This change brings in a single new commit from Microsoft/hcsshim. The
commit fixes an issue when unpacking a Windows container layer which
could result in incorrect directory timestamps.
This manifested most significantly in an impact to startup times of
some Windows container images (such as anything based on servercore).
Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
(cherry picked from commit 2865478487)
Signed-off-by: Ameya Gawde <agawde@mirantis.com>
full diff: 153d0769a1...026aabaa65
- Fix 'failed to get network during CreateEndpoint'
- log error instead if disabling IPv6 router advertisement failed
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
A newer runc changed [1] a couple of certain error messages checked in this
test to be lowercased, which lead to a mismatch in this test case.
Fix is to remove "The" (which was replaced with "the").
[1] https://github.com/opencontainers/runc/pull/2441
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 56de0489fc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit e5ad8b14daf0a1ddb12c0b83d153531afffb908b)
Signed-off-by: Tibor Vass <tibor@docker.com>
full diff: https://github.com/checkpoint-restore/criu/compare/v3.13...v3.14
New features
- C/R of memfd memory mappings and file descriptors.
- Add time namespace support.
- Add the read pre-dump mode which uses process_vm_readv.
- Add --cgroup-yard option
- Add support of the cgroup v2 freezer.
- Add support of opened O_PATH fds.
Bugfixes
- Fix C/R ia32 processes on AMD
- Fix cross-compilation
- Many fixes here and there
Improvements
- Use clone3() with set_tid to restore processes
- Clean up compel headers.
- Use the new mount API
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a342010823)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Building gotestsum started to fail after the repository removed some
dependencies on master.
What happens is that first, we `go get` the package (with go modules disabled);
GO111MODULE=off go get -d gotest.tools/gotestsum
Which gets the latest version from master, and fetches the dependencies used
on master. Then we checkout the version we want to install (for example `v0.3.5`)
and run go build.
However, `v0.3.5` depends on logrus, and given that we ran `go get` for `master`,
that dependency was not fetched, and build fails.
This patch modifies the installer to use go modules (alternatively we could
probably run `go get .` after checking out the `v0.3.5` version),
We need to modify all installers, as it looks like this is a standard pattern
we use, but other dependencies were not failing (yet), so this patch only
addresses the immediate failure.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1d9da1b233)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
slirp4netns v0.3.X turned out not to work with RootlessKit >= v0.7.1:
https://github.com/rootless-containers/rootlesskit/issues/143
As slirp4netns v0.3.X reached EOL on Mar 31, 2020, RootlessKit is not
going to fix support for slirp4netns v0.3.X.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit c86abee1a4)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Commit 12c7541f1f updated the
opencontainers/selinux dependency to v1.3.1, which had a breaking
change in the errors that were returned.
Before v1.3.1, the "raw" `syscall.ENOTSUP` was returned if the
underlying filesystem did not support xattrs, but later versions
wrapped the error, which caused our detection to fail.
This patch uses `errors.Is()` to check for the underlying error.
This requires github.com/pkg/errors v0.9.1 or above (older versions
could use `errors.Cause()`, but are not compatible with "native"
wrapping of errors in Go 1.13 and up, and could potentially cause
these errors to not being detected again.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 49f8a4224c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This prevents getting into a situation where a container log cannot make
progress because we tried to rotate a file, got an error, and now the
file is closed. The next time we try to write a log entry it will try
and rotate again but error that the file is already closed.
I wonder if there is more we can do to beef up this rotation logic.
Found this issue while investigating missing logs with errors in the
docker daemon logs like:
```
Failed to log message for json-file: error closing file: close <file>:
file already closed
```
I'm not sure why the original rotation failed since the data was no
longer available.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 3989f91075)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
full diff: https://github.com/checkpoint-restore/criu/compare/v3.12...v3.13
Here we have some bugfixes, huuuge *.py patch for coding style
and nice set of new features like 32bit for ARM, TLS for page
server and new mode for CGroups.
New features
- VDSO: arm32 support
- Add TLS support for page server communications
- "Ignore" mode for --manage-cgroups
- Restore SO_BROADCAST option for inet sockets
Bugfixes
- Auxiliary events were left in inotify queues
- Lazy-pages daemon didn't detect stack pages and surrounders properly and marked them as "lazy"
- Memory and resource leakage were detected by coverity, cppcheck and clang
Improvements
- Use gettimeofday() directly from vdso for restore timings
- Reformat all .py code into pep8 style
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f508db4833)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- relates to moby/buildkit 1111
- relates to moby/buildkit 1079
- relates to docker/buildx 129
full diff: 9461782956...e31b211e4f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e7183dbfe9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
