meta-virtualization

mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 20:59:41 +02:00

Author	SHA1	Message	Date
Bruce Ashfield	28472ab0d6	crun: update to v1.5 Bumping crun to version 1.5-41-gce7533a, which comprises the following commits: ad9008b copr: depend on wasmtime-c-api for shared lib 972d595 krun: add support for krun-sev e539aae tests: fix fedora rawhide mockbuild 559902d autobuild copr rpms with wasmtime support d39f45d wasmtime: always grant filesystem capability for wrkdir inside container b937322 wasmtime: inherit argv from handler argument instead of process 477ecc8 crun: restore will work on realpath 1083f9d tests,podman: skip push to local registry with authorization 29599a5 tests: disable login/logout tests 8ff3eba rpm/Makefile: Fix copr build (follow-up on #979) f5244c7 rpm/Makefile: install all dependencies on mock environments a37b06a rpm/Makefile: install git-core in tarball-prep ab18c71 cgroup: change delegate cgroup after cgroupns creation 4716692 cgroup: add new function libcrun_cgroup_enter_finalize 9139896 tests: disable broken test a45faa2 rpm/Makefile: autobuild rpms on podman-next copr 7ea284f src: make some error messages lower case 43f420a syntax-check: enable prohibit atoi and atof 9920e7b wasmer: move definitions earlier 54e2519 wasmer: drop not needed indentation 54fe445 wasmer: fix errors return code 86f9a5c syntax-check: enable prohibit always true header tests a07112c syntax-check: enable no period at end of message check 2656de5 maint.mk: update from upstream gnulib 3df1458 linux: fix build with glibc 2.36 14b2102 pidfd: fallback on ENOSYS fd01ef4 nix: allow to pass extra args to the runtime a91e905 NEWS: tag 1.5 2c94290 nix: update nix dependencies 76ead7b wasm: add support for running containers using wasmtime 88e8710 python: unset LIBCRUN_RUN_OPTIONS_PREFORK for run 9ceba95 crun: move config_file* to container 639c98f cgroup: add fallback to io.weight c75b58d wasm,wasmedge: drop support for experimental WasmEdgeProcess Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2022-08-25 22:55:48 -04:00
Bruce Ashfield	19375812f9	crun: update to 1.4.5 Bumping crun to version 1.4.5-74-gba3cb60, which comprises the following commits: 5af21e2 linux: fix idmap annotation c75b58d wasm,wasmedge: drop support for experimental WasmEdgeProcess 22c6181 linux: fix creating devices in the rootfs 6f46ad5 chore(wasmedge): remove legacy option 0de6bb2 fix unknown type name 'uint64_t' 3a16555 linux: fallback to netlink to setup lo device 1a3f8f1 linux: use $PATH for newgidmap and newguidmap 74679c6 krun: use library soname in dlopen 0130f08 krun: limit the number of vCPUs to 8 2a4458d linux: fallback to tmpfs mount if umount fails fd33331 artifacts, centos9-build: add libprotobuf-c-dev for protobuf headers 77f5c99 linux: devices mounts should have NOEXEC and NOSUID c923cec tests: add wasmedge build test 33f900c fix(wasmedge): breaking changes in wasmedge c api 699757b test, podman: skip podman pod create --share-parent test eb4ff94 handler: move notifer for phase HANDLER_CONFIGURE_AFTER_MOUNTS just after finalizing mounts b02a68d linux: honor mount mappings 8d774c5 libocispec: sync from upstream 38f60b1 ci: re-enable and fix clang-format d21594a .c: clang-format 9ed3c1b mono: remove incorrect wasm headings from mono docs c44937b tests: disable "podman kill paused container" 965129b test/check: fix wrong argument 17d1c16 cgroup: make target cgroup threaded if needed 77d2ac5 readme: show crun logo 2ebd7fc Adding crun logo SVG file ec9ab49 container, exec: honor process user's uid while setting HOME env d8a0c7f tests/podman/Dockerfile: build on fedora:35 and fedora:36 21de997 copy_recursive_fd_to_fd(): copy the whole file 3445f0f tests: add tests for covering '--pid-file' and '--no-new-privs' options e48db34 mono: add documentation and tryout example f8b85e8 windows/mono: bind mount windows dlls and runtime config from host 0df040d handler: add support for HANDLER_CONFIGURE_MOUNTS for handlers 6b3b4dc linux: add public api libcrun_container_do_bind_mount for adding ctr mounts 009430c windows: add mono based native dotnet handler eb48a65 cri-o: bump golang to 1.18.1 for capnproto.org/go/capnp 6cc7b03 test: set /crun as safe directory on containers running the