00
Bruce Ashfield	0a7ae8bc50	global: convert github SRC_URIs to use https protocol github is removing git:// access, and fetches will start experiencing interruptions in service, and eventually will fail completely. bitbake will also begin to warn on github src_uri's that don't use https. So we convert the meta-virt instances to use protocol=https (done using the oe-core contrib conversion script) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-11-02 09:57:03 -04:00
Bruce Ashfield	761f7e8ec0	runc-opencontainers: update to v1.0.2 We refresh our patch context and pickup the following commits: Bumping runc to version v1.0.2-2-g04bcb7c7, which comprises the following commits: 86d83333 VERSION: back to development 52b36a2d VERSION: release 1.0.2 8ec57628 libct/cg/sd/v1: add SkipFreezeOnSet knob 1850dc16 libct/cg/sd/v1: add freezeBeforeSet unit test 4ce440f2 libct/cg/sd/v1: Fix unnecessary freeze/thaw 13b45cb4 libct/nsenter: fix unused-result warning 7cf1952f libct/nsenter: fix logging race in nsexec e2e5267c [1.0] script/release.sh: make builds reproducible 960182fd libct/seccomp: skip redundant rules 4c70105b libct/cg/v1: workaround CPU quota period set failure 1d454045 Do not use Vagrant for CentOS 7/8 c8d8fd5b tests/rootless.sh: fixup for "update rt" test 257018e7 tests/int: fix "update rt period and runtime" for rootless 76c047f1 Evaluate Cirrus CI for Vagrant tests 466d1a1a VERSION: back to development 4144b638 VERSION: release 1.0.1 4efb7a69 libct/cg/sd: add TestPodSkipDevicesUpdate 82d3eb69 libct/cg/sd: TestFreezePodCgroup: rm explicit freeze 2fc2e3d6 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw ef0aa849 libct/int/TestFreeze: test freeze/thaw via Set 01cd4b5f libct/int: allow subtests 22b2ff0f libct/cg/sd/v1: Set: don't overwrite r.Freezer 04edd79d libct/cg/sd: Don't freeze cgroup on cgroup v2 Set 298a3100 Update device update tests 257723b3 ci/gha: run on release-* branches after a push 4dc207a6 cgroupv2: ebpf: ignore inaccessible existing programs 90d01a04 vendor: update github.com/cilium/ebpf 3f40fbff libct/cg/sd: Add freezer tests c1a5b3e1 libct/cg/fs/freezer.GetState: report current cgroup state 0a5d8ba4 libct/user: fix parsing long /etc/group lines 5fd7b3b7 libct/user: ParseGroupFilter: use TrimSpace 0025bf68 libct/user: use []byte more, avoid allocations 3745b2be [1.0] retry unix.EINTR for container init process e99c0f5e tests/int/no_pivot: fix for new kernels 84113eef VERSION: release runc 1.0.0 29168172 tests/int/cgroups: add test for bfq per-device weight 1036f3f9 libct/cg/fs2: set per-device io weight if available 30d83d4d libct/cg/fs/blkio: do not set weight == 0 d7fc3028 libct/cg/fs: mark {Open,Read,Write}File as deprecated 8f1b4d4a libct/cg: mv fscommon.{Open,Read,Write}File to cgroups 322c8fd3 Returns clearer error message for setenv 46940ed8 update cilium/ebpf to fix haveBpfProgReplace() check 6339d8a0 libcontainer/cgroups/fs/blkio: support BFQ weight[_device] 01f5dcae build(deps): bump tim-actions/get-pr-commits from 1.0.0 to 1.1.0 bd8e0701 libct/cg/sd: fix "SkipDevices" handling 1b2abc89 github: workflows: fix tiny typo b31a9340 libcontainer: relax validation for absolute paths dbb35411 configs/validator: move cgroup validation to the list of checks 9573e4b6 libct/cg/fs: don't forget to close a file 9ebc573a cgroupv2: ebpf: debug info when detaching programs in fallback mode a3ca7b47 cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully d06bda60 libct/cg/sd/dbus: fix NewDbusConnManager 535f25c4 Allow restoring with a different LSM profile 508f5bf6 libct/int: add device update test 8fe3dfbb libcontainer/system: remove alias for deprecated RunningInUserNS 3f23a736 libcontainer/configs: remove stubs for deprecated Devices funcs b2d28c5d libct/cg/sd: fix dbus error handling bf7492ee runc update: skip devices c3831d64 libct/cg/fs/stats_util_test: use t.Helper 9eb0371b libct/cg/fs/memory_test: fix formatting e969d421 libct/int/testPids: logging nits a5bd78ef vendor: willf/bitset@v1.1.11 -> bits-and-blooms/bitset@v1.2.0 65cf0e61 Bump selinux to v1.8.2 f99d252d docs/terminals.md: add troubleshooting 49ea4b37 update crosbymichael email 3e1bcb1f libcontainer/keys: var should be sessKeyID/ringID (golint) 1fb56f9f libcontainer/cgroups/devices: if block ends with a return statement c2416fb4 libcontainer/system: fix godoc (golint) 9be156cb libcontainer/devices: fix godoc (golint) 340fdd93 libcontainer/nsenter: fix captalization (golint) 81fc5c87 libcontainer/user: fix capitalization (golint) e204d6a9 libcontainer/configs: add / fix godoc (golint) c0643046 libcontainer/apparmor: split api (exported) from implementation 02fb18ed libcontainer/user: remove unused ErrUnsupported 9e964dfc build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 470610d0 build(deps): bump github.com/cilium/ebpf from 0.5.0 to 0.6.0 31f58829 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 c836265b build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1 074aa044 build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0 7ca54562 Enable dependabot e6048715 Use gofumpt to format code 1eea9253 cgroup2: io: add io.stats parsing test 0fef122f cgroup2: io: handle 64-bit values correctly on 32-bit architectures efca32c7 cgroup2: io: map io.stats to v1 blkio.stats correctly 49d293a5 cgroup2: capitalize io stats read and write Op values 0e16e7c2 libct/cg/sd: add SkipDevices unit test f5a2c9cc tests/int/dev: only call lsblk once aa934af0 runc -v: set default for, always show main.version 37767c05 ci: lint: show all errors in PRs 07ca0be0 : clean up remaining golangci-lint failures 752e7a82 libct/cg/sd: fix SkipDevices for systemd fdc28957 Makefile: use git describe for $COMMIT 33c9f8b9 libct/cg/sd: return error from stopUnit Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-08-27 10:50:45 -04:00
Bruce Ashfield	76776449ce	runc: update to rc95 Updating to the latest runc, which includes the following commits: 37767c05 ci: lint: show all errors in PRs 07ca0be0 : clean up remaining golangci-lint failures 00119c85 integration: add repeated "runc update" test d0f2c25f cgroup2: devices: replace all existing filters when attaching 98a3c0e4 cgroup2: devices: switch to emulator for cgroupv1 parity dcc1cf7c devices: add emulator.Rules shorthand 54904516 libcontainer: fix integration failure in "make test" c7c70ce8 : clean t.Skip messages a95237f8 libctr/cg/systemd: export rangeToBits df0206a6 errcheck: utils 0c65f833 errcheck: signals 3b31e3ea errcheck: tty b45fbd43 errcheck: libcontainer 463ee5e1 errcheck: libcontainer/nsenter 7e7ff872 errcheck: libcontainer/configs a8995053 errcheck: libcontainer/integration b93666eb libct/cg/fs2: setFreezer: wait until frozen 1069e4e9 libct/cg/fs2: optimize setFreezer more 5d193188 libct/cg/fs2: optimize setFreezer 8a7a374f VERSION: back to development b9ee9c63 VERSION: release v1.0.0-rc95 0ca91f44 rootfs: add mount destination validation c61f6062 libcontainer: honor seccomp defaultErrnoRet d519da5e Dockerfile, Vagrantfile.centos7, .github: bats 1.3.0 bdad2859 Dockerfile, Vagrantfile.centos7: use go 1.16 f96530f2 EMERITUS: recognise previous maintainers c73a6626 VERSION: back to development 2c7861bc VERSION: release v1.0.0-rc94 12e9cac9 Vagrantfile.fedora: set Delegate=yes ac70a9a1 tests/int: run rootless_cgroup tests for v2+systemd 601cf582 tests/int/cgroups: don't check for hugetlb 40b97919 tests/int: enable/use requires cgroups_<ctrl> 44fcbfd6 tests/int/helpers: generalize require cgroups_freezer 353f2ad1 tests/int/update.bats: don't set cpuset in setup 4f8ccc5f libct/cg/sd/v2: call initPath from Path 0ed1f802 tests/int/helpers: rm old code af2e03c5 ci/gha: bump shellcheck 0.7.1 -> 0.7.2 2d1bb91d ci/gha: bump shfmt 3.2.0 -> 3.2.4 a7feb423 libct/int: add TestFdLeaksSystemd c7f847ed libct/cg/sd: use global dbus connection 99c5c504 libct/cg/sd: introduce and use getManagerProperty 0fabed76 libct/int/checkpoint_test: use kill(0) for pid check 7eb1405b libct/int/checkpoint_test: use waitProcess helper 72d7a824 libct/int/checkpoint_test: use t.Helper bcca7968 libct/int: simplify/fix showing errors 524abc59 freezer: add delay after freeze e1d842cf libct/intelrdt: fix unit test 541fc19e Makefile: allow overriding go command by environment 06a9ea36 script/release.sh: add -a to force rebuild 91b01682 Update golang.org/x/sys to add linux/ppc support ee4612bc CI: enable Go 1.13 again e2dd9220 go.mod: demote to Go 1.13 45f49e8f libcontainer: avoid using t.Cleanup 1a659bc6 Revert "Makefile: rm go 1.13 workaround" abf12ce0 libc/cg: improve Manager docs 3f659467 libct/cg: make Set accept configs.Resources af0710a0 libct/cg/sd/v2: fix Set argument 850b2c47 libct/cg/fscommon.OpenFile: speed up ro case 71a8aee8 cgroups/systemd: replace deprecated dbus functions 47ef9a10 libct/cg/sd: retry on dbus disconnect 6122bc8b Privatize NewUserSystemDbus 15fee989 libct/cg/sd: add renew dbus connection bacfc2c2 libct/cg/sd: add isDbusError cdbed6f0 libct/cg/sd: add dbus manager 9efd8466 libct/cg/fscommon.OpenFile: reverse checks order 0bee5e0b libct/cg/fs: add GetStats benchmark 7e7eb1c3 CI: update Fedora to 34 d3cee12a cloned_binary: switch from #error to #warning for SYS_memfd_create 23e3794d checkpoint: validate parent path fcd7fe85 libct/cg/fs/freezer: make sure to thaw on failure 0216716c tests/int: add a case for cgroupv2 mount 5ffcc568 tests/int: use bfq test with rootless ff692f28 Fix cgroup2 mount for rootless case 3826db19 libct/rootfs/mountCgroupV2: minor refactor 1e476578 libct/rootfs: introduce and use mountConfig deb8a8dd libct/newInitConfig: nit 2192670a libct/configs/validate: validate mounts 1f1e91b1 libct/specconv: check mount destination is absolute 73f22e7f libcontainer/cgroups/systemd: replace use of deprecated dbus.New() aa622723 tiny fix iterative checkpoint test case ee3b563d Add cfs throttle stats to cgroup v2 6faed0e4 libct/int: use ok(t, err) af3c5699 libct/int: remove unused code 7b802a7d libct/int: better test container names 9f3d7534 logging: enable file/line info if --debug is set 31dd1e49 tests/int: add rootless + host pidns test case a2050ea4 runc run: fix start for rootless + host pidns 0f8d2b6b libct/cg/fs2.Stat: don't look for available controllers 85416b87 libct/cg/fs2.statPids: fall back directly 10f9a982 libct/cg/fs2/getPidsWithoutController: optimize 6121f8b6 libct/cg/fs2.Stat: always call statCpu 9455395b libct/cg/fs2/memory.Stat: add usage for root cgroup a9c47fe7 libct/cg/fs[2]/getMemoryData[V2]: optimize b99ca25a libct/cg/fs2/memory: fix swap reporting c8e0486f Fix oss-fuzz build Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-06-04 08:43:09 -04:00
