Commit graph

39515 commits

Author SHA1 Message Date
Sebastiaan van Stijn
bd42e17284
update containerd binary to v1.5.8
The eighth patch release for containerd 1.5 contains a mitigation for CVE-2021-41190
as well as several fixes and updates.

Notable Updates

* Handle ambiguous OCI manifest parsing
* Filter selinux xattr for image volumes in CRI plugin
* Use DeactiveLayer to unlock layers that cannot be renamed in Windows snapshotter
* Fix pull failure on unexpected EOF
* Close task IO before waiting on delete
* Log a warning for ignored invalid image labels rather than erroring
* Update pull to handle of non-https urls in descriptors

See the changelog for complete list of changes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit aef782f348)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:28:30 +01:00
Sebastiaan van Stijn
3fd0b8d6eb
Update containerd binary to v1.5.7
The seventh patch release for containerd 1.5 is a security release to fix CVE-2021-41103.

Notable Updates:

- Fix insufficiently restricted permissions on container root and plugin directories
  GHSA-c2h3-6mxw-7mvq

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fa4a9702be)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:28:28 +01:00
Sebastiaan van Stijn
3700adb70a
Update containerd binary to v1.5.6
- Install apparmor parser for arm64 and update seccomp to 2.5.1
- Update runc binary to 1.0.2
- Update hcsshim to v0.8.21 to fix layer issue on Windows Server 2019
- Add support for 'clone3' syscall to fix issue with certain images when seccomp is enabled
- Add image config labels in CRI container creation
- Fix panic in metadata content writer on copy error

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b746a2bf9b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:28:26 +01:00
Sebastiaan van Stijn
0f37f2989b
Dockerfile: update gotestsum to v1.7.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1b8db06785)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:28:21 +01:00
Sebastiaan van Stijn
2716336abd
Dockerfile: use "go install" to install utilities
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 14ff070469)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:27:36 +01:00
Sebastiaan van Stijn
b35a1707e3
Dockerfile: use version for some utilities instead of commit-sha
The golangci-lint, gotestsum, shfmt, and vndr utilities should generally
be ok to be pinned by version instead of a specific sha. Also rename
the corresponding env-vars / build-args accordingly:

- GOLANGCI_LINT_COMMIT -> GOLANGCI_LINT_VERSION
- GOTESTSUM_COMMIT -> GOTESTSUM_VERSION
- SHFMT_COMMIT -> SHFMT_VERSION
- VNDR_COMMIT -> VNDR_VERSION
- CONTAINERD_COMMIT -> CONTAINERD_VERSION
- RUNC_COMMIT -> RUNC_VERSION
- ROOTLESS_COMMIT -> ROOTLESS_VERSION

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a7a7c732c0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:27:30 +01:00
Sebastiaan van Stijn
2a18825cdf
Dockerfile: remove GOPROXY override (was for go < 1.14)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3cec4b8cd4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:51 +01:00
Sebastiaan van Stijn
0f925d5d3d
remove deprecated "nokmem" build-tag for runc
This build-tag was removed in 52390d6804,
which is part of runc v1.0.0-rc94 and up, so no longer relevant.

the kmem options are now always disabled in runc.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3c7c18a499)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:49 +01:00
Sebastiaan van Stijn
fb45fe614d
info: remove "expected" check for tini version
These checks were added when we required a specific version of containerd
and runc (different versions were known to be incompatible). I don't think
we had a similar requirement for tini, so this check was redundant. Let's
remove the check altogether.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b585c64e2b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:48 +01:00
Sebastiaan van Stijn
fd32c70031
update containerd binary to v1.5.5
Welcome to the v1.5.5 release of containerd!

The fifth patch release for containerd 1.5 updates runc to 1.0.1 and contains
other minor updates.

Notable Updates

- Update runc binary to 1.0.1
- Update pull logic to try next mirror on non-404 response
- Update pull authorization logic on redirect

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4a07b89e9a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:46 +01:00
Sebastiaan van Stijn
302114634c
update containerd binary v1.4.8
Update to containerd 1.4.8 to address [CVE-2021-32760][1].

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cf1328cd46)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:44 +01:00
Sebastiaan van Stijn
1cd13dcb6c
Update containerd binary to v1.5.3
full diff: https://github.com/containerd/containerd/compare/v1.5.2...v1.5.3

Welcome to the v1.5.3 release of containerd!