tests 2f13875 linux: create missing cwd 1e30424 cgroup: remove tun/tap from the default allow list 6904cf4 cgroup: add support for cpu.idle 2824e92 libocispec: sync from upstream 70deaf0 podman-tests: change default log-driver to k8s-file instead of journald c381048 NEWS: tag 1.4.5 359e26d crun.1: regenerate f0cd1a7 .github: fix CI 9998f00 linux: hooks inherit env if not specified 9e361c8 tests: specify the user in the form UID[:GID] 4a61eb1 github: fix CI db77ef2 libcrun: fix typo 69289ce tests: add an environment variable 81ccd00 criu: add support for different manage cgroups modes 27b7fe5 tests: specify an additional capability to add to the process cdbc357 tests: delete multiple containers a39b07d podman: skip authenticated push 0ce2f2d exec: fix double free 5a528f4 docs: fix dependencies on RHEL/CentOS 8 section cd93941 git-version-gen: fix version comparison 38256da tests: disable failing CRI-O tests 6521fcc NEWS: tag 1.4.4 1aeeed2 exec: --cap do not set inheritable capabilities b847d14 spec: do not set inheritable capabilities ca75d1f feat(terminal-receiver): make terminal interactive ed6e424 remove duplicate "libtool" from install commands d10fe74 linux: resolve symlinks in bind mounts ba17004 tests, clang-check: install git 1a4fae9 rhcontainerbot/podman-next COPR autobuild 77df89b docs: update known issues with CRI and side-cars 164d753 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> crun: update runtimespec Bumping runtime-spec to version v1.0.2-100-g8d0d6d4, which comprises the following commits: 0da1600 fix rfc link 9d1130d IDMapping field for mount point fc985aa config-linux: update type of LinuxCPU.Idle to int64 bc545ec schema: add cpu idle 1fef707 Update Windows CPU comments 600a8bd cgroup ownership: clarify that some files may not exist b8dbce9 update idle type of LinuxCPU from *int64 to int64 9d363b3 config-linux: add idle option for container cgroup b05eb53 typo: seccompFD -> seccompFd 0608c1f Switch to GitHub Actions, CODEOWNERS, etc. f4ef391 specify cgroup ownership semantics 104385d config-linux: MAY reject an unfit cgroup 411082c add youki to implementations.md 6641127 alphabetize the implementation list. 84251a4 specs-go: export LinuxBlockIODevice 3f30167 schema: make with golang 1.16 34a7544 schema: update README.md Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2022-08-09 14:26:28 -04:00
Bruce Ashfield	8babc8e616	crun: update to 1.4.3 Bumping crun to version 1.4.3-4-g3b3061a, which comprises the following commits: 77df89b docs: update known issues with CRI and side-cars 164d753 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars 61c9600 NEWS: tag 1.4.3 040c59f chore(utils): add pointer casts to avoid C++ permissive mode 16850e4 build: fix bashism in configure.ac e094499 test: fix CI 22284a9 tests: add codespell tests 37f13e3 crun.1.md: fix typo 8fca8bf tests: add fuzzing for idmapped mounts option abfdf1f fuzzing: move chdir to Dockerfile d935d0a linux: move parsing to separate function 5c7165a centos9: enable only needed repo 160e626 centos8: enable only needed repo 648b132 tests: add tests for idmapped mounts 916c5cd tests: add check for file ownership 934e19a tests: add feature check for idmapped mounts bf06c8c linux: support options to idmap e1ee353 test, container-delete: ignore warn for cgroupv1 when cgroup cleanup fails 4355edc test: add a test for crun delete cdc4f6a utils, rmdir-all: transfer ownership and responsiblity of fd to rmdir_all_fd bb5bc67 linux: open source bind mount in the host df2fecd cgroup-destory: terminate infinite loop and relay error back to callee 44d7816 cgroup-destroy: bump delay while deleting from 0.1ms to 10ms ec9fa1c Remove ignored arguments 9854c71 Fix compilation error with seccomp 58d33b8 crio-tests: skip userns tests with auto annotation b3301ad crio-tests: use golang 1.17.6 192ff3e cri-o: remove locking to a specific commit in CI and use master f6fbc8f NEWS: tag 1.4.2 4029e63 utils: check for dup error 83668f1 linux: create_missing_devs creates /dev/console 0b09d62 utils: always create trailing file 5c47eac container: ignore EROFS when chowning std stream files 8ff9652 linux: validate sysctls before applying them 2f5be74 python: fix build da28cf1 container: attempt find_executable after setresuid 