vendor: github.com/containerd/containerd v1.5.10

full diff: https://github.com/containerd/containerd/compare/v1.5.9...v1.5.10

relevant changes in vendored code:

- Use readonly mount to read user/group info

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2022-03-04 18:05:33 +01:00
parent 3e8bfcc9f2
commit b4a943afab
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
7 changed files with 33 additions and 7 deletions

View file

@ -18,7 +18,7 @@ require (
github.com/bsphere/le_go v0.0.0-20170215134836-7a984a84b549
github.com/cloudflare/cfssl v0.0.0-20180323000720-5d63dbd981b5
github.com/containerd/cgroups v1.0.3
github.com/containerd/containerd v1.5.9
github.com/containerd/containerd v1.5.10
github.com/containerd/continuity v0.2.2
github.com/containerd/fifo v1.0.0
github.com/containerd/typeurl v1.0.2

View file

@ -157,8 +157,8 @@ github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoT
github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4=
github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
github.com/containerd/containerd v1.5.10 h1:3cQ2uRVCkJVcx5VombsE7105Gl9Wrl7ORAO3+4+ogf4=
github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=

View file

@ -6,7 +6,7 @@ linters:
- unconvert
- gofmt
- goimports
- golint
- revive
- ineffassign
- vet
- unused

View file

@ -77,7 +77,7 @@ Vagrant.configure("2") do |config|
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
sh.upload_path = "/tmp/vagrant-install-golang"
sh.env = {
'GO_VERSION': ENV['GO_VERSION'] || "1.16.12",
'GO_VERSION': ENV['GO_VERSION'] || "1.16.14",
}
sh.inline = <<~SHELL
#!/usr/bin/env bash

View file

@ -590,6 +590,8 @@ func WithUser(userstr string) SpecOpts {
if err != nil {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, f)
default:
return fmt.Errorf("invalid USER value %s", userstr)
@ -643,6 +645,8 @@ func WithUserID(uid uint32) SpecOpts {
if err != nil {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, func(root string) error {
user, err := UserFromPath(root, func(u user.User) bool {
return u.Uid == int(uid)
@ -692,6 +696,8 @@ func WithUsername(username string) SpecOpts {
if err != nil {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, func(root string) error {
user, err := UserFromPath(root, func(u user.User) bool {
return u.Name == username
@ -776,6 +782,8 @@ func WithAdditionalGIDs(userstr string) SpecOpts {
if err != nil {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, setAdditionalGids)
}
}
@ -1264,3 +1272,21 @@ func WithDevShmSize(kb int64) SpecOpts {
return ErrNoShmMount
}
}
// tryReadonlyMounts is used by the options which are trying to get user/group
// information from container's rootfs. Since the option does read operation
// only, this helper will append ReadOnly mount option to prevent linux kernel
// from syncing whole filesystem in umount syscall.
//
// TODO(fuweid):
//
// Currently, it only works for overlayfs. I think we can apply it to other
// kinds of filesystem. Maybe we can return `ro` option by `snapshotter.Mount`
// API, when the caller passes that experimental annotation
// `containerd.io/snapshot/readonly.mount` something like that.
func tryReadonlyMounts(mounts []mount.Mount) []mount.Mount {
if len(mounts) == 1 && mounts[0].Type == "overlay" {
mounts[0].Options = append(mounts[0].Options, "ro")
}
return mounts
}

View file

@ -23,7 +23,7 @@ var (
Package = "github.com/containerd/containerd"
// Version holds the complete version number. Filled in at linking time.
Version = "1.5.9+unknown"
Version = "1.5.10+unknown"
// Revision is filled with the VCS (e.g. git) revision being used to build
// the program at linking time.

2
vendor/modules.txt vendored
View file

@ -142,7 +142,7 @@ github.com/containerd/cgroups/v2/stats
# github.com/containerd/console v1.0.3
## explicit; go 1.13
github.com/containerd/console
# github.com/containerd/containerd v1.5.9
# github.com/containerd/containerd v1.5.10
## explicit; go 1.16
github.com/containerd/containerd
github.com/containerd/containerd/api/events