From a87313497b3547c891720415846282219f0e71c0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 5 May 2023 19:52:17 +0200 Subject: vendor: github.com/containerd/containerd v1.6.21 release notes: https://github.com/containerd/containerd/releases/tag/v1.6.21 Notable Updates - update runc binary to v1.1.7 - Remove entry for container from container store on error - oci: partially restore comment on read-only mounts for uid/gid uses - windows: Add ArgsEscaped support for CRI - oci: Use WithReadonlyTempMount when adding users/groups - archive: consistently respect value of WithSkipDockerManifest full diff: https://github.com/containerd/containerd/compare/c0efc63d3907...v1.6.21 Signed-off-by: Sebastiaan van Stijn --- vendor/github.com/containerd/containerd/Vagrantfile | 2 +- vendor/github.com/containerd/containerd/container.go | 1 + .../containerd/containerd/oci/spec_opts.go | 20 ++++++++++++++++++++ .../containerd/containerd/oci/spec_opts_windows.go | 10 ++++++++++ vendor/github.com/containerd/containerd/task.go | 5 +++++ vendor/github.com/containerd/containerd/task_opts.go | 2 +- .../containerd/containerd/version/version.go | 2 +- vendor/modules.txt | 2 +- 8 files changed, 40 insertions(+), 4 deletions(-) (limited to 'vendor') diff --git a/vendor/github.com/containerd/containerd/Vagrantfile b/vendor/github.com/containerd/containerd/Vagrantfile index 0300c4200b..f706788ecc 100644 --- a/vendor/github.com/containerd/containerd/Vagrantfile +++ b/vendor/github.com/containerd/containerd/Vagrantfile @@ -93,7 +93,7 @@ EOF config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.19.8", + 'GO_VERSION': ENV['GO_VERSION'] || "1.19.9", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/vendor/github.com/containerd/containerd/container.go b/vendor/github.com/containerd/containerd/container.go index 7d8d674c89..2cf15666f1 100644 --- a/vendor/github.com/containerd/containerd/container.go +++ b/vendor/github.com/containerd/containerd/container.go @@ -279,6 +279,7 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N }) } } + request.RuntimePath = info.RuntimePath if info.Options != nil { any, err := typeurl.MarshalAny(info.Options) if err != nil { diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts.go b/vendor/github.com/containerd/containerd/oci/spec_opts.go index 9c9160c591..65811fc23d 100644 --- a/vendor/github.com/containerd/containerd/oci/spec_opts.go +++ b/vendor/github.com/containerd/containerd/oci/spec_opts.go @@ -663,6 +663,10 @@ func WithUser(userstr string) SpecOpts { return err } + // Use a read-only mount when trying to get user/group information + // from the container's rootfs. Since the option does read operation + // only, we append ReadOnly mount option to prevent the Linux kernel + // from syncing whole filesystem in umount syscall. return mount.WithReadonlyTempMount(ctx, mounts, f) default: return fmt.Errorf("invalid USER value %s", userstr) @@ -723,6 +727,10 @@ func WithUserID(uid uint32) SpecOpts { return err } + // Use a read-only mount when trying to get user/group information + // from the container's rootfs. Since the option does read operation + // only, we append ReadOnly mount option to prevent the Linux kernel + // from syncing whole filesystem in umount syscall. return mount.WithReadonlyTempMount(ctx, mounts, setUser) } } @@ -767,6 +775,10 @@ func WithUsername(username string) SpecOpts { return err } + // Use a read-only mount when trying to get user/group information + // from the container's rootfs. Since the option does read operation + // only, we append ReadOnly mount option to prevent the Linux kernel + // from syncing whole filesystem in umount syscall. return mount.WithReadonlyTempMount(ctx, mounts, setUser) } else if s.Windows != nil { s.Process.User.Username = username @@ -845,6 +857,10 @@ func WithAdditionalGIDs(userstr string) SpecOpts { return err } + // Use a read-only mount when trying to get user/group information + // from the container's rootfs. Since the option does read operation + // only, we append ReadOnly mount option to prevent the Linux kernel + // from syncing whole filesystem in umount syscall. return mount.WithReadonlyTempMount(ctx, mounts, setAdditionalGids) } } @@ -906,6 +922,10 @@ func WithAppendAdditionalGroups(groups ...string) SpecOpts { return err } + // Use a read-only mount when trying to get user/group information + // from the container's rootfs. Since the option does read operation + // only, we append ReadOnly mount option to prevent the Linux kernel + // from syncing whole filesystem in umount syscall. return mount.WithReadonlyTempMount(ctx, mounts, setAdditionalGids) } } diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go b/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go index 4ddb13d3f7..602d40e4a9 100644 --- a/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go +++ b/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go @@ -68,6 +68,16 @@ func WithWindowNetworksAllowUnqualifiedDNSQuery() SpecOpts { } } +// WithProcessCommandLine replaces the command line on the generated spec +func WithProcessCommandLine(cmdLine string) SpecOpts { + return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error { + setProcess(s) + s.Process.Args = nil + s.Process.CommandLine = cmdLine + return nil + } +} + // WithHostDevices adds all the hosts device nodes to the container's spec // // Not supported on windows diff --git a/vendor/github.com/containerd/containerd/task.go b/vendor/github.com/containerd/containerd/task.go index 105d4fbc31..9be1394cf4 100644 --- a/vendor/github.com/containerd/containerd/task.go +++ b/vendor/github.com/containerd/containerd/task.go @@ -139,6 +139,11 @@ type TaskInfo struct { RootFS []mount.Mount // Options hold runtime specific settings for task creation Options interface{} + // RuntimePath is an absolute path that can be used to overwrite path + // to a shim runtime binary. + RuntimePath string + + // runtime is the runtime name for the container, and cannot be changed. runtime string } diff --git a/vendor/github.com/containerd/containerd/task_opts.go b/vendor/github.com/containerd/containerd/task_opts.go index 56f3cbad60..67e6527325 100644 --- a/vendor/github.com/containerd/containerd/task_opts.go +++ b/vendor/github.com/containerd/containerd/task_opts.go @@ -49,7 +49,7 @@ func WithRootFS(mounts []mount.Mount) NewTaskOpts { // instead of resolving it from runtime name. func WithRuntimePath(absRuntimePath string) NewTaskOpts { return func(ctx context.Context, client *Client, info *TaskInfo) error { - info.runtime = absRuntimePath + info.RuntimePath = absRuntimePath return nil } } diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index e0593912a6..2fee285ac1 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.6.20+unknown" + Version = "1.6.21+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/vendor/modules.txt b/vendor/modules.txt index 140908a30e..e4f7cff5b9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -216,7 +216,7 @@ github.com/containerd/cgroups/v3/cgroup2/stats # github.com/containerd/console v1.0.3 ## explicit; go 1.13 github.com/containerd/console -# github.com/containerd/containerd v1.6.21-0.20230406162538-c0efc63d3907 +# github.com/containerd/containerd v1.6.21 ## explicit; go 1.17 github.com/containerd/containerd github.com/containerd/containerd/api/events -- cgit v1.2.1