9646fde utils: drop const from find_executable 8026135 NEWS: tag 1.4.1 8711fbd utils: add a len argument to get_current_timestamp b5987ee utils: add printf attribute to xasprintf e9ba4ae libcrun: add printf attribute to error functions 2ca2d06 utils: add attribute malloc to x.alloc. functions ece4431 utils: add the sentinel attribute to append_paths bb57968 cgroup: do not lookup string twice d74c5e4 wasm: add docs and example for using crun wasm support on kubernetes 78384da tests/oci-validation: optimize build c7aac36 Revert "oci-validation: checkout last working commit for runtime-tools" 4cd65c3 utils: drop check for invalid path 90c6b1f tests/fuzzing/run-tests.sh: fix e65f285 ci: add shellcheck job b1c520c tests//.sh: add set -e, fix shellcheck warns 1613f4e tests/cri-o: don't remove non-existing files ff3e33b tests/fuzzing: nits 28c5f89 tests/oci-validation: rename script to run-tests.sh 2bf7a93 tests//.sh: rm redundant cd a51137c ci/gha: skip installing deps if Dockefile is used 209fe89 ci/gha: don't start docker 9174557 .github/workflows/test.yaml: nits b97d397 errors: use printf compiler annotation f12a5ac linux: fix lookup for namespace acc5f87 linux: skip setns_with_pidfd with explicit paths 5f924cb container: allow delete while in created state cc70b0a container: merge two if blocks 6aff973 cgroups: skip setting cpu limits if shares==0 5930bfa cgroup: append the sd error message in the error c9f0b16 gha: simplify deps install 08b621f tests/podman: exclude --ip6 test case 1da6b96 Fix some typos found by codespell fd6da89 src: rename libcrun_container_kill_all to libcrun_container_killall dfd5dae libcrun: unexport str2sig 21a8daf libcrun: let libcrun_container_kill* accept a string dd80179 libcrun: unexport append_paths eada263 tests: skip sd_notify tests without systemd 8ead30f ci: enable codeql analysis 3a1da09 .github: fix ci build a834e9b .github: test --enable-shared 95b482f src: export some symbols used by crun 7f37f2e src/libcrun/linux.c:425:77: error: 'OPEN_TREE_CLOEXEC' undeclared (first use in this function); did you mean 'OPEN_TREE_CLONE'? 3daded0 NEWS: tag 1.4 a400e8b libocispec: sync from upstream 76271c9 cgroup: initialize status d583bdc utils: fix path check 2b74dc1 handler: add support for running handlers on kubernetes with containerd 9b25f52 tests: extend checkpoint/restore test with pre-dump 587d0b2 tests: add memhog command to init fb2a7ed docs: add pre-copy migration options to the man page 0683fec checkpoint: add pre-dump support 7ecb4b0 handlers, wasm: add lost support for run.oci.handler=wasm 020ee61 tests: add tests for CPUShares/CPUWeight on systemd 58b8879 state: export systemd scope 3adb2d5 tests: allow to override cgroup manager bcbc72d cgroup-systemd: update CPUShares/CPUWeight 2ba3106 cgroup: add custom update_resources 2d7a495 update: fix shares file name ec70d28 cgroup-systemd: set CPUWeight/CPUShares on the scope cgroup 4012668 cgroup-resources: move CONVERT_SHARES_TO_CGROUPS_V2 to function 77318e4 cgroup: add function to write to the files 6457228 tests: add CRI-O integration tests to the CI d6ab372 configure.ac: mark unused variable cb4152d ebpf: fix build on 32 bits arches 2eafdff cgroup: ignore swap limit if it is not enabled 62e84d8 nix: lock nix version to last working release 1efb0f9 linux: fix join cgroup v1 f72414e crun, spec: allow override file name 5231a30 utils: retry openat2 on EAGAIN 782fb02 crun: load custom handlers e6fda97 build: define CRUN_LIBDIR af950dd handlers: support load from .so files 6d093a0 handlers: split each handler to its own file 46fb105 utils: remove hardcoded check for wasm 8f9337e crun, libcrun: move handlers behind an interface fd0e171 handler: split libcrun_configure_wasm 4eb1f03 container: move custom handlers code to new file 2063305 wasmedge: The wasmedge.h is moved to wasmedge/wasmedge.h 2b4dfef container, handler: close files marked with O_CLOEXEC 4898342 linux, exec: try setns with pidfd a14ae9e linux: move join namespaces to a new function a32286c linux, exec: use CLONE_INTO_CGROUP cb5bf95 linux: use clone3 if available 0e2eda2 tests: fail fuzzing test on crashes 74a21ed ebpf: handle missing access string c1127a3 container: propagate close for ready-fd c9c89c6 container: wait_process accepts a