The third patch release for containerd 1.5 updates runc to 1.0.0 and contains
various other fixes.

Notable Updates

- Update runc binary to 1.0.0
- Send pod UID to CNI plugins as K8S_POD_UID
- Fix invalid validation error checking
- Fix error on image pull resume
- Fix User Agent sent to registry authentication server
- Fix symlink resolution for disk mounts on Windows

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5ae2af41ee)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:42 +01:00
Sebastiaan van Stijn
5f09d5c76a
update containerd binary to v1.5.2
full diff: https://github.com/containerd/containerd/compare/v1.5.1...v1.5.2

The second patch release for containerd 1.5 is a security release to update
runc for CVE-2021-30465

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8e3186fc8f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:40 +01:00
Sebastiaan van Stijn
23f23c99ed
update containerd binary to v1.5.1
full diff: https://github.com/containerd/containerd/compare/v1.5.0...v1.5.1

Notable Updates

- Update runc to rc94
- Fix registry mirror authorization logic in CRI plugin
- Fix regression in cri-cni-release to include cri tools

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 22c0291333)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:38 +01:00
Sebastiaan van Stijn
f036a34c5b
update containerd binary to v1.5.0
Welcome to the v1.5.0 release of containerd!

The sixth major release of containerd includes many stability improvements
and code organization changes to make contribution easier and make future
features cleaner to develop. This includes bringing CRI development into the
main containerd repository and switching to Go modules. This release also
brings support for the Node Resource Interface (NRI).

Highlights
--------------------------------------------------------------------------------

*Project Organization*

- Merge containerd/cri codebase into containerd/containerd
- Move to Go modules
- Remove selinux build tag
- Add json log format output option for daemon log

*Snapshots*

- Add configurable overlayfs path
- Separate overlay implementation from plugin
- Native snapshotter configuration and plugin separation
- Devmapper snapshotter configuration and plugin separation
- AUFS snapshotter configuration and plugin separation
- ZFS snapshotter configuration and plugin separation
- Pass custom snapshot labels when creating snapshot
- Add platform check for snapshotter support when unpacking
- Handle loopback mounts
- Support userxattr mount option for overlay in user namespace
- ZFS snapshotter implementation of usage

*Distribution*

- Improve registry response errors
- Improve image pull performance over HTTP 1.1
- Registry configuration package
- Add support for layers compressed with zstd
- Allow arm64 to fallback to arm (v8, v7, v6, v5)

*Runtime*

- Add annotations to containerd task update API
- Add logging binary support when terminal is true
- Runtime support on FreeBSD

*Windows*

- Implement windowsDiff.Compare to allow outputting OCI images
- Optimize WCOW snapshotter to commit writable layers as read-only parent layers
- Optimize LCOW snapshotter use of scratch layers

*CRI*

- Add NRI injection points cri#1552
- Add support for registry host directory configuration
- Update privileged containers to use current capabilities instead of known capabilities
- Add pod annotations to CNI call
- Enable ocicrypt by default
- Support PID NamespaceMode_TARGET

Impactful Client Updates
--------------------------------------------------------------------------------

This release has changes which may affect projects which import containerd.

*Switch to Go modules*

containerd and all containerd sub-repositories are now using Go modules. This
should help make importing easier for handling transitive dependencies. As of
this release, containerd still does not guarantee client library compatibility
for 1.x versions, although best effort is made to minimize impact from changes
to exported Go packages.

*CRI plugin moved to main repository*

With the CRI plugin moving into the main repository, imports under github.com/containerd/cri/
can now be found github.com/containerd/containerd/pkg/cri/.
There are no changes required for end users of CRI.

*Library changes*

oci

The WithAllCapabilities has been removed and replaced with WithAllCurrentCapabilities
and WithAllKnownCapabilities. WithAllKnownCapabilities has similar
functionality to the previous WithAllCapabilities with added support for newer
capabilities. WithAllCurrentCapabilities can be used to give privileged
containers the same set of permissions as the calling process, preventing errors
when privileged containers attempt to get more permissions than given to the
caller.

