Draft
Conversation
dmcgowan
added a commit
that referenced
this pull request
Mar 6, 2026
Signed-off-by: Derek McGowan <derek@mcg.dev>
dmcgowan
added a commit
that referenced
this pull request
Mar 7, 2026
Signed-off-by: Derek McGowan <derek@mcg.dev>
github-actions Bot
added a commit
to akerouanton/containerd
that referenced
this pull request
Mar 8, 2026
36f09e7 to
3ae8f2e
Compare
Make the Windows host behave more like macOS when running Linux containers inside VMs via runtimes like nerdbox/libkrun. Two changes: 1. mount_windows.go: Return ErrNotImplemented for non-Windows mount types (ext4, overlay, erofs) instead of a hard error. This matches Darwin where mount() always returns ErrNotImplemented, and allows the mount manager to defer these mounts to the container runtime. VM-based runtimes handle the mounts inside the guest as virtio block devices or virtiofs shares. 2. spec.go: Don't add an empty spec.Windows section when generating a Linux container spec on a Windows host. The empty Windows section was added for LCOW (Linux Containers on Windows via Hyper-V), but it causes container runtimes inside VMs (e.g. crun) to fail with "Required field 'layerFolders' not present". VM-based runtimes don't use LCOW — they run a full Linux kernel. LCOW users can set the Windows section explicitly via spec options if needed. Signed-off-by: David Scott <dave@recoil.org>
Replace ErrNotImplemented stubs with working Windows implementations: - setupSignals: signal.Notify for os.Interrupt/os.Kill - newServer: ttrpc.NewServer passthrough - subreaper: no-op (not needed on Windows) - serveListener: named pipe via go-winio, TTRPC_SOCKET env fallback - reap: wait on ctx.Done (Windows auto-cleans child processes) - handleExitSignals: listen for os.Interrupt, call cancel() - openLog: return os.Stderr (no FIFO on Windows) These implementations were proven in the working nerdbox demo. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Derek McGowan <derek@mcg.dev>
The openLog() stub on Windows returned os.Stderr, so shim logs
(including VM console output from nerdbox) were never delivered to
containerd's log aggregation. The reader side (openShimLog) already
connects to a named pipe:
\.\pipe\containerd-shim-{namespace}-{id}-log
See https://github.com/containerd/containerd/blob/6667c769ecf6/core/runtime/v2/shim_windows.go#L76
but the writer side never created it.
Implement openLog() to create the matching named pipe via
winio.ListenPipe and return a pipeLogWriter that:
- Always writes to os.Stderr (so logs work even without containerd)
- Also writes to the pipe once containerd connects
Errors creating or accepting the pipe are non-fatal: openLog falls back
to os.Stderr so the shim still starts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Replace pipeLogWriter with a stderr redirect so that ALL writes to os.Stderr are captured by the log pipe, not just logrus output. The previous pipeLogWriter approach set logrus's output to a writer that fanned out to stderr and the named pipe. This missed anything written directly to os.Stderr, such as VM console output (io.Copy(os.Stderr, consoleReader)) and native library traces (e.g. krun DLL debug output). The new approach mirrors what Unix does with dup2: replace os.Stderr with the write end of an anonymous pipe, update the process-wide STD_ERROR_HANDLE, and copy from the read end to both the original stderr and the named pipe connection. This captures all stderr output without requiring callers to route through logrus. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Derek McGowan <derek@mcg.dev>
3ae8f2e to
6d34825
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rebase of #10 on main