Martin Jansa	67807f2bc3	Revert "runc-opencontainers: use bfd even with ld-is-gold" This reverts commit `dda5ae36b4`. binutils gold linker was fixed with: https://git.openembedded.org/openembedded-core/commit/?id=d07d4d739ae17787017f771dd2068fda0e836722 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-05-13 23:07:57 -04:00
Martin Jansa	dda5ae36b4	runc-opencontainers: use bfd even with ld-is-gold * just a work around for internal error in binutils-2.36 gold: http://errors.yoctoproject.org/Errors/Details/580099/ CGO_ENABLED=1 x86_64-oe-linux-go build -trimpath -tags "seccomp seccomp netgo osusergo" -ldflags "-w -extldflags -static -X main.gitCommit="fce58ab2d5c488bc573d02712db476a6daa9a60c-dirty" -X main.version=1.0.0-rc93+dev " -o runc . TOPDIR/tmp-glibc/work/core2-64-oe-linux/runc-opencontainers/1.0.0-rc93+gitAUTOINC+fce58ab2d5-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/11.0.1/ld: internal error in format_file_lineno, at ../../gold/dwarf_reader.cc:2278 collect2: error: ld returned 1 exit status * it fails like this only together with gcc-11, with gcc-10.3 it builds fine even with gold Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-05-06 16:40:00 -04:00
Ralph Siemsen	7a1dbe1004	runc: add CVE_PRODUCT to recipes Allows the yocto cve-checker to flag CVEs, which would otherwise go unreported due to the package name not matching NIST NVD data. Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-04-29 23:08:39 -04:00
Bruce Ashfield	76ded0c386	runc: update to rc93 latest Bumping the SRCREV to include the following commits: ef9922c2 libct/cg: don't return OOMKillCount error when rootless 5cdd9022 libct/cg/fs[2]: fix comments about m.rootless 2f1a3ed3 Fix vendored dependencies d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0 f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach 928ef7af libct/nsenter: add json msg escaping 52390d68 Ignore kernel memory settings b7c315ad vendor: bump containerd/console to 1.0.2 b6cdb8ae fix a typo 64bb59f5 nsenter: improve debug logging 6ce2d63a libct/init_linux: retry chdir to fix EPERM c5029c00 tests: fix hello-world tarball name in testdata for arm64 289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1 4316df8b libcontainer/system: move userns utilities to separate package e7fd383b libcontainer/system: un-export UIDMapInUserNS() 249356a1 libcontainer/system: remove unused GetParentNSeuid() dc52ed25 libcontainer/user: remove outdated MAINTAINERS file 72ecf59c libcontainer/user: fix windows compile error 2515b0c2 libct/user: rm windows code 0596f6e1 libcontainer/devices/device_windows.go: rm b1deba8c libcontainer/configs/config_windows_test.go: rm f1586dbd libcontainer/configs/validate: make Validate() less DRY 4126b807 libcontainer/configs: add missing type for hooknames 48125179 go.mod: github.com/cilium/ebpf v0.4.0 44611630 docs/systemd: add 27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default d748280a make release: build/include libseccomp aa6da82c script/release.sh: fix shellcheck warnings 3eb46d89 ci: make static built binary available f0dec0b4 libct/specconv/CreateCgroupConfig: nit 36fe3cc2 tests/int/cpt: fix lazy-pages flakiness 2dd62b3d libct/checkCriuFeatures: rm excessive debug 0e089002 tests/int/checkpoint: close lazy_r fd b09030a5 tests/int/checkpoint: close fds in check_pipes e63df1e6 tests/int: really randomize cgroup/unit names 6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE adf733fa vendor: update go-systemd and godbus f09a3e1b tests/int: don't set/use CGROUP_XXX variables 4ecff8d9 start: don't kill runc init too early b1184302 libct/configs/validator: add some cgroup support 79a8647b libct/int: add TestFdLeaks b3be2b0b libct: close execFifo after start 08b52797 Make test specific to disassembleFilter function 7b3e0bcf Ensure the scratch pipe is read during ExportBPF 62f1f0e4 tests/int/checkpoint: check all logs for errors 346cb359 Revert "tests/checkpoint: show full log lazy pages cpt" c9b3787b script/check-config.sh: add SELinux and AppArmor 5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 2726146b runc --debug: more tests 201d60c5 runc run/start/exec: fix init log forwarding race c06f999b libct/logs/test: refactor 688ea99e runc init: fix double call to ConfigureLogs dd6c8d76 main: cast Chmod argument to os.FileMode 69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner 0300299a tests/int/debug.bats: fixups d38d1f9f libcontainer/logs: use int for Config.LogPipeFd ac93746c libct/seccomp: rm IsEnabled 9b2f1e6f runc version: don't use seccomp.IsEnabled d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER 997e8942 capabilities.Caps: use a map for capability-types 41f466d8 nsexec.c: fix formatting for netlink defines 522bd641 Fix checking C code formatting 1948b4ce cloned_binary.c: rm redundant comments b67deb56 nsexec.c: rm a block 513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection d6e89248 Fix build-tags in libcontainer/devices f585cec7 libct/cg/v2: always enable TasksAccounting 8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight 74299a1c CI: cache ~/.vagrant.d/boxes 97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set 051646a3 tests: test nested bind mount restore 705b6cc7 Re-create mountpoints during restore Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-04-16 10:38:06 -04:00
Bruce Ashfield	5ee98852fb	runc: update to latest -rc93 Bumping the runc version to incorporate the following commits: 2ae56653 Move fuzzers upstream 053e15c0 tests/checkpoint: show full log lazy pages cpt e618a6d5 curl: add --retry 5 4b98e4a7 MAINTAINERS: update Aleksa's email 8a3484b7 libcontainer/factory*: adjust the file mode 71ca6432 fix integration tests README.md 916654ff libcontainer: fix LinuxFactory comments c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme 38b2dd39 runc exec: report possible OOM kill 5d0ffbf9 runc start/run: report OOM 7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey 9fa65f66 libct/cg/fscommon: add GetValueByKey c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile 494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue 1880d2fc libct/cg/fs/memory: handle EBUSY 27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor 3cced523 libct/cg/fs/memory: optimize Set 65c2d3c2 tests/int/update: add test case for PR #592 53d3b552 Update README.md for libcontainer 6c5ed0db Fix memory stats for cache in fs2 af521ed5 libct/cgroups/systemd: don't set limits in Apply fa52df94 libcontainer: fix the file mode of the device d0cbef57 Makefile: rm go 1.13 workaround 4019f08d make validate: rm go vet f9c21133 make lint: use golangci-lint 671bb978 Makefile: remove ci target 95940855 script/validate-gofmt: rm 91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x 5b14a261 README: add gha badges f3f563bc apparmor: try attr/apparmor/exec before attr/exec 41670e21 tests/int: rework/simplify setup and teardown d73b4443 ci: enable -race from matrix b7744547 libct/int: fix a data race c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE 985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR 85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root 76532fac tests/int/events: rm unneeded eval 49766140 tests/int: use wait_for_container where appropriate 4d6ffa39 tests/int/helpers: reimplement wait_for_container e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE 0cfc2e32 tests/int: rm teardown_running_container_inroot 78f0e4b2 tests/int: rm wait_for_container_inroot 64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var efb8552b tests/int: add device access test 81707abd ebpf: fix device access check c3428722 libct/config: fix a data race 51ec5db1 ci: add i386 unit test run b142a70e libct/seccomp/patchpbf/test: fix for 32-bit 2831fb55 cgroup2: devices: handle eBPF skipping more correctly d1007b08 cgroupv1 freezer: thaw to increase freeze chances Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-03-16 09:26:49 -04:00
