mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 12:50:22 +02:00
fda631c22f
Bumping runc to version v1.2.0-rc.2-21-g3778ae60, which comprises the following commits:
309a6d91 ci/gha: add go-fix job
a5e660ca seccomp-notify.bats: add fcntl to the important syscall list
e7848482 Revert "libcontainer: seccomp: pass around *os.File for notifyfd"
b18d052b ci/cirrus: switch from CentOS to Almalinux
8b1c0f7e CHANGELOG.md: dedup v1.2.0-rc.2 notes
6980adb6 libct/userns: implement RunningInUserNS with sync.OnceValue
b3b31ff2 libct/userns: make fuzzer Linux-only, and remove stub for uidMapInUserNS
5b09a712 libct/userns: change RunningInUserNS to a wrapper instead of an alias
30b530ca libct/userns: split userns detection from internal userns code
c1421339 remove pre-go1.17 build-tags
5ea76254 VERSION: back to development
f2d2ee5e VERSION: release 1.2.0-rc.2
ee601b87 MAINTAINERS_GUIDE: rm chief maintainer role
d6563f6b MAINTAINERS: move crosbymichael to EMERITUS
ad976aa1 put the changelog of v1.1.13 after v1.2.0-rc.1
4e2d7c0a update changelog after v1.1.13 released
2cb46c6e script/keyring_validate.sh: fix a typo
d6e427e1 runc exec: avoid stuttering in error messages
a6d46ed1 runc exec: improve options parsing
42cea2ec libct: don't allow to start second init process
e3e10725 libct: fix locking in Start/Run/Exec
304a4c0f libct: createExecFifo: rm unneeded os.Stat
e7294527 try to delete exec fifo file when failure in creation
1c505fff Revert "Set temporary single CPU affinity..."
f8f1bc9a Vagrantfile.fedora: bump to F40
77190360 libct/cg: write unified resources line by line
40dd884a MAINTAINERS: add Rodrigo Campos
3019e842 libct/cg: use clear built-in
b7fdd524 libct: use slices package
a1e87f8d libct: rm eaccess
6b2eb52f go.mod,README: require Go 1.21
17380da2 Dockerfile: switch to Go 1.22 and Debian 12
a3302f20 ci: switch to go 1.22 as main version
e660ef61 libct/nsenter: stop blacklisting go 1.22+
24c2d28d fix a debug msg for user ns in nsexec
3083bd44 tests/cgroups: separate cgroup v2 swap test
4209439b libct/cg/fs/v2: ignore setting swap in some cases
dbb011ec tests/int/helpers: fix cgroups_swap check for v2
8626c717 tests/int: fixup find statements
e530b2a6 tests/int/update: fix v2 swap check
024c2711 make trimpath optional
760105ab script/*: fix gpg usage wrt keyboxd
67f6c37b ci/gha: switch to ubuntu 24.04
40bb9c46 ci/cirrus: rm centos stream 8
48c4e733 ci: workaround for centos stream 8 being EOLed
5c5ebe77 tests/int/scheduler: require smp
b24fc9d2 ci: pin codespell
584afc67 libct/system: ClearRlimitNofileCache for go 1.23
b74b33c4 Dockerfile: bump Debian to 12, Go to 1.21
d697725a libct/cg/dev: fix TestSetV1Allow panic
177c7d4f Fix codespell warnings
a35f7d80 fix comments for ClearRlimitNofileCache
6ab3d8ad vendor: golang.org/x/net@v0.24.0
f8052066 libct/cg/fs: fix setting rt_period vs rt_runtime
e5e8f336 .cirrus.yml: rm FIXME from rootless fs on CentOS 7
36be6d05 libct/int: checkpoint test: skip pre-dump if not avail
e42d981d libct/int: rm double logging in checkpoint_test
62a31465 libct/int/cpt: simplify test pre-check
e676dac5 libct/criu: simplify checkCriuFeatures
f6a8c9b8 libct: checkCriuFeatures: return underlying error
4ea0bf88 update/add some tests for rlimit
da68c8e3 libct: clean cached rlimit nofile in go runtime
a853a826 runc exec: setupRlimits after syscall.rlimit.init() completed
f452f667 ci/gha: bump golangci-lint-action from 5 to 6
bac50646 libct: fix a comment
dbd0c334 libct/system: rm Execv
9d9273c9 allow overriding VERSION value in Makefile
75e02193 use go mod instead of go get in spec.bats
b032fead libct/cg/fs: don't write cpu_burst twice on ENOENT
6bf1d3ad tests/int/tty: increase the timeout
8732eada Vagrantfile.fedora: bump Fedora to 39
d63018c2 ci/gha: bump golangci-lint to v1.57
0eb8bb5f Format sources with gofumpt v0.6
6bcc7361 ci/gha: bump golangci/golangci-lint-action to v5
baba55e2 ci/actuated: re-enable CRIU tests
f6b7167b tests/int/checkpoint: add requires criu_feature_xxx
e5c82f00 tests/int/checkpoint: rm double logging
00238f5d CI: add actuated-arm64
758b2e2b helpers.bats: cgroups_cpu_burst: check kernel version
d618c6fe cgroups.bats: check cgroups_io_weight
053f6a0d seccomp_syscall_test1: use ftruncate instead of kcmp
30dc98f5 CI: run apt with -y
4f3319b5 libct: decouple libct/cg/devices
afc23e33 Set temporary single CPU affinity before cgroup cpuset transition.
