mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 20:59:41 +02:00
9aa357c451
103 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bruce Ashfield
|
ea15fd0614 |
runc: drop runc-docker
The changes carried in runc-docker are no longer required, and if they become relevant again, they don't belong in the base recipe. This is the first part of the change, we drop runc-docker + patches and update runc-opencontainers to RPROVIDE runc-docker in case there are referenced that we don't know about. There shouldn't be any, since virtual-runc has been the RPROVIDE of choice for some time. We keep runc-opencontainers for now, since there may be alternate runc implementations in the future. In about a year, we'll unify the .inc and .bb if no new implementations have been proposed. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
79db703e34 |
runc-opencontainers: update to v1.2.0
Bumping runc to version v1.2.0-149-g610aa88a, which comprises the following commits:
06f1e076 libct: speedup process.Env handling
6171da60 libct/configs: add HookList.SetDefaultEnv
c49b8916 tests: add test to check StartContainer hook env
390641d1 libct/int: improve TestExecInEnvironment
9a545947 libct/int: add BenchmarkExecInBigEnv
a69d289f build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2
061483b6 build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
48ad17f4 build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
83350c24 libct/system: rm Fexecve
c0abf76e Update README.md
f8483049 build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1
57462491 libct/configs/validate: add IOPriority.Class validation
7334ee01 libct/configs: rm IOPrioClassMapping
5d3942ee libct: unify IOPriority setting
ec465d39 utils: simplify newProcess
2dc3ea4b libct: simplify setIOPriority/setupScheduler calls
93091e6a libct: don't pass SpecState to init unless needed
8afeb583 libct: add/use configs.HasHook
171c4149 refactor init and setns process
5855ba53 build(deps): bump github.com/cilium/ebpf from 0.17.0 to 0.17.1
e809db84 build(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.0
c2b11a63 build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
71327d7f build(deps): bump github.com/cyphar/filepath-securejoin
af929228 RELEASES: add formal release policy for runc
21c0968b remove broken fuzzer from oss-fuzz build script
9468986a ci: use a specific ubuntu version
e845f4be ci: bump golangci-lint to v1.62
705382ac build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0
394f4c3b Re-add tun/tap to default device rules
b15fcc1b keyring: update @kolyshkin key expiry
5a838ccb tests/cmd/sd-helper: switch from configs to cgroups
a56f85f8 libct/*: switch from configs to cgroups
04041f21 libct/cgroups/*: switch from configs to cgroups
ae477f15 libct/configs: move cgroup stuff to libct/cgroups
85c7c99d libct/cg/fs2: fix some revive linter warnings
66fe7db3 Move test helper binaries
47dc1858 Add runc_nocriu build tag
c487840f Remove main package dependency on criurpc
2f1b6626 deps: update to github.com/cyphar/filepath-securejoin@v0.3.5
c0044c7a cgroup: ebpf: make unexpected errors in haveBpfProgReplace louder
9bc6753d cgroups: ebpf: also check for ebpf.ErrNotSupported
dea0e04d cgroups: ebpf: use link.Anchor to check for BPF_F_REPLACE support
d5694eed build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0
ec7e90b3 build(deps): bump golang.org/x/sys from 0.27.0 to 0.28.0
66969827 Switch to github.com/moby/sys/capability v0.4.0
fe73f1a9 libct/cap: switch to lazy init
cdee1b38 libct/cap: preallocate slices
b7da1673 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
fffc165d tests: add test for 'weird' external namespace joining
fadc55eb nsenter: implement a two-stage join for setns
a97d7cb2 nsenter: refuse to join unknown namespaces
49bee5c4 cfmt: use the Linux { a, b } decl style
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
7bdfb7806e |
runc-docker: update to v1.2.0
Bumping runc to version v1.2.0-69-gb7da1673, which comprises the following commits:
b7da1673 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
119111a0 libct/cg: add test for remove a non-existent dir in a ro mount point
068d7da7 Revert "Temporary set vagrant to 2.4.1-1"
ac435895 memfd-bind: elaborate kernel requirements for overlayfs protection
ba3d026e libct/cg: RemovePath: improve comments
12e06a7c libct/cg: RemovePath: simplify logic
db59489b runc delete: fix for rootless cgroup + ro cgroupfs
ca4a7a86 build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
43af111e MAINTAINERS: move dqminh and hqhq to EMERITUS
ec5e7eb7 build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
9cb59b46 ci: rm "skip on CentOS 7" kludges
5000f169 Temporary set vagrant to 2.4.1-1
b9dfb22d readme: drop unused memfd-bind reference
aa505bfa memfd-bind: mention that overlayfs obviates the need for it
9bc42d61 dmz: overlay: set xino=off to disable dmesg spam
9ce7392b Vagrantfile.fedora: bump Fedora to 41
609e9a51 Vagrantfile.fedora: stop using dnf shell
80c46d31 build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0
5586d7ca libct: rm obsoleted comment
f9fd70b7 CHANGELOG: add (forward-port) v1.1.15 changes
8cc73754 libct: fix a comment
ee1bced1 script/check-config.sh: add OVERLAY_FS check
c8f5d033 docs: remove prompt symbols from shell snippets
871057d8 drop runc-dmz solution according to overlay solution
34a92855 test join other container userns with selinux enabled
c78f3f2e libct/nsenter: become root after joining userns
1e674098 libct/int: add exec benchmark
cb201487 libct/int: use testing.TB for utils
4df7b1b1 build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0
cbb9b309 ci: use Go 1.23
732806e2 runc update: fix updating swap for cgroup v2
cb9f3d6d libct/cg: improve ConvertMemorySwapToCgroupV2Value
69b3be76 build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0
eb2ff52a libct: rm x/sys/execabs usage
f20f273a build(deps): bump github.com/opencontainers/selinux
139789f1 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
93db63ab build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
af024b6c build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2
42f96305 VERSION: back to development
0b9fa21b VERSION: release v1.2.0
568231cc Revert "increase memory.max in cgroups.bats"
e6699266 fix an error caused by fd reuse race when starting runc init
515f09f7 dmz: use overlayfs to write-protect /proc/self/exe if possible
8cfbccb6 tests: integration: add helper to check if we're in a userns
54ef07d8 tests/int: skip "update memory vs CheckBeforeUpdate" on EL9
ff775363 tests/int: rm centos-7 exclusion
76a821fa tests/int: update info about EL9 kernel
b5bdf592 libct: rm initWaiter
9fa324c4 dmz: cloned binary: set +x permissions when creating regular tmpfile
324fcea4 Terminate execution for criu that does not meet version requirements
eff6f049 libct/cap: no need to load capabilities
9b60a93c libcontainer/userns: migrate to github.com/moby/sys/userns
1623cde1 go: update github.com/cyphar/filepath-securejoin to v0.3.4
4fdd5616 memfd-bind: more specific doc URL
9e554587 memfd-bind: fixup systemd unit file and README
13a6f560 runc run: fix mount leak
b096459a vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
f55957de build(deps): bump bats-core/bats-action from 2.1.1 to 3.0.0
bb2bd38d change go minimum version in README
faffe1b9 replace strings.SplitN with strings.Cut
1be06760 libcontainer/cgroups/fs: remove todo since strings.Fields performs well
7a449109 libct/README: simplify example, rm inheritable caps
0de19533 runc spec, libct/int: do not add ambient capabilities
3e3f9603 runc exec --cap: do not add capabilities to ambient
5b161e04 update bats-action to 2.1.1
35f999dd remove installation of unused bats support libs
10c951e3 add ErrCgroupNotExist
319e133c go.mod: Use toolchain 1.22.4
8671a7db ci: update to setup bats action from bats-core
30f8f51e runc create/run: warn on rootless + shared pidns + no cgroup
21c61165 tests/int: log when teardown starts
b1449fd5 libct: use Namespaces.IsPrivate more
d8844e29 tests: integration: add setgid mkdirall test
066b109e vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2
646efe70 utils: mkdirall: mask silently ignored mode bits to match os.MkdirAll
457e1ffa tests: add regression test for CVE-2019-19921 / CVE-2023-27561
216175a9 Upgrade Cilium's eBPF library version to 0.16
a31efe70 libct/seccomp/patchbpf: use binary.NativeEndian
429e06a5 libct: Signal: honor RootlessCgroups
dd827f7b utils: switch to securejoin.MkdirAllHandle
1d308c7d vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1
5ab5ef3d deps: update to golang.org/x/sys@v0.22
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
c253e8bf85 |
runc-opencontainers: update to v1.2.0
Bumping runc to version v1.2.0-69-gb7da1673, which comprises the following commits:
b7da1673 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
119111a0 libct/cg: add test for remove a non-existent dir in a ro mount point
068d7da7 Revert "Temporary set vagrant to 2.4.1-1"
ac435895 memfd-bind: elaborate kernel requirements for overlayfs protection
ba3d026e libct/cg: RemovePath: improve comments
12e06a7c libct/cg: RemovePath: simplify logic
db59489b runc delete: fix for rootless cgroup + ro cgroupfs
ca4a7a86 build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
43af111e MAINTAINERS: move dqminh and hqhq to EMERITUS
ec5e7eb7 build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
9cb59b46 ci: rm "skip on CentOS 7" kludges
5000f169 Temporary set vagrant to 2.4.1-1
b9dfb22d readme: drop unused memfd-bind reference
aa505bfa memfd-bind: mention that overlayfs obviates the need for it
9bc42d61 dmz: overlay: set xino=off to disable dmesg spam
9ce7392b Vagrantfile.fedora: bump Fedora to 41
609e9a51 Vagrantfile.fedora: stop using dnf shell
80c46d31 build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0
5586d7ca libct: rm obsoleted comment
f9fd70b7 CHANGELOG: add (forward-port) v1.1.15 changes
8cc73754 libct: fix a comment
ee1bced1 script/check-config.sh: add OVERLAY_FS check
c8f5d033 docs: remove prompt symbols from shell snippets
871057d8 drop runc-dmz solution according to overlay solution
34a92855 test join other container userns with selinux enabled
c78f3f2e libct/nsenter: become root after joining userns
1e674098 libct/int: add exec benchmark
cb201487 libct/int: use testing.TB for utils
4df7b1b1 build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0
cbb9b309 ci: use Go 1.23
732806e2 runc update: fix updating swap for cgroup v2
cb9f3d6d libct/cg: improve ConvertMemorySwapToCgroupV2Value
69b3be76 build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0
eb2ff52a libct: rm x/sys/execabs usage
f20f273a build(deps): bump github.com/opencontainers/selinux
139789f1 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
93db63ab build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
af024b6c build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2
42f96305 VERSION: back to development
0b9fa21b VERSION: release v1.2.0
568231cc Revert "increase memory.max in cgroups.bats"
e6699266 fix an error caused by fd reuse race when starting runc init
515f09f7 dmz: use overlayfs to write-protect /proc/self/exe if possible
8cfbccb6 tests: integration: add helper to check if we're in a userns
54ef07d8 tests/int: skip "update memory vs CheckBeforeUpdate" on EL9
ff775363 tests/int: rm centos-7 exclusion
76a821fa tests/int: update info about EL9 kernel
b5bdf592 libct: rm initWaiter
9fa324c4 dmz: cloned binary: set +x permissions when creating regular tmpfile
324fcea4 Terminate execution for criu that does not meet version requirements
eff6f049 libct/cap: no need to load capabilities
9b60a93c libcontainer/userns: migrate to github.com/moby/sys/userns
1623cde1 go: update github.com/cyphar/filepath-securejoin to v0.3.4
4fdd5616 memfd-bind: more specific doc URL
9e554587 memfd-bind: fixup systemd unit file and README
13a6f560 runc run: fix mount leak
b096459a vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
f55957de build(deps): bump bats-core/bats-action from 2.1.1 to 3.0.0
bb2bd38d change go minimum version in README
faffe1b9 replace strings.SplitN with strings.Cut
1be06760 libcontainer/cgroups/fs: remove todo since strings.Fields performs well
7a449109 libct/README: simplify example, rm inheritable caps
0de19533 runc spec, libct/int: do not add ambient capabilities
3e3f9603 runc exec --cap: do not add capabilities to ambient
5b161e04 update bats-action to 2.1.1
35f999dd remove installation of unused bats support libs
10c951e3 add ErrCgroupNotExist
319e133c go.mod: Use toolchain 1.22.4
8671a7db ci: update to setup bats action from bats-core
