lfbzhm
ea38465a37
Merge pull request #3783 from utam0k/io-prio
...
Add I/O priority
2024-03-31 09:56:25 +08:00
utam0k
bfbd0305ba
Add I/O priority
...
Signed-off-by: utam0k <k0ma@utam0k.jp >
2024-03-30 22:31:54 +09:00
Aleksa Sarai
a1acca9acb
merge #4219 into opencontainers/runc:main
...
Aleksa Sarai (2):
seccomp: patchbpf: always include native architecture in stub
seccomp: patchbpf: rename nativeArch -> linuxAuditArch
LGTMs: AkihiroSuda kolyshkin
2024-03-29 12:44:51 +11:00
Aleksa Sarai
ccc500c427
seccomp: patchbpf: always include native architecture in stub
...
It turns out that on ppc64le (at least), Docker doesn't include any
architectures in the list of allowed architectures. libseccomp
interprets this as "just include the default architecture" but patchbpf
would return a no-op ENOSYS stub, which would lead to the exact issues
that commit 7a8d7162f9 ("seccomp: prepend -ENOSYS stub to all
filters") fixed for other architectures.
So, just always include the running architecture in the list. There's
no real downside.
Ref: https://bugzilla.suse.com/show_bug.cgi?id=1192051#c6
Reported-by: Fabian Vogt <fvogt@suse.com >
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-03-29 12:01:47 +11:00
Aleksa Sarai
b288abeaa5
seccomp: patchbpf: rename nativeArch -> linuxAuditArch
...
Calling the Linux AUDIT_* architecture constants "native" leads to
confusing code when we are getting the actual native architecture of the
running system.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-03-29 12:01:47 +11:00
Akihiro Suda
8e69225e2e
Merge pull request #4220 from cyphar/runc-dmz-no-selinux-magic
...
dmz: remove SELinux special-casing
2024-03-27 14:16:52 +09:00
lfbzhm
3db0871f1c
Merge pull request #4217 from AkihiroSuda/features-unsafe
...
features: implement returning potentiallyUnsafeConfigAnnotations list
2024-03-25 19:00:01 +08:00
lfbzhm
18c313be72
Merge pull request #4223 from cyphar/seccomp-2.5.5
...
build: update libseccomp to v2.5.5
2024-03-16 08:02:10 +08:00
lfbzhm
d6df41c767
Merge pull request #4224 from SuperQ/update_urfave_cli
...
Remove dependabot ignore
2024-03-16 07:59:02 +08:00
SuperQ
ab6788d307
Remove dependabot ignore
...
The referenced issue was fixed in `github.com/urfave/cli` v1.22.6. We
can now remove the dependabot ignore for this package.
Signed-off-by: SuperQ <superq@gmail.com >
2024-03-15 08:38:53 +01:00
Aleksa Sarai
cdccf6d615
build: update libseccomp to v2.5.5
...
This adds support for syscalls up to Linux 6.7-rc3.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-03-15 17:57:54 +11:00
Aleksa Sarai
44114d32df
merge #4179 into opencontainers/runc:main
...
Kir Kolyshkin (1):
tests/int: fix flaky kill tests
LGTMs: AkihiroSuda cyphar
2024-03-15 17:57:12 +11:00
Aleksa Sarai
e0cfcb3f85
merge #4222 into opencontainers/runc:main
...
lifubang (1):
fix runc-dmz bin path error in Makefile
LGTMs: AkihiroSuda cyphar
2024-03-15 17:34:36 +11:00
lifubang
da79b616a3
fix runc-dmz bin path error in Makefile
...
Signed-off-by: lifubang <lifubang@acmcoder.com >
2024-03-14 18:16:09 +08:00
Aleksa Sarai
37581ad340
dmz: remove SELinux special-casing
...
Now that runc-dmz is opt-in, we no longer need to try to detect whether
SELinux would cause issues for us. We can also remove the
special-purpose build-tag we added.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-03-13 18:18:09 +11:00
Aleksa Sarai
1950892f69
merge #4174 into opencontainers/runc:main
...