cde1d090 libcontainer: force apps to think fips is enabled/disabled for testing
6b1f7308 tests/integration: Fix remount on debian testing
5052c075 tests/integration/mounts_sshfs.bats: Fix test on debian testing
e4bf49ff runc update: distinguish nil from zero
afcb9c2e add a test case for runc update cpu burst
5194bd8d VERSION: back to development
275e6d85 VERSION: release v1.2.0-rc.1
fc3e04dc changelog: update to include all new changes since 1.1.0
b47fb3fd changelog: sync changelog entries up to runc 1.1.12
d4b670fc changelog: mention key breaking changes for mount options
851e3882 ci/test: exclude some runc_nodmz jobs
e377e168 [hotfix] nsenter: refuse to build with Go 1.22 on glibc
ac31da6b ci/cross-i386: pin Go to 1.21.x
bfbd0305 Add I/O priority
ccc500c4 seccomp: patchbpf: always include native architecture in stub
b288abea seccomp: patchbpf: rename nativeArch -> linuxAuditArch
ab6788d3 Remove dependabot ignore
cdccf6d6 build: update libseccomp to v2.5.5
da79b616 fix runc-dmz bin path error in Makefile
37581ad3 dmz: remove SELinux special-casing
eefc6ae2 features: implement returning potentiallyUnsafeConfigAnnotations list
606251ab build(deps): bump github.com/opencontainers/runtime-spec
bb5673f2 build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0
7ab66b18 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
6056ed2d build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0
fc76b136 Makefile: Fix runc-dmz removal
46b72107 contrib/cmd/memfd-bind: Mention runc-dmz needs RUNC_DMZ=true
1dae66f7 libct/dmz: Require RUNC_DMZ=true to opt-in
935d586b build(deps): bump tim-actions/get-pr-commits from 1.3.0 to 1.3.1
86360598 tests/int: fix flaky kill tests
82499d42 Fixed spelling mistake in the Makefile at .PHONY vendor
93e37723 ci/golangci-lint: add checks permission
302b2e89 tests/int: use gawk where needed
3a9859bd libct/nsenter: rm unused include
ea140db7 libct/nsenter: rm unused code
27cbabd0 build(deps): bump golangci/golangci-lint-action from 3 to 4
afd90f44 build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
97632a6d build(deps): bump github.com/containerd/console from 1.0.3 to 1.0.4
174940a7 build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
a596a055 update go version to 1.21 in cirrus ci
bc4a869d test: no execve error msg synced to parent process
d0750587 close the sync pipe explicitly in exec
0bc4732c test for execve error without runc-dmz
35aa63ea never send procError after the socket closed
d8edada9 init: don't special-case logrus fds
ee73091a libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
89c93ddf cgroup: plug leaks of /sys/fs/cgroup handle
f2f16213 init: close internal fds before execve
8e1cd2f5 init: verify after chdir that cwd is inside the container
7094efb1 init: use *os.File for passed file descriptors
093c83e1 keyring: update AkihiroSuda key expiry
34eceb21 keyring: update cyphar@cyphar.com key expiry
fe95a2a0 tests/integration: Test exec failures
8afeccc8 libct/dmz: Print execve() errors
b1e3c3c7 build(deps): bump golang.org/x/net from 0.19.0 to 0.20.0
2a473a76 Add CONFIG_NETFILTER_XT_MATCH_COMMENT to check
e1e3ca02 build(deps): bump golang.org/x/sys from 0.15.0 to 0.16.0
68438ba2 fix scheduler validate
55c9d6bf we have implemented idmapped-mounts with no limitations
e90d8cb8 we have supported rsvd hugetlb cgroup
a7c3e07c libct: Improve error msg when idmap is not supported
43306be3 build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
5a4f5217 script/check-config.sh: check CONFIG_BLK_CGROUP_IOCOST
d87366f0 scripts/check-config: fix kernel version checks
7f65cc75 script/check-config.sh: check CONFIG_CHECKPOINT_RESTORE
6aa4c1a1 script/check-config: disable colors
b94b5590 scripts/check-config: don't check MEMCG_SWAP on newer kernels
3f4a73d6 TestCheckpoint: skip on ErrCriuMissingFeatures
c8113085 remove remap-rootfs bin when running make clean
0bbb7e9f move the target 'clean' next to 'all'
d08ba9ca fix a (u|g)IDMappings type value convertion error
7b655782 build(deps): bump actions/upload-artifact from 3 to 4
482e5637 configs: make id mappings int64 to better handle 32-bit
fa93c8b0 tests: mounts: add some tests to check mount ordering
3b57e45c mount: add support for ridmap and idmap
7795ca46 specconv: handle recursive attribute clearing more consistently
cdff09ab rootfs: fix 'can we mount on top of /proc' check
8e8b136c tree-wide: use /proc/thread-self for thread-local state
a04d88ec vendor: update to github.com/moby/sys/mountinfo@v0.7.1
5ae88daf idmap: allow arbitrary idmap mounts regardless of userns configuration
ba0b5e26 libcontainer: remove all mount logic from nsexec
ebcef3e6 specconv: temporarily allow userns path and mapping if they match
e66ba70f build(deps): bump actions/setup-go from 4 to 5
c045886f tests: remap rootfs for userns tests
6fa8d068 integration: add mega-test for joining namespaces