30f8f51e runc create/run: warn on rootless + shared pidns + no cgroup
21c61165 tests/int: log when teardown starts
b1449fd5 libct: use Namespaces.IsPrivate more
d8844e29 tests: integration: add setgid mkdirall test
066b109e vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2
646efe70 utils: mkdirall: mask silently ignored mode bits to match os.MkdirAll
457e1ffa tests: add regression test for CVE-2019-19921 / CVE-2023-27561
216175a9 Upgrade Cilium's eBPF library version to 0.16
a31efe70 libct/seccomp/patchbpf: use binary.NativeEndian
429e06a5 libct: Signal: honor RootlessCgroups
dd827f7b utils: switch to securejoin.MkdirAllHandle
1d308c7d vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1
5ab5ef3d deps: update to golang.org/x/sys@v0.22
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
a748f51ec4 |
runc: package configuration test script
Like docker, there is runc / OCI check-config.sh script that is useful when determining if your kernel is properly configured. We can package it in a -check package, and install it to a similar location as the docker variant. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
4c996d1b17 |
runc: update to v1.2.0-rc.3
Bumping runc to version v1.2.0-rc.3-3-gf9f57641, which comprises the following commits:
429e06a5 libct: Signal: honor RootlessCgroups
961b8031 VERSION: back to development
45471bc9 VERSION: release v1.2.0-rc.3
6c24b2e8 changelog: update to include 1.1.14 notes
63c29081 rootfs: try to scope MkdirAll to stay inside the rootfs
767bc008 Makefile: Don't read COMMIT, BUILDTAG, EXTRA_BUILDTAGS from env vars
2cd24a4d ci/gha: add all-done jobs
cc2078cc Makefile: Add EXTRA_VERSION
f76489f0 mv contrib/cmd tests/cmd (except memfd-bind)
f4cc3d83 Revert "allow overriding VERSION value in Makefile"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
3f7eda960f |
runc-opencontainers: update to v1.2.0-rc.2-tip
Bumping runc to version v1.2.0-rc.2-44-g376e875f, which comprises the following commits:
cc2078cc Makefile: Add EXTRA_VERSION
f4cc3d83 Revert "allow overriding VERSION value in Makefile"
606257c6 Bump golangci-lint to v1.60, fix new warnings
adedeb99 ci/gha: add Go 1.23, drop 1.21
be539412 ensure we can download the specific version's go
a7c8d86f tests/int: fix "cpu burst" failure on new kernels
b437ed30 tests/int: check_{systemd,cgroup}_value: better log
2c398bb4 libct/int/seccomp_test: simplify exit code checks
171304c8 docs/systemd: fix a broken link
1410a698 rootfs: consolidate mountpoint creation logic
6fc2733a document build prerequsites for different platforms
15ec295b ci/gha: bump golangci-lint to v1.59
bb2db7b4 libct: drop error from (*Container).currentState return
c8395b6e Enable govet nilness, fix an issue
a5e660ca seccomp-notify.bats: add fcntl to the important syscall list
e7848482 Revert "libcontainer: seccomp: pass around *os.File for notifyfd"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
fda631c22f |
runc-opencontainers: update to 1.2.0-rc2
Bumping runc to version v1.2.0-rc.2-21-g3778ae60, which comprises the following commits:
309a6d91 ci/gha: add go-fix job
a5e660ca seccomp-notify.bats: add fcntl to the important syscall list
e7848482 Revert "libcontainer: seccomp: pass around *os.File for notifyfd"
b18d052b ci/cirrus: switch from CentOS to Almalinux
8b1c0f7e CHANGELOG.md: dedup v1.2.0-rc.2 notes
6980adb6 libct/userns: implement RunningInUserNS with sync.OnceValue
b3b31ff2 libct/userns: make fuzzer Linux-only, and remove stub for uidMapInUserNS
5b09a712 libct/userns: change RunningInUserNS to a wrapper instead of an alias
30b530ca libct/userns: split userns detection from internal userns code
c1421339 remove pre-go1.17 build-tags
5ea76254 VERSION: back to development
f2d2ee5e VERSION: release 1.2.0-rc.2
ee601b87 MAINTAINERS_GUIDE: rm chief maintainer role
d6563f6b MAINTAINERS: move crosbymichael to EMERITUS
ad976aa1 put the changelog of v1.1.13 after v1.2.0-rc.1
4e2d7c0a update changelog after v1.1.13 released
2cb46c6e script/keyring_validate.sh: fix a typo
d6e427e1 runc exec: avoid stuttering in error messages
a6d46ed1 runc exec: improve options parsing
42cea2ec libct: don't allow to start second init process
e3e10725 libct: fix locking in Start/Run/Exec
304a4c0f libct: createExecFifo: rm unneeded os.Stat
e7294527 try to delete exec fifo file when failure in creation
1c505fff Revert "Set temporary single CPU affinity..."
f8f1bc9a Vagrantfile.fedora: bump to F40
77190360 libct/cg: write unified resources line by line
40dd884a MAINTAINERS: add Rodrigo Campos
3019e842 libct/cg: use clear built-in
b7fdd524 libct: use slices package
a1e87f8d libct: rm eaccess
6b2eb52f go.mod,README: require Go 1.21
17380da2 Dockerfile: switch to Go 1.22 and Debian 12
a3302f20 ci: switch to go 1.22 as main version
e660ef61 libct/nsenter: stop blacklisting go 1.22+
24c2d28d fix a debug msg for user ns in nsexec
3083bd44 tests/cgroups: separate cgroup v2 swap test
4209439b libct/cg/fs/v2: ignore setting swap in some cases
dbb011ec tests/int/helpers: fix cgroups_swap check for v2
8626c717 tests/int: fixup find statements
e530b2a6 tests/int/update: fix v2 swap check
024c2711 make trimpath optional
760105ab script/*: fix gpg usage wrt keyboxd
67f6c37b ci/gha: switch to ubuntu 24.04
40bb9c46 ci/cirrus: rm centos stream 8
48c4e733 ci: workaround for centos stream 8 being EOLed
5c5ebe77 tests/int/scheduler: require smp
b24fc9d2 ci: pin codespell
584afc67 libct/system: ClearRlimitNofileCache for go 1.23
b74b33c4 Dockerfile: bump Debian to 12, Go to 1.21
d697725a libct/cg/dev: fix TestSetV1Allow panic
177c7d4f Fix codespell warnings
a35f7d80 fix comments for ClearRlimitNofileCache
6ab3d8ad vendor: golang.org/x/net@v0.24.0
f8052066 libct/cg/fs: fix setting rt_period vs rt_runtime
e5e8f336 .cirrus.yml: rm FIXME from rootless fs on CentOS 7
36be6d05 libct/int: checkpoint test: skip pre-dump if not avail
e42d981d libct/int: rm double logging in checkpoint_test
62a31465 libct/int/cpt: simplify test pre-check
e676dac5 libct/criu: simplify checkCriuFeatures
f6a8c9b8 libct: checkCriuFeatures: return underlying error
4ea0bf88 update/add some tests for rlimit
da68c8e3 libct: clean cached rlimit nofile in go runtime
a853a826 runc exec: setupRlimits after syscall.rlimit.init() completed
f452f667 ci/gha: bump golangci-lint-action from 5 to 6
bac50646 libct: fix a comment
dbd0c334 libct/system: rm Execv
9d9273c9 allow overriding VERSION value in Makefile
75e02193 use go mod instead of go get in spec.bats
b032fead libct/cg/fs: don't write cpu_burst twice on ENOENT
6bf1d3ad tests/int/tty: increase the timeout
8732eada Vagrantfile.fedora: bump Fedora to 39
d63018c2 ci/gha: bump golangci-lint to v1.57
0eb8bb5f Format sources with gofumpt v0.6
6bcc7361 ci/gha: bump golangci/golangci-lint-action to v5
baba55e2 ci/actuated: re-enable CRIU tests
f6b7167b tests/int/checkpoint: add requires criu_feature_xxx
e5c82f00 tests/int/checkpoint: rm double logging
00238f5d CI: add actuated-arm64
758b2e2b helpers.bats: cgroups_cpu_burst: check kernel version
d618c6fe cgroups.bats: check cgroups_io_weight
053f6a0d seccomp_syscall_test1: use ftruncate instead of kcmp
30dc98f5 CI: run apt with -y
4f3319b5 libct: decouple libct/cg/devices
afc23e33 Set temporary single CPU affinity before cgroup cpuset transition.
cde1d090 libcontainer: force apps to think fips is enabled/disabled for testing
6b1f7308 tests/integration: Fix remount on debian testing
5052c075 tests/integration/mounts_sshfs.bats: Fix test on debian testing
e4bf49ff runc update: distinguish nil from zero
afcb9c2e add a test case for runc update cpu burst
5194bd8d VERSION: back to development
275e6d85 VERSION: release v1.2.0-rc.1
fc3e04dc changelog: update to include all new changes since 1.1.0
b47fb3fd changelog: sync changelog entries up to runc 1.1.12
d4b670fc changelog: mention key breaking changes for mount options
851e3882 ci/test: exclude some runc_nodmz jobs
e377e168 [hotfix] nsenter: refuse to build with Go 1.22 on glibc
ac31da6b ci/cross-i386: pin Go to 1.21.x
bfbd0305 Add I/O priority
ccc500c4 seccomp: patchbpf: always include native architecture in stub
b288abea seccomp: patchbpf: rename nativeArch -> linuxAuditArch
ab6788d3 Remove dependabot ignore
cdccf6d6 build: update libseccomp to v2.5.5
da79b616 fix runc-dmz bin path error in Makefile
37581ad3 dmz: remove SELinux special-casing
eefc6ae2 features: implement returning potentiallyUnsafeConfigAnnotations list
606251ab build(deps): bump github.com/opencontainers/runtime-spec
bb5673f2 build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0
7ab66b18 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
6056ed2d build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0
fc76b136 Makefile: Fix runc-dmz removal
46b72107 contrib/cmd/memfd-bind: Mention runc-dmz needs RUNC_DMZ=true
1dae66f7 libct/dmz: Require RUNC_DMZ=true to opt-in
935d586b build(deps): bump tim-actions/get-pr-commits from 1.3.0 to 1.3.1
86360598 tests/int: fix flaky kill tests
82499d42 Fixed spelling mistake in the Makefile at .PHONY vendor
93e37723 ci/golangci-lint: add checks permission
302b2e89 tests/int: use gawk where needed
3a9859bd libct/nsenter: rm unused include
ea140db7 libct/nsenter: rm unused code
27cbabd0 build(deps): bump golangci/golangci-lint-action from 3 to 4
afd90f44 build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
97632a6d build(deps): bump github.com/containerd/console from 1.0.3 to 1.0.4
174940a7 build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
a596a055 update go version to 1.21 in cirrus ci
bc4a869d test: no execve error msg synced to parent process
d0750587 close the sync pipe explicitly in exec
0bc4732c test for execve error without runc-dmz
35aa63ea never send procError after the socket closed
d8edada9 init: don't special-case logrus fds
ee73091a libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
89c93ddf cgroup: plug leaks of /sys/fs/cgroup handle
f2f16213 init: close internal fds before execve
8e1cd2f5 init: verify after chdir that cwd is inside the container
7094efb1 init: use *os.File for passed file descriptors
093c83e1 keyring: update AkihiroSuda key expiry
34eceb21 keyring: update cyphar@cyphar.com key expiry
fe95a2a0 tests/integration: Test exec failures
8afeccc8 libct/dmz: Print execve() errors
b1e3c3c7 build(deps): bump golang.org/x/net from 0.19.0 to 0.20.0
2a473a76 Add CONFIG_NETFILTER_XT_MATCH_COMMENT to check
e1e3ca02 build(deps): bump golang.org/x/sys from 0.15.0 to 0.16.0
68438ba2 fix scheduler validate
55c9d6bf we have implemented idmapped-mounts with no limitations
e90d8cb8 we have supported rsvd hugetlb cgroup
a7c3e07c libct: Improve error msg when idmap is not supported
43306be3 build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
5a4f5217 script/check-config.sh: check CONFIG_BLK_CGROUP_IOCOST
d87366f0 scripts/check-config: fix kernel version checks
7f65cc75 script/check-config.sh: check CONFIG_CHECKPOINT_RESTORE
6aa4c1a1 script/check-config: disable colors
b94b5590 scripts/check-config: don't check MEMCG_SWAP on newer kernels
3f4a73d6 TestCheckpoint: skip on ErrCriuMissingFeatures
c8113085 remove remap-rootfs bin when running make clean
0bbb7e9f move the target 'clean' next to 'all'
d08ba9ca fix a (u|g)IDMappings type value convertion error
7b655782 build(deps): bump actions/upload-artifact from 3 to 4
482e5637 configs: make id mappings int64 to better handle 32-bit
fa93c8b0 tests: mounts: add some tests to check mount ordering
3b57e45c mount: add support for ridmap and idmap
7795ca46 specconv: handle recursive attribute clearing more consistently
cdff09ab rootfs: fix 'can we mount on top of /proc' check
8e8b136c tree-wide: use /proc/thread-self for thread-local state
a04d88ec vendor: update to github.com/moby/sys/mountinfo@v0.7.1
5ae88daf idmap: allow arbitrary idmap mounts regardless of userns configuration
ba0b5e26 libcontainer: remove all mount logic from nsexec
ebcef3e6 specconv: temporarily allow userns path and mapping if they match
e66ba70f build(deps): bump actions/setup-go from 4 to 5
c045886f tests: remap rootfs for userns tests
6fa8d068 integration: add mega-test for joining namespaces
e6fb7fe5 nsexec: allow timens to work with non-rootless userns
09822c3d configs: disallow ambiguous userns and timens configurations
3bab7e92 configs: clean up error messages for Host[UG]ID
9387eac3 init: don't pre-flight-check the set[ug]id arguments
1912d598 *: actually support joining a userns with a new container
88411747 tests: integration: fix spurious SC203[01] shellcheck errors
c25493fc build(deps): bump golang.org/x/net from 0.17.0 to 0.19.0
b2782965 build(deps): bump golang.org/x/sys