Rodrigo Campos (3):
Makefile: Fix runc-dmz removal
contrib/cmd/memfd-bind: Mention runc-dmz needs RUNC_DMZ=true
libct/dmz: Require RUNC_DMZ=true to opt-in
LGTMs: AkihiroSuda cyphar
2024-03-13 16:22:16 +11:00
Akihiro Suda
eefc6ae254
features: implement returning potentiallyUnsafeConfigAnnotations list
...
See https://github.com/opencontainers/runtime-spec/blob/v1.2.0/features.md#unsafe-annotations-in-configjson
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp >
2024-03-09 21:31:49 +09:00
dependabot[bot]
109a7a0478
Merge pull request #4203 from opencontainers/dependabot/go_modules/github.com/opencontainers/runtime-spec-1.2.0
2024-03-09 12:18:19 +00:00
dependabot[bot]
606251ab33
build(deps): bump github.com/opencontainers/runtime-spec
...
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec ) from 1.1.1-0.20230823135140-4fec88fd00a4 to 1.2.0.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases )
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog )
- [Commits](https://github.com/opencontainers/runtime-spec/commits/v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp >
2024-03-07 14:43:33 +09:00
Akihiro Suda
ee7100854c
Merge pull request #4216 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.33.0
...
build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
2024-03-07 14:41:36 +09:00
Akihiro Suda
9120ac6aa4
Merge pull request #4215 from opencontainers/dependabot/go_modules/golang.org/x/net-0.22.0
...
build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0
2024-03-07 14:41:17 +09:00
dependabot[bot]
bb5673f265
build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-03-06 12:59:33 +00:00
dependabot[bot]
7ab66b187c
build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
...
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-03-06 12:59:30 +00:00
dependabot[bot]
1491dec992
Merge pull request #4214 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.18.0
2024-03-06 12:58:37 +00:00
dependabot[bot]
6056ed2dd6
build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-03-05 04:18:12 +00:00
Rodrigo Campos
fc76b136e1
Makefile: Fix runc-dmz removal
...
Signed-off-by: Rodrigo Campos <rodrigo@sdfg.com.ar >
2024-02-28 15:38:04 -03:00
Rodrigo Campos
46b72107f1
contrib/cmd/memfd-bind: Mention runc-dmz needs RUNC_DMZ=true
...
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com >
2024-02-28 12:15:57 -03:00
Rodrigo Campos
1dae66f748
libct/dmz: Require RUNC_DMZ=true to opt-in
...
If it is compiled, the user needs to opt-in with this env variable to
use it.
While we are there, remove the RUNC_DMZ=legacy as that is now the
default.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com >
2024-02-28 12:15:57 -03:00
lfbzhm
6cf6ddc358
Merge pull request #4208 from opencontainers/dependabot/github_actions/tim-actions/get-pr-commits-1.3.1
...
build(deps): bump tim-actions/get-pr-commits from 1.3.0 to 1.3.1
2024-02-28 18:23:56 +08:00
dependabot[bot]
935d586b39
build(deps): bump tim-actions/get-pr-commits from 1.3.0 to 1.3.1
...
Bumps [tim-actions/get-pr-commits](https://github.com/tim-actions/get-pr-commits ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/tim-actions/get-pr-commits/releases )
- [Commits](https://github.com/tim-actions/get-pr-commits/compare/v1.3.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: tim-actions/get-pr-commits
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-27 04:45:06 +00:00
Kir Kolyshkin
d5e4c33001
Merge pull request #4205 from santidhammo/4204-fix-vendor
...
Fixed spelling mistake in the Makefile at .PHONY vendor
2024-02-16 10:28:32 -08:00
Kir Kolyshkin
86360598bd
tests/int: fix flaky kill tests
...
It takes some time for the kernel to kill the process (and remove its
PID from cgroup.procs). To ensure we don't have flakes from reading
cgroup.procs right after the kill, check and wait for processes to
actually be gone.
Fixes: 4163
Reported-by: lifubang@acmcoder.com
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2024-02-15 13:32:33 -08:00
Sjoerd van Leent
82499d428a
Fixed spelling mistake in the Makefile at .PHONY vendor
...
