Commit graph

45093 commits

Author SHA1 Message Date
Sebastiaan van Stijn
200edf8030
libcontainerd/remote: remove stray import comment
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-08 13:27:50 +01:00
Sebastiaan van Stijn
0ff5ce825c
Merge pull request #44594 from thaJeztah/vendor_containerd_1.6.11
vendor: github.com/containerd/containerd v1.6.11
2022-12-07 13:25:18 +01:00
Sebastiaan van Stijn
84f64925bc
Merge pull request #44591 from thaJeztah/update_go_1.19.4
update to go1.19.4
2022-12-07 13:20:41 +01:00
Sebastiaan van Stijn
d331bc3b03
vendor: github.com/containerd/containerd v1.6.11
- Fix nil pointer deference for Windows containers in CRI plugin
- Fix lease labels unexpectedly overwriting expiration
- Fix for simultaneous diff creation using the same parent snapshot

full diff: https://github.com/containerd/containerd/v1.6.10...v1.6.11

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 23:26:25 +01:00
Sebastiaan van Stijn
52bc1ad744
update to go1.19.4
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).

These minor releases include 2 security fixes following the security policy:

- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

  The os.DirFS function and http.Dir type provide access to a tree of files
  rooted at a given directory. These functions permitted access to Windows
  device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
  would open the COM1 device.
  Both os.DirFS and http.Dir only provide read-only filesystem access.

  In addition, on Windows, an os.DirFS for the directory \(the root of the
  current drive) can permit a maliciously crafted path to escape from the
  drive and access any path on the system.

  The behavior of os.DirFS("") has changed. Previously, an empty root was
  treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
  path "/tmp". This now returns an error.

  This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.

- net/http: limit canonical header cache by bytes, not entries

  An attacker can cause excessive memory growth in a Go server accepting
  HTTP/2 requests.

  HTTP/2 server connections contain a cache of HTTP header keys sent by
  the client. While the total number of entries in this cache is capped,
  an attacker sending very large keys can cause the server to allocate
  approximately 64 MiB per open connection.

  This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
  manually configuring HTTP/2.

  Thanks to Josselin Costanzi for reporting this issue.

  This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4

And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4

The golang.org/x/net fix is in 1e63c2f08a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 22:57:25 +01:00
Sebastiaan van Stijn
0200623ef7
Merge pull request #44587 from thaJeztah/bjorn_maintainer
Add Bjorn Neergaard to maintainers
2022-12-06 21:26:32 +01:00
Sebastiaan van Stijn
f577f31f50
Add Bjorn Neergaard to maintainers
I nominated Bjorn as maintainer, and votes passed; welcome Bjorn!

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 21:26:03 +01:00
Sebastiaan van Stijn
a7b2b29b79
Merge pull request #44590 from ndeloof/master
Better not pretend to be an active currator
2022-12-06 19:53:24 +01:00
Nicolas De Loof
9da935629e
Better not pretend to be an active currator
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-06 17:18:40 +01:00
Sebastiaan van Stijn
42053a0fc3
Merge pull request #44588 from thaJeztah/kevin_curator
Add Kevin Alvarez ("crazy-max") to curators
2022-12-06 17:14:57 +01:00
Sebastiaan van Stijn
383e23fd61
Add Kevin Alvarez ("crazy-max") to curators
Kevin has been doing a lot of work helping modernize our CI, and helping
with BuildKit-related changes. Being our "resident GitHub actions expert",
I think it make sense to add him to the maintainers list as a curator (for
starters), to grant him permissions on the repository.

Perhaps we should nominate him to become a maintainer (with a focus on his
area of expertise) :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 15:28:03 +01:00
Sebastiaan van Stijn
cc1884dc04
Merge pull request #44501 from tiborvass/immutable_radix
libnetwork: use go-immutable-radix instead of radix
2022-12-06 12:46:53 +01:00
Brian Goff
1523c78c34
Merge pull request #44458 from AdamKorcz/fuzzmigration
testing: move fuzzers over from OSS-Fuzz
2022-12-05 09:41:46 -08:00
Sebastiaan van Stijn
683b076a6e
Merge pull request #44537 from crazy-max/builder-host-gateway
builder: handle host-gateway with extra hosts
2022-12-03 14:38:31 +01:00
Brian Goff
676250adf9
Merge pull request #44567 from thaJeztah/relax_checkSupportedMediaType
distribution: checkSupportedMediaType: allow additional media-types
2022-12-02 15:22:54 -08:00
CrazyMax
521b8c02cc
builder: handle host-gateway with extra hosts
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-12-02 23:17:47 +01:00
Sebastiaan van Stijn
92e954a2f0
Merge pull request #44571 from crazy-max/ci-buildkit-temp-fix
ci(buildkit): update buildkit ref to fix issue with alpine image
2022-12-02 21:24:23 +01:00
Kevin Alvarez
381fa4afca
ci(buildkit): update buildkit ref to fix issue with alpine image
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-12-02 18:45:53 +01:00
Sebastiaan van Stijn
a6a539497a
distribution: checkSupportedMediaType: allow additional media-types
This addresses a regression introduced in 407e3a4552,
which turned out to be "too strict", as there's old images that use, for example;

    docker pull python:3.5.1-alpine
    3.5.1-alpine: Pulling from library/python
    unsupported media type application/octet-stream