Bruce Ashfield	a84fa54160	runc: update to 1.0.0-rc93 Bumping to the next rc of runc, which comprises the following commits: 1e0016cf Show error stack trace if --debug is set 5c0342ba libcontainer: fix bad conversion from syscall.Errno to error a9e99b6d ci/gha/fedora: retry vagrant up f26768a8 VERSION: back to development 12644e61 VERSION: release 1.0.0~rc93 c348b982 tests/rootless.sh: fix/ignore shellcheck warnings 11437593 tests/rootless.sh: use set -e -u -o pipefail 5ab05884 ci: untangle getting test images bc175ba4 tests/helpers.bash: rm GOPATH dc025792 ci/gha: bump golangci-lint to v1.36 4d3a8d5e .golangci.yml: add 76ae1f5c libct/cg/fs/freezer: fix freezing race c4bc3b08 Remove "PatchAndLoad" stub as it's not used without seccomp enabled 6ddfaa5e cgroupfs: cpuset: fix broken build ca422896 Makefile: add -trimpath go build flag d89c9629 Fix typo in README b1195b76 ci: test with golang 1.16-rc1 164e0adb tests/int/spec.bats: fix for go 1.16 4160d743 seccomp: add enosys unit tests 8bd19cd5 tests: add seccomp -ENOSYS integration test 7a8d7162 seccomp: prepend -ENOSYS stub to all filters 2be806d1 libcontainer/configs: improve CommandHook unit tests f4d153b0 Fix int overflow in test on 32 bit system 4e98eec1 libct/cg: demote "systemd is too old" to debug c7357aad libct/cg/ebpf/testDeviceFilter: rm verbose logging 6a9f5ac9 libct/cg/fs: fix a linter warning 63c44e27 libct/cg/fs: getPageUsageByNUMA: rewrite/optimize e9248dd5 cgroup: fix panic in parse memory.numa_stat 426aa416 libct/int/TestExecInTTY: skip c30cd3cd libct/int/TestExecInTTY: fix error reporting dac0c1e3 console.ClearONLCR: move it back ab27e12c Implement GetStat for cpuset cgroup. 867ba38e events: simplify some conversion functions 8ce51611 GHA: tune timeouts for VM jobs 510e404e make shfmt: run for all script/* files 90d02ecc Vagrantfile.centos7: clean up after bats install a91210f4 gha: use ssh -tt to have a tty 1f4a3b1e gha: don't check commits on push 4a30ada4 gha: cache docker layers to speed up make runcimage 58c31003 README: rm travis badge a21e57d7 tests/int/hooks.bats: skip earlier 657a24ce libct/cg/TestGetHugePageSizeImpl: only log errors 3394e374 libct/cg/sd/TestRangeToBits: be less verbose 230a46b7 systemd: fix rootful-in-userns regression c751ba3f systemd: show more helpful error a35cad3b libct/cg/sd/v2: warn about old systemd 03b512e5 libc/cg: convert r.CPU.Cpus/Mems to systemd props eee425f5 libct/cg/sd/systemdVersion: don't return error 5de00ad9 tests/int/multi-arch.bash: fix for busybox b3cf4831 script/check-config.sh: fix IOSCHED_CFQ CFQ_GROUP_IOSCHED 1a00cd8f script/check-config.sh: fix MEMCG_SWAP_ENABLED ecb9d73c script/check-config.sh: fix NF_NAT_NEEDED 483abaac script/check-config.sh: fix NF_NAT_IPV4 91eba84a script/check-config.sh: support for cgroupv2 25987d03 libcontainer/intelrdt: adjust the file mode c8e89b8d Remove script/install-vagrant.sh 06a684d6 libct/int/TestExecInTTY: repeat the test 300 times fedaa2ab TestExecInTTY: simplify, improve error reporting 719d70d2 setupIO: simplify code 24c05b71 tty: fix ClearONLCR race 039c47ab libcontainer: signalAllProcesses(): log warning when failing to thaw 18972177 libcontainer: move capabilities to separate package 692fab09 libct/checkProcMounts: optimize 72f46389 libct: add TODO about os.ErrProcessDone d7df3018 libct: suppress bogus "unable to terminate" warnings 637f82d6 runc run: resolve tmpfs mount dest in container scope d64c3afe tests/int/mount.bats: reformat a2c9866e tests/int/mounts.bats: cleanup 9f2153c6 libct/cgroups/fs/cpuset: don't use MkdirAll c85cd2b3 libct/cg/fs/cpuset: don't parse mountinfo c0e14b8b libct/cg/fs.getCgroupRoot: reuse (cached) cgroup mountinfo ed70dfa7 libct/cgroups/v1_utils: implement mountinfo cache 17a0dc31 README: add note about not using runc directly 4bc2aab9 README: add links to misc docs 2dc1bf91 ci: move Fedora 33 and CentOS 7 tests to gha e431fe60 ci: move misc validate tasks from travis to gha 7ecba232 ci: move cross compile check from travis to gha 8ccd39a9 ci: move commit length check from travis to gha 1125ae78 tests/events.bats: unify duplicated code 27268b1a tests/int/cwd: add test case for cwd not owned by runc d869d05a libctr/init_linux: reorder chdir 8bd3b878 test: add case for GH #2086 cb3dd9d8 libct/configs/validate: test for bind-mounted netns 8e8661e1 libct/configs/validate/sysctl: fix repeated netns checks 2dce0699 libct/configs/validate: fix host netns check 2143b368 libct/int/execin_tty: do help debug a flake e709b8ab libctl/cgroups/fscommon: close fd 325a74dd libcontainer/intelrdt: rm init() from intelrdt.go cb269306 remove "selinux" build tag (Always compile SELinux support) 552a1c7b remove "apparmor" build tag (Always compile AppArmor support) 48b8eb09 checkProcMount: add /proc/slabinfo to whitelist 1909051b libct/int/execin_tty: help debug a flake 97929295 libct/intelrdt: fix a staticcheck warning 6437086e libct/addCriuMount: fix gosimple warning d0b59548 libct/checkCriuFeatures: fix gosimple linter warning 3de5c514 libct/int: don't hardcode CAP_NET_ADMIN 3387422b libct/int: fix "simple" linter warnings 11680cd2 libct: fix "unused" linter warning a99ecc9e libct/cg/utils: silence a linter warning 3c9b03fd libct/cg/fscommon: log openat2 init failures 6bda4600 libcontainer/cgroups/fscommon: add openat2 support 31b0151f move blkio stat gathering to loop 990a6c57 cgroups: update blkio GetStats be56333f bats: update to 1.2.1 f15c4cca Update umoci to 0.4.6 4344bd8f Dockerfile: use binary criu release 3aead32e nsenter: hard-code memfd_create(2) syscall numbers 5d1b0268 .github/workflows/validate: nits 7cd062d7 libct/cgroup/utils: fix GetCgroupMounts(all=true) 4fc2de77 libcontainer/devices: remove "Device" prefix from types 677baf22 libcontainer: isolate libcontainer/devices de80aae4 recvtty: fix errcheck linter warnings 6b41b463 recvtty: fix waiting for both goroutines 4bbfd2e1 recvtty: use ioutil.Discard c1ef0cf6 ci: add integration+unit tests to github actions fce8dd4d tests/int/tty.bats: increase timeout c6ed1854 ci: add shellcheck to github actions 27835a9e Makefile: move shellcheck out of validate 33bda24a ci: move verify-deps from travis to github actions c60f23b3 ci: add shfmt to github actions 717a73b3 ci: renamed golangci-lint to validate 06b204e5 Makefile: move shfmt out of validate, add -w 7856c340 Dockerfile: bump criu to 3.15 ee1bdb80 vendor: github.com/cilium/ebpf v0.2.0 f0d5e839 Dockefile: fix path to skopeo repo d9010b0e integration: update README to link to bats-core 3f2f06df Move cgroup v2 out of experimental f62ad4a0 libcontainer/intelrdt: rename CAT and MBA enabled flags 620f4c5c libcontainer/intelrdt: fix CMT feature check 896da0b9 docs: terminals: modify the example of Pass-Through mode. 4690064f update vendor 9403afd7 CI: Fedora 33: print kernel version, systemd version, and rootfs type 0a097615 CI: update Fedora to 33 41aa7640 linux: drop MS_REC for readonly remount a4e6955e linux: fix remount readonly in a user namespace 2e968a83 libct/cg/sd/v2: "support" (ignore) memory.oom.group c013be56 libct/cg/sd/v2: support memory. / Memory* unified 13afa58d libct/cg/sd/v2: support cpuset.* / Allowed* 5be8b97a libct/cg/sd/v2: support cpu.weight / CPUWeight 390a98f3 runc update: support unified resources ab80eb32 libct/cg/sd/v2: support cpu.max unified resource 7f24098d tests/int: move check_cpu* to helpers fd5226d0 libct/cg/sd: add defCPUQuotaPeriod 0cb8bf67 Initial v2 resources.unified systemd support ed548376 tests/int/update.bats: add checks for runc status d0991db2 tests/int/cgroups.bats: reformatting a66a8238 ci: pin shfmt to v3.2.0 2ceb9719 tests/integration: rm excessive run use e32716d3 tests/int: simplify teardown_running_container c114919f tests/int: fix "runc exec --preserve-fds" 7b8c4e98 shfmt mounts.bats to pass `make validate` ac5ec5e3 libcontainer/integration: fix unit test f5c345c3 test: add "runc run --no-pivot must not expose bare /proc" 17de6f80 vendor: bump mountinfo to v0.4.0 70538b39 Update bash completion to support systemd-cgroup 933c4d31 libcontainer/intelrdt: privatize IntelRdtManager and its fields 2c004a10 libcontainer/intelrdt: introduce NewManager() abcc1aae fix some typos about libcontainer 939ad4e3 don't panic when /sys/fs/cgroup is missing for rootless 7613c718 Update bash completion to support new capabilities b8bf5728 rootfs: handle nested procfs mounts for MS_MOVE 5903b0ce libcontainer/intelrdt: remove 'omitempty' property from CMT and MBM counters 0253a08d CI: add shfmt for sh files ff9852c4 .sh: use shfmt 069fddfa CI: add shfmt for bats fc8c7797 tests/integration/.bats: reformat with shfmt 0aa0fae3 Kill all processes in cgroup even if init process Wait fails 978fa6e9 Fixing some lint issues f0fdde79 libct/cg/systemd/v1: fix err check in enableKmem c1bba720 libct/cg/systemd/v1: do not use c.Path fa47f958 libct/int/newTemplateConfig: add systemd support 9135d99c libct/int/newTemplateConfig: add userns param 73d93eeb libct/int: make newTemplateConfig argument a struct fb4c27c4 Fix mount error when chmod RO tmpfs 002c92f1 libct/cg.WriteCgroupProc: use fscommon.OpenFile c95e6900 libct/cg/fs: use fscommon.OpenFile d55729f1 libct/cg/fs/blkio: use fscommon.OpenFile 0228226e libcontainer/cgroups/fscommon: introduce OpenFile b4483305 Add error message e25b8cfc libct/cg/utils: use fscommon.ReadFile 6bae53f5 libct/cg/fs2: use fscommon.ReadFile 2588e6f1 libct/cg/fs/cpuset: use fscommon.ReadFile 1d20cf49 libct/cg/fs/cpuacct: use fscommon.ReadFile 9e78b66e libct/cg/systemd/v1.enableKmem: use fscommon.ReadFile 31634436 libct/cg/fs2.CreateCgroupPath: use fscommon.File b7092d84 libct/cg/fs.setKernelMemory: use fscommon.WriteFile 619de977 libct/cg/fscommon_test: rm cgroups dependency ede8a86e Convert root path to absolute path on create command e8eb8000 fix some linting issues fcf210d6 Fix goreport warnings of ineffassign and misspell 644c107e libcontainer/intelrdt: modify the incorrect file