struct 9bf58f2 container: replace sprintf with snprintf 3191e49 container: drop argument for write_container_status 91b47f6 container: replace same failure code with a goto b5405fc linux: improve detection of /dev target dcc87a3 cgroup: move errors check to helper 0af034d cgroup: hide create/destroy behind a struct f95e56a cgroup: move cgroupfs code to new file 98e4e46 cgroup: move cgroup setup code to new file c3119e7 cgroup: move more functions to cgroup-utils 0272dae cgroup: move setting resources to new file 80925dc cgroup: move some functions to a new file 9c014c6 cgroup: rearrange code 24f6b40 cgroup: quote file names ed31849 cgroup: separate each cleanup to a different function d9eba41 cgroup: drop argument from libcrun_cgroup_destroy f47d933 cgroup: split systemd code to a new file aed4362 cgroup: drop unused function 384cf2a cgroup: drop usage of raw paths 1f313a8 libcrun: new function libcrun_container_read_pids ce7dedf cgroup: move returned data to different struct e2670b4 cgroup: drop argument delegate_cgroup 22d9dcb cgroup: drop argument systemd_subgroup a0d4d9f cgroup: drop unused argument create_if_missing dc135cf cgroup: drop cgroup_mode argument 4dcbf43 cgroup: remove unused argument 16db42f libcrun: unexport unused functions 4b18425 Also run clang-format on *.c files in tests/ abdeabf container: allow libcrun_run_linux_container to call final _exit() for handlers 2d177df container, exec: refactor to new function d78dff2 container: attempt chdir twice c9052f2 container: make chdir error clearer 78cf48b linux: use sd_notify_barrier if available 0fa6447 libocispec: sync with recent commits 40e4736 utils: move safe_openat fallback to separate function 82d2170 mounts: handle paths with multiple slashes 79699be utils: write_file truncates existing files ef37d51 linux: Enter specified cgroup namespace a36bcdd tests: disable podman unuseful test 53f2615 .github: use a bind mount for /var dirs 5566520 tests: add build test for centos:stream9 940705f tests, centos8: use centos:stream8 0e99990 Change podman branch to fix CI 1575f2f Add file-locks checkpoint/restore option d7029af linux: replace mounts lookup with gperf hashing 5511255 linux: support more recursive options 2dbce9b linux: use bool for is_user_ns 827b873 linux: new mount option "idmap" 02938ac linux: add function to send mounts from the host b5fc60e linux: provide cleanup private data callback a5a2ca5 linux: generalize opening mounts earlier 4523486 linux: silence warning a01a03a tests: update podman 3c6d57d wasmedge: fix error message if VM fails to get valid result object b48b654 crun: show if version supports wasm with configured runtime 365dc57 linux: new mount option "rro" 85c5bc9 linux: fix a race when saving external descriptors 825108e wasm: add support for wasmedge runtime 33e75d0 fix build error on ubuntu e1c7293 clang-check: refactor to suppress -Wunused-but-set-variable where needed 575c4a6 ci: use latest docker with seccomp profiles supporting clone3 8e5757a NEWS: tag 1.3 685078a tests: temporarily switch to fedora:34 9ea94e9 wasm: allow wasi modules to read args from config 76759f1 fix status.h compile error in C++ 952913b wasm: replace printf while relaying output to stdout with safe_write 152a3fc linux: bind mount the current cgroup path ce211c5 linux: fix mounting cgroup2 with --net=host e31ab81 wasm: add support for annotation module.wasm.image/variant=compat 2559696 wasm: add documentation 7407be1 wasm: add support to natively build and run wasm workload and wasm containers 6d046d6 oci-validation: checkout last working commit for runtime-tools eeae045 cgroup: fix race condition when enabling controllers fd7b3cb criu: do not override external_descriptors 979f6f0 criu: save the new descriptors after restore Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2022-03-21 17:31:28 -04:00
Bruce Ashfield	108e089f7e	global: update licence values to SPDX values These changes are the result of running the convert-spdx-licenses.py oe-core script. There's no impact to the build, but we will avoid issues when interacting with core QA by the alignment. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2022-02-18 13:07:10 -05:00