e6fb7fe5 nsexec: allow timens to work with non-rootless userns
09822c3d configs: disallow ambiguous userns and timens configurations
3bab7e92 configs: clean up error messages for Host[UG]ID
9387eac3 init: don't pre-flight-check the set[ug]id arguments
1912d598 *: actually support joining a userns with a new container
88411747 tests: integration: fix spurious SC203[01] shellcheck errors
c25493fc build(deps): bump golang.org/x/net from 0.17.0 to 0.19.0
b2782965 build(deps): bump golang.org/x/sys
a6f40817 libct: Destroy: don't proceed in case of errors
ab3cd8d7 runc delete, container.Destroy: kill all processes
7396ca90 runc delete: do not ignore error from destroy
d3d7f7d8 libct/cg: improve cgroup removal logic
29283bb7 runc delete -f: fix for no pidns + no init case
dcf1b731 runc kill: fix sending KILL to non-pidns container
542cce01 libct: Signal: slight refactor
d9f2a24a libct: replace runType with hasInit
94505a04 *: introduce pidfd-socket flag
3bde5111 fix some unit test error after bump ebpf to 0.12.3
b2f7614a bump github.com/cilium/ebpf from 0.12.2 to 0.12.3
823636c3 ci/cirrus: disable selinux-dmz kludge for centos-stream-8
9d8fa6d6 libcontainer: dmz: fix "go get" builds
669f4dbe configs: validate: add validation for bind-mount fsflags
4bf8b555 libct: Remove old comment
87bd7846 Add dmz-vs-selinux kludge and a way to disable it
393c7a81 README: fix reference to memfd-bind
b39781b0 tests/int: add selinux test case
b2539a7d libct/cg: skip TestWriteCgroupFileHandlesInterrupt on CentOS 7
a2f7c6ad internal/testutil: create, add SkipOnCentOS
2c9598c8 libct/cgroups.OpenFile: clean "file" argument
98511bb4 linux: Support setting execution domain via linux personality
6d279220 tests/int: fix flaky "runc run with tmpfs perm"
104b8dc9 libct/cg: add swapOnlyUsage in MemoryStats
7c71a227 rootfs: remove --no-mount-fallback and finally fix MS_REMOUNT
153865d0 tests/int: fix teardown in mounts_sshfs.bats
7f5daa88 libct/cg/fs.Set: fix error message
5ea7c60f tests/int: fix cgroup tests
bbf8eff8 tests/int: fix "runc run (hugetlb limits)"
d60d17a6 build(deps): bump github.com/cilium/ebpf from 0.12.1 to 0.12.2
9cd5d6cd libct/cg: remove retry on EINTR in
54d38c61 build(deps): bump github.com/cilium/ebpf from 0.12.0 to 0.12.1
f944d7b6 ci/gha: fix downloading Release.key
b6a0c483 libct/dmz: Support compiling on all arches
4a7d3ae5 libct/cg: support hugetlb rsvd
aec0dc7d build(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.0
6f7266c3 libcontainer: drop system.Setxid
2860708d build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0
b8f75f39 Makefile: move .PHONY to before each target
bdf78b44 libct/cg/dev: add sync.Once to test case
46bfcac8 Makefile: avoid calling sub-make
961d0f12 Makefile: make verify-dmz-arch less talkative
fa8f3817 ci: skip TestPodSkipDevicesUpdate on CentOS 7
927a5836 build(deps): bump golang.org/x/net from 0.15.0 to 0.16.0
0ab58aa2 build(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0
730bc844 Fix directory perms vs umask for tmpcopyup
770728e1 Support `process.scheduler`
efbebb39 libct: rename root to stateDir in struct Container
c89faacc libc: rm _LIBCONTAINER_STATEDIR
6538e6d0 libct: fix a typo
109dcadd fix two typos
f755c808 libct/cg/stats: support misc for cgroup v2
2e2ecf29 libct: use chmod instead of umask
4b3b7e99 docs/spec-conformance: update
531e29e1 script/lib.sh: set GOARM=5 for armel, GOARM=6 for armhf
90606665 docs: clarify the supported architectures (No MIPS)
9976be86 libct/dmz: Move comment out of the Makefile rule
90f5da65 libct/dmz: Reduce the binary size using nolibc
8da42aae sync: split init config (stream) and synchronisation (seqpacket) pipes
ccc76713 sync: rename procResume -> procHooksDone
99469eba Handle kmem.limit_in_bytes removal
90c8d36a dmz: use sendfile(2) when cloning /proc/self/exe
f8348f64 tests: integration: add runc-dmz smoke tests
6be763ee tests: integration: fix capability setting for CAP_DAC_OVERRIDE
b9a4727f contrib: memfd-bind: add helper for memfd-sealed-bind trick
dac41717 runc-dmz: reduce memfd binary cloning cost with small C binary
e089db3b dmz: add fallbacks to handle noexec for O_TMPFILE and mktemp()
0e9a3358 nsexec: migrate memfd /proc/self/exe logic to Go code
321aa20c scripts: add proper 386 and amd64 target triples and builds
d9ea71bf deprecate libcontainer/user
ca32014a migrate libcontainer/user to github.com/moby/sys/user
65a1074c increase memory.max in cgroups.bats
b17c6f23 validator: Relax warning for not abs mount dst path
c378602b libct/specconv: remove redundant nil check
c7ad2749 build(deps): bump github.com/cyphar/filepath-securejoin
e1584831 libct/cg: add CFS bandwidth burst for CPU
1fe9447f build(deps): bump golang.org/x/net from 0.14.0 to 0.15.0
2d0cd0b3 build(deps): bump actions/checkout from 3 to 4
d8e9ed3e libcontainer/userns: simplify, and separate from "user" package.