mode 87412ee4 vendor: bump mountinfo v0.3.1 28b452bf libcontainer: unconvert b3a8b074 libcontainer: prefer bytes.TrimSpace() over strings.TrimSpace() 3d5dec2f libcontainer: remove the unused variable from spec b76652fb libcontainer: remove `removePath` from cgroups faaecac7 libcontainer: remove loadConfig which is the unused function c6ac3c4b libcontainer/system: remove deprecated GetProcessStartTime 3eb469b0 libcontainer: remove redundant strings.Join() bc9a7bda setFreezer: explicitly return nil 2a644a7d CI: add golangci-lint via github actions 360981ae libct/cgroups: rewrite getHugePageSizeFromFilenames 819fd683 go.mod: sirupsen/logrus v1.7.0 0eb66c95 go.mod: github.com/containerd/console v1.0.1 8bf21672 use string-concatenation instead of sprintf for simple cases a4d5e8a2 libcontainer/ignoreTerminateError: ignore SIGKILL dc424591 libct/(initProcess).start: fix removing cgroups on error 8699596d libct/(setnsProcess).Start: use retErr 38447895 libct/cgroups/systemd: eliminate runc/systemd race 6c83d23f libcontainer/cgroups/fscommon: improve doc 31f0f5b7 libct/cg/fscommon.GetCgroupParamUint: improve e76ac1c0 libct/cg/fscommon.GetCgroupParamString: use ReadFile aac4d1f5 libct/cg/fscommon/GetCgroupParamKeyValue: nits d167be29 libct/cgroups/fs2/statHugeTlb: error message nits 2c70d238 libct/intelrdt: add TestFindIntelRdtMountpointDir ab2b5dfa libcontainer/cgroups: use const for templates b7c446b3 checkpoint: setPageServer: use net.SplitHostPort instead of strings.Split f1c1fdf9 libcontainer/intelrdt: use moby/sys/mountinfo 4929c05a tests/int: add cgroupv2 unified resources tests 6e2159be tests/int/cgroups: make sure to rm containers b006f4a1 libct/cgroups: support Cgroups.Resources.Unified 8ceae9f7 libct/cgroups/GetHugePageSize: use Readdirnames 9aff7aae libct/utils: add GetHugePageSize benchmark 30601efa tests/int/spec.bats: simplify 6c21de38 tests/int/spec: only run once for rootless 186a38ba tests/int: whitespace cleanup 792d2c3b tests/int/cgroups.bats: rm unused code 908b7076 tests/int/.bats: make sure to delete containers 1c3af275 libcontainer: newContainerCapList() refactor to reduce duplicated code 8820a145 libcontainer: initialize slices with length f5c96b74 libcontainer: remove unneeded sprintf and intermediate variable b9e26ad8 libcontainer: remove workaround for RHEL6 kernels 373811ba libcontainer: rename cap variable as it collides with built-in 074e67ad Makefile: fix vendor and verify-dependencies 2ccefa63 restore: tell CRIU to use existing namespaces 71c10e3c vendor: github.com/moby/sys/mountinfo v0.2.0 ba8687fc tests/int/helpers: fix indentation fdb0590c tests/int/helpers: simplify set_cgroup_mount_writable 74b57fea fscommon.WriteFile: simplify error message a3f91b98 vendor: bump runtime-spec b682e8cf vendor: bump fileutils to v0.5.0 d1d13d9a tests/int/checkpoint: don't hide stderr 627074d0 tests/int/checkpoint: rm useless code bca5f24c tests/int/checkpoint.bats: fix showing logs on fail ce24d603 Add integration tests for cgroup devices 8297ae45 Makefile: fix DESTDIR handling dd3e0da3 tests/int/dev.bats: fixes for new busybox bcd30954 tests/int: fix runc exec --preserve-fds ba0246da libcontainer: Store state.json before sync procRun cbb0a793 Make sure signalAllProcesses is invoked in the function of destroy 940e1547 cgroupv1/systemd: (re)use m.paths f075084a cgroupv1/systemd: rework Apply/joinCgroups fad92bbf cgroupv1/Apply: do not overuse d.path/getSubsystemPath 0445fd60 Since no kernels support direct labeling of /dev/mqueue remove label bfb4ea1b Remove check for apparmor_parser in apparmor.IsEnabled() a63f99fc Add support for umask 42d9a6b4 tty.bats: add test cases when stdin is not a tty b79cb048 runc run/exec: fix terminal wrt stdin redirection b8efb020 tests/int/delete.bats: fix shellcheck warnings 28204ce7 tests/int/delete: rm useless code 34b4b106 tests/int: alt fix for shellcheck SC2034 d34f1c81 CI: add shellcheck of bats files f36fb46b tests/int/bats: ignore SC2016 598d8b73 tests/int/checkpoint.bats: ignore SC2206 08766b98 tests/int/bats: fix/ignore shellcheck SC2046 4ba4baea tests/int/bats: fix shellcheck SC2086, SC2006 b02ca2dc tests/int: fix shellcheck warning SC2002 3b80850e tests/int/update.bats: fix a shellcheck warning 612d0790 tests/int/update.bats: fix a shellcheck warning 82836d24 tests/int/cgroups.bats: fix a shellcheck warning 4b8ff6a1 tests/int/checkpoint.bats: ignore some shellcheck warnings ce50e1da test/int/spec.bats: simplify setup/teardown 699fdf89 tests/int/mount.bats: fix a check 85a30698 test/int/hooks.bats: fix here-doc 9a699e1a Skip redundant setup for /dev/ptmx when specified explicitly in the OCI spec. 0709202d Remove runc default devices that overlap with spec devices. 6249136a add libseccomp version to `runc --version` 1d85333a add runtime.Version() to `runc --version` 1e9f8059 cleancode: adjust and make it more readability 335f0806 tests/int/delete: cgroupv1 with sub-cgroups removal case 19be8e5b libct/cgroups.RemovePaths: speedup 3f14242e libct/cgroups: move RemovePath from fs2 254d23b9 libc/cgroups: empty map in RemovePaths bf8bb477 Modify from space to tab Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-02-05 22:21:58 -05:00
Bruce Ashfield	cc122f0f0a	runc: update to 1.0.0-rc92 Refresh patches for new context, drop CVE patch that has been integrated into the main repository. The following changes are part of this refresh: 49a73463 Merge pull request #2547 from kolyshkin/moar-v2-tests 9ada2e6d Merge pull request #2539 from kolyshkin/ext-pidns-nits b70de388 Merge pull request #2540 from kolyshkin/unify-test-inval-cgroup 0509b5ba Merge pull request #2553 from AkihiroSuda/support-kernel59-caps 6dfbe9b8 support CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE 54c53b10 Merge pull request #2533 from XiaodongLoong/fix_cgMode_redundant a2d1f85b Merge pull request #2542 from AkihiroSuda/go1.15 4c71a68c upgrade Go to 1.15 dedadbf9 Merge pull request #2545 from kolyshkin/go-mod-vendor 809dc640 Merge pull request #2548 from kolyshkin/int-cr-fix 7f64fb47 use criu cgroup mode const from go-criu 5026bfab tests/int: fix error handling and logging 2de0b5aa libct/integration: enable some tests for cgroupv2 985bd24f Makefile: fix go vet/fmt a340fa9b Merge pull request #2543 from mrunalp/release_1.0.0-rc92 1ff1bf34 VERSION: back to development ff819c7e VERSION: release 1.0.0-rc92 f6688549 Merge pull request #2499 from kolyshkin/find-cgroup-mountpoint-fastpath 234d15ec Merge pull request #2520 from thaJeztah/bump_runtime_spec 78d02e85 Merge pull request #2534 from adrianreber/go-criu-4-1-0 637d54b7 cgroups/fs tests: unify TestInvalidCgroup e54d1e47 libct: initialize inheritFD in place 8b973997 libct: criuNsToKey doesn't have to be a method 3de3112c Merge pull request #2525 from adrianreber/external-pidns 6f4616dd Pass location of CRIU binary to go-criu 267b7148 Upgrade go-criu to 4.1.0 d6f5641c Merge pull request #2507 from kolyshkin/alt-to-2497 46243fce Merge pull request #2500 from kolyshkin/fs-apply e0c0b0cf libct/cgroups/GetCgroupRoot: make it faster 901dccf0 vendor: update runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6 97b02cf9 Merge pull request #2531 from JFHwang/gomod_update 59352963 Update go.mod 67169a9d merge branch 'pr-2529' 95a59bf2 devices: correctly check device types 09e103b0 Tell CRIU to use an external pid namespace if necessary 610c5ad7 Factor out checkpointing with external namespace code d65df61d Merge pull request #2521 from zvier/master 92e2175d cleancode: clean code for utils_linux.go 86d9399c Merge pull request #2524 from adrianreber/fix-travis b7683d6b Fix .travis.yml warnings f8749ba0 merge branch 'pr-2509' f9850afa Merge pull request #2518 from XiaodongLoong/redundant_chroot_param af283b3f remove redundant the parameter of chroot function b7d8f3bf Merge pull request #2516 from ide-rea/fix-typo 47fbafb7 Merge pull request #2510 from kolyshkin/criu-el7 76b05e6d fix small typo cf1273ab Merge pull request #2498 from kolyshkin/v1-code-cleanups 545ebdd1 Merge pull request #2511 from kolyshkin/fedora-dnf-fix fbf047bf Merge pull request #2501 from XiaodongLoong/systemderror-fix f57bb2fe fix TestPidsSystemd and TestRunWithKernelMemorySystemd test error ce54a9d4 Merge pull request #2514 from rhatdan/windows 6d5125f8 tests/int/checkpoint: don't remove readonly flag 9806eb55 Merge pull request #2513 from lsm5/custom-PREFIX-in-Makefile d78ee471 Allow libcontainer/configs to be imported on Windows 5517d1d7 Merge pull request #2505 from XiaodongLoong/redundant-copy-src ffe9f0b0 Vagrantfile.centos7: do not ignore script failures bc1a9c11 allow customizable PREFIX variable a73ce38d cgroupv1/FindCgroupMountpoint: add a fast path c27b8e7f tests/fedora32: retry dnf 92f49821 tests/centos7: add criu 98c7c01d tests/int/checkpoint: require cgroupns c1adc99a cgroup/fs: rework Apply() 417f5ff4 tests/int/checkpoint: fds and pids cleanup 819fcc68 merge branch 'pr-2495' 2a322e91 cgroupv1: remove subsystemSet.Get() daf30cb7 cgroups/fs: rm getSubsystems 2e225799 libct/cgroups/fs.GetStats: drop PathExists check 11fb9496 cgroups/fs: rm Remove method from controllers 30dc54a9 Merge pull request #2503 from giuseppe/cgroup-fixes 3f811318 Merge pull request #2490 from kolyshkin/dev-opt 32034481 cgroup, systemd: cleanup cgroups 46a304b5 Merge pull request #2502 from tjucoder/master e638eda0 Merge pull request #2496 from kolyshkin/freeze-nits a4cb88f3 redundant souce code copy There is a docker -v flag for test in Makefile 2deaeab0 cgroup: store