*Configuration changes*

New registry.config_path for CRI plugin

registry.config_path specifies a directory to look for registry hosts
configuration. When resolving an image name during pull operations, the CRI
plugin will look in the <registry.config_path>/<image hostname>/ directory
for host configuration. An optional hosts.toml file in that directory may be
used to configure which hosts will be used for the pull operation as well
host-specific configurations. Updates under that directory do not require
restarting the containerd daemon.

Enable registry.config_path in the containerd configuration file.

    [plugins."io.containerd.grpc.v1.cri".registry]
       config_path = "/etc/containerd/certs.d"
    Configure registry hosts, such as /etc/containerd/certs.d/docker.io/hosts.toml
    for any image under the docker.io namespace (any image on Docker Hub).

    server = "https://registry-1.docker.io"

    [host."https://public-mirror.example.com"]
      capabilities = ["pull"]
    [host."https://docker-mirror.internal"]
      capabilities = ["pull", "resolve"]
      ca = "docker-mirror.crt"

If no hosts.toml configuration exists in the host directory, it will fallback
to check certificate files based on Docker's certificate file
pattern (".crt" files for CA certificates and ".cert"/".key" files for client
certificates).

*Deprecation of registry.mirrors and registry.configs in CRI plugin*

Mirroring and TLS can now be configured using the new registry.config_path
option. Existing configurations may be migrated to new host directory
configuration. These fields are only deprecated with no planned removal,
however, these configurations cannot be used while registry.config_path is
defined.

*Version 1 schema is deprecated*

Version 2 of the containerd configuration toml is recommended format and the
default. Starting this version, a deprecation warning will be logged when
version 1 is used.

To check version, see the version value in the containerd toml configuration.

    version=2

FreeBSD Runtime Support (Experimental)
--------------------------------------------------------------------------------

This release includes changes that allow containerd to run on FreeBSD with a
compatible runtime, such as runj. This
support should be considered experimental and currently there are no official
binary releases for FreeBSD. The runtimes used by containerd are maintained
separately and have their own stability guarantees. The containerd project
strives to be compatible with any runtime which aims to implement containerd's
shim API and OCI runtime specification.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9b2f55bc1c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:36 +01:00
Sebastiaan van Stijn
1dd37750a6
Revert "[20.10] update containerd binary to v1.4.5"
This reverts commit 01f734cb4f.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:34 +01:00
Sebastiaan van Stijn
b097d29705
Revert "[20.10] update containerd binary to v1.4.6"
This reverts commit 56541eca9a.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:32 +01:00
Sebastiaan van Stijn
de656f9da4
Revert "[20.10] update containerd binary to v1.4.7"
This reverts commit 793340a33a.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:30 +01:00
Sebastiaan van Stijn
9e36f77577
Revert "[20.10] update containerd binary v1.4.8"
This reverts commit 067918a8c3.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:28 +01:00
Sebastiaan van Stijn
eb2acf2fb3
Revert "[20.10] update containerd binary to v1.4.9"
This reverts commit e8fb8f7acd.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:26 +01:00
Sebastiaan van Stijn
4e838e50ea
Revert "[20.10] update containerd binary to v1.4.10"
This reverts commit 6835d15f55.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:24 +01:00
Sebastiaan van Stijn
79fd9c1541
Revert "[20.10] update containerd binary to v1.4.11"
This reverts commit 129a2000cf.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:22 +01:00
Sebastiaan van Stijn
13de46fd4b
Revert "[20.10] update containerd binary to v1.4.12"
This reverts commit d47de2a4c7.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 09:24:19 +01:00
Sebastiaan van Stijn
22ff2ed34b
Merge pull request #43147 from PettitWesley/backport-fluentd-fix
[20.10 backport] backport fluentd log driver async connect fix
2022-01-20 09:23:15 +01:00
Sebastiaan van Stijn
b106f7dfd0
Merge pull request #43153 from thaJeztah/20.10_bump_go_1.16.13
[20.10] update Go to 1.16.13
2022-01-18 17:37:54 +01:00
Sebastiaan van Stijn
aa92e697cb
[20.10] update Go to 1.16.13
go1.16.13 (released 2022-01-06) includes fixes to the compiler, linker, runtime,
and the net/http package. See the Go 1.16.13 milestone on our issue tracker for
details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.13+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-13 16:44:11 +01:00
Albin Kerouanton
f9df098e76 fluentd: Turn ForceStopAsyncSend true when async connect is used
The flag ForceStopAsyncSend was added to fluent logger lib in v1.5.0 (at
this time named AsyncStop) to tell fluentd to abort sending logs
asynchronously as soon as possible, when its Close() method is called.
However this flag was broken because of the way the lib was handling it
(basically, the lib could be stucked in retry-connect loop without
checking this flag).