a6f40817 libct: Destroy: don't proceed in case of errors
ab3cd8d7 runc delete, container.Destroy: kill all processes
7396ca90 runc delete: do not ignore error from destroy
d3d7f7d8 libct/cg: improve cgroup removal logic
29283bb7 runc delete -f: fix for no pidns + no init case
dcf1b731 runc kill: fix sending KILL to non-pidns container
542cce01 libct: Signal: slight refactor
d9f2a24a libct: replace runType with hasInit
94505a04 *: introduce pidfd-socket flag
3bde5111 fix some unit test error after bump ebpf to 0.12.3
b2f7614a bump github.com/cilium/ebpf from 0.12.2 to 0.12.3
823636c3 ci/cirrus: disable selinux-dmz kludge for centos-stream-8
9d8fa6d6 libcontainer: dmz: fix "go get" builds
669f4dbe configs: validate: add validation for bind-mount fsflags
4bf8b555 libct: Remove old comment
87bd7846 Add dmz-vs-selinux kludge and a way to disable it
393c7a81 README: fix reference to memfd-bind
b39781b0 tests/int: add selinux test case
b2539a7d libct/cg: skip TestWriteCgroupFileHandlesInterrupt on CentOS 7
a2f7c6ad internal/testutil: create, add SkipOnCentOS
2c9598c8 libct/cgroups.OpenFile: clean "file" argument
98511bb4 linux: Support setting execution domain via linux personality
6d279220 tests/int: fix flaky "runc run with tmpfs perm"
104b8dc9 libct/cg: add swapOnlyUsage in MemoryStats
7c71a227 rootfs: remove --no-mount-fallback and finally fix MS_REMOUNT
153865d0 tests/int: fix teardown in mounts_sshfs.bats
7f5daa88 libct/cg/fs.Set: fix error message
5ea7c60f tests/int: fix cgroup tests
bbf8eff8 tests/int: fix "runc run (hugetlb limits)"
d60d17a6 build(deps): bump github.com/cilium/ebpf from 0.12.1 to 0.12.2
9cd5d6cd libct/cg: remove retry on EINTR in
54d38c61 build(deps): bump github.com/cilium/ebpf from 0.12.0 to 0.12.1
f944d7b6 ci/gha: fix downloading Release.key
b6a0c483 libct/dmz: Support compiling on all arches
4a7d3ae5 libct/cg: support hugetlb rsvd
aec0dc7d build(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.0
6f7266c3 libcontainer: drop system.Setxid
2860708d build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0
b8f75f39 Makefile: move .PHONY to before each target
bdf78b44 libct/cg/dev: add sync.Once to test case
46bfcac8 Makefile: avoid calling sub-make
961d0f12 Makefile: make verify-dmz-arch less talkative
fa8f3817 ci: skip TestPodSkipDevicesUpdate on CentOS 7
927a5836 build(deps): bump golang.org/x/net from 0.15.0 to 0.16.0
0ab58aa2 build(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0
730bc844 Fix directory perms vs umask for tmpcopyup
770728e1 Support `process.scheduler`
efbebb39 libct: rename root to stateDir in struct Container
c89faacc libc: rm _LIBCONTAINER_STATEDIR
6538e6d0 libct: fix a typo
109dcadd fix two typos
f755c808 libct/cg/stats: support misc for cgroup v2
2e2ecf29 libct: use chmod instead of umask
4b3b7e99 docs/spec-conformance: update
531e29e1 script/lib.sh: set GOARM=5 for armel, GOARM=6 for armhf
90606665 docs: clarify the supported architectures (No MIPS)
9976be86 libct/dmz: Move comment out of the Makefile rule
90f5da65 libct/dmz: Reduce the binary size using nolibc
8da42aae sync: split init config (stream) and synchronisation (seqpacket) pipes
ccc76713 sync: rename procResume -> procHooksDone
99469eba Handle kmem.limit_in_bytes removal
90c8d36a dmz: use sendfile(2) when cloning /proc/self/exe
f8348f64 tests: integration: add runc-dmz smoke tests
6be763ee tests: integration: fix capability setting for CAP_DAC_OVERRIDE
b9a4727f contrib: memfd-bind: add helper for memfd-sealed-bind trick
dac41717 runc-dmz: reduce memfd binary cloning cost with small C binary
e089db3b dmz: add fallbacks to handle noexec for O_TMPFILE and mktemp()
0e9a3358 nsexec: migrate memfd /proc/self/exe logic to Go code
321aa20c scripts: add proper 386 and amd64 target triples and builds
d9ea71bf deprecate libcontainer/user
ca32014a migrate libcontainer/user to github.com/moby/sys/user
65a1074c increase memory.max in cgroups.bats
b17c6f23 validator: Relax warning for not abs mount dst path
c378602b libct/specconv: remove redundant nil check
c7ad2749 build(deps): bump github.com/cyphar/filepath-securejoin
e1584831 libct/cg: add CFS bandwidth burst for CPU
1fe9447f build(deps): bump golang.org/x/net from 0.14.0 to 0.15.0
2d0cd0b3 build(deps): bump actions/checkout from 3 to 4
d8e9ed3e libcontainer/userns: simplify, and separate from "user" package.
5f05b96e build(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0
937ca107 Fix File to Close
e8525238 tests/int: add a test for host mntns vs hooks
41778ddc Fix for host mount ns containers
fe6f33b2 build(deps): bump tim-actions/commit-message-checker-with-regex
0f3eeb9b tests/int: add failed hooks tests
cadf0a14 tests/int: rename hooks.bats to hooks_so.bats
6a4870e4 libct: better errors for hooks
f62f0bdf Remove nolint annotations for unix errno comparisons
17e7e230 ci/gha: bump golangci-lint to v1.54
b3e97214 Add issue reference to nolint annotation
cc7e607a features: Expose idmap support
671e211e vendor: Update runtime-spec to expose mountExtensions
b22073c5 ci/gha: add job timeouts
1f25724a configs: fix idmapped mounts json field names
8aa97ad3 nsexec: remove cgroupns special-casing
5c7839b5 rootfs: use empty src for MS_REMOUNT
20b95f23 libcontainer: seccomp: pass around *os.File for notifyfd
f81ef149 libcontainer: sync: cleanup synchronisation code
c6e7b1a8 libct: initProcess.start: fix sync logic
b0c7ce51 makefile: quote TESTFLAGS when passing to containerised make
aa5f4c11 tests: add several timens tests
9acfd7b1 timens: minor cleanups
46d6089f ci/gha: re-enable go caching
5741ea23 ci: add go 1.21, remove go 1.19
ec2ffae5 libct: Allow rel paths for idmap mounts
19d26a65 Revert "libct/validator: Error out on non-abs paths"
61a454cc build(deps): bump golang.org/x/net from 0.13.0 to 0.14.0
883aef78 libct/init: unify init, fix its error logic
789a73db init.go: move logger setup to StartInitialization
0d890ad6 nsenter: cloned_binary: use MFD_EXEC and F_SEAL_EXEC
b999376f nsenter: cloned_binary: remove bindfd logic entirely
38676931 criu: do not add log file into error message
c77aaa3f criu checkpoint/restore: print errors from criu log
e4478e9f criuSwrk: simplify switch
cb981e51 libct: move criu-related stuff to separate file
f88a7654 ci: fix flaky test "update memory vs CheckBeforeUpdate"
5c6b334c ci: fix TestOpenat2 when no systemd is used
962019d6 ci: fix TestNilResources when systemd not available
cfc801b7 Fix running tests under Docker/Podman and cgroup v2
ebc2e7c4 Support time namespace
83137c68 add a test case about missing stricky bit
6092a4b4 fix some file mode bits missing when doing mount syscall
06882888 contrib/fs-idmap: Move logic to a new function
855c5a0e contrib/fs-idmap: Don't hardcode sleep path
882e5fe3 contrib/fs-idmap: Check exactly 2 args are received
821d0018 contrib/fs-idmap: Remove not needed flags
7d2becdf libct/cg/fs2: use `file` + `anon` + `swap` for usage
99340bb0 contrib/fs-idmap: Reap childs
c537cb3d build(deps): bump golang.org/x/net from 0.12.0 to 0.13.0
70f4e46e utils: use close_range(2) to close leftover file descriptors
57f31c68 libct/nsenter: Show better errors for idmap mounts
701dff79 libct/cg/sd: use systemd v240+ new MAJOR:* syntax
da780e4d Fix bind mounts of filesystems with certain options set
237acdd8 add some important announcements in unreleased section
c875ea85 use the length of UIDMappings/GIDMappings to check whether empty or not
d9494fc6 CHANGELOG: forward-port 1.1.6-1.1.8 changes
11b6c9b6 build(deps): bump github.com/opencontainers/runtime-spec
a3785c88 Remove idmapFD field for mountEntry
46ada59b Use an *int for srcFD
c47f58c4 Capitalize [UG]idMappings as [UG]IDMappings
f92057aa tests/int: update set_cgroups_path doc
19f76b66 tests/int/ps: enable for rootless
867ee905 docs: Update spec conformance for idmap mounts
b460dc39 tests/integration: Add tests for idmap mounts
fda12ab1 Support idmap mounts on volumes
98317c16 ci: bump golangci-lint, remove fixed exception
fe4528b1 libcontainer: Just print the mountFds slice len on errors
73b64970 libcontainer: Add mountFds struct
0172016a libcontainer: Add generic parseFdsFromEnv()
f5814a10 libcontainer: Add generic sendFdsSources()
96bd4875 nsenter: Add idmap helpers
5166164d nsexec: Add generic receive_sources()
4b668a82 Switch setupUserNamespace() to use the toConfigIDMap() helper
fbf183c6 Add uid and gid mappings to mounts
83418f88 build(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0
2c844977 build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0
881e92a3 libct/validator: Error out on non-abs paths
45c75ac7 build(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0
017d6996 libct/nsenter: namespace the bindfd shuffle
3b191ff7 libct/nsenter: set FD_CLOEXEC on received fd
8f671781 libct/nsenter: refactor ipc funcs for reusability
890dceee libct/nsenter: annotate write_log() prototype
35fddfd2 chore(libct/nsenter): extract utility code
37732d1e MAINTAINERS: add Li Fu Bang
ad040b1c tests/int/delete: make sure runc delete removes failed unit
58a811f6 tests/int: add/use "requires systemd_vNNN"
43564a7b runc delete: call systemd's reset-failed
91b4cd25 libct/cg/sd: remove logging from resetFailedUnit
dacb3aaa tests/int/cgroups: remove useless/wrong setting
5cdf7671 libct/cg: IsCgroup2UnifiedMode: don't panic
5e53e659 ci: bump shellcheck to 0.9.0, fix new SC2016 warnings
a57d94d3 build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
9fa8b9de Fix tmpfs mode opts when dir already exists
eb55472e Fix integration tests failure when calling "ip"
a52efc1f build(deps): bump golang.org/x/net from 0.10.0 to 0.11.0
e3627658 .codespellrc: update for 2.2.5
c9209fd2 ci/gha: don't skip rootless+systemd on ubuntu 22.04
1aa7ca80 libct/cg/stats: support PSI for cgroup v2
bc390b2e build(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0
73b5dc02 docs/systemd: fix a broken link
62963fef libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
0ac3376c go.mod: runtime-spec v1.1.0-rc.3
78d31a49 ci/cirrus: enable rootless tests on cs9
41e04aa6 tests/int: rename a variable
e83ca519 tests/int/cgroups: filter out rdma
31e3c229 build(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
7d09ba10 libct: implement support for cgroup.kill
f8ad20f5 runc kill: drop -a option
9583b3d1 libct: move killing logic to container.Signal
2a7dcbbb libct: fix shared pidns detection
5b8f8712 libct: signalAllProcesses: remove child reaping
e0e8d9c8 tests/int/kill: add kill -a with host pidns test
67bc4bc2 tests/rootless.sh: drop set -x
fed0b124 tests/int: increase num retries for oom tests
5929b019 ci/gha: add space-at-eol check, fix existing issues
511c7614 man/runc: fixes
bb4dbbc4 ci/cirrus: limit numcpu
650efb2c Fix Vagrant caching
b9d2d8d8 build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
7e481ee2 libct/int: remove logger from init
eba31a7c libct/StartInitialization: rename returned error
4f0a7e78 libct/init: call Init from containerInit
72657eac libct: move StartInitialization
2a347045 build(deps): bump tim-actions/get-pr-commits from 1.2.0 to 1.3.0
62cc13ea gha: disable setup-go cache for golangci job
083e9789 ci/gha: rm actions/cache from validate/deps job
da5cdfed ci/gha: fix cross-i386
b32655d2 ci/gha: rm kludges for cross-i386 job
f6c393da features: graduate from experimental
6beb3c6a go.mod: runtime-spec v1.1.0-rc.2
882a2cc8 build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
02afa9f1 build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
a60933bb libct/rootfs: introduce and use mountEntry
976748e8 libct: add mountViaFDs, simplify mount
5a177463 deps: bump urfave/cli
20e38fb2 init: do not print environment variable value
5f6aafb3 libct: document process.LogLevel field
defb1cc7 libct/cg/dev: optimize and test findDeviceGroup
13091eee ci: bump bats 1.8.2 -> 1.9.0
a1920009 Vagrantfile.fedora: bump to 38
33b6ec29 ci/cirrus: use vagrant from hashicorp repo
14d6c7df runc.keyring: add Akihiro Suda
d7208f59 libct/cg/sd: use systemd version when generating dev props
cfc3c6da scripts: keyring validate: print some more information
a7583103 runc.keyring: add Kolyshkin
42a10919 runc-kill(8): amend the --all description
fe278b9c libct: fix a race with systemd removal
056ec0ca keyring: add Aleksa's <cyphar@cyphar.com> signing key
0c9c60aa keyring: add Aleksa's <asarai@suse.com> signing key
22538f89 keyring: verify runc.keyring has legitimate maintainer keys
957bccfe scripts: release: add verification checks for signing keys
87214947 release: add runc.keyring file and script
d9230602 Implement to set a domainname
6053aea4 Fix undefined behavior. Do not accept setjmp return value as variable.