the result of IsRunningSystemd ab35cfe2 make sure pty.Close() will be called and fix comment 62a30709 cgroups/fs/path: optimize 46b26bc0 cgroups/fs/Freeze: simplify cd479f9d cgroupv1/freezer: don't use subsystemSet.Get() 3cb1909c Merge pull request #2493 from thaJeztah/bump_ebpf 108ee85b libct/cgroups: add SkipDevices to Resources f49adb52 vendor: update cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775 6f5edda9 merge branch 'pr-2491' d0e92896 VERSION: back to development 24a3cf88 VERSION: release 1.0.0-rc91 1b94395c Merge pull request #2476 from kolyshkin/cpt-err-log 834c4573 Merge pull request #2482 from kinvolk/alban/integration-tests 327284eb integration tests: fix typo in README.md 0fa097fc merge branch 'pr-2481' dff7685c Merge pull request #2459 from tedyu/linux-cont-set-cfg e643db6e Merge pull request #2479 from haircommander/fix-systemd-version 04806abd nsenter: fix repeat close() operations 9748b487 Merge pull request #2229 from RenaudWasTaken/create-container 861afa75 Add integration tests for the new runc hooks 2f7bdf9d Tests the new Hook 6a0f64e7 systemd: add unit tests for systemdVersion 6369e388 systemd: parse systemdVersion in more situations 819c40b3 Merge pull request #2478 from kolyshkin/get-pids 89516d17 libct/cgroups/readProcsFile: ret errorr if scan failed 406298fd Merge pull request #2466 from kolyshkin/systemd-cpu-quota-period 12a7c8fc Merge pull request #2411 from kolyshkin/v1-specific ccdd7576 Add the CreateRuntime, CreateContainer and StartContainer Hooks e232a71a tests/int/checkpoint: fix checks, add logs a6ddabd6 tests/int/checkpoint: whitespace cleanups e751a168 cgroups/systemd: add setting CPUQuotaPeriod prop 8c5a19f7 libct/cgroups/fs: rename some files cec5ae7c libct/cgroupv1/getCgroupMountsHelper: minor nit 0626c150 libct/cgroupv1: fix TestGetCgroupMounts test cases 0681d456 libct/cgroups/utils: move cgroup v1 code to separate file 7db2d3e1 libcontainer/cgroups: rm FindCgroupMountpointDir d244b405 libct/cgroups: improve ParseCgroupFile docs 5785aabc libct/cgroups: make isSubsystemAvailable v1-specific d5c57dce libct/criuApplyCgroups: don't set cgroup paths for v2 52b56bc2 libc/criuSwrk: remove applyCgroups param 142d0f2d libct/cgroups/utils: make FindCgroupMountpoint* v1-specific 44b75e76 libct/cgroups: separate getCgroupMountsV1 82d2fa4e Merge pull request #2453 from AkihiroSuda/vagrant-centos7 3834222d libct/cgroups/utils: getControllerPath return err for v2 55c77cb9 Merge pull request #2472 from kolyshkin/paths-nits dd2426d0 libct/cgroups: fix m.paths map access a77d7b1d libct: don't use GetPaths 5b247e73 Merge pull request #2338 from lifubang/systemdcgroupv2 c76af1d2 Merge pull request #2470 from katarzyna-z/kk-fix-numa-stats 601fa557 Merge pull request #2414 from kolyshkin/criu-notif 71e63de4 Fix #2469 omit memory.numa_stat when not available fdc48376 Merge pull request #2458 from kolyshkin/cpu-quota-II 3ddb913a Merge pull request #2467 from mrunalp/save_state_atomic ed9d93e2 Merge pull request #2455 from AkihiroSuda/docs-cgroup2 a4a306d2 Write state.json atomically 499357d6 add Vagrantfile.centos7 262ef563 update.bats: support systemd <= 226 1f366c6a tests/rootless.sh: fix executing bats in non-root PATH 6246bb11 spec.bats: avoid using `git -C` bd236e50 integration: skip checkpoint tests if criu binary not found b2163040 Merge pull request #2454 from AkihiroSuda/ci-fix-rt 1b03e725 tests/int/update: more cpu period/quota cases a92b0327 cgroups/systemd: fix set CPU quota if period is unset 1832bf0b tests/int/update: add cpu-quota -1 tests 7c2b2349 tests/integration/update: enable cpu quota for v2 32746fb3 update: do not overwrite old cpu quota/period 4189cb65 cgroups: remove cgroup.Resources.CpuMax 8b964677 cgroups/systemd: unify adding CpuQuota 2ce20ed1 cgroups/systemd: simplify genResourcesProperties 9d275d32 Set configs back when intelrdt configs cannot be set 4be54355 add integration test for ps/kill after the container stopped 1b97c04f merge branch 'pr-2445' 2a046695 merge branch 'pr-2446' 79fe41d3 Replace sed with jq for more readable json manipulation in tests 13865704 add cgroup v2 documentation 10d1e1ed test "update rt period and runtime": fix up runtime and period 0853956d Merge pull request #2452 from AkihiroSuda/silence-criu-not-found 13020202 Merge pull request #2449 from katarzyna-z/kk-fix-2440 9087f2e8 fix path error in systemd when stopped 4ad326a3 silence "which: no criu" 92f831bf Fix #2440 omit cpuacct.usage_all when not available d1ba8e39 (initProcess).start: rm second Apply dbe5acad Merge pull request #2439 from kolyshkin/int-noswap 332a8458 Merge pull request #2443 from kolyshkin/kmem-fixup 0f7ffbeb Merge pull request #2416 from AkihiroSuda/exec-join-init-cgroup a30f2556 merge branch 'pr-2018' c91fe9ae cgroup2: exec: join the cgroup of the init process on EBUSY ed1f14af tests/int/events: skip oom test if no swap 755b1016 test/int/update: simplify mem+swap presence check 8d943633 test/int/update: simplify mem+swap checks e664e732 merge branch 'pr-2442' 2679754a Merge pull request #2441 from kolyshkin/check-cpushares 3fe6e045 cgroupv1/systemd.Set: don't enable kernel memory acct 3249e237 cgroupv1: check cpu shares in place 774a9e76 Merge pull request #2420 from tedyu/criu-proc-wait 3ba3d9b1 Wait for criuProcess once 0f3d6bec Remove pullapprove integration 64dbdb86 Merge pull request #2437 from kolyshkin/remove-faster a78e21b5 tests/int/delete.bats: fixups 0ac92aab cgroups/fs2: make removeCgroupPath faster 4f0bdafc Merge pull request #2412 from lifubang/removecgpath a891fee8 Merge pull request #2434 from kolyshkin/cpu-quota-fix-minimal be546787 cgroupv1: minimal fix for cpu quota regression 82fa1941 remove cgroup path recursively in cgroup v2 1f737eeb Merge pull request #2426 from kolyshkin/mem-swap-unlim 7673bee6 Merge pull request #2395 from lifubang/updateCgroupv2 68391c0e use lazy-pages ready notification for criu >= 3.15 7ab13298 libct/criuNotifications: simplify switch 3c6e8ac4 cgroupv2: set mem+swap to max if mem set to max 27515719 add testcase for enable all supported controllers in cgroupv2 a67dab0a Revert "CreateCgroupPath: only enable needed controllers" 3c8da9da Merge pull request #2422 from kolyshkin/criu-j d57f5bb2 cgroupv1: don't ignore MemorySwap if Memory==-1 21cb2360 merge branch 'pr-2427' 6a6ba0c0 Merge pull request #2423 from kolyshkin/systemd-v2-pids-max 8cd84e35 Merge pull request #2333 from opencontainers/add-cii-badge 59897367 cgroups/systemd: allow to set -1 as pids.limit 95413ecd tests/int/update: add cgroupv1 systemd CPU checks 06d7c1d2 systemd+cgroupv1: fix updating CPUQuotaPerSecUSec 7abd93d1 tests/integration/update.bats: more systemd checks e4a84bea cgroupv2+systemd: set MemoryLow 4fc9fa05 tests/int: simplify check_systemd_value use 716079f9 Merge pull request #2406 from cyphar/devices-cgroup-header 5b601c66 README.md: fix a dead link cd4b71c2 Merge pull request #2409 from adrianreber/go-criu-4-0-0 28cd9d9c Merge pull request #2419 from tianon/buildmode-arch-toggle 9a808dd0 Merge pull request #2424 from giuseppe/errno-ret 944e0570 Update to latest go-criu (4.0.2) 41aa1966 libcontainer: honor seccomp errnoRet 510c79f9 vendor: update runtime-specs to 237cc4f519e 236ec045 Dockerfile: speed up criu build be66519c Remove "-buildmode=pie" from platforms that don't support it b207d578 Merge pull request #2418 from AkihiroSuda/fix-bad-rebase-2413 2fa3c286 fix "libcontainer/cgroups/fs/cpuset.go:63:14: undefined: fmt" f369199f Merge pull request #2413 from JFHwang/2392-spec-check 53a46497 Merge pull request #2401 from kolyshkin/fs-cpuset-mountinfo 825e91ad Merge pull request #2341 from kolyshkin/test-cpt-lazy 67fac528 Merge pull request #2410 from lifubang/swap0patch 5aa0601a validateProcessSpec: prevent SEGV when config is valid json, but invalid. 7fc291fd Replace formatted errors when unneeded 9ad1beb4 never write empty string to memory.swap.max dc9a7879 cgroups: add copyright header to devices.Emulator implementation 3f1e8869 Merge pull request #2391 from cyphar/devices-cgroup 2db3240f libct/cgroups: rm GetClosestMountpointAncestor f1603526 libct/cgroup: prep to rm GetClosestMountpointAncestor 85d4264d Merge pull request #2390 from lifubang/threadedordomain 4b71877f Merge pull request #2292 from Creatone/creatone/extend-intelrdt 41855317 Merge pull request #2271 from katarzyna-z/kk-cpuacct-usage-all fe0669b2 don't enable threaded mode by default ba6eb282 tests: add integration test for paused-and-updated containers 4438eaa5 tests: add integration test for devices transition rules b810da14 cgroups: systemd: make use of Device= properties afe83489 cgroupv1: devices: use minimal transition rules with devices.Emulator 2353ffec cgroups: implement a devices cgroupv1 emulator 24388be7 configs: use different types for .Devices and .Resources.Devices 60e21ec2 specconv: remove default /dev/console access b2bec980 cgroup: devices: eradicate the Allow/Deny lists 859a780d cgroups: add GetFreezerState() helper to Manager a79fa7ca contrib: recvtty: add --no-stdin flag df3d7f67 Merge pull request #2393 from kolyshkin/criu-pi 58bf0835 Merge pull request #2400 from kolyshkin/bats-1.2.0 17aee8c4 Dockerfile: bump bats to 1.2.0 2b9a36ee Merge pull request #2398 from pkagrawal/master 867c9f5b Merge pull request #2386 from kolyshkin/gordian-knot ca1d135b runc checkpoint: fix --status-fd to accept fd 4aa91014 Honor spec.Process.NoNewPrivileges in specconv.CreateLibcontainerConfig f0daf651 Vagrantfile: use criu from stable repo 