Since fluent logger lib v1.7.0, calling Close() (when ForceStopAsyncSend
is true) will really stop all ongoing send/connect procedure,
wherever it's stucked.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
(cherry picked from commit bd61629b6b)
Signed-off-by: Wesley <wppttt@amazon.com>
2022-01-13 01:06:12 +00:00
Albin Kerouanton
81fc02b7e1 vendor: github.com/fluent/fluent-logger-golang v1.8.0
Updates the fluent logger library to v1.8.0. Following PRs/commits were
merged since last bump:

* [Add callback for error handling when using
  async](https://github.com/fluent/fluent-logger-golang/pull/97)
* [Fix panic when accessing unexported struct
  field](https://github.com/fluent/fluent-logger-golang/pull/99)
* [Properly stop logger during (re)connect
  failure](https://github.com/fluent/fluent-logger-golang/pull/82)
* [Support a TLS-enabled connection](e5d6aa13b7)

See https://github.com/fluent/fluent-logger-golang/compare/v1.6.1..v1.8.0

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
(cherry picked from commit e24d61b7ef)
Signed-off-by: Wesley <wppttt@amazon.com>
2022-01-13 01:05:52 +00:00
Cam
d6f3add5c6 vendor: github.com/fluent/fluent-logger-golang 1.6.1
Updates the fluent logger library. Namely this fixes a couple places
where the library could panic when closing and writing to channels.

see https://github.com/fluent/fluent-logger-golang/pull/93 and
https://github.com/fluent/fluent-logger-golang/pull/95

closes #40829
closes #32567

Signed-off-by: Cam <gh@sparr.email>
(cherry picked from commit a6a98d6928)
Signed-off-by: Wesley <wppttt@amazon.com>
2022-01-13 01:05:12 +00:00
Tianon Gravi
b1fc0c84de
Merge pull request #43084 from AkihiroSuda/cherrypick-42736
[20.10 backport] daemon.WithCommonOptions() fix detection of user-namespaces
2022-01-07 16:09:12 -08:00
Sebastiaan van Stijn
660b9962e4
daemon.WithCommonOptions() fix detection of user-namespaces
Commit dae652e2e5 added support for non-privileged
containers to use ICMP_PROTO (used for `ping`). This option cannot be set for
containers that have user-namespaces enabled.

However, the detection looks to be incorrect; HostConfig.UsernsMode was added
in 6993e891d1 / ee2183881b,
and the property only has meaning if the daemon is running with user namespaces
enabled. In other situations, the property has no meaning.
As a result of the above, the sysctl would only be set for containers running
with UsernsMode=host on a daemon running with user-namespaces enabled.

This patch adds a check if the daemon has user-namespaces enabled (RemappedRoot
having a non-empty value), or if the daemon is running inside a user namespace
(e.g. rootless mode) to fix the detection.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a826ca3aef)

---
The cherry-pick was almost clean but `userns.RunningInUserNS()` -> `sys.RunningInUserNS()`.