Bruce Ashfield	a9b1fb1787	crun: update runtime-spec branch to main runtime-spec has moved to main instead of master, so we tweak our branch name to match. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-11-03 09:32:10 -04:00
Bruce Ashfield	0a7ae8bc50	global: convert github SRC_URIs to use https protocol github is removing git:// access, and fetches will start experiencing interruptions in service, and eventually will fail completely. bitbake will also begin to warn on github src_uri's that don't use https. So we convert the meta-virt instances to use protocol=https (done using the oe-core contrib conversion script) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-11-02 09:57:03 -04:00
Bruce Ashfield	77111bf4f9	crun: bump to version 1.2 Bumping crun to version 1.2-16-g718b94e, which comprises the following commits: 979f6f0 criu: save the new descriptors after restore cab3d52 crun: chown std streams c68c4ce crun.1.md: fix formatting 62e9ba0 test: bump base and ubuntu to 1.16 for containerd tests 07303d8 exec: support --cgroup 9c96ca4 libcrun: allow to specify sub-cgroup for exec e32af6c cgroup: allow to create missing dirs baa786c exec: use new function 6d70af2 exec: new function libcrun_container_exec_with_options 97c2eac tests: add userns to sd_notify_proxy test 4f6c8e0 NEWS: tag 1.2 aee580f exec: fix containers being wrongly reported as paused 762269c test/criu: enable external ipc,uts,time namespaces e334260 criu: Add support for shared ipc,uts,time ns 1353be8 configure: convert indentation to tabs 44bb0b2 artifacts: add libprotobuf-c-dev for protobuf headers 5b341a1 NEWS: tag 1.1 55d293c .github: add libprotobuf-c-dev 2162435 criu: store external descriptors as JSON string 9c7d928 .github: check tests leave the working dir clean d99bb51 .github: report make check failures 0d64e1d linux: fix fix-test-mount-symlink-not-existing test 7260dc8 tests: fix number of tests b0d64b6 tests: skip caps tests if rootless a538e4e tests: disable exec_additional_gids when rootless b055575 criu: fix save of external descriptors c0f5460 criu: use has_prefix instead of strncmp 0fa5a11 criu: use write_file instead of open+write 1604c54 criu: drop \n from error messages a967d78 criu: fix fd leak f624c93 tests: disable unrelated failing Podman tests ee35311 utils: add new function safe_readlinkat ef24f0c README.md: ./configure.sh → ./configure 3e82d10 tests: add test for c/r with ext namespace 2257680 tests_utils: drop unused variable f41c979 tests: drop unused imports be18607 criu: Add support for external PID namespace 4810ac6 exec: refuse paused container/cgroup 7d35659 cgroup: drop cgroup_mode arg from libcrun_cgroup_is_container_paused 44377aa container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing bc0b3d1 utils: retry openat2 on EAGAIN 8a70bcd cgroup: use cgroup.kill if available c819e9c tests: update Podman to 3.3.0 74543d3 linux: silence two false positives reported by lgtm c1798ad status: check for owner before using it 5399935 utils: NUL terminate readlinkat buffer 2557c81 NEWS: tag 1.0 dad6ef2 crun.1: regenerate 2199d10 tests: update containerd version We also bump the oci/image/runtime spec SRCREVs to ensure that we have all the source dependencies up to date. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-10-18 13:34:35 -04:00
Bruce Ashfield	21fc48f10e	crun: fix offline builds The 'autogen.sh' script of crun was fetching dependencies that we already have in our SRC_URI. We want the OE git fetcher to manage the source, not scripts in the source of a package. We grab the two lines out of autogen.sh that we need, and use them directly in the configure_prepend. We also add yajl to the source code dependencies as the package DEPENDS is not enough as crun is explicitly building source that looks for the yajl code. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-10-18 13:32:43 -04:00
