full diff: a9f01edf17...1c8d4c9ef7
drops support for go1.12, and removes dependency on the golang.org/x/xerrors
transitional package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This updates to the latest version of go-criu (4.0.2) which is based on
CRIU 3.14.
As go-criu provides an existing way to query the CRIU binary for its
version this also removes all the code from runc to handle CRIU version
checking and now relies on go-criu.
An important side effect of this change is that this raises the minimum
CRIU version to 3.0.0 as that is the first CRIU version that supports
CRIU version queries via RPC in contrast to parsing the output of
'criu --version'
CRIU 3.0 has been released in April of 2017.
Signed-off-by: Adrian Reber <areber@redhat.com>
full diff: https://github.com/sirupsen/logrus/compare/v1.5.0...v1.6.0
- Add flag to disable quotes in TextFormatter
- Revert "fix race conditions on entry"
- fixes Deadlock during Entry.Infof after upgrade to v1.5.0
- fixes Deadlock when using WithField inside of hook
- fixes Overly-aggressive mutex locks
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Delete libcontainer/mount in favor of github.com/moby/sys/mountinfo,
which is fast mountinfo parser.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This removes vndr, and swiches to native Go Modules instead. All modules
are kept on the old version.
Keeps the vendor/ dir, so everything is backwards compatible.
Signed-off-by: Odin Ugedal <odin@ugedal.com>
relevant changes:
- syndtr/gocapability#14 capability: Deprecate NewPid and NewFile for NewPid2 and NewFile2
- syndtr/gocapability#16 Fix capHeader.pid type
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This removes "github.com/coreos/go-systemd/util", no longer needed after
removing the dependency on it.
It also gets rid of "github.com/coreos/pkg/dlopen", since that was only
referred to by the aforementioned "util" package.
Tested that everything builds and works as expected.
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
Bump logrus so that we can use logrus.StandardLogger().Logf instead
Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com>
Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>
On some machines when setting the SELinux key labels to "", we are seeing
failures that cause runc to fail. Even if SELinux is disabled.
This check will ignore callers calling SELinux Set*Label functions with ""
when SELinux is disabled.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Work is ongoing in the kernel to support different kernel
keyrings per user namespace. We want to allow SELinux to manage
kernel keyrings inside of the container.
Currently when runc creates the kernel keyring it gets the label which runc is
running with ususally `container_runtime_t`, with this change the kernel keyring
will be labeled with the container process label container_t:s0:C1,c2.
Container running as container_t:s0:c1,c2 can manage keyrings with the same label.
This change required a revendoring or the SELinux go bindings.
github.com/opencontainers/selinux.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Now that CRIU has released Go bindings, this commit vendors those in.
At first it only replaces the copy of RPC interface but the goal is to
use CRIU functions from the Go bindings instead of replicating the
functionality in runc.
Signed-off-by: Adrian Reber <areber@redhat.com>
Update runtime-spec to get Intel RDT/MBA Linux configs which will be
used in successive commits.
Signed-off-by: Xiaochen Shen <xiaochen.shen@intel.com>
This fixes a bug in the console package for big-endian architectures.
When creating a new pty the returned path to the new pty slave was
wrong for the second und all subsequent ptys.
In runc the exec subcommand failed with an runtime error such as
`container_linux.go:265: starting container process caused "open
/dev/pts/4294967296: no such file or directory"`.
The number is shifted by 32.
Signed-off-by: Peter Morjan <peter.morjan@de.ibm.com>
runc shouldn't depend on docker and be more self-contained.
Removing github.com/pkg/symlink dep is the first step to not depend on docker anymore
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Akihiro Suda