953e1cc4 ci/gha: switch to or add ubuntu 22.04
439673d5 build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0
fd1a79ff ci/cirrus: improve host_info
873d7bb3 ci/cirrus: use Go 1.19.x not 1.19
611bbacb libct/cg: add misc controller to v1 drivers
9b71787b tests/int: fix some checks
9dbb9f90 ci: bump bats 1.3.0 -> 1.8.2
a6e95c53 build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
fd5debf3 libct/cg: rm GetInitCgroup[Path]
1034cfa8 build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
ed9651bc libct/cg/sd: support setting cpu.idle via systemd
b5ecad7b tests/int/update: test bad cpu.idle values
3ffbd4c8 tests/int: fix update cpu.idle failure on CS9
509b312c libct/cg/sd/v2: unifiedResToSystemdProps nit
82bc89cd runc run: refuse a non-empty cgroup
1d18743f libct/cg/sd: reset-failed and retry startUnit on UnitExists
c2533420 libct/cg/sd: ignore UnitExists only for Apply(-1)
c6e8cb79 libct/cg/sd: refactor startUnit
9f32ce6a CHANGELOG: forward-port 1.1.4 and 1.1.5 changes
73acc77b libct/cg: rm EnterPid
4ff49046 Makefile: add verify-changelog as release dependency
b2fc0a58 verify-changelog: allow non-ASCII
370e3be2 tests/int/mounts: only check non-shadowed mounts
a37109ce tests/int/mount: fix issues with ro cgroup test
8293ef2e tests/int: test for CAP_DAC_OVERRIDE
8491d334 Fix runc run "permission denied" when rootless
99a337f6 Dockefile: bump go go 1.20
da98076c mountToRootfs: minor refactor
54e20217 libctr/cgroups: don't take init's cgroup into account
a7a836ef libct/cg/dev: skip flaky test of CentOS 7
65df6b91 fix wrong notes for `const MaxNameLen`
9d45ae8d tests: Fix fuzzer location in oss-fuzz config
0d72adf9 Prohibit /proc and /sys to be symlinks
8f0d0c4d build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
cecb039d nsexec: retry unshare on EINVAL
e3cf217c build(deps): bump actions/setup-go from 3 to 4
a7046b83 build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
df4eae45 rootless: fix /sys/fs/cgroup mounts
afeffb7e .github/ISSUE_TEMPLATE/config.yml: fix contact links
7d940bdf Add `.github/ISSUE_TEMPLATE/config.yml`
6b41f8ed build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
6faef164 build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0
7b4c3fc1 Add support for umask when exec container
f2e71b08 libct/int: make TestFdLeaks more robust
be7e0394 libct/int: wording nits
7c75e84e libc/int: add/use runContainerOk wrapper
97ea1255 Fix runc crushes when parsing invalid JSON
b3b0bde6 build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
2e44a202 Makefile: fix typo in LDFLAGS_STATIC
92a4ccb8 specconv: avoid mapping "acl" to MS_POSIXACL
2adeb6f9 nsexec: Remove bogus kill to stage_2_pid
4d0a60ca tests: Fix weird error on centos-9
2ca3d230 nsexec: Add debug logs to send mount sources
e412b4e8 docs: add docs/spec-conformance.md
787fcf09 go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.1
fbfc6afe tests: add tests for capabilities
bc8d6e3b build(deps): bump github.com/opencontainers/selinux
0e1346fe build(deps): bump golang.org/x/net from 0.5.0 to 0.6.0
42dffaaa Dockerfile: fix build wrt new git
14e3ce9e build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0
1bb6209a tests/int: test for /dev/null owner regression
7e5e017d libcontainer: skip chown of /dev/null caused by fd redirection
5ecd40b9 Add Go 1.20, require Go 1.19, drop Go 1.18
81ca678f Disable clang-format
81c379fa support SCHED_IDLE for runc cgroupfs
5ce511d6 nsexec: Check for errors in write_log()
3fbc5ba7 ci: add tests/int/get-images.sh check
6d28928c Explicitly pin busybox and debian downloads
e29e57b5 libcontainer: configs: ensure can build on darwin
cc63d074 build(deps): bump github.com/cilium/ebpf from 0.9.3 to 0.10.0
6676f980 tests/integration/get-images.sh: fix busybox.tar.xz URL
eacada76 build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0
0ac98807 libct/cg/sd: stop using regex, fix systemdVersionAtoi
b44da4c0 libct: validateID: stop using regexp
15677e7b ci: fix delete.bats for GHA
c4aa452b tests/int/checkpoint: fix lazy migration flakiness
68352878 man/runc-restore: describe restore into different cgroup
d4582ae2 tests/int: add "--manage-cgroups-mode ignore" test
e8cf8783 libct/criuApplyCgroups: add a TODO
3438ef30 restore: fix --manage-cgroups-mode ignore on cgroup v2
212d25e8 checkpoint/restore: add --manage-cgroups-mode ignore
ff3b4f3b restore: fix ignoring --manage-cgroups-mode
4f2af605 build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
19a9d9fc tests/int: use runc features in seccomp flags test
ac04154f seccomp: set SPEC_ALLOW by default
076745a4 runc features: add seccomp filter flags
ab848089 types/features: fix docstrings
8e9128ff Vagrantfile.fedora: upgrade Fedora to 37
9fc707e7 Fixed init state error variable
067ca8f5 notify_socket.go: use sd_notify_barrier mechanism
ee88b900 notify_socket.go: avoid use of bytes.Buffer
313723fd fix libcontainer example
9f383793 build(deps): bump golang.org/x/net from 0.1.0 to 0.2.0
467dd234 build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0
e0d3c3e0 build(deps): bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0
783f9ffe runc checkpoint: destroy only on success
79aedac1 go.mod: golang.org/x/*: use tagged versions
6462e9de runc update: implement memory.checkBeforeUpdate
56edc41c ci: bump shfmt to 3.5.1, simplify CI setup
18f8f482 Fix comment of signalAllProcesses for process wait due to sigkill
2cd05e44 libct/seccomp/patchbpf: rm duplicated code
fbce47a6 deps: bump github.com/checkpoint-restore/go-criu to 6.3.0
b265d128 libct/seccomp: enable binary tree optimization
65840f64 tests/int/seccomp: fix flags test on ARM
6bf2c3b6 ci/gha: use v3 tag for actions/cache
a04363c1 build(deps): bump actions/cache from 3.0.10 to 3.0.11
4a8750d9 tests/int: add a "update cpuset cpus range via v2 unified map" test
77cae9ad cgroups: cpuset: fix byte order while parsing cpuset range to bits
462e719c Fixes inability to use /dev/null when inside a container
04389ae9 libcontainer/cgroups: return concrete types
ae53cde3 cirrus-ci: install EPEL on CentOS 7 conditionally
8584900e build(deps): bump actions/cache from 3.0.9 to 3.0.10
1be5d45d build(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.9.3
79a5c110 build(deps): bump actions/cache from 3.0.8 to 3.0.9
da9126f7 build(deps): bump github.com/opencontainers/selinux
7189ba8d build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0
491713e8 cirrus-ci: enable EPEL for CentOS 7
4e65118d tests/int/helpers: gawk -> awk
0ffb49db tests/int: suppress bogus error
6fce0a1c build(deps): bump github.com/checkpoint-restore/go-criu/v6
e965e10c tests/int: do not set inheritable capabilities
29a28848 Add check for CONFIG_CGROUP_BPF in check-config.sh
746f4580 deps: bump go-criu to v6
45041985 build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0
26dc55ef seccomp: fix flag test to actually check the value
c7dc8b1f libct/seccomp/patchbpf: support SPEC_ALLOW
8206f5b2 build(deps): bump actions/cache from 3.0.7 to 3.0.8
58b1374f Fix failed exec after systemctl daemon-reload
df9e32bc ci: fix for codespell 2.2
b7dcdcec Add go 1.19, require go 1.18, drop go 1.17
0f4bf2c8 ci/gha: bump golangci-lint to 1.48
45cc290f libct: fixes for godoc 1.19
bf8d7c71 build(deps): bump actions/cache from 3.0.5 to 3.0.7
589a9d50 ci/gha: fix cross-386 job vs go 1.19
450dd3e2 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
6d00bf6c build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
ea0bd782 libct/intelrdt: check if available iff configured
56daf36b libct/intelrdt: skip remove unless configured
c156bde7 libct/intelrdt: elide parsing mountinfo
9f107489 libct/intelrdt: skip reading /proc/cpuinfo
13674f43 libct/intelrdt: delete IsMBAScEnabled()
d9a3acb9 build(deps): bump github.com/cilium/ebpf from 0.9.0 to 0.9.1
58ea21da seccomp: add support for flags
c152e831 go.mod: update runtime-spec
4fd4af5b CI: workaround CentOS Stream 9 criu issue
5fd3d09e build(deps): bump actions/cache from 3.0.4 to 3.0.5
66bf3718 tests: replace local hello world bundle with busybox bundle
e119db7a tests: enable seccomp default action tests on arm
d2a5acd2 CHANGELOG.md: forward-port 1.1.x changes
957d97bc Fix error from runc run on noexec fs
086ddb15 Vagrantfile.fedora: upgrade Fedora to 36
35e6c3bf libct/nsenter: switch to sane_kill()
7481c3c9 ci: bump golangci-lint to 1.46
66625701 libct: fix staticcheck warning
d370e3c0 libct: fix mounting via wrong proc fd
c0be1aa2 export blockIODevice
56fcc938 Switch to newer v0.10.0 release of libseccomp-golang
cc0feb4b build(deps): bump actions/cache from 3.0.2 to 3.0.4
5ed3fdff build(deps): bump github.com/moby/sys/mountinfo from 0.6.1 to 0.6.2
343951a2 cgroups: systemd: skip adding device paths that don't exist
03a210d0 libcontainer: relax getenv_int sanity check
72ad2099 docs/cgroup-v2.md: update the distro list
65f41d57 vendor: bump urfave/cli, add urfave_cli_no_docs tag
e0406b4b vendor: bump cilium/ebpf to v0.9.0
6b96cbdd ci: improve shellcheck job
e1d04cdf script/seccomp.sh: check tarball sha256
fbafaf31 ci: drop docker layer caching from release job
f7b07fd5 Dockerfile,scripts/release: bump libseccomp to v2.5.4
6a79271c seccomp: patchbpf: minor cleanups
be6488a5 seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
0ca0bb9f libct/cg/sd: check dbus.ErrClosed instead of isDbusError
47e09976 libct/cg/dev: privatize some functions
b6967fa8 Decouple cgroup devices handling
25f18562 libct/cg/sd: factor out devices.go
d1601160 libct: use `unix.Getwd` instead of `os.Getwd` to avoid symlink
cab38885 go.mod: golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5
a14cc405 release: add riscv64 binary
1d7b2971 libct/seccomp: add riscv64
dafcacb5 Makefile: set CGO_ENABLED=1 when needed
21e32d47 Makefile: add support for static PIE
ab5c60d0 Makefile: fix GO_BUILDMODE setting
f2f6e599 Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
f0f1b5f9 Dockerfile: don't use crossbuild-essential-*
476aa18a Dockerfile: rm dpkg --add-architecture lines
d542ad65 Dockerfile: nit
98fe566c runc: do not set inheritable capabilities
009e627c Vagrantfile.fedora: fix build wrt new git
4d3e52f2 tests/int: fix a bad typo
2ce40b6a Remove tun/tap from the default device rules
68427f33 libct/seccomp/config: add missing KillThread, KillProcess
df2bc138 vendor: bump seccomp/libseccomp-golang to f33da4d
29a56b52 fix deprecated ActKill
9c710564 vendor: bump urfave/cli to v1.22.6
fa83a17c ci/gha: convert lint-extra from a job to a step
de25777a build(deps): bump github.com/moby/sys/mountinfo from 0.6.0 to 0.6.1
d73579ca build(deps): bump actions/cache from 3.0.1 to 3.0.2
66be704d ci/gha: remove stable: when installing Go
b6eb9476 build(deps): bump actions/upload-artifact from 2 to 3
9d2268b9 build(deps): bump actions/setup-go from 2 to 3
b76b6b93 Allow mounting of /proc/sys/kernel/ns_last_pid
67e06706 ci/gha: limit jobs permissions
7260bae6 build(deps): bump actions/cache from 2 to 3.0.1
ae6cb653 man/*sh: fix shellcheck warnings, add to shellcheck
cacc8237 ci: add call to check-config.sh
5d1ef78c script/check-config.sh: enable set -u, fix issues
d66498e7 script/check-config.sh: fix remaining shellcheck warnings
baa06227 script/check-config.sh: fix SC2166 warnings
dc73d236 script/check-config.sh: fix wrap_color usage
6b16d005 shfmt: add more files
01f30162 ci/gha: run on main branch
d77f898f build(deps): bump github.com/opencontainers/selinux
52229286 libct/specconv: use a local variable in CreateCgroupConfig()
d0c89dfa libct/cg: IsCgroup2HybridMode: don't panic
82bc042d build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
d620a401 tests/int: remove $ROOTLESS, use $EUID
d330f94b tests/int/update.bats: fix extra reqs
a2123baf tests/int: replace CGROUP_UNIFIED with CGROUP_V{1,2}
25ef852a tests/int: use = in test for strings comparison
102b8abd libct: rm BaseContainer and Container interfaces
6a3fe161 libcontainer: remove LinuxFactory
6a29787b libct/factory: make some methods functions
8358a0ec libct: StartInitialization: decouple from factory
a78c9a01 libct: remove Factory interface
71bc308b libct/New: remove options argument
b6514469 libct: remove TmpfsRoot
87cf5d20 CI/cirrus: add centos-stream-9
a0f8847e Drop go 1.16
5211cc3f Add / switch to Go 1.18
7cec81e0 libct: suppress strings.Title deprecation warning
fcab941e ci: switch to golangci-lint 1.45
3618079c README.md: add cirrus-ci badge
f309a69a README,libct/README: fix pkg.go.dev badges
48006d00 libct/configs/validate: rootlessEUIDMount: speedup