Before 407e3a4552, such mediatypes were accepted;

    docker pull python:3.5.1-alpine
    3.5.1-alpine: Pulling from library/python
    e110a4a17941: Pull complete
    30dac23631f0: Pull complete
    202fc3980a36: Pull complete
    Digest: sha256:f88925c97b9709dd6da0cb2f811726da9d724464e9be17a964c70f067d2aa64a
    Status: Downloaded newer image for python:3.5.1-alpine
    docker.io/library/python:3.5.1-alpine

This patch copies the additional media-types, using the list of types that
were added in a215e15cb1, which fixed a
similar issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-02 01:26:06 +01:00
Tianon Gravi
cd8a090e67
Merge pull request #44329 from thaJeztah/remove_trustkey_id_migration
Remove trustkey id migration and config.TrustKeyPath
2022-12-01 12:49:54 -08:00
Sebastiaan van Stijn
40408d1640
Merge pull request #44562 from thaJeztah/seccomp_block_af_vsock
seccomp: block socket calls to AF_VSOCK in default profile
2022-12-01 21:39:30 +01:00
Sebastiaan van Stijn
5d88037e37
Merge pull request #44531 from thaJeztah/containerd_1.7_binary
update containerd binary to v1.7.0-beta.0
2022-12-01 20:49:32 +01:00
Sebastiaan van Stijn
57b229012a
seccomp: block socket calls to AF_VSOCK in default profile
This syncs the seccomp-profile with the latest changes in containerd's
profile, applying the same changes as 17a9324035

Some background from the associated ticket:

> We want to use vsock for guest-host communication on KubeVirt
> (https://github.com/kubevirt/kubevirt). In KubeVirt we run VMs in pods.
>
> However since anyone can just connect from any pod to any VM with the
> default seccomp settings, we cannot limit connection attempts to our
> privileged node-agent.
>
> ### Describe the solution you'd like
> We want to deny the `socket` syscall for the `AF_VSOCK` family by default.
>
> I see in [1] and [2] that AF_VSOCK was actually already blocked for some
> time, but that got reverted since some architectures support the `socketcall`
> syscall which can't be restricted properly. However we are mostly interested
> in `arm64` and `amd64` where limiting `socket` would probably be enough.
>
> ### Additional context
> I know that in theory we could use our own seccomp profiles, but we would want
> to provide security for as many users as possible which use KubeVirt, and there
> it would be very helpful if this protection could be added by being part of the
> DefaultRuntime profile to easily ensure that it is active for all pods [3].
>
> Impact on existing workloads: It is unlikely that this will disturb any existing
> workload, becuase VSOCK is almost exclusively used for host-guest commmunication.
> However if someone would still use it: Privileged pods would still be able to
> use `socket` for `AF_VSOCK`, custom seccomp policies could be applied too.
> Further it was already blocked for quite some time and the blockade got lifted
> due to reasons not related to AF_VSOCK.
>
> The PR in KubeVirt which adds VSOCK support for additional context: [4]
>
> [1]: https://github.com/moby/moby/pull/29076#commitcomment-21831387
> [2]: dcf2632945
> [3]: https://kubernetes.io/docs/tutorials/security/seccomp/#enable-the-use-of-runtimedefault-as-the-default-seccomp-profile-for-all-workloads
> [4]: https://github.com/kubevirt/kubevirt/pull/8546

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 14:06:37 +01:00
Sebastiaan van Stijn
5fd603ce60
Merge pull request #44514 from vvoland/client-sharedsize
client/list: Handle SharedSize
2022-12-01 09:15:59 +01:00
Tibor Vass
eaa74497b8
libnetwork: use go-immutable-radix instead of radix
This commit allows to remove dependency on the mutable version armon/go-radix.

The go-immutable-radix package is better maintained.

It is likely that a bit more memory will be used when using the
immutable version, though discarded nodes are being reused in a pool.
These changes happen when networks are added/removed or nodes come and
go in a cluster, so we are still talking about a relatively low
frequency event.

The major changes compared to the old radix are when modifying (insert
or delete) a tree, and those are pretty self-contained: we replace the
entire immutable tree under a lock.