5f05b96e build(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0
937ca107 Fix File to Close
e8525238 tests/int: add a test for host mntns vs hooks
41778ddc Fix for host mount ns containers
fe6f33b2 build(deps): bump tim-actions/commit-message-checker-with-regex
0f3eeb9b tests/int: add failed hooks tests
cadf0a14 tests/int: rename hooks.bats to hooks_so.bats
6a4870e4 libct: better errors for hooks
f62f0bdf Remove nolint annotations for unix errno comparisons
17e7e230 ci/gha: bump golangci-lint to v1.54
b3e97214 Add issue reference to nolint annotation
cc7e607a features: Expose idmap support
671e211e vendor: Update runtime-spec to expose mountExtensions
b22073c5 ci/gha: add job timeouts
1f25724a configs: fix idmapped mounts json field names
8aa97ad3 nsexec: remove cgroupns special-casing
5c7839b5 rootfs: use empty src for MS_REMOUNT
20b95f23 libcontainer: seccomp: pass around *os.File for notifyfd
f81ef149 libcontainer: sync: cleanup synchronisation code
c6e7b1a8 libct: initProcess.start: fix sync logic
b0c7ce51 makefile: quote TESTFLAGS when passing to containerised make
aa5f4c11 tests: add several timens tests
9acfd7b1 timens: minor cleanups
46d6089f ci/gha: re-enable go caching
5741ea23 ci: add go 1.21, remove go 1.19
ec2ffae5 libct: Allow rel paths for idmap mounts
19d26a65 Revert "libct/validator: Error out on non-abs paths"
61a454cc build(deps): bump golang.org/x/net from 0.13.0 to 0.14.0
883aef78 libct/init: unify init, fix its error logic
789a73db init.go: move logger setup to StartInitialization
0d890ad6 nsenter: cloned_binary: use MFD_EXEC and F_SEAL_EXEC
b999376f nsenter: cloned_binary: remove bindfd logic entirely
38676931 criu: do not add log file into error message
c77aaa3f criu checkpoint/restore: print errors from criu log
e4478e9f criuSwrk: simplify switch
cb981e51 libct: move criu-related stuff to separate file
f88a7654 ci: fix flaky test "update memory vs CheckBeforeUpdate"
5c6b334c ci: fix TestOpenat2 when no systemd is used
962019d6 ci: fix TestNilResources when systemd not available
cfc801b7 Fix running tests under Docker/Podman and cgroup v2
ebc2e7c4 Support time namespace
83137c68 add a test case about missing stricky bit
6092a4b4 fix some file mode bits missing when doing mount syscall
06882888 contrib/fs-idmap: Move logic to a new function
855c5a0e contrib/fs-idmap: Don't hardcode sleep path
882e5fe3 contrib/fs-idmap: Check exactly 2 args are received
821d0018 contrib/fs-idmap: Remove not needed flags
7d2becdf libct/cg/fs2: use `file` + `anon` + `swap` for usage
99340bb0 contrib/fs-idmap: Reap childs
c537cb3d build(deps): bump golang.org/x/net from 0.12.0 to 0.13.0
70f4e46e utils: use close_range(2) to close leftover file descriptors
57f31c68 libct/nsenter: Show better errors for idmap mounts
701dff79 libct/cg/sd: use systemd v240+ new MAJOR:* syntax
da780e4d Fix bind mounts of filesystems with certain options set
237acdd8 add some important announcements in unreleased section
c875ea85 use the length of UIDMappings/GIDMappings to check whether empty or not
d9494fc6 CHANGELOG: forward-port 1.1.6-1.1.8 changes
11b6c9b6 build(deps): bump github.com/opencontainers/runtime-spec
a3785c88 Remove idmapFD field for mountEntry
46ada59b Use an *int for srcFD
c47f58c4 Capitalize [UG]idMappings as [UG]IDMappings
f92057aa tests/int: update set_cgroups_path doc
19f76b66 tests/int/ps: enable for rootless
867ee905 docs: Update spec conformance for idmap mounts
b460dc39 tests/integration: Add tests for idmap mounts
fda12ab1 Support idmap mounts on volumes
98317c16 ci: bump golangci-lint, remove fixed exception
fe4528b1 libcontainer: Just print the mountFds slice len on errors
73b64970 libcontainer: Add mountFds struct
0172016a libcontainer: Add generic parseFdsFromEnv()
f5814a10 libcontainer: Add generic sendFdsSources()
96bd4875 nsenter: Add idmap helpers
5166164d nsexec: Add generic receive_sources()
4b668a82 Switch setupUserNamespace() to use the toConfigIDMap() helper
fbf183c6 Add uid and gid mappings to mounts
83418f88 build(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0
2c844977 build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0
881e92a3 libct/validator: Error out on non-abs paths
45c75ac7 build(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0
017d6996 libct/nsenter: namespace the bindfd shuffle
3b191ff7 libct/nsenter: set FD_CLOEXEC on received fd
8f671781 libct/nsenter: refactor ipc funcs for reusability
890dceee libct/nsenter: annotate write_log() prototype
35fddfd2 chore(libct/nsenter): extract utility code
37732d1e MAINTAINERS: add Li Fu Bang
ad040b1c tests/int/delete: make sure runc delete removes failed unit
58a811f6 tests/int: add/use "requires systemd_vNNN"
43564a7b runc delete: call systemd's reset-failed
91b4cd25 libct/cg/sd: remove logging from resetFailedUnit