714c91e9 Simplify cgroup path handing in v2 via unified API 2c8d668e Merge pull request #2387 from kolyshkin/g-knot-prepare 1d143562 libct/cgroups/fs: access m.paths under lock 51e1a084 libct/cgroups/systemd/v1: privatize v1 manager d827e323 libct/cgroups/systemd/v1: add NewLegacyManager fc620fdf libct/cgroups/fs: privatize Manager and its fields 5935bf8c libct/cgroups/fs: introduce NewManager() 24f945e0 libct/cgroups/systemd/v2: return a public interface 63854b0e newSetnsProcess: reuse state.CgroupPaths 9a3e6326 notify: simplify usage 6621af89 merge branch 'pr-2381' 828e4ad8 epbf: update github.com/cilium/ebpf b18a9650 test: update devicefilter tests 128cb60f ebpf: fix big endian issue for s390x 2b31437c Merge pull request #2281 from AkihiroSuda/rootless-systemd 47a73431 Merge pull request #2373 from kolyshkin/logging-nits 492cfd8b Merge pull request #2352 from lifubang/eventsv2 bf15cc99 cgroup v2: support rootless systemd 657407ff fix runc events error in cgroup v2 64416d34 Merge pull request #2382 from thaJeztah/bump_selinux b48bbdd0 vendor: opencontainers/selinux v1.5.1, update deprecated uses 407e9f9d Add reading of information from cpuacct.usage_all a57358e0 Merge pull request #2370 from lifubang/swap0 96310f04 Merge pull request #2377 from thaJeztah/ticks_simplify 402d645c Simplify ticks, as the value is a constant a0ddd02b Merge pull request #2378 from thaJeztah/bump_logrus 12ba2a73 Merge pull request #2380 from thaJeztah/userns_sync_once 9df0b5e2 libcontainer: RunningInUserNS() use sync.Once e8bece65 vendor: sirupsen/logrus v1.6.0 609ba79f Merge pull request #2371 from kolyshkin/criu314 6161d255 Merge pull request #2375 from tedyu/wait-lazy-close a70f3546 let runc disable swap in cgroup v2 db29dce0 Close fd in case fd.Write() returns error f6439a84 Merge pull request #2372 from thaJeztah/improve_error_readability 1b84a21c Don't print errors twice 64ca5481 libcontainer: simplify error message 2adfd20a libcontainer: don't double-quote errors c52a598d Remove fatalf() d2061ee5 Vagrantfile: install less packages e9e31f70 Vagrantfile: use criu 3.14 from testing 9634a80c Dockerfile: bump criu to version π (3.14) dd8d48ed Merge pull request #2358 from kolyshkin/fs2-nit c3b0b13f cgroups/fs2: don't always parse /proc/self/cgroup 051d6705 Merge pull request #2363 from AkihiroSuda/vagrant-f32 85c44b19 Vagrantfile: use Fedora 32 c18485ad Merge pull request #2359 from cyphar/terminal-docs-subreaper 0a4dcc02 Merge pull request #2331 from lifubang/StartTransientUnit eea0fbfe docs: terminals: mention subreaper requirement bfa1b2aa check that StartTransientUnit and StopUnit succeeds 80e2d1f1 Merge pull request #2357 from kolyshkin/makefile-2 a1f007e0 Merge pull request #2340 from AkihiroSuda/fix-2339 772d0909 Makefile: rm RELEASE_DIR and SHELL 731947d5 Makefile: fix/clean install-man df72e898 Makefile: rm uninstall targets a036e890 Makefile: add -mod=vendor to go test 2fe9e31a Makefile: don't use -mod=vendor if GO111MODULE=off 19ba7688 Makefile: test, localtest: no need to invoke make fc54f6d7 Makefile: rm $(SOURCES), mark targets as PHONY b7dadf0f Makefile: rm $(allpackages) 60c647e3 fs2: fix cgroup.subtree_control EPERM on rootless + add CI 53fb4a5e Merge pull request #2342 from kolyshkin/vagrant-rm-ct 799d9481 intelrdt: Add Cache Monitoring Technology stats b19f9cec Merge pull request #2343 from lifubang/updateSystemdScope 0fd8d468 Merge pull request #2318 from lifubang/linuxResources baa20026 Merge pull request #2327 from kolyshkin/cpt-err 084144a6 travis: run vagrant tests on the host 634e51b5 Merge pull request #2335 from kolyshkin/cgroupv2-cpt 10ba72a6 add integration test for runc update with systemd 49ca1fd0 Merge pull request #2347 from kolyshkin/v2-allow-all-devs 78ff2797 Merge pull request #2334 from kolyshkin/makefile c420a3ec Merge pull request #2324 from kolyshkin/criu-freezer 5b4bff96 Merge pull request #2336 from kolyshkin/bats-core-2 44024426 Merge pull request #2330 from KentaTada/use-linuxnamespace-const fbeed522 Makefile: add -mod=vendor 1fe709a0 Makefile: use $(FOO) not ${FOO} d09a6ea9 Makefile: split long lines 64ec3557 Makefile: abstract go build flags 55d5c99c libct/mountToRootfs: rm useless code 20959b16 libcontainer/integration/checkpoint_test: simplify 1d4ccc8e fix data inconsistent when runc update in systemd driven cgroup v1 7682a2b2 fix data inconsistent when runc update in systemd driven cgroup v2 dbe44cbb merge branch 'pr-2348' fb99bbc7 merge branch 'pr-2326' 44747953 libcontainer: use x/sys/unix instead of the hardcoded value d4bc7c10 Dockerfile: use bats-core 32d52a0f tests/checkpoint: enable for Fedora 31 / cgroup v2 9280e356 checkpoint/restore: fix cgroupv2 handling 00a2844a tests/checkpoint: add simple c/r test for cgroupns 75a92ea6 cgroupv2: allow to set EnableAllDevices=true cdce577d Merge pull request #2332 from kolyshkin/cgroupv2-cr 7376bdc1 Fix reference to badge d5e68ceb tests/checkpoint.bats: fix test hang/failure bf172ef4 tests/checkpoint.bats: consolidate requires checks e216457e tests/checkpoint.bats: simplify status checks 69d599dd tests/checkpoint.bats: fix $? checks 46be7b61 Merge pull request #2299 from kolyshkin/fs2-init-ctrl 5c2a9782 Add CII Badge to README 5b38ef71 Merge pull request #2320 from kolyshkin/vgr ab276b1c cgroups/fs2/Destroy: use Remove, ignore ENOENT 992d5cad travis: enable fs2 driver test on fedora 4b4bc995 CreateCgroupPath: only enable needed controllers bb47e358 cgroup/systemd: reorganize de113415 cgroups/fs2/CreateCgroupPath: nit b5c1949f cgroups/fs2/CreateCgroupPath: reinstate check 813cb3eb cgroupv2: fix fs2 cgroup init 60eaed2e cgroupv2: move sanity path check to common code dbeff894 cgroupv2/systemd: privatize UnifiedManager 88c13c07 cgroupv2: use SecureJoin in systemd driver 9c80cd67 cgroupv2: rm legacy Paths from systemd driver b6cc3975 travis: rm BUILDTAGS 5f0424c9 Vagrantfile: rm disabling weak deps cd5f4fd9 Merge pull request #2325 from kolyshkin/nits-2 3006db2b checkpoint: don't print error if --pre-dump is set 3de86133 libcontainer: use consts of Namespace from runtime-spec 480bca91 cgroups/fs2: move type decl to beginning 353e9177 cgroups/fs2: do not use securejoin 9ae21e8d MAINTAINERS: add Kir Kolyshkin 58f970a0 cgroups/fscommon: use errors.Is af6b9e7f nit: do not use syscall package b3a481eb libcontainer: fix Checkpoint wrt cgroupv2 bf0a8e17 Merge pull request #2322 from lifubang/forceCgroupNS d0f9b9ce default join cgroup namespace in runc example e4981c91 merge branch 'pr-2317' d2a9c5da using default allowed devices when linux resources is null 7a978e35 Defer netns.Close() after error check 9f6a2d4d Merge pull request #2305 from kolyshkin/fs2-fix-default 191def70 Merge pull request #2308 from kolyshkin/exec-no-tty d1e4c7b8 intelrdt: add mbm stats 56aca5aa Merge pull request #2295 from kolyshkin/integration-cgroups 5c6216b1 Merge pull request #2278 from iwankgb/memory.numa_stats 84583eb1 Enable integration tests in cgroupv2 env 0965c970 tests/integration: disable swap tests for v2 483f9a0c tests/integration: add some cgroup v2 tests 3dfa5434 tests/integration/update.bats: simplify file creation b8b46419 tests/integration: rm kmem from upgrade tests ba3ee7fe tests/integration/update.bats: rm obsoleted comment 3f6a31b7 tests/integration: simplify cgroup paths init 3ae93580 tests/integration: check_cgroup_value: simplify 13431e0e Merge pull request #2312 from tedyu/cgrp-path-rollback 614bb966 cgroupv2/systemd: Properly remove intermediate directory 939bed2a runc exec: don't enable terminal unless -t is set ccbb3364 Merge pull request #2304 from AkihiroSuda/travis-do-not-ignore-cgroup2-failures d65ba5fa Merge pull request #2303 from KentaTada/remove-unneeded-syscall-import ea36045f cgroupv2: fix fs2 driver default path 16d21e2d travis: move `cgroup-v2` out of `allow_failures` e58a406b libcontainer: remove unneeded import 7fa13b27 intelrdt: change parseCpuInfoFile to return struct 9a93b737 Merge pull request #2288 from kolyshkin/mem-swap 7fe0a98e Exposing memory.numa_stats 5c15da9e Merge pull request #2300 from kolyshkin/fix-max 568cd62f cgroupv2: only treat -1 as "max" c86be8a2 cgroupv2: fix setting MemorySwap d3fdacb9 Merge pull request #2296 from KentaTada/update-readme-for-go1.13 a4bbc39d Merge pull request #2297 from giuseppe/cgroups-use-newstats 8b7ac5f4 libcontainer: use cgroups.NewStats d5e91b1c Merge pull request #2289 from AkihiroSuda/fix-TestGetContainerStateAfterUpdate 0c7a9c02 Merge pull request #2294 from tklauser/unused-consts 6cda0eac Merge pull request #2293 from tedyu/restore-svr-close f8f03700 README.md: update Go version to build 21d7bb95 Close criuServer so that even if CRIU crashes or unexpectedly exits, runc will not hang 3e678c08 Remove unused consts testScopeWait and testSliceWait e4363b03 Merge pull request #2291 from kolyshkin/errors-unwrap-v2 ec8c6950 Merge pull request #2235 from Zyqsempai/add-hugetlb-controller-to-cgroupv2 b2272b2c libcontainer: use errors.Is() and errors.As() c39f87a4 Revert "Merge pull request #2280 from kolyshkin/errors-unwrap" 4540b596 Fix TestGetContainerStateAfterUpdate on cgroup v2 0c6659ac Merge pull request #2261 from AkihiroSuda/vagrant-kvm f8e13885 Merge pull request #2280 from kolyshkin/errors-unwrap 6ca9d8e6 Merge pull request #2283 from tedyu/runc-path-in-prefix b26e4f27 Merge pull request #2284 from tedyu/criu-svr-close e3e26caf Merge pull request #2276 from kolyshkin/criu-v2 22a2c9a4 Merge pull request #2282 from kolyshkin/cgroupv2-getpaths 49896ab0 Avoid