Bruce Ashfield	214942a349	crun: update to 0.21-latest Bumping crun to version 0.21-15-g360f5d0, which comprises the following commits: 2199d10 tests: update containerd version 1798d5a cgroup: chown cgroup to root b5cdeb5 cgroupv1: add support for setting memory.use_hierarchy 7cfdf09 Makefile.am: link libcrun to $(FOUND_LIBS) d4d1825 linux: treat pidfd_open EINVAL as ESRCH 62149b3 Update nixpkgs ac00581 Dockerfile: delete file c4c3cdf NEWS: release 0.21 69bd7dc Doc: cgroups v2 and RT processes unsupported 6397998 krun/kvm: crun should silently/gracefully switch to krun when needed. 92499bd container: wrap execv in retry-on-eintr b04a335 cgroup: lookup pids controller as well 448494e README.md: drop travis badge 1bbf562 Reflect #696 in crun's manpage e836219 rpm: fix license 2b88faa status: add fields for owner and created timestamp b07c389 criu: fix error check 09401bb linux: fix unitialized variable b222968 cgroup: fix a memory leak Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-08-27 10:50:45 -04:00
Bruce Ashfield	d876cfc5bf	global: overrides syntax conversion OEcore/bitbake are moving to use the clearer ":" as an overrides separator. This is pass one of updating the meta-virt recipes to use that syntax. This has only been minimally build/runtime tested, more changes will be required for missed overrides, or incorrect conversions Note: A recent bitbake is required: commit 75fad23fc06c008a03414a1fc288a8614c6af9ca Author: Richard Purdie <richard.purdie@linuxfoundation.org> Date: Sun Jul 18 12:59:15 2021 +0100 bitbake: data_smart/parse: Allow ':' characters in variable/function names It is becomming increasingly clear we need to find a way to show what is/is not an override in our syntax. We need to do this in a way which is clear to users, readable and in a way we can transition to. The most effective way I've found to this is to use the ":" charater to directly replace "_" where an override is being specified. This includes "append", "prepend" and "remove" which are effectively special override directives. This patch simply adds the character to the parser so bitbake accepts the value but maps it back to "_" internally so there is no behaviour change. This change is simple enough it could potentially be backported to older version of bitbake meaning layers using the new syntax/markup could work with older releases. Even if other no other changes are accepted at this time and we don't backport, it does set us on a path where at some point in future we could require a more explict syntax. I've tested this patch by converting oe-core/meta-yocto to the new syntax for overrides (9000+ changes) and then seeing that builds continue to work with this patch. (Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-08-02 17:17:53 -04:00
Bruce Ashfield	172d5f47d5	crun: adjust image-spec repository from master to main We need to change our branch to avoid parse errors. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-07-14 15:21:16 -04:00
Bruce Ashfield	b8f2edd39a	crun: add seccomp distro features check Since seccomp depends on libseccomp, and seccomp is only available when the distro feature is enabled, we add the same dependency and distro feature check to this recipe. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-06-30 11:22:42 -04:00
Bruce Ashfield	299c418144	crun: update to latest Bumping crun to version 0.20.1-7-g7ef74c9, which comprises the following commits: b07c389 criu: fix error check 09401bb linux: fix unitialized variable b222968 cgroup: fix a memory leak 1182975 cgroup: honor memory swappiness set to 0 38271d1 NEWS: tag 0.20.1 923447b container: ignore resetting keyring SELinux label b26493f Dockerfile: install required python3-jinja2 package 0d42f11 NEWS: tag 0.20 9042ac5 seccomp: drop SECCOMP_FILTER_FLAG_LOG by default 0f4156f cgroup: Refactor libcrun-cgroup-destory to support picking subsystems dynamically and clean custom controllers. d6be344 cgroup: ignore devices errors in a userns 6e187fb cgroup: do not join empty controller badb23d seccomp: report correct action in error message 5201956 container: apply SELinux label to keyring 4b664e9 linux: attempt to open existing dev file first dd1c419 libocispec: sync from upstream 5f74e2a Makefile.am: make sure libocispec uses main branch f0c76e1 utils: close_range fallbacks to close on EPERM 1596ab1 Update crun manual with recently added flags 1d84d62 Fix type for LinuxDeviceCgroup.linux.resources.devices.allow in default Spec 62d251d container: call prestart hooks before rootfs is RO 48bc33d Exec: Add --process-label and --apparmor to allow modifying selinux_label and apparmor_profile 0e53e87 Exec: Add --no-new-privs to and adhere if noNewPriviledges is false in basespec