Update fork/release/1.4 to upstream v1.4.3 #6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
[release/1.4] Re-vendor CRI to get disabled annotation config default
Signed-off-by: Samuel Karp <skarp@amazon.com>
[release/1.4] cherry-pick: ci: run critest target for all runtimes
Signed-off-by: Tianon Gravi <admwiggin@gmail.com> (cherry picked from commit 17688a7)
[release/1.4] backport: Remove setuid gosu in favor of "sudo -E PATH=$PATH ..."
Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit d1c8d98) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
[release/1.4] update to golang 1.15.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 2dbbd10) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 0a1104b) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Changes: https://golang.org/doc/devel/release.html#go1.15 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit af0a20a) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
…erd-1.4 [release/1.4] Bump Golang 1.15.5
…_seccomp_profile [release/1.4 backport] seccomp: add pidfd syscalls
Also switch to use pre-packaged containerd project checks Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
[release/1.4] Fix GH Actions CI deprecations
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (cherry picked from commit 159fb2e)
[release/1.4] cherry-pick: Update other actions for env/path CVE fix
Signed-off-by: Brian Goff <cpuguy83@gmail.com> (cherry picked from commit bd7c6ca) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Bowen Yan <loneybw@gmail.com> (cherry picked from commit 019148e) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…s_int_overflow [release/1.4 backport] Fix integer overflow on windows
Private registries that does not support http 2.0 such as Azure Container Registry streams back content in a max of 16KB chunks (max TLS record size). The small chunks introduce an overhead when copying the layers to the content store sine each chunk incurs the overhead of grpc message that has to be sent to the content store. This change reduces this overhead by buffering the chunks into 1MB chunks and only then writes a message to the content store. Below is a per comparsion between the 2 approaches using a couple of large images that are being pulled from the docker hub (http 2.0) and a private Azure CR (http 1.1) in seconds. image | Buffered copy | master ------- |---------------|---------- docker.io/pytorch/pytorch:latest | 55.63 | 58.33 docker.io/nvidia/cuda:latest | 72.05 | 75.98 containerdpulltest.azurecr.io/pytorch/pytorch:latest | 61.45 | 77.1 containerdpulltest.azurecr.io/nvidia/cuda:latest | 77.13 | 85.47 Signed-off-by: Amr Mahdi <amramahdi@gmail.com> (cherry picked from commit 289130b) Signed-off-by: Amr Mahdi <amramahdi@gmail.com>
Signed-off-by: Amr Mahdi <amramahdi@gmail.com> (cherry picked from commit f6834d4) Signed-off-by: Amr Mahdi <amramahdi@gmail.com>
Signed-off-by: Amr Mahdi <amramahdi@gmail.com> (cherry picked from commit b81917e) Signed-off-by: Amr Mahdi <amramahdi@gmail.com>
…nter [release/1.4 backport] bug fix:containerd#3448: invalid use of nil pointer in container restoring
…785-1.4 [release/1.4] Improve image pull performance from http 1.1 container registries
Fixes runtime panic for testing snapshotters Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (cherry picked from commit 027ee56)
GitHub Actions process wrapper sets score adj to 500 for any process; the OOM score adj test expected default adj to be 0 during test. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (cherry picked from commit af2fb4e)
When running tests on any modern distro, this assumption will work. If we need to make it work with kernels where we don't append this option it will require some more involved changes. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (cherry picked from commit 85d9fe3)
Disable devmapper for now until test issues are fixed. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (cherry picked from commit c11472d)
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (cherry picked from commit 6fb56aa)
[release/1.4] re-enable unit tests in GitHub Actions environment
Go 1.14 introduced a change to os.OpenFile (and syscall.Open) on Windows that uses the permissions passed to determine if the file should be created read-only or not. If the user-write bit (0200) is not set, then FILE_ATTRIBUTE_READONLY is set on the underlying CreateFile call. This is a significant change for any Windows code which created new files and set the permissions to 0 (previously the permissions had no affect, so some code didn't set them at all). This change fixes the issue for the Windows service panic file. It will now properly be created as a non-read-only file on Go 1.14+. I have looked over the rest of the containerd code and didn't see other places where this seems like an issue. Signed-off-by: Kevin Parsons <kevpar@microsoft.com> (cherry picked from commit b2420eb) Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
[release/1.4] Fix Windows service panic file to not be read-only
[release/1.4] Update cri plugin
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
[release/1.4] Prepare 1.4.2 release
This allows filesystem based ACLs for configuring access to the socket of a shim. Co-authored-by: Samuel Karp <skarp@amazon.com> Signed-off-by: Samuel Karp <skarp@amazon.com> Signed-off-by: Michael Crosby <michael@thepasture.io> Signed-off-by: Michael Crosby <michael.crosby@apple.com>
This allows filesystem-based ACLs for configuring access to the socket of a shim. Ported from Michael Crosby's similar patch for v2 shims. Signed-off-by: Samuel Karp <skarp@amazon.com>
Signed-off-by: Derek McGowan <derek@mcg.dev>
[release/1.4 backport] Use path based unix socket for shims
Collaborator
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.