Signed-off-by: Tibor Vass <teabee89@gmail.com>
2022-11-30 17:03:46 -08:00
AdamKorcz
93fa093122
testing: move fuzzers over from OSS-Fuzz
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-30 17:31:03 +01:00
Sebastiaan van Stijn
36a2dd36a0
Merge pull request #44554 from thaJeztah/remove_outdated_comment
vendor.mod: remove outdated comment about replaced module
2022-11-30 17:26:51 +01:00
Sebastiaan van Stijn
3760b589f6
Merge pull request #44462 from neersighted/generate_authors
AUTHORS: regenerate, cleanup, refactor
2022-11-30 17:25:40 +01:00
Paweł Gronowski
3d97f1e22d
client/list: Handle SharedSize
This makes the `ImageList` function to add `shared-size=1` to the url
query when user caller sets the SharedSize.
SharedSize support was introduced in API version 1.42. This field was
added to the options struct, but client wasn't adjusted.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-11-30 17:08:00 +01:00
Sebastiaan van Stijn
1907027b7b
Merge pull request #44520 from vvoland/disk-usage-singleflight
daemon/disk_usage: Use context aware singleflight
2022-11-30 13:39:55 +01:00
Sebastiaan van Stijn
86c76aa734
Merge pull request #44548 from thaJeztah/search_remove_id
registry: session: remove unused id
2022-11-30 12:08:33 +01:00
Bjorn Neergaard
e1c3305015
AUTHORS: regenerate
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-30 12:05:31 +01:00
Bjorn Neergaard
672383bc56
.mailmap: cleanup and additions
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2022-11-30 12:05:31 +01:00
Bjorn Neergaard
b94d1604a9
hack/generate-authors.sh: refactor and simplify
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-30 12:05:27 +01:00
Sebastiaan van Stijn
6326ad1729
vendor.mod: remove outdated comment about replaced module
The replace was removed in 64f9ea1cf5, but I
forgot to remove the comment.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-30 11:11:13 +01:00
Sebastiaan van Stijn
9e7ed25c64
Merge pull request #44545 from crazy-max/fix-jenkinsfile
Jenkinsfile: Fix dev image build fox ppc64le/s390x archs
2022-11-29 19:25:14 +01:00
Sebastiaan van Stijn
a44f547343
registry: session: remove unused id
This removes the dependency on github.com/docker/docker/pkg/stringid

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-29 19:10:07 +01:00
Paweł Gronowski
dec81e489f
daemon/disk_usage: Use context aware singleflight
The singleflight function was capturing the context.Context of the first
caller that invoked the `singleflight.Do`. This could cause all
concurrent calls to be cancelled when the first request is cancelled.

singleflight calls were also moved from the ImageService to Daemon, to
avoid having to implement this logic in both graphdriver and containerd
based image services.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-11-29 16:46:19 +01:00
CrazyMax
f7e59cbccc
Jenkinsfile: Fix dev image build fox ppc64le/s390x archs
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-11-29 11:59:09 +01:00
Brian Goff
73261bb8c7
Merge pull request #44533 from crazy-max/makefile-use-buildx
Makefile: always use buildx
2022-11-28 19:23:05 -08:00
Akihiro Suda
0e30c50648
Merge pull request #44528 from thaJeztah/update_buildkit_deps2
vendor: google.golang.org/grpc v1.50.1
2022-11-29 11:20:49 +09:00
Sebastiaan van Stijn
85fddc0081
distribution: remove unused RequireSchema2
It's never set, so we can remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 20:29:19 +01:00
Sebastiaan van Stijn
8feeaecb84
use ad-hoc libtrust key
This is only used for tests, and the key is not verified anymore, so
instead of creating a key and storing it, we can just use an ad-hoc
one.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 20:29:19 +01:00
Sebastiaan van Stijn
e854b2a459
distribution: use ad-hoc trustkey for tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 20:29:19 +01:00
Sebastiaan van Stijn
5cdd6ab7cd
daemon/config: remove TrustKeyPath, and local utilities
Turned out that the loadOrCreateTrustKey() utility was doing exactly the
same as libtrust.LoadOrCreateTrustKey(), so making it a thin wrapped. I kept
the tests to verify the behavior, but we could remove them as we only need this
for our integration tests.

The storage location for the generated key was changed (again as we only need
this for some integration tests), so we can remove the TrustKeyPath from the
config.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 20:29:19 +01:00
Sebastiaan van Stijn
1981706196
daemon: remove migrateTrustKeyID()
The migration code is in the 22.06 branch, and if we don't migrate
the only side-effect is the daemon's ID being regenerated (as a
UUID).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 20:28:55 +01:00
Sebastiaan van Stijn
66ca24d3a2
Merge pull request #44380 from thaJeztah/config_fix_panic
daemon/config: use strings.Cut(), fix panic in BuilderGCFilter
2022-11-27 17:18:00 +01:00
Sebastiaan van Stijn
c1756e1b63
update containerd binary to v1.7.0-beta.0
release notes: https://github.com/containerd/containerd/releases/tag/v1.7.0-beta.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-26 14:20:28 +01:00
Sebastiaan van Stijn
c1a9e82d3e
vendor: google.golang.org/grpc v1.50.1
full diff: https://github.com/grpc/grpc-go/compare/v1.48.0...v1.50.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-26 14:20:00 +01:00
Sebastiaan van Stijn
3910417695
Merge pull request #44527 from thaJeztah/update_buildkit_deps1
vendor: update various dependencies in preparation of BuildKit update
2022-11-26 14:18:35 +01:00