config 2de8b43 Fix SIGSEGV for rootless container caused by case when def->linux is defined but def->linux->cgroups_path is NULL 54e77c2 Add support for spec --bundle ae11886 cgroup: fix regression in mode detection 194b72d kill: fix race condition with pidfd_open 2910d9b cgroup: add custom annotation run.oci.delegate-cgroup 407eef9 cgroup: drop argument from function 0485de6 cgroup: report error if the cgroup path was set bf5020a cgroup: improve error message a131715 cgroup: fix recursive cleanup 6e95060 cgroup: kill procs in cgroup on EBUSY 0274d6f tests: disable go modules 1272eaf tests: skip podman create --pull 04f1a6a container: read the error from the init process 29afcd6 Update README.md 9863a8e Update README.md 55f5ed5 utils: use /proc/self/fd to open unix socket fa40930 contrib: fix warning from the rust compiler 1535fed NEWS: tag 0.19.1 227e0be spec: add cgroup ns if on cgroup v2 3fbe777 libcrun: add const to spec_file eb34661 libcrun: annotate cgroup_mode < 0 checks 92bcc81 tests: add fuzzing tests af3509d cgroup: support array of strings 9effaeb On exec, honor additional_gids from the process spec, not the container definition Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-06-21 08:52:18 -04:00
Bruce Ashfield	6adc4f64d5	crun: switch to main as specified branch The upstream project has moved from master to main, so we adjust our recipe accordingly. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-06-21 08:52:18 -04:00
Bruce Ashfield	51c195d761	crun: switch branch to main crun has renamed master -> main, so we adjust our fetching to match. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-05-19 08:48:11 -04:00
Bruce Ashfield	144d1ae897	crun: use REQUIRED_DISTRO_FEATURES to indicate systemd dependency crun has a hard dependency on systemd, we need to add it to the recipe to avoid failing package QA checks. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-04-26 11:17:27 -04:00
Bruce Ashfield	cbec1240f9	crun: bump to latest As part of this update to crun, we now much run autogen.sh before running configure. Otherwise, these are incremental changes and comprise the following commits: 9effaeb On exec, honor additional_gids from the process spec, not the container definition c25a2db tests: add explicit python3-pip dependency e67a756 NEWS: tag 0.19 18c0274 gitignore: update 471a7b8 libocispec: update from upstream f642968 tests: fix check for cgroup v2 3e7fa1d linux: always remount bind mounts 78aeac9 linux: ignore unknown capabilities f11d742 Add linuxdevicecgroup to maintain parity with runc spec 9aa382b cgroup: skip parsing empty file d9c9fd0 container: initialize tmp_err 00371ae src: initialize statx struct 2e88d19 src: initialize first_arg 5e4efb7 seccomp: always NUL terminate lowercase_arch 7812572 tests: add test for seccomp listener f80e98d init: add check for seccomp listener 5d9010b init: fix check for nargs 5a627f4 seccomp: support notify listener c3361c1 status: use function to convert from yajl errors 873b62d container: use new error function for hooks JSON 14083ab error: new function to convert from yajl errors 6e19235 linux: pass own pid to container process 8fd3320 contrib: new tool to test seccomp notifications 8722858 crun: always use absolute path for the bundle ae9ea92 container: improve OOM error message 919aac9 utils: receive fd detect closed connection a52e480 cgroup: new function to detect OOM 2e37d2a sync-libocispec 75ad96b Let autogen.sh generate m4 14c260f libcrun_warn if newuidmap/newgidmap invoke fails 5598401 README.md: drop pids limit comparison 9ea6857 github: add fuzzing test 0fd03ba tests: add container image for fuzzing libcrun bbd5c7d fuzzer: reap child processes c7350ef tests: add more fuzzing tests 816f95b fuzzer: merge two tests effa508 linux: cleanup zombie on errors b32f1eb linux: release only on error 5ca72f5 status: attempt open again on interrupts 9b5d4c1 Added static analysis Adding clang compilation Fixing comparison of integers of different signs 3b199ef Update GNUmakefile dcd1a34 linux: label the tmpfs for masked directories edf7f15 seccomp: check if the action supports errnoRet bc222b6 seccomp: fail if no default action specified 0c5b920 seccomp: honor default errno value 92c0afe yajl: support static link of