vendor: github.com/containerd/containerd v1.5.10
full diff: https://github.com/containerd/containerd/compare/v1.5.9...v1.5.10 relevant changes in vendored code: - Use readonly mount to read user/group info Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
3e8bfcc9f2
commit
b4a943afab
7 changed files with 33 additions and 7 deletions
|
@ -18,7 +18,7 @@ require (
|
|||
github.com/bsphere/le_go v0.0.0-20170215134836-7a984a84b549
|
||||
github.com/cloudflare/cfssl v0.0.0-20180323000720-5d63dbd981b5
|
||||
github.com/containerd/cgroups v1.0.3
|
||||
github.com/containerd/containerd v1.5.9
|
||||
github.com/containerd/containerd v1.5.10
|
||||
github.com/containerd/continuity v0.2.2
|
||||
github.com/containerd/fifo v1.0.0
|
||||
github.com/containerd/typeurl v1.0.2
|
||||
|
|
|
@ -157,8 +157,8 @@ github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoT
|
|||
github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
|
||||
github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
|
||||
github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
|
||||
github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4=
|
||||
github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
|
||||
github.com/containerd/containerd v1.5.10 h1:3cQ2uRVCkJVcx5VombsE7105Gl9Wrl7ORAO3+4+ogf4=
|
||||
github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
|
||||
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
|
|
2
vendor/github.com/containerd/containerd/.golangci.yml
generated
vendored
2
vendor/github.com/containerd/containerd/.golangci.yml
generated
vendored
|
@ -6,7 +6,7 @@ linters:
|
|||
- unconvert
|
||||
- gofmt
|
||||
- goimports
|
||||
- golint
|
||||
- revive
|
||||
- ineffassign
|
||||
- vet
|
||||
- unused
|
||||
|
|
2
vendor/github.com/containerd/containerd/Vagrantfile
generated
vendored
2
vendor/github.com/containerd/containerd/Vagrantfile
generated
vendored
|
@ -77,7 +77,7 @@ Vagrant.configure("2") do |config|
|
|||
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
|
||||
sh.upload_path = "/tmp/vagrant-install-golang"
|
||||
sh.env = {
|
||||
'GO_VERSION': ENV['GO_VERSION'] || "1.16.12",
|
||||
'GO_VERSION': ENV['GO_VERSION'] || "1.16.14",
|
||||
}
|
||||
sh.inline = <<~SHELL
|
||||
#!/usr/bin/env bash
|
||||
|
|
26
vendor/github.com/containerd/containerd/oci/spec_opts.go
generated
vendored
26
vendor/github.com/containerd/containerd/oci/spec_opts.go
generated
vendored
|
@ -590,6 +590,8 @@ func WithUser(userstr string) SpecOpts {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
mounts = tryReadonlyMounts(mounts)
|
||||
return mount.WithTempMount(ctx, mounts, f)
|
||||
default:
|
||||
return fmt.Errorf("invalid USER value %s", userstr)
|
||||
|
@ -643,6 +645,8 @@ func WithUserID(uid uint32) SpecOpts {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
mounts = tryReadonlyMounts(mounts)
|
||||
return mount.WithTempMount(ctx, mounts, func(root string) error {
|
||||
user, err := UserFromPath(root, func(u user.User) bool {
|
||||
return u.Uid == int(uid)
|
||||
|
@ -692,6 +696,8 @@ func WithUsername(username string) SpecOpts {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
mounts = tryReadonlyMounts(mounts)
|
||||
return mount.WithTempMount(ctx, mounts, func(root string) error {
|
||||
user, err := UserFromPath(root, func(u user.User) bool {
|
||||
return u.Name == username
|
||||
|
@ -776,6 +782,8 @@ func WithAdditionalGIDs(userstr string) SpecOpts {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
mounts = tryReadonlyMounts(mounts)
|
||||
return mount.WithTempMount(ctx, mounts, setAdditionalGids)
|
||||
}
|
||||
}
|
||||
|
@ -1264,3 +1272,21 @@ func WithDevShmSize(kb int64) SpecOpts {
|
|||
return ErrNoShmMount
|
||||
}
|
||||
}
|
||||
|
||||
// tryReadonlyMounts is used by the options which are trying to get user/group
|
||||
// information from container's rootfs. Since the option does read operation
|
||||
// only, this helper will append ReadOnly mount option to prevent linux kernel
|
||||
// from syncing whole filesystem in umount syscall.
|
||||
//
|
||||
// TODO(fuweid):
|
||||
//
|
||||
// Currently, it only works for overlayfs. I think we can apply it to other
|
||||
// kinds of filesystem. Maybe we can return `ro` option by `snapshotter.Mount`
|
||||
// API, when the caller passes that experimental annotation
|
||||
// `containerd.io/snapshot/readonly.mount` something like that.
|
||||
func tryReadonlyMounts(mounts []mount.Mount) []mount.Mount {
|
||||
if len(mounts) == 1 && mounts[0].Type == "overlay" {
|
||||
mounts[0].Options = append(mounts[0].Options, "ro")
|
||||
}
|
||||
return mounts
|
||||
}
|
||||
|
|
2
vendor/github.com/containerd/containerd/version/version.go
generated
vendored
2
vendor/github.com/containerd/containerd/version/version.go
generated
vendored
|
@ -23,7 +23,7 @@ var (
|
|||
Package = "github.com/containerd/containerd"
|
||||
|
||||
// Version holds the complete version number. Filled in at linking time.
|
||||
Version = "1.5.9+unknown"
|
||||
Version = "1.5.10+unknown"
|
||||
|
||||
// Revision is filled with the VCS (e.g. git) revision being used to build
|
||||
// the program at linking time.
|
||||
|
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
|
@ -142,7 +142,7 @@ github.com/containerd/cgroups/v2/stats
|
|||
# github.com/containerd/console v1.0.3
|
||||
## explicit; go 1.13
|
||||
github.com/containerd/console
|
||||
# github.com/containerd/containerd v1.5.9
|
||||
# github.com/containerd/containerd v1.5.10
|
||||
## explicit; go 1.16
|
||||
github.com/containerd/containerd
|
||||
github.com/containerd/containerd/api/events
|
||||
|
|
Loading…
Reference in a new issue