* Simple error correction of a spelling mistake which was
introduced at commit b8f75f3
Signed-off-by: Sjoerd van Leent <sjoerd.van.leent@alliander.com >
2024-02-15 16:27:37 +01:00
Mrunal Patel
675292473b
Merge pull request #4202 from kolyshkin/golangci-annot
...
ci/golangci-lint: add checks permission
2024-02-14 11:05:21 -08:00
Mrunal Patel
bb56ed9e5f
Merge pull request #4201 from kolyshkin/cleanups
...
libct/nsenter: rm dead code
2024-02-14 11:04:46 -08:00
Mrunal Patel
aa8ba5bd59
Merge pull request #4187 from kolyshkin/gawk
...
tests/int: use gawk where needed
2024-02-14 11:04:09 -08:00
Kir Kolyshkin
93e377233f
ci/golangci-lint: add checks permission
...
This permission is now needed so that the linter can annotate code in a
PR (see [1]).
[1] https://github.com/golangci/golangci-lint-action/pull/931/commits/bc1904f0c946172fc1821908fc41649db49f0334
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2024-02-12 22:14:41 -08:00
Kir Kolyshkin
302b2e89a6
tests/int: use gawk where needed
...
This expression is specific to GNU awk (gawk), so if someone has other version
of awk installed, this won't work and it's not easy to see why.
Explicitly requiring gawk here is better.
Revert "tests/int/helpers: gawk -> awk"
This reverts commit 4e65118d02 .
Reported-by: lifubang <lifubang@acmcoder.com >
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2024-02-12 14:44:42 -08:00
Kir Kolyshkin
9d2842debb
Merge pull request #4200 from opencontainers/dependabot/github_actions/golangci/golangci-lint-action-4
...
build(deps): bump golangci/golangci-lint-action from 3 to 4
2024-02-12 14:35:20 -08:00
Kir Kolyshkin
3a9859bdc0
libct/nsenter: rm unused include
...
This was added by commit 9c444070 (to use LONG_MAX and INT_MAX) but the
code was later removed by commit ba0b5e26 .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2024-02-12 13:19:12 -08:00
Kir Kolyshkin
ea140db712
libct/nsenter: rm unused code
...
Commits b999376f and b999376f removed all users of this code.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2024-02-12 13:17:05 -08:00
dependabot[bot]
27cbabd00d
build(deps): bump golangci/golangci-lint-action from 3 to 4
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-12 04:07:38 +00:00
lfbzhm
fd4533aff2
Merge pull request #4196 from opencontainers/dependabot/go_modules/golang.org/x/net-0.21.0
...
build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
2024-02-10 01:15:48 +08:00
dependabot[bot]
afd90f44e8
build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-10 00:50:10 +08:00
Akihiro Suda
66bdcbca46
Merge pull request #4190 from opencontainers/dependabot/go_modules/github.com/containerd/console-1.0.4
...
build(deps): bump github.com/containerd/console from 1.0.3 to 1.0.4
2024-02-10 01:38:13 +09:00
dependabot[bot]
97632a6d1b
build(deps): bump github.com/containerd/console from 1.0.3 to 1.0.4
...
Bumps [github.com/containerd/console](https://github.com/containerd/console ) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/containerd/console/releases )
- [Commits](https://github.com/containerd/console/compare/v1.0.3...v1.0.4 )
---
updated-dependencies:
- dependency-name: github.com/containerd/console
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-09 15:20:19 +00:00
Akihiro Suda
0147f9eb74
Merge pull request #4197 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.17.0
...
build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
2024-02-10 00:19:40 +09:00
dependabot[bot]
174940a7eb
build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-08 22:29:27 +00:00
Kir Kolyshkin
56cc1be9db
Merge pull request #4198 from lifubang/feat-TestCentos_Go1.21
...
[ci] update go version to 1.21 in cirrus ci
2024-02-08 14:23:55 -08:00
lfbzhm
a596a05510
update go version to 1.21 in cirrus ci
...
Signed-off-by: lfbzhm <lifubang@acmcoder.com >
2024-02-08 08:24:13 -08:00