dacb3aaa tests/int/cgroups: remove useless/wrong setting
5cdf7671 libct/cg: IsCgroup2UnifiedMode: don't panic
5e53e659 ci: bump shellcheck to 0.9.0, fix new SC2016 warnings
a57d94d3 build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
9fa8b9de Fix tmpfs mode opts when dir already exists
eb55472e Fix integration tests failure when calling "ip"
a52efc1f build(deps): bump golang.org/x/net from 0.10.0 to 0.11.0
e3627658 .codespellrc: update for 2.2.5
c9209fd2 ci/gha: don't skip rootless+systemd on ubuntu 22.04
1aa7ca80 libct/cg/stats: support PSI for cgroup v2
bc390b2e build(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0
73b5dc02 docs/systemd: fix a broken link
62963fef libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
0ac3376c go.mod: runtime-spec v1.1.0-rc.3
78d31a49 ci/cirrus: enable rootless tests on cs9
41e04aa6 tests/int: rename a variable
e83ca519 tests/int/cgroups: filter out rdma
31e3c229 build(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
7d09ba10 libct: implement support for cgroup.kill
f8ad20f5 runc kill: drop -a option
9583b3d1 libct: move killing logic to container.Signal
2a7dcbbb libct: fix shared pidns detection
5b8f8712 libct: signalAllProcesses: remove child reaping
e0e8d9c8 tests/int/kill: add kill -a with host pidns test
67bc4bc2 tests/rootless.sh: drop set -x
fed0b124 tests/int: increase num retries for oom tests
5929b019 ci/gha: add space-at-eol check, fix existing issues
511c7614 man/runc: fixes
bb4dbbc4 ci/cirrus: limit numcpu
650efb2c Fix Vagrant caching
b9d2d8d8 build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
7e481ee2 libct/int: remove logger from init
eba31a7c libct/StartInitialization: rename returned error
4f0a7e78 libct/init: call Init from containerInit
72657eac libct: move StartInitialization
2a347045 build(deps): bump tim-actions/get-pr-commits from 1.2.0 to 1.3.0
62cc13ea gha: disable setup-go cache for golangci job
083e9789 ci/gha: rm actions/cache from validate/deps job
da5cdfed ci/gha: fix cross-i386
b32655d2 ci/gha: rm kludges for cross-i386 job
f6c393da features: graduate from experimental
6beb3c6a go.mod: runtime-spec v1.1.0-rc.2
882a2cc8 build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
02afa9f1 build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
a60933bb libct/rootfs: introduce and use mountEntry
976748e8 libct: add mountViaFDs, simplify mount
5a177463 deps: bump urfave/cli
20e38fb2 init: do not print environment variable value
5f6aafb3 libct: document process.LogLevel field
defb1cc7 libct/cg/dev: optimize and test findDeviceGroup
13091eee ci: bump bats 1.8.2 -> 1.9.0
a1920009 Vagrantfile.fedora: bump to 38
33b6ec29 ci/cirrus: use vagrant from hashicorp repo
14d6c7df runc.keyring: add Akihiro Suda
d7208f59 libct/cg/sd: use systemd version when generating dev props
cfc3c6da scripts: keyring validate: print some more information
a7583103 runc.keyring: add Kolyshkin
42a10919 runc-kill(8): amend the --all description
fe278b9c libct: fix a race with systemd removal
056ec0ca keyring: add Aleksa's <cyphar@cyphar.com> signing key
0c9c60aa keyring: add Aleksa's <asarai@suse.com> signing key
22538f89 keyring: verify runc.keyring has legitimate maintainer keys
957bccfe scripts: release: add verification checks for signing keys
87214947 release: add runc.keyring file and script
d9230602 Implement to set a domainname
6053aea4 Fix undefined behavior. Do not accept setjmp return value as variable.
953e1cc4 ci/gha: switch to or add ubuntu 22.04
439673d5 build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0
fd1a79ff ci/cirrus: improve host_info
873d7bb3 ci/cirrus: use Go 1.19.x not 1.19
611bbacb libct/cg: add misc controller to v1 drivers
9b71787b tests/int: fix some checks
9dbb9f90 ci: bump bats 1.3.0 -> 1.8.2
a6e95c53 build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
fd5debf3 libct/cg: rm GetInitCgroup[Path]
1034cfa8 build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
ed9651bc libct/cg/sd: support setting cpu.idle via systemd
b5ecad7b tests/int/update: test bad cpu.idle values
3ffbd4c8 tests/int: fix update cpu.idle failure on CS9
509b312c libct/cg/sd/v2: unifiedResToSystemdProps nit
82bc89cd runc run: refuse a non-empty cgroup
1d18743f libct/cg/sd: reset-failed and retry startUnit on UnitExists
c2533420 libct/cg/sd: ignore UnitExists only for Apply(-1)
c6e8cb79 libct/cg/sd: refactor startUnit
9f32ce6a CHANGELOG: forward-port 1.1.4 and 1.1.5 changes
73acc77b libct/cg: rm EnterPid
4ff49046 Makefile: add verify-changelog as release dependency
b2fc0a58 verify-changelog: allow non-ASCII
370e3be2 tests/int/mounts: only check non-shadowed mounts
a37109ce tests/int/mount: fix issues with ro cgroup test
8293ef2e tests/int: test for CAP_DAC_OVERRIDE
8491d334 Fix runc run "permission denied" when rootless
99a337f6 Dockefile: bump go go 1.20
da98076c mountToRootfs: minor refactor