containers/yajl f3d920d src: fix unitialized variable 7d89a02 src: add error check 765971c status: fix memory leak on error 31274d8 utils: fix check for fd 62d1c4d tests: add test to feed honggfuzz ab75091 ebpf: return the program instead of NULL 8b16552 src: check if seccomp is defined f721efb container: fix error ownership 4472e35 container: allow config from memory 6b369b8 container: fix memory leak 0fede0f container: initialize variable 2b6c0b6 container: fix dereference of def->linux if NULL 1dd9b5b container: check for def->process before deref 1b1a691 fix: cross-compiling for Android b25cb2d tests: add device access test 86251b0 ebpf: handle access(dev_name, F_OK) call correctly e2d79dc fix: access violate if ret < -2 4f35406 cgroup: read controllers from /proc/self/cgroup Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-04-12 15:15:39 -04:00
Bruce Ashfield	2eda91539f	crun: update to 0.18 Bumping to the release, which pulls in the 808420e release: distribute CHECKSUMS file c2b0064 build-aux: provide arm build without systemd 7cc03f7 .gitignore: update file f5274bd NEWS: tag 0.18 94e8364 src: add missing definitions baed691 libocispec: sync from upstream 8d0ebf6 Add arm64 static binary build b66d5d9 tests: fix make check in a user namespace e10205e linux: remove temporary mount logic 7819f4c linux: use targetfd for move_mount 891cd3c linux: use safe_openat for masked/readonly paths 6c5577f linux: use new function 9aa264d utils: add function to safely create and open 436daef src: add function to cleanup container struct c955ece src: pull function out 7bd51a0 build: check for linux/openat2.h dcb1914 utils: add function to remove initial slashes a1c958c utils: memoize check result 25c6f07 container: rename function to get_root_in_the_userns f08bd31 src: fix leak of the descriptors buffer df88061 tests: disable more Podman flaky tests 052bab7 utils: set HOME to root if the user not found efe35f1 linux: ignore ENOSYS on keyctl 1b65163 tests: enable asan sanitizer a0f322a tests: build init always statically a656698 configure.ac: allow to disable dl support 6adb26b tests: disable hooks_stdin for oci-validation 06199c7 tests: update to podman 3.0 bc888b9 tests: disable podman pull test f1373f9 tests: install crun under /usr/bin 257f442 Fix permission error when using both user namespaces & NOTIFY_SOCKET 617a212 cgroup: skip +cpu on EINVAL in cgroup root b6ac8de linux: use safe_openat for tmpcopyup 2d1f910 utils: avoid reopening the root during lookup 3ce74e8 utils: fix symlink lookup cbb67ae container: set working directory for libkrun df01709 seccomp: custom annotation to load raw bpf b229dca linux: refactor allocate_tmp_mounts 68bb50f linux: disable temporary mounts with [r]slave d6ae36b libocispec: update from upstream 487e792 github: enable clang-format checks 61d6844 src: run make clang-format 1d559d0 clang-format: change ColumnLimit to 0 643d05b linux: disable temporary mounts with [r]shared de6082f cgroup: fix conversion from blkio to io 1db8312 Update nix pin with `make nixpkgs` 540444c Makefile.am: crun depends on libocispec.la 1df96e5 linux: fix build without CLONE_NEWCGROUP Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-02-24 13:50:05 -05:00
Bruce Ashfield	4a16ba75b1	crun: update to 0.17 We bump crun, and its dependency repositories to their latest revisions. Along with the code changes, we have a new systemd dependency (or the build fails), and the License was incorrectly set to GPLv3 previously, and we correct it to v2 as part of this update. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2021-02-06 13:27:53 -05:00
Bruce Ashfield	a6ae07c0d3	crun: introduce crun (OCI runtime provider) Create the initial recipe to provide crun as an alternative OCI runtime provider. This currently has a depdenency on seccomp, but it would be nice if we can make that optional in the future to avoid pulling in all of meta-security as a dependency. Example: % skopeo copy docker://busybox oci:busybox-oci:latest % mkdir busybox-bundle % oci-image-tool create --ref platform.os=linux busybox-oci busybox-bundle % cd busybox-bundle/ % rm config.json % runc spec % runc run foo ^D % crun run foo ^D Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2019-10-13 11:11:35 -04:00

20 Commits