double close of criuServer d02fc484 isPathInPrefixList return value should be reverted 8d7977ee libct/isPaused: don't use GetPaths from v2 code 12e156f0 libct.isPaused: use errors.Unwrap 272c83e1 libct/cgroups: use errors.Unwrap bd737f1e libct/cgroups/fs: use errors.Unwrap d2dfc635 libct/cgroups/fs2: use errors.Unwrap e4e35b8d libct/cgroups/fscommon.WriteFile: use errors.Unwrap 66778b3c libct/setKernelMemory: use errors.Unwrap b8eed86e vagrant: switch from VirtualBox to KVM + increase HW resources fc840f19 cgroupv2: don't use GetCgroupMounts for criu c/r 9ec5b03e Merge pull request #2259 from adrianreber/v2-test 8221d999 Merge pull request #2279 from masters-of-cats/freezer 92a3f80e Merge pull request #2203 from mrunalp/systemd_conn_cleanup 2abc6a36 Actually check for syscall.ENODEV when checking if a container is paused 3e99aa36 Fix checkpoint/restore tests on Fedora 31 9a0184b1 cgroup2: use CRIU's new freezer v2 support d05e5728 systemd: Lazy initialize the systemd dbus connection 33c6125d systemd: Export IsSystemdRunning() function 4a9e1747 Merge pull request #2234 from thaJeztah/debian_buster dca34a04 Dockerfile: switch to "buster" variant (current stable) 48bf88c4 Dockerfile: prevent busting build-cache for busybox rootfs a5963876 Dockerfile: sort dependencies, and cleanup apt cache c4821c2b Dockerfile: set DEBIAN_FRONTEND=noninteractive 201152a9 Dockerfile: use build-args to allow overriding versions 8df45c89 Merge pull request #2268 from AkihiroSuda/vendor-20200325 ad6d577a travis: run `make verify-dependencies` with Go 1.14.x dfc1b0cd update vendor f1eea905 Merge pull request #2275 from kolyshkin/scan-nits 53ad1d51 Merge pull request #2256 from kolyshkin/mountinfo-alt 75ff40cd Merge pull request #2273 from kolyshkin/v2-untangle aab2c8ba libcontainer/intelrdt: optimize parseCpuInfoFile 0af5cd20 Nit: fix use of bufio.Scanner.Err d4a6a1d9 Merge pull request #2258 from masters-of-cats/eintr-retry b45db5d3 libcontainer/cgroup: obsolete GetCgroup for v2 a949e4f2 cgroupv2: UnifiedManager.Apply: simplify 5406833a cgroupv2/systemd: add getv2Path cebef0ee Merge pull request #2272 from kolyshkin/cgroupv2-max ec1f957b cgroupv2: don't use getSubsystemPath in Apply 6905b721 cgroupv2: use "max" for negative values 96596cbb Merge pull request #2270 from kolyshkin/systemd-no-kmem a675b5eb cgroupv2: don't try to set kmem for systemd case be51398a Merge pull request #2193 from milkwine/fix-readSync a7ee31fa Merge pull request #2260 from adrianreber/leave-running 7de5db3d Merge pull request #2263 from kolyshkin/nits cc183ca6 Merge pull request #2242 from AkihiroSuda/vendor-systemd 4e6d8a0f Merge pull request #2267 from tedyu/runner-destroy 3087d43b Merge pull request #1826 from jingxiaolu/fix_specconv_process_nil 07bd2809 Merge pull request #2257 from kolyshkin/no-signal 0a7762c6 Avoid duplicate calls to runner#destroy 1797622f Merge pull request #2264 from kolyshkin/dockerfile dd7b3461 libct/msMoveRoot: benefit from GetMounts filter fc4357a8 libct/msMoveRoot: rm redundant filepath.Abs() calls dce0de89 getParentMount: benefit from GetMounts filter 81d8452e libct/TestFactoryNewTmpfs: benefit from GetMounts c7ab2c03 libcontainer: switch to moby/sys/mountinfo package 3147c320 Switch to golang 1.13, drop unsupported versions 88a02447 Dockerfile: add -f to curl a572216f libcontainer/intelrdt: rm fmt.Sprintf 5542a2c7 libcontainer/cgroups: GetAllPids: optimize 12dc475d libcontainer: simplify createCgroupsv2Path 648295be Skip test for cgroups v2 f34eb2c0 Retry writing to cgroup files on EINTR error 87712d28 checkpoint: remove error message with --leave-running 34d47176 fix readSync 0e062a78 Remove signalmap, use unix.SignalNum 939cd0b7 Merge pull request #1737 from wking/remove-procConsole-comment 88474967 Merge pull request #1974 from openSUSE/unreachable-code 525b9f31 Merge pull request #2248 from AkihiroSuda/fix-cgroupv2-conversion 492d525e vendor: update go-systemd and godbus 981dbef5 Merge pull request #2226 from avagin/runsc-restore-cmd-wait a15d2c3c merge branch 'pr-2073' 9167393c merge branch 'pr-2254' 89c108b1 Makefile: add selinux and apparmor build tags 69f6f32f README, travis.yml: rm ambient tag 8615da6f Merge pull request #1999 from lifubang/rootlesspath 167e33ca Merge pull request #1807 from giuseppe/notify-no-block 25fd4a67 sd-notify: do not hang when NOTIFY_SOCKET is used with create aa269315 cgroup2: add CpuMax conversion 64e9a979 cgroup2: fix conversion b477a159 Remove unreachable code paths 7d6e091f fix error when there is --root and XDG_RUNTIME_DIR env 0ff53526 Merge pull request #2252 from pkagrawal/2251-fix 71dfb559 Merge pull request #2238 from tedyu/init-proc-err-ret 89a87adb Changed hugetlb pagesizes info source d804611d Added failcnt stats 62cfad97 specconv: add a test case to check null spec.Process 5b2b138d Synchronize the call to linuxContainer.Signal() 957da1f9 Use named error return for initProcess#start bbaba4c0 Merge pull request #2228 from cpuguy83/no_whiches 2864bf46 Merge pull request #1877 from KentaTada/add-rootless-testpath-in-makefile 777f97d8 Run verify-dependencies only on go1.x 83f9b889 Don't add git utils to go.mod in CI f7edcc3a Remove refrences to vndr a08ab87f Make CI script to verify that vendor is in sync df583b4c Fix file permissions for mounts.bats 38273546 Update spec test to use go.mod 69e8fb2a Add support for GO Modules fc5759cf Merge pull request #2222 from cyphar/update-travis af3a81e4 Add rootless testpath in Makefile 6503438f Merge pull request #2212 from Zyqsempai/2211-convert-blkio-weight-properly c4730fa6 Merge pull request #2230 from thaJeztah/update_selinux_v1.3.1 42bfdf5f Use "command -v" shell builtin instead of "which" 93e5c4d3 merge branch 'pr-2232' b6657fc3 Merge pull request #2231 from thaJeztah/nominate_akihiro d8953334 vendor: update opencontainers/selinux v1.3.3 22e00ddc vendor: update golang.org/x/sys 52ab431487773bc9dd1b0766228b1cf3944126bf c295a633 vendor: update opencontainers/selinux v1.3.1 3b7e32fe Merge pull request #2210 from Zyqsempai/2164-remove-deprecated-systemd-resources 7f37afa8 Added HugeTlb controller for cgroupv2 98de8426 libcontainer: dual-license nsenter/cloned_binary.c bc43c4bd MAINTAINERS: add Akihiro Suda to maintainers 688cf6d4 merge branch 'pr-2223' 0f32b03d merge branch 'pr-2192' 13b1603f Merge pull request #2224 from kolyshkin/systemd-props 4b8134f6 Convert blkioWeight to io.weight properly 1cd71dfd systemd properties: support for Sec values 2a81236e Document using annotations to set systemd props 4c5c3fb9 Support for setting systemd properties via annotations 81ef5024 Merge pull request #2213 from Zyqsempai/2166-convert-cpu-weight-poperly 7c439cc6 Added conversion for cpu.weight v2 269ea385 restore: fix a race condition in process.Wait() f27c4e15 Fix the value corresponding to rlimitmap [key] dc7d0bfa travis: update configuration 3b992087 Fix skip message for cgroupv2 e6555cc0 merge branch 'pr-2184' e0385902 README.md: modify the explanation of make flags ff107ee0 merge branch 'pr-2190' 7d23d1e1 Update README.md 0061cad8 Adding .pdf of audit 2b5730a5 Merge pull request #2221 from inductor/feature/fix_path_security e4c4935a Merge pull request #2217 from cyphar/release-rc10 ed4a3e9b Apply review c8ba9853 Fix path for security report line e4de2b25 VERSION: back to development dc9208a3 VERSION: update to 1.0.0~rc10 2fc03cc1 Merge pull request #2207 from cyphar/fix-double-volume-attack 3291d66b rootfs: do not permit /proc mounts to non-directories f6fb7a03 merge branch 'pr-2133' 5b96f314 Exchanged deprecated systemd resources with the appropriate for cgroupv2 cf9b7c33 Fix MAJ:MIN io.stat parsing order 709377ca Merge pull request #2198 from AkihiroSuda/criu-master 55f8c254 temporarily disable CRIU tests 5c20ea14 fix merging #2177 and #2169 5cc0deaf Merge pull request #2169 from AkihiroSuda/split-fs 2b52db75 Merge pull request #2177 from devimc/topic/libcontainer/kata-containers a88592a6 Merge pull request #2185 from liggitt/exec-race 8541d9cf Fix race checking for process exit and waiting for exec fifo 52951a7c Fix race in tty integration test with slow startup 8ddd8920 libcontainer: add method to get cgroup config from cgroup Manager cd7c59d0 libcontainer: export createCgroupConfig 7496a968 merge branch 'pr-2086' 201b0637 merge branch 'pr-2141' e1b5af06 Merge pull request #2161 from AkihiroSuda/makefile-overrride-docker ec49f98d fs2: support legacy device spec (to pass CI) 88e8350d cgroup2: split fs2 from fs 5e636953 merge branch 'pr-2174' 8bb10af4 Merge pull request #2165 from AkihiroSuda/travis-f31 41a20b58 Expose network interfaces via runc events 48b055c4 Makefile: allow overriding `docker` command c35c2c9c merge branch 'pr-2172' 42690e68 Make event types public 2186cfa3 Merge pull request #2168 from AkihiroSuda/ebpf-fix-rlimit faf1e44e cgroup2: ebpf: increase RLIM_MEMLOCK to avoid BPF_PROG_LOAD error 46def4cc Merge pull request #2154 from jpeach/2008-remove-static-build-tag b133feae Merge pull request #2145 from AkihiroSuda/ebpf ccd4436f .travis.yml: add Fedora 31 vagrant box (for cgroup2) faf673ee cgroup2: port over eBPF device controller from crun e57a7740 Merge pull request #2149 from AkihiroSuda/cgroup2-ps d239ca84 Merge pull request #2148 from AkihiroSuda/cg2-ignore-cpuset-when-no-config 03cf145f Merge pull request #2159 from AkihiroSuda/cgroup2-mount-in-userns f04fb998 Merge pull request #2160 from AkihiroSuda/cgroup2-no-proc-cgroups 74a3fe5d cgroup2: do not parse /proc/cgroups 9c81440f cgroup2: allow