54e20217 libctr/cgroups: don't take init's cgroup into account
a7a836ef libct/cg/dev: skip flaky test of CentOS 7
65df6b91 fix wrong notes for `const MaxNameLen`
9d45ae8d tests: Fix fuzzer location in oss-fuzz config
0d72adf9 Prohibit /proc and /sys to be symlinks
8f0d0c4d build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
cecb039d nsexec: retry unshare on EINVAL
e3cf217c build(deps): bump actions/setup-go from 3 to 4
a7046b83 build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
df4eae45 rootless: fix /sys/fs/cgroup mounts
afeffb7e .github/ISSUE_TEMPLATE/config.yml: fix contact links
7d940bdf Add `.github/ISSUE_TEMPLATE/config.yml`
6b41f8ed build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
6faef164 build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0
7b4c3fc1 Add support for umask when exec container
f2e71b08 libct/int: make TestFdLeaks more robust
be7e0394 libct/int: wording nits
7c75e84e libc/int: add/use runContainerOk wrapper
97ea1255 Fix runc crushes when parsing invalid JSON
b3b0bde6 build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
2e44a202 Makefile: fix typo in LDFLAGS_STATIC
92a4ccb8 specconv: avoid mapping "acl" to MS_POSIXACL
2adeb6f9 nsexec: Remove bogus kill to stage_2_pid
4d0a60ca tests: Fix weird error on centos-9
2ca3d230 nsexec: Add debug logs to send mount sources
e412b4e8 docs: add docs/spec-conformance.md
787fcf09 go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.1
fbfc6afe tests: add tests for capabilities
bc8d6e3b build(deps): bump github.com/opencontainers/selinux
0e1346fe build(deps): bump golang.org/x/net from 0.5.0 to 0.6.0
42dffaaa Dockerfile: fix build wrt new git
14e3ce9e build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0
1bb6209a tests/int: test for /dev/null owner regression
7e5e017d libcontainer: skip chown of /dev/null caused by fd redirection
5ecd40b9 Add Go 1.20, require Go 1.19, drop Go 1.18
81ca678f Disable clang-format
81c379fa support SCHED_IDLE for runc cgroupfs
5ce511d6 nsexec: Check for errors in write_log()
3fbc5ba7 ci: add tests/int/get-images.sh check
6d28928c Explicitly pin busybox and debian downloads
e29e57b5 libcontainer: configs: ensure can build on darwin
cc63d074 build(deps): bump github.com/cilium/ebpf from 0.9.3 to 0.10.0
6676f980 tests/integration/get-images.sh: fix busybox.tar.xz URL
eacada76 build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0
0ac98807 libct/cg/sd: stop using regex, fix systemdVersionAtoi
b44da4c0 libct: validateID: stop using regexp
15677e7b ci: fix delete.bats for GHA
c4aa452b tests/int/checkpoint: fix lazy migration flakiness
68352878 man/runc-restore: describe restore into different cgroup
d4582ae2 tests/int: add "--manage-cgroups-mode ignore" test
e8cf8783 libct/criuApplyCgroups: add a TODO
3438ef30 restore: fix --manage-cgroups-mode ignore on cgroup v2
212d25e8 checkpoint/restore: add --manage-cgroups-mode ignore
ff3b4f3b restore: fix ignoring --manage-cgroups-mode
4f2af605 build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
19a9d9fc tests/int: use runc features in seccomp flags test
ac04154f seccomp: set SPEC_ALLOW by default
076745a4 runc features: add seccomp filter flags
ab848089 types/features: fix docstrings
8e9128ff Vagrantfile.fedora: upgrade Fedora to 37
9fc707e7 Fixed init state error variable
067ca8f5 notify_socket.go: use sd_notify_barrier mechanism
ee88b900 notify_socket.go: avoid use of bytes.Buffer
313723fd fix libcontainer example
9f383793 build(deps): bump golang.org/x/net from 0.1.0 to 0.2.0
467dd234 build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0
e0d3c3e0 build(deps): bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0
783f9ffe runc checkpoint: destroy only on success
79aedac1 go.mod: golang.org/x/*: use tagged versions
6462e9de runc update: implement memory.checkBeforeUpdate
56edc41c ci: bump shfmt to 3.5.1, simplify CI setup
18f8f482 Fix comment of signalAllProcesses for process wait due to sigkill
2cd05e44 libct/seccomp/patchbpf: rm duplicated code
fbce47a6 deps: bump github.com/checkpoint-restore/go-criu to 6.3.0
b265d128 libct/seccomp: enable binary tree optimization
65840f64 tests/int/seccomp: fix flags test on ARM
6bf2c3b6 ci/gha: use v3 tag for actions/cache
a04363c1 build(deps): bump actions/cache from 3.0.10 to 3.0.11
4a8750d9 tests/int: add a "update cpuset cpus range via v2 unified map" test
77cae9ad cgroups: cpuset: fix byte order while parsing cpuset range to bits
462e719c Fixes inability to use /dev/null when inside a container
04389ae9 libcontainer/cgroups: return concrete types
ae53cde3 cirrus-ci: install EPEL on CentOS 7 conditionally
8584900e build(deps): bump actions/cache from 3.0.9 to 3.0.10
1be5d45d build(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.9.3
79a5c110 build(deps): bump actions/cache from 3.0.8 to 3.0.9