Fix docker/buildx issue 561
---

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-12-15 18:20:07 +09:00
Justin Cormack
459d0dfbbb
Merge pull request #43077 from thaJeztah/20.10_bump_go_1.16.12
[20.10] update Go to 1.16.12
2021-12-12 10:11:51 +00:00
Sebastiaan van Stijn
a621bc007b
[20.10] update Go to 1.16.12
go1.16.12 (released 2021-12-09) includes security fixes to the syscall and net/http
packages. See the Go 1.16.12 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.12+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-12-12 01:15:00 +01:00
Brian Goff
4bed71ae9a
Merge pull request #43063 from thaJeztah/20.10_bump_go_1.16.11
[20.10] update Go to 1.16.11
2021-12-08 10:09:17 -08:00
Sebastiaan van Stijn
f4daf9dd08
[20.10] update Go to 1.16.11
go1.16.11 (released 2021-12-02) includes fixes to the compiler, runtime, and the
net/http, net/http/httptest, and time packages. See the Go 1.16.11 milestone on
the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.11+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-12-06 10:16:12 +01:00
Sebastiaan van Stijn
847da184ad
Merge pull request #43004 from AkihiroSuda/cherrypick-42152
[20.10 backport] info: unset cgroup-related fields when CgroupDriver == none
2021-11-18 01:21:59 +01:00
Sebastiaan van Stijn
4a27cd1a1b
Merge pull request #43027 from thaJeztah/20.10_backport_update_image_spec
[20.10 backport] vendor: github.com/opencontainers/image-spec v1.0.2
2021-11-18 01:16:31 +01:00
Sebastiaan van Stijn
7568123fc4
Merge pull request #43023 from thaJeztah/20.10_bump_buildkit
[20.10] vendor: github.com/moby/buildkit v0.8.3-4-gbc07b2b8
2021-11-18 00:18:46 +01:00
Sebastiaan van Stijn
c98869341b
Merge pull request #43024 from thaJeztah/20.10_containerd_1.4.12
[20.10] update containerd binary to v1.4.12
2021-11-18 00:04:51 +01:00
Sebastiaan van Stijn
dc015972bb
vendor: github.com/opencontainers/image-spec v1.0.2
- Bring mediaType out of reserved status
- specs-go: adding mediaType to the index and manifest structures

full diff: https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cef0a7c14e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-18 00:03:29 +01:00
Sebastiaan van Stijn
11b3bfee6c
Merge pull request #43028 from thaJeztah/20.10_fix_vendor_conf
[20.10] fix vendor validation
2021-11-17 23:08:36 +01:00
Sebastiaan van Stijn
e0108db2bd
[20.10] fix vendor validation
Looks like vndr didn't like the replace rule missing a scheme;

    github.com/docker/distribution: Err: exit status 128, out: fatal: repository 'github.com/samuelkarp/docker-distribution' does not exist
    github.com/containerd/containerd: Err: exit status 128, out: fatal: repository 'github.com/moby/containerd' does not exist

While at it, I also replaced the schem for go-immutable-radix, because GitHub
is deprecating the git:// protocol.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-17 22:13:44 +01:00
Sebastiaan van Stijn
d47de2a4c7
[20.10] update containerd binary to v1.4.12
The twelfth patch release for containerd 1.4 contains a few minor bug fixes
and an update to mitigate CVE-2021-41190.

Notable Updates

* Handle ambiguous OCI manifest parsing GHSA-5j5w-g665-5m35
* Update pull to try next mirror for non-404 errors
* Update pull to handle of non-https urls in descriptors

See the changelog for complete list of changes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-17 21:01:41 +01:00
Sebastiaan van Stijn
da9c983789
[20.10] vendor: github.com/moby/buildkit v0.8.3-4-gbc07b2b8
imageutil: make mediatype detection more stricter to mitigate CVE-2021-41190.

full diff: 244e8cde63...bc07b2b81b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-17 20:40:17 +01:00
Sebastiaan van Stijn
10106a0f66
Merge pull request from GHSA-xmmx-7jpf-fx42
[20.10] vendor: update github.com/docker/distribution and github.com/containerd/containerd
2021-11-17 20:34:50 +01:00
Samuel Karp
c1f352c4b1
distribution: validate blob type
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-11-15 14:25:52 -08:00
Samuel Karp
c96ed28f2f
vendor: update github.com/containerd/containerd
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-11-15 14:25:52 -08:00
Akihiro Suda
7bd682c48c
Merge pull request #43008 from thaJeztah/20.10_backport_fix_TestBuildUserNamespaceValidateCapabilitiesAreV2
[20.10 backport] TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage
2021-11-11 15:36:36 +09:00
Sebastiaan van Stijn
7677aeafd7
TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage
This should help with Jenkins failing to clean up the Workspace:

- make sure "cleanup" is also called in the defer for all daemons. keeping
  the daemon's storage around prevented Jenkins from cleaning up.
- close client connections and some readers (just to be sure)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit eea2758761)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-10 14:12:12 +01:00
Sebastiaan van Stijn
34eb6fbe60
testutil: daemon.Cleanup(): cleanup more directories
The storage-driver directory caused Jenkins cleanup to fail. While at it, also
removing other directories that we do not include in the "bundles" that are
stored as Jenkins artifacts.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1a15a1a061)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-10 14:12:09 +01:00