a99f82ad tests: Add comment to clarify intent of seccomp-notify tests
9f9acd1a tests: Improve name of seccomp notify test
728571c1 tests/int: runc delete: fix flake, enable for rootless
f7637def ci: use golangci-lint-action v3, GO_VERSION
f7d46134 ci: bump golangci-lint to v1.44
89733cd0 Format sources using gofumpt 0.2.1
a43485c9 build(deps): bump actions/checkout from 2 to 3
1a935208 libct/cg/sd: simplify DetectUserDbusSessionBusAddress
11895cd0 libct/cg/sd: escape dbus address value
38c21694 tests/integration/helpers: set -u
c8c3e852 tests: fix checks for non-existent variables
99d5c023 tests/int/{root,list}.bats: ALT_ROOT fixups in teardown
7da77d80 tests/int: don't add --root if $ROOT is not set
9e2a0463 tests/int: fix runc_spec for set -u
ab9609db build(deps): bump github.com/godbus/dbus/v5 from 5.0.6 to 5.1.0
8c04b981 libct/cg/sd/v2: fix ENOENT on cgroup delegation
01f00e1f ensure the path is a sub-cgroup path
40b00886 loadFactory: remove
d1fca8e5 list: report error when non-existent --root is specified
2b07e751 reviseRootDir: skip default values, add validation
899342b5 main: improve XDG_RUNTIME_DIR handling
eb2f08dc checkpoint,restore,list: don't call fatal
36786c36 list, utils: remove redundant code
1d5c3310 configs/validate: looser validation for RDT
0f0f1f61 build(deps): bump github.com/cilium/ebpf from 0.8.0 to 0.8.1
be00ae07 ci: shellcheck: update to 0.8.0, fix/suppress new warnings
0b74e49d runc run/exec: ignore SIGURG
24ab543f build(deps): bump github.com/moby/sys/mountinfo from 0.5.0 to 0.6.0
dbd990d5 libct: rm intelrtd.Manager interface, NewIntelRdtManager
85932850 libct: rm TestGetContainerStats, mockIntelRdtManager
9258eac0 libct/start: use execabs for newuidmap lookup
39bd7b72 libct: Container, Factory: rm newuidmap/newgidmap
0d215150 libct: remove Validator interface
630c0d7e libct: Container, Factory: rm InitPath, InitArgs
376c9886 libct/specconv: improve checkPropertyName
d37a9726 libct/specconv: test nits
58c1ff39 signals: fix signal name debug print
0767b782 build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0
7346dda3 libcontainer: remove "pausing" state
18e28626 libct/nsenter: fix extra runc re-exec on tmpfs
6e1d476a runc: remove --criu option
485e6c84 Fix some revive warnings
bb6a8388 libct: initContainer: rename Id -> ID
1b14d974 libct/configs: rm Windows TODO
76c398f8 libct/README: rm Cgroupfs
0fec1c2d libct: Mount: rm {Pre,Post}mountCmds
dffb8db7 libct: handleCriuConfigurationFile: use utils.SearchLabels
3d86d31b libct/utils: SearchLabels: optimize
1a3ee496 list: use Info(), fix race with delete
095929b1 list: getContainers: less indentation
cb364108 build(deps): bump github.com/cilium/ebpf from 0.7.0 to 0.8.0
146c8c0c libct: fixStdioPermissions: ignore EROFS
18c4760a libct: fixStdioPermissions: skip chown if not needed
b7fdb688 libct: fixStdioPermissions: minor refactoring
2eb6ac53 CHANGELOG: add #3306
e4d23d50 CHANGELOG.md: nit
5e201e7c libct/intelrdt: explain why mountinfo is required
c45eed9a libct/specconv: rm empty key from mountPropagationMapping
b5cb4056 ci: add go 1.18beta1
907aefd4 libct: StartInitialization: fix %w related warning
024adbb1 libct: Create: rm unneeded chown
edeb3b37 libct/intelrdt: faster init if rdt is unsupported
6c6b14e0 libct/intelrdt: remove findMountpointDir test
02e961bc libct/intelrdt: wrap Root in sync.Once
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
f12df6ce27 |
runc-docker: adapt SRC_URI to include destsuffix=${GO_SRCURI_DESTSUFFIX}
As of commit cc4ec43a2b657fb4c58429ab14f1edc2473c1327 [go: Drop fork of unpack code, mandate GO_SRCURI_DESTSUFFIX] we require this variable in our go recipes. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
b78f5ac678 |
runc: adapt SRC_URI to include destsuffix=${GO_SRCURI_DESTSUFFIX}
As of commit cc4ec43a2b657fb4c58429ab14f1edc2473c1327 [go: Drop fork of unpack code, mandate GO_SRCURI_DESTSUFFIX] we require this variable in our go recipes. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
4cea448064 |
runc-opencontainers: update to 1.1.12
Bumping runc to version v1.1.12-14-ge8bb71e1, which comprises the following commits:
6379b58d libcontainer: force apps to think fips is enabled/disabled for testing
265e7371 Vagrantfile.fedora: bump Fedora to 39
59056a02 silence security false positives from golang/net
452bf88e build: update libseccomp to v2.5.5
3fada6ec tests/int: fix flaky "runc run with tmpfs perm"
aae41a4b Fix integration tests failure when calling "ip"
82a8b979 update go version to 1.21 in cirrus ci
03271050 ci/gha/cross-i386: pin Go to 1.21
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
da840d8845 |
runc-docker: update to 1.1.12
Bumping runc to version v1.1.12-2-ga9833ff3, which comprises the following commits:
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
d0b1a374 keyring: update AkihiroSuda key expiry
d561e5da keyring: update cyphar@cyphar.com key expiry
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
9213f05f55 |
runc-opencontainers: update to 1.1.12
Bumping runc to version v1.1.12-2-ga9833ff3, which comprises the following commits:
29d6d873 VERSION: back to development
51d5e946 VERSION: release 1.1.12
e9665f4d init: don't special-case logrus fds
683ad2ff libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f48 cgroup: plug leaks of /sys/fs/cgroup handle
284ba305 init: close internal fds before execve
fbe3eed1 setns init: do explicit lookup of execve argument early
0994249a init: verify after chdir that cwd is inside the container
506552a8 Fix File to Close
d0b1a374 keyring: update AkihiroSuda key expiry
d561e5da keyring: update cyphar@cyphar.com key expiry
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
22877e9bd0 |
runc-docker: update to 1.1.11
Bumping runc to version v1.1.11-2-g452f520c, which comprises the following commits:
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
617db785 configs: make id mappings int64 to better handle 32-bit
e65d4cac specconv: temporarily allow userns path and mapping if they match
2dd8368e integration: add mega-test for joining namespaces
8f8cb455 configs: disallow ambiguous userns and timens configurations
0c8e2cc6 *: actually support joining a userns with a new container
87792ce0 libct/cg: add swapOnlyUsage in MemoryStats
32a26a71 build(deps): bump github.com/cyphar/filepath-securejoin
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
b426e9b7 libct/cgroups.OpenFile: clean "file" argument
8214e634 libct/cg: support hugetlb rsvd
f8be7009 [1.1] tests/int/helpers: add get_cgroup_path
1f66027a ci/gha: fix downloading Release.key
5a5b2cc3 Fix directory perms vs umask for tmpcopyup
b365458f fix a typo in cloned_binary.c: re-use -> reuse
8f66c9fb fix two typos
016b2b42 Handle kmem.limit_in_bytes removal
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
e4b6616a90 |
runc-opencontainers: update to 1.1.11
Bumping runc to version v1.1.11-2-g452f520c, which comprises the following commits:
7887736f VERSION: back to development
4bccb38c VERSION: release 1.1.11
617db785 configs: make id mappings int64 to better handle 32-bit
e65d4cac specconv: temporarily allow userns path and mapping if they match
2dd8368e integration: add mega-test for joining namespaces
8f8cb455 configs: disallow ambiguous userns and timens configurations
0c8e2cc6 *: actually support joining a userns with a new container
87792ce0 libct/cg: add swapOnlyUsage in MemoryStats
32a26a71 build(deps): bump github.com/cyphar/filepath-securejoin
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
62ac94c50d |
runc-opencontainers: update to 1.1.10
Bumping runc to version v1.1.10-2-gf3446b1e, which comprises the following commits:
be887840 VERSION: back to development
18a0cb0f VERSION: release 1.1.10
b426e9b7 libct/cgroups.OpenFile: clean "file" argument
8214e634 libct/cg: support hugetlb rsvd
f8be7009 [1.1] tests/int/helpers: add get_cgroup_path
1f66027a ci/gha: fix downloading Release.key
5a5b2cc3 Fix directory perms vs umask for tmpcopyup
b365458f fix a typo in cloned_binary.c: re-use -> reuse
8f66c9fb fix two typos
016b2b42 Handle kmem.limit_in_bytes removal
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
22989818f3 |
runc-docker: update to 1.9.0
Bumping runc to version v1.1.9-2-g26a98ea2, which comprises the following commits:
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
f44190e0 libct/intelrdt: check if available iff configured
6cf9ac15 libct/intelrdt: skip remove unless configured
4796f49c libct/intelrdt: elide parsing mountinfo
6a7a6a57 libct/intelrdt: skip reading /proc/cpuinfo
7c83dbe6 libct/intelrdt: delete IsMBAScEnabled()
5ebcfa62 [1.1] libct: rm intelrtd.Manager interface, NewIntelRdtManager
69473d0a libct: rm TestGetContainerStats, mockIntelRdtManager
dfdc7d07 libct/intelrdt: explain why mountinfo is required
5ba1b8ec libct/intelrdt: faster init if rdt is unsupported
a5407b9a libct/intelrdt: remove findMountpointDir test
dc8d0cc1 libct/intelrdt: wrap Root in sync.Once
929d04fc libct/cg/fs2: use `file` + `anon` + `swap` for usage
bdbfe042 ci: bump golangci-lint, remove fixed exception
d398ad2a gha: disable setup-go cache for golangci job
5888c55d ci/gha: rm actions/cache from validate/deps job
a47c15b4 build(deps): bump actions/setup-go from 3 to 4
44a53f08 ci: fix TestOpenat2 when no systemd is used
cff41a89 ci: fix TestNilResources when systemd not available
37405ca0 Fix running tests under Docker/Podman and cgroup v2
1c524242 [1.1] ci/gha: rm unsup Go 1.19.x, add 1.21.x
ac310917 ci/cirrus: improve host_info
ecccc432 [1.1] ci/cirrus: use Go 1.19.x not 1.19
bb2401ee [1.1] ci/cirrus: use Go 1.20
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
606fe98a98 |
runc-opencontainers: update to 1.9.0
Bumping runc to version v1.1.9-2-g26a98ea2, which comprises the following commits:
11737f55 VERSION: back to development
ccaecfcb VERSION: release 1.1.9
f44190e0 libct/intelrdt: check if available iff configured
6cf9ac15 libct/intelrdt: skip remove unless configured
4796f49c libct/intelrdt: elide parsing mountinfo
6a7a6a57 libct/intelrdt: skip reading /proc/cpuinfo
7c83dbe6 libct/intelrdt: delete IsMBAScEnabled()
5ebcfa62 [1.1] libct: rm intelrtd.Manager interface, NewIntelRdtManager
69473d0a libct: rm TestGetContainerStats, mockIntelRdtManager
dfdc7d07 libct/intelrdt: explain why mountinfo is required
5ba1b8ec libct/intelrdt: faster init if rdt is unsupported
a5407b9a libct/intelrdt: remove findMountpointDir test
dc8d0cc1 libct/intelrdt: wrap Root in sync.Once
929d04fc libct/cg/fs2: use `file` + `anon` + `swap` for usage
bdbfe042 ci: bump golangci-lint, remove fixed exception
d398ad2a gha: disable setup-go cache for golangci job
5888c55d ci/gha: rm actions/cache from validate/deps job
a47c15b4 build(deps): bump actions/setup-go from 3 to 4
44a53f08 ci: fix TestOpenat2 when no systemd is used
cff41a89 ci: fix TestNilResources when systemd not available
37405ca0 Fix running tests under Docker/Podman and cgroup v2
1c524242 [1.1] ci/gha: rm unsup Go 1.19.x, add 1.21.x
ac310917 ci/cirrus: improve host_info
ecccc432 [1.1] ci/cirrus: use Go 1.19.x not 1.19
bb2401ee [1.1] ci/cirrus: use Go 1.20
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
dddc423fa3 |
runc-docker: update to 1.1.8
Bumping runc to version v1.1.8-7-gaa68c400, which comprises the following commits:
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
7c36375a Update github actions packages in validate workflow
1fa89476 VERSION: back to development
82f18fe0 VERSION: release 1.1.8
ef6491ec tests/int/delete: make sure runc delete removes failed unit
ebdd4fa6 [1.1] tests/int: add "requires systemd_vNNN"
1188c5a1 runc delete: call systemd's reset-failed
71e76007 libct/cg/sd: remove logging from resetFailedUnit
3a4b3af6 tests/int/cgroups: remove useless/wrong setting
6bc3f22a libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
ea3b6a8398 |
runc-opencontainers: update to 1.1.8
Bumping runc to version v1.1.8-7-gaa68c400, which comprises the following commits:
aaed58c8 add a test case about missing stricky bit
3d3a2b38 fix some file mode bits missing when doing mount syscall
7c36375a Update github actions packages in validate workflow
1fa89476 VERSION: back to development
82f18fe0 VERSION: release 1.1.8
ef6491ec tests/int/delete: make sure runc delete removes failed unit
ebdd4fa6 [1.1] tests/int: add "requires systemd_vNNN"
1188c5a1 runc delete: call systemd's reset-failed
71e76007 libct/cg/sd: remove logging from resetFailedUnit