da9126f7 build(deps): bump github.com/opencontainers/selinux
7189ba8d build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0
491713e8 cirrus-ci: enable EPEL for CentOS 7
4e65118d tests/int/helpers: gawk -> awk
0ffb49db tests/int: suppress bogus error
6fce0a1c build(deps): bump github.com/checkpoint-restore/go-criu/v6
e965e10c tests/int: do not set inheritable capabilities
29a28848 Add check for CONFIG_CGROUP_BPF in check-config.sh
746f4580 deps: bump go-criu to v6
45041985 build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0
26dc55ef seccomp: fix flag test to actually check the value
c7dc8b1f libct/seccomp/patchbpf: support SPEC_ALLOW
8206f5b2 build(deps): bump actions/cache from 3.0.7 to 3.0.8
58b1374f Fix failed exec after systemctl daemon-reload
df9e32bc ci: fix for codespell 2.2
b7dcdcec Add go 1.19, require go 1.18, drop go 1.17
0f4bf2c8 ci/gha: bump golangci-lint to 1.48
45cc290f libct: fixes for godoc 1.19
bf8d7c71 build(deps): bump actions/cache from 3.0.5 to 3.0.7
589a9d50 ci/gha: fix cross-386 job vs go 1.19
450dd3e2 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
6d00bf6c build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
ea0bd782 libct/intelrdt: check if available iff configured
56daf36b libct/intelrdt: skip remove unless configured
c156bde7 libct/intelrdt: elide parsing mountinfo
9f107489 libct/intelrdt: skip reading /proc/cpuinfo
13674f43 libct/intelrdt: delete IsMBAScEnabled()
d9a3acb9 build(deps): bump github.com/cilium/ebpf from 0.9.0 to 0.9.1
58ea21da seccomp: add support for flags
c152e831 go.mod: update runtime-spec
4fd4af5b CI: workaround CentOS Stream 9 criu issue
5fd3d09e build(deps): bump actions/cache from 3.0.4 to 3.0.5
66bf3718 tests: replace local hello world bundle with busybox bundle
e119db7a tests: enable seccomp default action tests on arm
d2a5acd2 CHANGELOG.md: forward-port 1.1.x changes
957d97bc Fix error from runc run on noexec fs
086ddb15 Vagrantfile.fedora: upgrade Fedora to 36
35e6c3bf libct/nsenter: switch to sane_kill()
7481c3c9 ci: bump golangci-lint to 1.46
66625701 libct: fix staticcheck warning
d370e3c0 libct: fix mounting via wrong proc fd
c0be1aa2 export blockIODevice
56fcc938 Switch to newer v0.10.0 release of libseccomp-golang
cc0feb4b build(deps): bump actions/cache from 3.0.2 to 3.0.4
5ed3fdff build(deps): bump github.com/moby/sys/mountinfo from 0.6.1 to 0.6.2
343951a2 cgroups: systemd: skip adding device paths that don't exist
03a210d0 libcontainer: relax getenv_int sanity check
72ad2099 docs/cgroup-v2.md: update the distro list
65f41d57 vendor: bump urfave/cli, add urfave_cli_no_docs tag
e0406b4b vendor: bump cilium/ebpf to v0.9.0
6b96cbdd ci: improve shellcheck job
e1d04cdf script/seccomp.sh: check tarball sha256
fbafaf31 ci: drop docker layer caching from release job
f7b07fd5 Dockerfile,scripts/release: bump libseccomp to v2.5.4
6a79271c seccomp: patchbpf: minor cleanups
be6488a5 seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
0ca0bb9f libct/cg/sd: check dbus.ErrClosed instead of isDbusError
47e09976 libct/cg/dev: privatize some functions
b6967fa8 Decouple cgroup devices handling
25f18562 libct/cg/sd: factor out devices.go
d1601160 libct: use `unix.Getwd` instead of `os.Getwd` to avoid symlink
cab38885 go.mod: golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5
a14cc405 release: add riscv64 binary
1d7b2971 libct/seccomp: add riscv64
dafcacb5 Makefile: set CGO_ENABLED=1 when needed
21e32d47 Makefile: add support for static PIE
ab5c60d0 Makefile: fix GO_BUILDMODE setting
f2f6e599 Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC
f0f1b5f9 Dockerfile: don't use crossbuild-essential-*
476aa18a Dockerfile: rm dpkg --add-architecture lines
d542ad65 Dockerfile: nit
98fe566c runc: do not set inheritable capabilities
009e627c Vagrantfile.fedora: fix build wrt new git
4d3e52f2 tests/int: fix a bad typo
2ce40b6a Remove tun/tap from the default device rules
68427f33 libct/seccomp/config: add missing KillThread, KillProcess
df2bc138 vendor: bump seccomp/libseccomp-golang to f33da4d
29a56b52 fix deprecated ActKill
9c710564 vendor: bump urfave/cli to v1.22.6
fa83a17c ci/gha: convert lint-extra from a job to a step
de25777a build(deps): bump github.com/moby/sys/mountinfo from 0.6.0 to 0.6.1
d73579ca build(deps): bump actions/cache from 3.0.1 to 3.0.2
66be704d ci/gha: remove stable: when installing Go
b6eb9476 build(deps): bump actions/upload-artifact from 2 to 3
9d2268b9 build(deps): bump actions/setup-go from 2 to 3
b76b6b93 Allow mounting of /proc/sys/kernel/ns_last_pid
67e06706 ci/gha: limit jobs permissions
7260bae6 build(deps): bump actions/cache from 2 to 3.0.1
ae6cb653 man/*sh: fix shellcheck warnings, add to shellcheck
cacc8237 ci: add call to check-config.sh
5d1ef78c script/check-config.sh: enable set -u, fix issues
d66498e7 script/check-config.sh: fix remaining shellcheck warnings