mounting /sys/fs/cgroup in UserNS without unsharing CgroupNS 13919f5d Remove the static_build build tag. c4d8e168 Merge pull request #2140 from crosbymichael/fs-unified 792af40d Merge pull request #1929 from kkallday/patch-1 8790f243 Merge pull request #2147 from AkihiroSuda/iov2-remove-v1-code 2cd9ba23 Merge pull request #2146 from AkihiroSuda/doc-not-prod-ready dbd771e4 cgroup2: implement `runc ps` 9996cf7d README.md: clarify cgroup2 support is not ready for production d918e7f4 cpuset_v2: skip Apply when no limit is specified 033936ef io_v2.go: remove blkio v1 code a610a848 criu: Ensure other users cannot read c/r files 4e370170 Merge pull request #2139 from rst0git/desc-permisions b28f58f3 Set unified mountpoint in find mnt func f017e0f9 checkpoint: Set descriptors.json file mode to 0600 c1485a1e merge branch 'pr-2134' 1b8a1eee merge branch 'pr-2132' ba16a38b Merge pull request #2135 from mrueg/security 4be50fe3 SECURITY: Add Security Policy 2111613c VERSION: back to development d736ef14 VERSION: update to 1.0.0-rc9 cad42f6e Merge pull request #2130 from cyphar/apparmor-verify-procfs d463f648 *: verify that operations on /proc/... are on procfs 9aef5044 vendor: update github.com/opencontainers/selinux 28e58a0f Support different field counts of cpuaact.stats e63b797f Handle ENODEV when accessing the freezer.state file 84373aaa Add SCMP_ACT_LOG as a valid Seccomp action (#1951) 3e425f80 Merge pull request #2129 from crosbymichael/proc-mount 331692ba Only allow proc mount if it is procfs 7507c64f Merge pull request #2041 from jburianek/notify-socket-permissions bf27c2f8 Merge pull request #2126 from flynn/fix-nsenter-unsupported af7b6547 libcontainer/nsenter: Don't import C in non-cgo file 6c055520 Merge pull request #2125 from giuseppe/mount-cgroups 267490e3 Merge pull request #2010 from lifubang/checkpointrootless e7a87dd2 Merge pull request #2098 from adrianreber/master 718a566e cgroup: support mount of cgroup2 a6606a7a Merge pull request #2029 from thaJeztah/bump_dependencies 115d4b9e bump golang/protobuf v1.0.0 85c02f3f bump coreos/go-systemd v19, godbus/dbus v5.0.1 21498b8e bump mrunalp/fileutils 7d4729fb36185a7c1719923406c9d40e54fb93c7 eb86f603 bump syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2 1150ce9c bump urfave/cli v1.20.0 8e4f645f bump docker/go-units v0.3.3 0fc06623 bump cyphar/filepath-securejoin v0.2.2 414a39de bump containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f de24d733 bump github.com/pkg/errors 0.8.1 4be3c48e Reformat vendor.conf and pin all deps by git-sha 0fd4342a Merge pull request #2028 from thaJeztah/bump_golang_versions 92ac8e3f Merge pull request #2113 from giuseppe/cgroupv2 524cb7c3 libcontainer: add systemd.UnifiedManager ec111368 libcontainer, cgroups: rename systemd.Manager to LegacyManager 1932917b libcontainer: add initial support for cgroups v2 92d851e0 Merge pull request #2123 from carlosedp/riscv64 4316e4d0 Bump x/sys and update syscall to start Risc-V support 51f2a861 Merge pull request #2122 from AkihiroSuda/cleanup 0bc069d7 nsenter: fix clang-tidy warning b225ef58 nsenter: minor clean up dd075602 Merge pull request #2120 from rhatdan/master e4aa7342 Rename cgroups_windows.go to cgroups_unsupported.go c61c7370 Merge pull request #2103 from sipsma/cgnil 68d73f0a Merge pull request #2107 from sashayakovtseva/public-get-devices f061842f Merge pull request #2119 from KentaTada/fix-proc-settings c740965a libcontainer: update masked paths of /proc 3525edde Merge pull request #2117 from filbranden/detection1 f7b65885 Merge pull request #2116 from filbranden/running1 518c8558 Remove libcontainer detection for systemd features 4ca00773 Update vendored dependencies to remove go-systemd/util 588f040a Avoid the dependency on cgo through go-systemd/util package afc24792 Make get devices function public 9c822e48 cgroups/fs: check nil pointers in cgroup manager 1712af0e man: fix man-pages 2e943784 Merge pull request #2094 from sipsma/2093-nodotudev 44f9ec13 Merge pull request #2089 from anx-astocker/master f08cdaee Skip searching /dev/.udev for device nodes. 808e809f doc: First process in container needs `Init: true` 80d35c7c Merge pull request #2082 from AkihiroSuda/blkio-kernel50 dd8b9b14 Merge pull request #2081 from AkihiroSuda/criu312 9ae79017 Merge pull request #2080 from zhlhahaha/pr_id 5e0e67d7 fix permission denied 351bfb4b integration: remove blkio.weight (unavailable in kernel 5.0) 7e678625 Bump CRIU to 3.12 68cc1a77 Update busybox source and fix runc exec bug 6cccc176 Merge pull request #2075 from KentaTada/fix-bash-completion 371d13c9 Update bash completion for v1.0.0 release f4982d86 Merge pull request #2074 from odinuge/dep/libseccomp-golang 652297c7 Update dependency libseccomp-golang 7a9ffa89 Change the permissions of the notify listener socket to rwx for everyone e7831f2a Update to Go 1.12 and drop obsolete versions 2e8efc1b add prompt when rootless users have no read access to runc bin 472fe623 criu image path permission error in rootless checkpoint 056909bd Adds note about user ns for rootless containers d71b3f53 libcontainer/sync: Drop procConsole transaction from comments Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2020-08-18 03:01:05 +00:00
Chen Qi	79fb488a70	runc: fix CVE-2019-16884 Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2019-11-17 22:28:37 -05:00
Chen Qi	0ca391c1c2	runc: add PACKAGECONFIG to allow building as static or not Add a new PACKAGECONFIG, static, which when enabled will build runc as static. Default to enable it. We need this because we should allow users to build runc as not static so that when docker's cgroup driver is set to systemd, we don't get error. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2019-08-12 11:03:01 -04:00
Bruce Ashfield	c8338c5568	runc: update to -rc8 Updating both the pure opencontainers runc and the docker opencontainers variants to -rc8. We track the tip of master for opencontainers and for docker we match the -ce and moby -rc8 commit hashes. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2019-07-12 14:50:34 +00:00
Stefan Agner	da75d2a91a	runc: address CVE-2019-5736 Use git hash which addresses CVE-2019-5736. Use the same git hash used in top of Docker 18.09 branch. Changes in runc since 6635b4f0 merge branch 'cve-2019-5736' 0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container dd023c45 merge branch 'pr-1972' Fixes: CVE-2019-5736 Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2019-02-15 20:10:36 +00:00
Bruce Ashfield	ba2d65e6bc	runc: update to 1.0.0-rc6 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2019-02-11 02:34:05 +00:00
Bruce Ashfield	100fb480e7	runc: refresh to tip of tree docker/k8s and other components have been refreshed to the 18.09 release tags. So we update runc to keep in sync. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2018-11-05 10:22:54 -05:00
Paul Barker	bc88053cab	runc-opencontainers: Drop obsolete patch The upstream Makefile now calls `$(GO)` instead of just `go` so this patch isn't needed anymore. Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2018-05-09 10:49:17 -04:00
Bruce Ashfield	e3d960f4fc	runc: uprev to 1.0.0-rc5 Uprev both variants of runc to v1.0.0-rc5. We drop patches that have made it into the upstream runc, and we also refresh the context of of two others. The docker and opencontainers variants are virtually identical, but we keep the two variants for now to protect against any future forks in the support. The runc-docker SRCREV comes from the docker-ce 18.04 logged commit, while runc-opencontainers is updated to the tip of the master branch. Runtime tested with docker on x86-64. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2018-04-02 00:24:09 -04:00
Paul Barker	0aec4f1c0f	runc: Merge common metadata into inc file Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-10-16 11:54:24 -04:00
Paul Barker	37b2f2f3cc	runc-opencontainers: Drop unnecessary do_compile_prepend The "vendor/src" symlink is already created in do_compile in runc.inc. Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-10-16 11:54:24 -04:00
Paul Barker	a1085de531	runc: Use correct go cross-compiler The makefiles for both providers of runc need to be patched in similar ways to ensure that we use the binaries from go-cross and not go-native. Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-10-05 10:44:04 -04:00
Paul Barker	44e74c9aa7	runc-opencontainers: go.bbclass compile fixes These fixes are needed due to updates to go.bbclass in oe-core. See commit `01a8d45370` for more information. Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-10-04 16:54:33 -04:00
Paul Barker	83592435dc	runc-opencontainers: Update to v1.0.0-rc4 Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-10-04 16:54:33 -04:00
Paul Barker	820050481f	runc-opencontainers: Update to v1.0.0-rc3 Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-04-10 08:47:25 -04:00
Bruce Ashfield	7d6284a079	runc/containerd: create virtual/runc and virtual/containerd Since there are two implementations of runc and containerd that may not always be in sync, the docker variant, and the opencontainers variable, we create a virtual/* namespace for these components. Anything requiring runc or containerd should set a preferred provider to get the desired/tested variant. We set the default provider to the docker variants, since they are the primary use case for these components. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-02-20 02:06:22 -05:00

29 Commits