3a4b3af6 tests/int/cgroups: remove useless/wrong setting
6bc3f22a libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Martin Jansa
|
5bb2ad0d25 |
runc-opencontainers: use bfd linker even when gold is selected by ls-is-gold
* fixes:
ld: --no-dynamic-linker: unknown option
* you might need to clean the build for updated LDFLAGS to be corectly re-configured
* lld and bfd are fine:
$ ld.gold --help | grep dynamic-linker
-I PROGRAM, --dynamic-linker PROGRAM
$ ld.bfd --help | grep dynamic-linker
-I PROGRAM, --dynamic-linker PROGRAM
--no-dynamic-linker Produce an executable with no program interpreter header
$ ld.lld --help | grep dynamic-linker
--dynamic-linker=<value>
--no-dynamic-linker Inhibit output of .interp section
* not sure where this came from only place where I see --no-dynamic-linker
in runc-opencontainers WORKDIR is:
aarch64-oe-linux/13.1.1/plugin/include/config/aarch64/aarch64-linux.h: %{static-pie:-Bstatic -pie --no-dynamic-linker -z text} \
aarch64-oe-linux/13.1.1/plugin/include/aarch64-linux.h: %{static-pie:-Bstatic -pie --no-dynamic-linker -z text} \
so my guess is:
923ae4da Makefile: add support for static PIE
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
5dda7078ba |
runc-opencontainers: update to 1.1.7-tip
Bumping runc to version v1.1.7-37-gca73c9fd, which comprises the following commits:
0d93d7d1 release: add riscv64 binary
9164fe17 libct/seccomp: add riscv64
ed47e31a Makefile: set CGO_ENABLED=1 when needed
923ae4da Makefile: add support for static PIE
2abca872 Makefile: fix GO_BUILDMODE setting
120ec5bd Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
b9940113 Dockerfile: don't use crossbuild-essential-*
028fc57a Dockerfile: rm dpkg --add-architecture lines
4449ce84 Dockerfile: nit
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
02e065ef docs/systemd: fix a broken link
9af462e4 Fix tmpfs mode opts when dir already exists
7d1bdc7d .codespellrc: update for 2.2.5
8397943e man/runc: fixes
f9da684d tests/int: increase num retries for oom tests
7fa912ed ci/cirrus: limit numcpu
e9c1ca08 Fix Vagrant caching
e2265a92 ci: bump bats 1.8.2 -> 1.9.0
bbddb6bd Vagrantfile.fedora: bump to 38
27b86b4c ci/cirrus: use vagrant from hashicorp repo
98a1b76c tests/int: fix some checks
1eadcede ci: bump bats 1.3.0 -> 1.8.2
63af8b00 init: do not print environment variable value
404ea7ab libct: fix a race with systemd removal
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
We refresh one patch for context changes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
248be027d6 |
runc-docker: update to 1.1.7-tip
Bumping runc to version v1.1.7-37-gca73c9fd, which comprises the following commits:
0d93d7d1 release: add riscv64 binary
9164fe17 libct/seccomp: add riscv64
ed47e31a Makefile: set CGO_ENABLED=1 when needed
923ae4da Makefile: add support for static PIE
2abca872 Makefile: fix GO_BUILDMODE setting
120ec5bd Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
b9940113 Dockerfile: don't use crossbuild-essential-*
028fc57a Dockerfile: rm dpkg --add-architecture lines
4449ce84 Dockerfile: nit
d375351b ci/cirrus: enable rootless tests on cs9
e1a8b52f tests/int/cgroups: filter out rdma
02e065ef docs/systemd: fix a broken link
9af462e4 Fix tmpfs mode opts when dir already exists
7d1bdc7d .codespellrc: update for 2.2.5
8397943e man/runc: fixes
f9da684d tests/int: increase num retries for oom tests
7fa912ed ci/cirrus: limit numcpu
e9c1ca08 Fix Vagrant caching
e2265a92 ci: bump bats 1.8.2 -> 1.9.0
bbddb6bd Vagrantfile.fedora: bump to 38
27b86b4c ci/cirrus: use vagrant from hashicorp repo
98a1b76c tests/int: fix some checks
1eadcede ci: bump bats 1.3.0 -> 1.8.2
63af8b00 init: do not print environment variable value
404ea7ab libct: fix a race with systemd removal
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
4aa2aadb01 |
runc-docker: update to 1.1.7
Bumping runc to version v1.1.7-2-gb6109acd, which comprises the following commits:
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
c1063b1c runc.keyring: add Akihiro Suda
b0fae8c4 scripts: keyring validate: print some more information
79a52b43 libct/cg/sd: use systemd version when generating dev props
6a806d4d runc.keyring: add Kolyshkin
b6f686f2 keyring: add Aleksa's <cyphar@cyphar.com> signing key
63355bf8 keyring: add Aleksa's <asarai@suse.com> signing key
3bdb63bf keyring: verify runc.keyring has legitimate maintainer keys
853d5e38 scripts: release: add verification checks for signing keys
bd1d5370 release: add runc.keyring file and script
7cd72cc3 VERSION: go back to development
0f48801a VERSION: release 1.1.6
e4ce94e2 libct/cg: add misc controller to v1 drivers
10cfd816 libctr/cgroups: don't take init's cgroup into account
d30d240b tests/int: test for CAP_DAC_OVERRIDE
840b9539 Fix runc run "permission denied" when rootless
165d2323 tests/int: add a "update cpuset cpus range via v2 unified map" test
26a58fdb cgroups: cpuset: fix byte order while parsing cpuset range to bits
8d9d1d25 libct/int: make TestFdLeaks more robust
b66d6d56 libct/int: wording nits
ddbb6d41 libc/int: add/use runContainerOk wrapper
3531cc2d ci: add call to check-config.sh
ed9a0e1d ci/gha: bump actions/cache to v3
7683e508 ci/gha: switch to Go 1.19.x for validate
568d4407 ci/gha: bump golangci-lint to 1.48
1f9e36c0 libct: fixes for godoc 1.19
50f06554 ci: bump golangci-lint to 1.46
77472ef6 libct: fix staticcheck warning
9994fe3f libct: suppress strings.Title deprecation warning
403ea1f0 ci/gha: convert lint-extra from a job to a step
d2c83bdf ci/gha: switch to Go 1.18.x for validate
03a631df ci: switch to golangci-lint 1.45
e5a5522a Add supported Go releases (1.19, 1.20)
3ce12483 Dockerfile: fix build wrt new git
bac06cf6 ci/gha: remove stable: when installing Go
e74040e0 build(deps): bump actions/setup-go from 2 to 3
55462355 Require Go 1.17, bump x/sys and x/net
3ce9c1e2 tests: Fix weird error on centos-9
abd6adde ci: bump shfmt to 3.5.1, simplify CI setup
1a4bf049 man/*sh: fix shellcheck warnings, add to shellcheck
9201794a script/check-config.sh: fix remaining shellcheck warnings
8b976428 shfmt: add more files
b0fbd2f8 script/check-config.sh: fix SC2166 warnings
7f8cb3d6 script/check-config.sh: fix wrap_color usage
f6562f19 [1.1] libct/cg/dev: skip flaky test of CentOS 7
12f2f03f [1.1] runc run: refuse a non-empty cgroup for systemd driver
e618ec36 libct/cg/sd: reset-failed and retry startUnit on UnitExists
931b9bf3 libct/cg/sd: ignore UnitExists only for Apply(-1)
b46ac860 libct/cg/sd: refactor startUnit
822623b6 CHANGELOG.md: move 1.1.5 CVEs to Security section
54cfb25d Makefile: add verify-changelog as release dependency
7b3ac330 verify-changelog: allow non-ASCII
37e586ab CHANGELOG: fix a typo
de0c2277 [1.1] CHANGELOG: fix 1.1.5 git compare link
1fe2ec53 tests/int/mounts: only check non-shadowed mounts
9b8ebe4d tests/int/mount: fix issues with ro cgroup test
17a2d451 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
b3fd5097ab |
runc-opencontainers: update to 1.1.7
Bumping runc to version v1.1.7-2-gb6109acd, which comprises the following commits:
f0ecf30b VERSION: back to development
860f061b VERSION: release 1.1.7
c1063b1c runc.keyring: add Akihiro Suda
b0fae8c4 scripts: keyring validate: print some more information
79a52b43 libct/cg/sd: use systemd version when generating dev props
6a806d4d runc.keyring: add Kolyshkin
b6f686f2 keyring: add Aleksa's <cyphar@cyphar.com> signing key
63355bf8 keyring: add Aleksa's <asarai@suse.com> signing key
3bdb63bf keyring: verify runc.keyring has legitimate maintainer keys
853d5e38 scripts: release: add verification checks for signing keys
bd1d5370 release: add runc.keyring file and script
7cd72cc3 VERSION: go back to development
0f48801a VERSION: release 1.1.6
e4ce94e2 libct/cg: add misc controller to v1 drivers
10cfd816 libctr/cgroups: don't take init's cgroup into account
d30d240b tests/int: test for CAP_DAC_OVERRIDE
840b9539 Fix runc run "permission denied" when rootless
165d2323 tests/int: add a "update cpuset cpus range via v2 unified map" test
26a58fdb cgroups: cpuset: fix byte order while parsing cpuset range to bits
8d9d1d25 libct/int: make TestFdLeaks more robust
b66d6d56 libct/int: wording nits
ddbb6d41 libc/int: add/use runContainerOk wrapper
3531cc2d ci: add call to check-config.sh
ed9a0e1d ci/gha: bump actions/cache to v3
7683e508 ci/gha: switch to Go 1.19.x for validate
568d4407 ci/gha: bump golangci-lint to 1.48
1f9e36c0 libct: fixes for godoc 1.19
50f06554 ci: bump golangci-lint to 1.46
77472ef6 libct: fix staticcheck warning
9994fe3f libct: suppress strings.Title deprecation warning
403ea1f0 ci/gha: convert lint-extra from a job to a step
d2c83bdf ci/gha: switch to Go 1.18.x for validate
03a631df ci: switch to golangci-lint 1.45
e5a5522a Add supported Go releases (1.19, 1.20)
3ce12483 Dockerfile: fix build wrt new git
bac06cf6 ci/gha: remove stable: when installing Go
e74040e0 build(deps): bump actions/setup-go from 2 to 3
55462355 Require Go 1.17, bump x/sys and x/net
3ce9c1e2 tests: Fix weird error on centos-9
abd6adde ci: bump shfmt to 3.5.1, simplify CI setup
1a4bf049 man/*sh: fix shellcheck warnings, add to shellcheck
9201794a script/check-config.sh: fix remaining shellcheck warnings
8b976428 shfmt: add more files
b0fbd2f8 script/check-config.sh: fix SC2166 warnings
7f8cb3d6 script/check-config.sh: fix wrap_color usage
f6562f19 [1.1] libct/cg/dev: skip flaky test of CentOS 7
12f2f03f [1.1] runc run: refuse a non-empty cgroup for systemd driver
e618ec36 libct/cg/sd: reset-failed and retry startUnit on UnitExists
931b9bf3 libct/cg/sd: ignore UnitExists only for Apply(-1)
b46ac860 libct/cg/sd: refactor startUnit
822623b6 CHANGELOG.md: move 1.1.5 CVEs to Security section
54cfb25d Makefile: add verify-changelog as release dependency
7b3ac330 verify-changelog: allow non-ASCII
37e586ab CHANGELOG: fix a typo
de0c2277 [1.1] CHANGELOG: fix 1.1.5 git compare link
1fe2ec53 tests/int/mounts: only check non-shadowed mounts
9b8ebe4d tests/int/mount: fix issues with ro cgroup test
17a2d451 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
195db7f7c5 |
runc-docker: update to 1.1.5
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
ae91a8666a |
runc-opencontainers: update to 1.1.5
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
13ad8548de |
runc-docker: update to 1.1.0-tip
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
969daee49f |
runc-opencontainers: update to 1.1.0-tip
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
c25d16577d |
runc-docker: update to 1.4.0-tip
Bumping runc to version v1.1.4-10-gbd4d05c0, which comprises the following commits:
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
3b958289 Fixes inability to use /dev/null when inside a container
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
f281ad2d96 |
runc-opencontainers: update to 1.4.0-tip
Bumping runc to version v1.1.4-10-gbd4d05c0, which comprises the following commits:
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
3b958289 Fixes inability to use /dev/null when inside a container
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
2119189361 |
treewide: bulk update patches with status field
While the insane.bbclass upstream-status check hasn't been made default, users of meta-virtualization may have it enabled in their distros .. so the effect is the same. We must have this tracking tag in out patches. This is a bulk update to add the tag and silence the QA message. As packages get updated, the normal/routine process of checking the patches will continue, and the status fields may (or may not) get more useful. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
99e93d3f88 |
runc: update to 1.1.4-tip
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
6dba10357c |
runc-docker: update to 1.1.4-tip
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
038b48664a |
runc-docker: update to 1.1.3
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
d8ecc12a13 |
runc: update to 1.1.3
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
b7485d340d |
runc/docker: update to 1.1.2
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
3012689f5e |
runc: update to 1.1.2
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
418b05846e |
runc-docker: update to 1.1.0-tip
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
e1c1b9dfd0 |
runc-opencontainers: update to 1.1.0-tip
Bumping runc to version v1.1.0-5-gb9460f26, which comprises the following commits:
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
d7f7b22a VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
cf1c2ed8eb |
runc-docker: update to v1.1.0
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
1af45b1490 |
runc: update to v1.1.0
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
9c1f90d46b |
runc-docker: update to 1.0.3
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
df3cc49550 |
runc: update to 1.0.3
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
0a7ae8bc50 |
global: convert github SRC_URIs to use https protocol
github is removing git:// access, and fetches will start experiencing interruptions in service, and eventually will fail completely. bitbake will also begin to warn on github src_uri's that don't use https. So we convert the meta-virt instances to use protocol=https (done using the oe-core contrib conversion script) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
263e4d3d4e |
virtual/runc: don't rprovide virtual/
Similar to the oe-core commit:
commit 93ac180d8c389f16964bce8bd5538d9389e970e6
Author: Michael Opdenacker <michael.opdenacker@bootlin.com>
Date: Wed Sep 1 11:20:20 2021 +0200
meta: stop using "virtual/" in RPROVIDES and RDEPENDS
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
We stop rproviding virtual/runc to keep the namespace clean.
There aren't many users of this virtual provides, but we keep
it around (for now) to maintain compatibility.
At the same time we convert the RPROVIDES to virtual-runc, to keep
it available and consistent with oe-core use virtual-libc, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
1bb2a3289d |
runc-docker: update to 1.0.2
Bumping runc to version v1.0.2-2-g04bcb7c7, which comprises the following commits:
86d83333 VERSION: back to development
52b36a2d VERSION: release 1.0.2
8ec57628 libct/cg/sd/v1: add SkipFreezeOnSet knob
1850dc16 libct/cg/sd/v1: add freezeBeforeSet unit test
4ce440f2 libct/cg/sd/v1: Fix unnecessary freeze/thaw
13b45cb4 libct/nsenter: fix unused-result warning
7cf1952f libct/nsenter: fix logging race in nsexec
e2e5267c [1.0] script/release.sh: make builds reproducible
960182fd libct/seccomp: skip redundant rules
4c70105b libct/cg/v1: workaround CPU quota period set failure
1d454045 Do not use Vagrant for CentOS 7/8
c8d8fd5b tests/rootless.sh: fixup for "update rt" test
257018e7 tests/int: fix "update rt period and runtime" for rootless
76c047f1 Evaluate Cirrus CI for Vagrant tests
466d1a1a VERSION: back to development
4144b638 VERSION: release 1.0.1
4efb7a69 libct/cg/sd: add TestPodSkipDevicesUpdate
82d3eb69 libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
2fc2e3d6 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
ef0aa849 libct/int/TestFreeze: test freeze/thaw via Set
01cd4b5f libct/int: allow subtests
22b2ff0f libct/cg/sd/v1: Set: don't overwrite r.Freezer
04edd79d libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
298a3100 Update device update tests
257723b3 ci/gha: run on release-* branches after a push
4dc207a6 cgroupv2: ebpf: ignore inaccessible existing programs
90d01a04 vendor: update github.com/cilium/ebpf
3f40fbff libct/cg/sd: Add freezer tests
c1a5b3e1 libct/cg/fs/freezer.GetState: report current cgroup state
0a5d8ba4 libct/user: fix parsing long /etc/group lines
5fd7b3b7 libct/user: ParseGroupFilter: use TrimSpace
0025bf68 libct/user: use []byte more, avoid allocations
3745b2be [1.0] retry unix.EINTR for container init process
e99c0f5e tests/int/no_pivot: fix for new kernels
84113eef VERSION: release runc 1.0.0
29168172 tests/int/cgroups: add test for bfq per-device weight
1036f3f9 libct/cg/fs2: set per-device io weight if available
30d83d4d libct/cg/fs/blkio: do not set weight == 0
d7fc3028 libct/cg/fs*: mark {Open,Read,Write}File as deprecated
8f1b4d4a libct/cg: mv fscommon.{Open,Read,Write}File to cgroups
322c8fd3 Returns clearer error message for setenv
46940ed8 update cilium/ebpf to fix haveBpfProgReplace() check
6339d8a0 libcontainer/cgroups/fs/blkio: support BFQ weight[_device]
01f5dcae build(deps): bump tim-actions/get-pr-commits from 1.0.0 to 1.1.0
bd8e0701 libct/cg/sd: fix "SkipDevices" handling
1b2abc89 github: workflows: fix tiny typo
b31a9340 libcontainer: relax validation for absolute paths
dbb35411 configs/validator: move cgroup validation to the list of checks
9573e4b6 libct/cg/fs: don't forget to close a file
9ebc573a cgroupv2: ebpf: debug info when detaching programs in fallback mode
a3ca7b47 cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully
d06bda60 libct/cg/sd/dbus: fix NewDbusConnManager
535f25c4 Allow restoring with a different LSM profile
508f5bf6 libct/int: add device update test
8fe3dfbb libcontainer/system: remove alias for deprecated RunningInUserNS
3f23a736 libcontainer/configs: remove stubs for deprecated Devices funcs
b2d28c5d libct/cg/sd: fix dbus error handling
bf7492ee runc update: skip devices
c3831d64 libct/cg/fs/stats_util_test: use t.Helper
9eb0371b libct/cg/fs/memory_test: fix formatting
e969d421 libct/int/testPids: logging nits
a5bd78ef vendor: willf/bitset@v1.1.11 -> bits-and-blooms/bitset@v1.2.0
65cf0e61 Bump selinux to v1.8.2
f99d252d docs/terminals.md: add troubleshooting
49ea4b37 update crosbymichael email
3e1bcb1f libcontainer/keys: var should be sessKeyID/ringID (golint)
1fb56f9f libcontainer/cgroups/devices: if block ends with a return statement
c2416fb4 libcontainer/system: fix godoc (golint)
9be156cb libcontainer/devices: fix godoc (golint)
340fdd93 libcontainer/nsenter: fix captalization (golint)
81fc5c87 libcontainer/user: fix capitalization (golint)
e204d6a9 libcontainer/configs: add / fix godoc (golint)
c0643046 libcontainer/apparmor: split api (exported) from implementation
02fb18ed libcontainer/user: remove unused ErrUnsupported
9e964dfc build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
470610d0 build(deps): bump github.com/cilium/ebpf from 0.5.0 to 0.6.0
31f58829 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
c836265b build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1
074aa044 build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0
7ca54562 Enable dependabot
e6048715 Use gofumpt to format code
1eea9253 cgroup2: io: add io.stats parsing test
0fef122f cgroup2: io: handle 64-bit values correctly on 32-bit architectures
efca32c7 cgroup2: io: map io.stats to v1 blkio.stats correctly
49d293a5 cgroup2: capitalize io stats read and write Op values
0e16e7c2 libct/cg/sd: add SkipDevices unit test
f5a2c9cc tests/int/dev: only call lsblk once
aa934af0 runc -v: set default for, always show main.version
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
752e7a82 libct/cg/sd: fix SkipDevices for systemd
fdc28957 Makefile: use git describe for $COMMIT
33c9f8b9 libct/cg/sd: return error from stopUnit
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
761f7e8ec0 |
runc-opencontainers: update to v1.0.2
We refresh our patch context and pickup the following commits:
Bumping runc to version v1.0.2-2-g04bcb7c7, which comprises the following commits:
86d83333 VERSION: back to development
52b36a2d VERSION: release 1.0.2
8ec57628 libct/cg/sd/v1: add SkipFreezeOnSet knob
1850dc16 libct/cg/sd/v1: add freezeBeforeSet unit test
4ce440f2 libct/cg/sd/v1: Fix unnecessary freeze/thaw
13b45cb4 libct/nsenter: fix unused-result warning
7cf1952f libct/nsenter: fix logging race in nsexec
e2e5267c [1.0] script/release.sh: make builds reproducible
960182fd libct/seccomp: skip redundant rules
4c70105b libct/cg/v1: workaround CPU quota period set failure
1d454045 Do not use Vagrant for CentOS 7/8
c8d8fd5b tests/rootless.sh: fixup for "update rt" test
257018e7 tests/int: fix "update rt period and runtime" for rootless
76c047f1 Evaluate Cirrus CI for Vagrant tests
466d1a1a VERSION: back to development
4144b638 VERSION: release 1.0.1
4efb7a69 libct/cg/sd: add TestPodSkipDevicesUpdate
82d3eb69 libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
2fc2e3d6 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
ef0aa849 libct/int/TestFreeze: test freeze/thaw via Set
01cd4b5f libct/int: allow subtests
22b2ff0f libct/cg/sd/v1: Set: don't overwrite r.Freezer
04edd79d libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
298a3100 Update device update tests
257723b3 ci/gha: run on release-* branches after a push
4dc207a6 cgroupv2: ebpf: ignore inaccessible existing programs
90d01a04 vendor: update github.com/cilium/ebpf
3f40fbff libct/cg/sd: Add freezer tests
c1a5b3e1 libct/cg/fs/freezer.GetState: report current cgroup state
0a5d8ba4 libct/user: fix parsing long /etc/group lines
5fd7b3b7 libct/user: ParseGroupFilter: use TrimSpace
0025bf68 libct/user: use []byte more, avoid allocations
3745b2be [1.0] retry unix.EINTR for container init process
e99c0f5e tests/int/no_pivot: fix for new kernels
84113eef VERSION: release runc 1.0.0
29168172 tests/int/cgroups: add test for bfq per-device weight
1036f3f9 libct/cg/fs2: set per-device io weight if available
30d83d4d libct/cg/fs/blkio: do not set weight == 0
d7fc3028 libct/cg/fs*: mark {Open,Read,Write}File as deprecated
8f1b4d4a libct/cg: mv fscommon.{Open,Read,Write}File to cgroups
322c8fd3 Returns clearer error message for setenv
46940ed8 update cilium/ebpf to fix haveBpfProgReplace() check
6339d8a0 libcontainer/cgroups/fs/blkio: support BFQ weight[_device]
01f5dcae build(deps): bump tim-actions/get-pr-commits from 1.0.0 to 1.1.0
bd8e0701 libct/cg/sd: fix "SkipDevices" handling
1b2abc89 github: workflows: fix tiny typo
b31a9340 libcontainer: relax validation for absolute paths
dbb35411 configs/validator: move cgroup validation to the list of checks
9573e4b6 libct/cg/fs: don't forget to close a file
9ebc573a cgroupv2: ebpf: debug info when detaching programs in fallback mode
a3ca7b47 cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully
d06bda60 libct/cg/sd/dbus: fix NewDbusConnManager
535f25c4 Allow restoring with a different LSM profile
508f5bf6 libct/int: add device update test
8fe3dfbb libcontainer/system: remove alias for deprecated RunningInUserNS
3f23a736 libcontainer/configs: remove stubs for deprecated Devices funcs
b2d28c5d libct/cg/sd: fix dbus error handling
bf7492ee runc update: skip devices
c3831d64 libct/cg/fs/stats_util_test: use t.Helper
9eb0371b libct/cg/fs/memory_test: fix formatting
e969d421 libct/int/testPids: logging nits
a5bd78ef vendor: willf/bitset@v1.1.11 -> bits-and-blooms/bitset@v1.2.0
65cf0e61 Bump selinux to v1.8.2
f99d252d docs/terminals.md: add troubleshooting
49ea4b37 update crosbymichael email
3e1bcb1f libcontainer/keys: var should be sessKeyID/ringID (golint)
1fb56f9f libcontainer/cgroups/devices: if block ends with a return statement
c2416fb4 libcontainer/system: fix godoc (golint)
9be156cb libcontainer/devices: fix godoc (golint)
340fdd93 libcontainer/nsenter: fix captalization (golint)
81fc5c87 libcontainer/user: fix capitalization (golint)
e204d6a9 libcontainer/configs: add / fix godoc (golint)
c0643046 libcontainer/apparmor: split api (exported) from implementation
02fb18ed libcontainer/user: remove unused ErrUnsupported
9e964dfc build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
470610d0 build(deps): bump github.com/cilium/ebpf from 0.5.0 to 0.6.0
31f58829 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
c836265b build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1
074aa044 build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0
7ca54562 Enable dependabot
e6048715 Use gofumpt to format code
1eea9253 cgroup2: io: add io.stats parsing test
0fef122f cgroup2: io: handle 64-bit values correctly on 32-bit architectures
efca32c7 cgroup2: io: map io.stats to v1 blkio.stats correctly
49d293a5 cgroup2: capitalize io stats read and write Op values
0e16e7c2 libct/cg/sd: add SkipDevices unit test
f5a2c9cc tests/int/dev: only call lsblk once
aa934af0 runc -v: set default for, always show main.version
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
752e7a82 libct/cg/sd: fix SkipDevices for systemd
fdc28957 Makefile: use git describe for $COMMIT
33c9f8b9 libct/cg/sd: return error from stopUnit
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
d876cfc5bf |
global: overrides syntax conversion
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
60c4c54984 |
runc-docker: update to rc95
Synchronize the 'runc-docker' with the opencontainers variant. This
allows the common patch to be used once again, and we refresh our docker
specific patch to the new content.
Bumping runc to version v1.0.0-rc95-28-gbfcbc947, which comprises the following commits:
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
00119c85 integration: add repeated "runc update" test
d0f2c25f cgroup2: devices: replace all existing filters when attaching
98a3c0e4 cgroup2: devices: switch to emulator for cgroupv1 parity
dcc1cf7c devices: add emulator.Rules shorthand
54904516 libcontainer: fix integration failure in "make test"
c7c70ce8 *: clean t.Skip messages
a95237f8 libctr/cg/systemd: export rangeToBits
df0206a6 errcheck: utils
0c65f833 errcheck: signals
3b31e3ea errcheck: tty
b45fbd43 errcheck: libcontainer
463ee5e1 errcheck: libcontainer/nsenter
7e7ff872 errcheck: libcontainer/configs
a8995053 errcheck: libcontainer/integration
b93666eb libct/cg/fs2: setFreezer: wait until frozen
1069e4e9 libct/cg/fs2: optimize setFreezer more
5d193188 libct/cg/fs2: optimize setFreezer
8a7a374f VERSION: back to development
b9ee9c63 VERSION: release v1.0.0-rc95
0ca91f44 rootfs: add mount destination validation
c61f6062 libcontainer: honor seccomp defaultErrnoRet
d519da5e Dockerfile, Vagrantfile.centos7, .github: bats 1.3.0
bdad2859 Dockerfile, Vagrantfile.centos7: use go 1.16
f96530f2 EMERITUS: recognise previous maintainers
c73a6626 VERSION: back to development
2c7861bc VERSION: release v1.0.0-rc94
12e9cac9 Vagrantfile.fedora: set Delegate=yes
ac70a9a1 tests/int: run rootless_cgroup tests for v2+systemd
601cf582 tests/int/cgroups: don't check for hugetlb
40b97919 tests/int: enable/use requires cgroups_<ctrl>
44fcbfd6 tests/int/helpers: generalize require cgroups_freezer
353f2ad1 tests/int/update.bats: don't set cpuset in setup
4f8ccc5f libct/cg/sd/v2: call initPath from Path
0ed1f802 tests/int/helpers: rm old code
af2e03c5 ci/gha: bump shellcheck 0.7.1 -> 0.7.2
2d1bb91d ci/gha: bump shfmt 3.2.0 -> 3.2.4
a7feb423 libct/int: add TestFdLeaksSystemd
c7f847ed libct/cg/sd: use global dbus connection
99c5c504 libct/cg/sd: introduce and use getManagerProperty
0fabed76 libct/int/checkpoint_test: use kill(0) for pid check
7eb1405b libct/int/checkpoint_test: use waitProcess helper
72d7a824 libct/int/checkpoint_test: use t.Helper
bcca7968 libct/int: simplify/fix showing errors
524abc59 freezer: add delay after freeze
e1d842cf libct/intelrdt: fix unit test
541fc19e Makefile: allow overriding go command by environment
06a9ea36 script/release.sh: add -a to force rebuild
91b01682 Update golang.org/x/sys to add linux/ppc support
ee4612bc CI: enable Go 1.13 again
e2dd9220 go.mod: demote to Go 1.13
45f49e8f libcontainer: avoid using t.Cleanup
1a659bc6 Revert "Makefile: rm go 1.13 workaround"
abf12ce0 libc/cg: improve Manager docs
3f659467 libct/cg: make Set accept configs.Resources
af0710a0 libct/cg/sd/v2: fix Set argument
850b2c47 libct/cg/fscommon.OpenFile: speed up ro case
71a8aee8 cgroups/systemd: replace deprecated dbus functions
47ef9a10 libct/cg/sd: retry on dbus disconnect
6122bc8b Privatize NewUserSystemDbus
15fee989 libct/cg/sd: add renew dbus connection
bacfc2c2 libct/cg/sd: add isDbusError
cdbed6f0 libct/cg/sd: add dbus manager
9efd8466 libct/cg/fscommon.OpenFile: reverse checks order
0bee5e0b libct/cg/fs: add GetStats benchmark
7e7eb1c3 CI: update Fedora to 34
d3cee12a cloned_binary: switch from #error to #warning for SYS_memfd_create
23e3794d checkpoint: validate parent path
fcd7fe85 libct/cg/fs/freezer: make sure to thaw on failure
0216716c tests/int: add a case for cgroupv2 mount
5ffcc568 tests/int: use bfq test with rootless
ff692f28 Fix cgroup2 mount for rootless case
3826db19 libct/rootfs/mountCgroupV2: minor refactor
1e476578 libct/rootfs: introduce and use mountConfig
deb8a8dd libct/newInitConfig: nit
2192670a libct/configs/validate: validate mounts
1f1e91b1 libct/specconv: check mount destination is absolute
73f22e7f libcontainer/cgroups/systemd: replace use of deprecated dbus.New()
aa622723 tiny fix iterative checkpoint test case
ee3b563d Add cfs throttle stats to cgroup v2
6faed0e4 libct/int: use ok(t, err)
af3c5699 libct/int: remove unused code
7b802a7d libct/int: better test container names
9f3d7534 logging: enable file/line info if --debug is set
ef9922c2 libct/cg: don't return OOMKillCount error when rootless
5cdd9022 libct/cg/fs[2]: fix comments about m.rootless
31dd1e49 tests/int: add rootless + host pidns test case
a2050ea4 runc run: fix start for rootless + host pidns
2f1a3ed3 Fix vendored dependencies
d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0
f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach
928ef7af libct/nsenter: add json msg escaping
52390d68 Ignore kernel memory settings
b7c315ad vendor: bump containerd/console to 1.0.2
b6cdb8ae fix a typo
64bb59f5 nsenter: improve debug logging
6ce2d63a libct/init_linux: retry chdir to fix EPERM
c5029c00 tests: fix hello-world tarball name in testdata for arm64
289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1
4316df8b libcontainer/system: move userns utilities to separate package
e7fd383b libcontainer/system: un-export UIDMapInUserNS()
249356a1 libcontainer/system: remove unused GetParentNSeuid()
dc52ed25 libcontainer/user: remove outdated MAINTAINERS file
72ecf59c libcontainer/user: fix windows compile error
2515b0c2 libct/user: rm windows code
0596f6e1 libcontainer/devices/device_windows.go: rm
b1deba8c libcontainer/configs/config_windows_test.go: rm
f1586dbd libcontainer/configs/validate: make Validate() less DRY
4126b807 libcontainer/configs: add missing type for hooknames
48125179 go.mod: github.com/cilium/ebpf v0.4.0
44611630 docs/systemd: add
27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default
d748280a make release: build/include libseccomp
aa6da82c script/release.sh: fix shellcheck warnings
3eb46d89 ci: make static built binary available
f0dec0b4 libct/specconv/CreateCgroupConfig: nit
36fe3cc2 tests/int/cpt: fix lazy-pages flakiness
2dd62b3d libct/checkCriuFeatures: rm excessive debug
0e089002 tests/int/checkpoint: close lazy_r fd
b09030a5 tests/int/checkpoint: close fds in check_pipes
e63df1e6 tests/int: really randomize cgroup/unit names
6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE
adf733fa vendor: update go-systemd and godbus
f09a3e1b tests/int: don't set/use CGROUP_XXX variables
4ecff8d9 start: don't kill runc init too early
b1184302 libct/configs/validator: add some cgroup support
0f8d2b6b libct/cg/fs2.Stat: don't look for available controllers
85416b87 libct/cg/fs2.statPids: fall back directly
10f9a982 libct/cg/fs2/getPidsWithoutController: optimize
6121f8b6 libct/cg/fs2.Stat: always call statCpu
9455395b libct/cg/fs2/memory.Stat: add usage for root cgroup
a9c47fe7 libct/cg/fs[2]/getMemoryData[V2]: optimize
b99ca25a libct/cg/fs2/memory: fix swap reporting
79a8647b libct/int: add TestFdLeaks
b3be2b0b libct: close execFifo after start
08b52797 Make test specific to disassembleFilter function
7b3e0bcf Ensure the scratch pipe is read during ExportBPF
62f1f0e4 tests/int/checkpoint: check all logs for errors
346cb359 Revert "tests/checkpoint: show full log lazy pages cpt"
c9b3787b script/check-config.sh: add SELinux and AppArmor
5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities
e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
2726146b runc --debug: more tests
201d60c5 runc run/start/exec: fix init log forwarding race
c06f999b libct/logs/test: refactor
688ea99e runc init: fix double call to ConfigureLogs
dd6c8d76 main: cast Chmod argument to os.FileMode
69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner
0300299a tests/int/debug.bats: fixups
d38d1f9f libcontainer/logs: use int for Config.LogPipeFd
ac93746c libct/seccomp: rm IsEnabled
9b2f1e6f runc version: don't use seccomp.IsEnabled
c8e0486f Fix oss-fuzz build
d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER
997e8942 capabilities.Caps: use a map for capability-types
41f466d8 nsexec.c: fix formatting for netlink defines
522bd641 Fix checking C code formatting
1948b4ce cloned_binary.c: rm redundant comments
b67deb56 nsexec.c: rm a block
513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias
dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection
d6e89248 Fix build-tags in libcontainer/devices
f585cec7 libct/cg/v2: always enable TasksAccounting
8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight
74299a1c CI: cache ~/.vagrant.d/boxes
97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set
051646a3 tests: test nested bind mount restore
705b6cc7 Re-create mountpoints during restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|