baa06227 script/check-config.sh: fix SC2166 warnings
dc73d236 script/check-config.sh: fix wrap_color usage
6b16d005 shfmt: add more files
01f30162 ci/gha: run on main branch
d77f898f build(deps): bump github.com/opencontainers/selinux
52229286 libct/specconv: use a local variable in CreateCgroupConfig()
d0c89dfa libct/cg: IsCgroup2HybridMode: don't panic
82bc042d build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
d620a401 tests/int: remove $ROOTLESS, use $EUID
d330f94b tests/int/update.bats: fix extra reqs
a2123baf tests/int: replace CGROUP_UNIFIED with CGROUP_V{1,2}
25ef852a tests/int: use = in test for strings comparison
102b8abd libct: rm BaseContainer and Container interfaces
6a3fe161 libcontainer: remove LinuxFactory
6a29787b libct/factory: make some methods functions
8358a0ec libct: StartInitialization: decouple from factory
a78c9a01 libct: remove Factory interface
71bc308b libct/New: remove options argument
b6514469 libct: remove TmpfsRoot
87cf5d20 CI/cirrus: add centos-stream-9
a0f8847e Drop go 1.16
5211cc3f Add / switch to Go 1.18
7cec81e0 libct: suppress strings.Title deprecation warning
fcab941e ci: switch to golangci-lint 1.45
3618079c README.md: add cirrus-ci badge
f309a69a README,libct/README: fix pkg.go.dev badges
48006d00 libct/configs/validate: rootlessEUIDMount: speedup
a99f82ad tests: Add comment to clarify intent of seccomp-notify tests
9f9acd1a tests: Improve name of seccomp notify test
728571c1 tests/int: runc delete: fix flake, enable for rootless
f7637def ci: use golangci-lint-action v3, GO_VERSION
f7d46134 ci: bump golangci-lint to v1.44
89733cd0 Format sources using gofumpt 0.2.1
a43485c9 build(deps): bump actions/checkout from 2 to 3
1a935208 libct/cg/sd: simplify DetectUserDbusSessionBusAddress
11895cd0 libct/cg/sd: escape dbus address value
38c21694 tests/integration/helpers: set -u
c8c3e852 tests: fix checks for non-existent variables
99d5c023 tests/int/{root,list}.bats: ALT_ROOT fixups in teardown
7da77d80 tests/int: don't add --root if $ROOT is not set
9e2a0463 tests/int: fix runc_spec for set -u
ab9609db build(deps): bump github.com/godbus/dbus/v5 from 5.0.6 to 5.1.0
8c04b981 libct/cg/sd/v2: fix ENOENT on cgroup delegation
01f00e1f ensure the path is a sub-cgroup path
40b00886 loadFactory: remove
d1fca8e5 list: report error when non-existent --root is specified
2b07e751 reviseRootDir: skip default values, add validation
899342b5 main: improve XDG_RUNTIME_DIR handling
eb2f08dc checkpoint,restore,list: don't call fatal
36786c36 list, utils: remove redundant code
1d5c3310 configs/validate: looser validation for RDT
0f0f1f61 build(deps): bump github.com/cilium/ebpf from 0.8.0 to 0.8.1
be00ae07 ci: shellcheck: update to 0.8.0, fix/suppress new warnings
0b74e49d runc run/exec: ignore SIGURG
24ab543f build(deps): bump github.com/moby/sys/mountinfo from 0.5.0 to 0.6.0
dbd990d5 libct: rm intelrtd.Manager interface, NewIntelRdtManager
85932850 libct: rm TestGetContainerStats, mockIntelRdtManager
9258eac0 libct/start: use execabs for newuidmap lookup
39bd7b72 libct: Container, Factory: rm newuidmap/newgidmap
0d215150 libct: remove Validator interface
630c0d7e libct: Container, Factory: rm InitPath, InitArgs
376c9886 libct/specconv: improve checkPropertyName
d37a9726 libct/specconv: test nits
58c1ff39 signals: fix signal name debug print
0767b782 build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0
7346dda3 libcontainer: remove "pausing" state
18e28626 libct/nsenter: fix extra runc re-exec on tmpfs
6e1d476a runc: remove --criu option
485e6c84 Fix some revive warnings
bb6a8388 libct: initContainer: rename Id -> ID
1b14d974 libct/configs: rm Windows TODO
76c398f8 libct/README: rm Cgroupfs
0fec1c2d libct: Mount: rm {Pre,Post}mountCmds
dffb8db7 libct: handleCriuConfigurationFile: use utils.SearchLabels
3d86d31b libct/utils: SearchLabels: optimize
1a3ee496 list: use Info(), fix race with delete
095929b1 list: getContainers: less indentation
cb364108 build(deps): bump github.com/cilium/ebpf from 0.7.0 to 0.8.0
146c8c0c libct: fixStdioPermissions: ignore EROFS
18c4760a libct: fixStdioPermissions: skip chown if not needed
b7fdb688 libct: fixStdioPermissions: minor refactoring
2eb6ac53 CHANGELOG: add #3306
e4d23d50 CHANGELOG.md: nit
5e201e7c libct/intelrdt: explain why mountinfo is required
c45eed9a libct/specconv: rm empty key from mountPropagationMapping
b5cb4056 ci: add go 1.18beta1
907aefd4 libct: StartInitialization: fix %w related warning
024adbb1 libct: Create: rm unneeded chown
edeb3b37 libct/intelrdt: faster init if rdt is unsupported
6c6b14e0 libct/intelrdt: remove findMountpointDir test
02e961bc libct/intelrdt: wrap Root in sync.Once
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|---|---|---|
| .. | ||
| 0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch | ||