[pull] main from containerd:main #56
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix the default unpack configuration on darwin to a usable configuration. Signed-off-by: Derek McGowan <derek@mcg.dev>
Match the defaults set by the transfer service which will configure linux by default on darwin hosts. Signed-off-by: Derek McGowan <derek@mcg.dev>
Fix image defaults on Darwin to usable configuration
ctr: allow rlimit-nofile override
ctr run: dump OCI config to a file
Revert "Implement io.ReaderAt on docker fetch reader"
…ithub/codeql-action-4.31.3 build(deps): bump github/codeql-action from 4.31.2 to 4.31.3
…e.golang.org/grpc-1.77.0 build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0
Bumps the k8s group with 3 updates: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/client-go](https://github.com/kubernetes/client-go) and [k8s.io/cri-api](https://github.com/kubernetes/cri-api). Updates `k8s.io/apimachinery` from 0.34.1 to 0.34.2 - [Commits](kubernetes/apimachinery@v0.34.1...v0.34.2) Updates `k8s.io/client-go` from 0.34.1 to 0.34.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.34.1...v0.34.2) Updates `k8s.io/cri-api` from 0.34.1 to 0.34.2 - [Commits](kubernetes/cri-api@v0.34.1...v0.34.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/client-go dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/cri-api dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the golang-x group with 3 updates in the / directory: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/mod` from 0.29.0 to 0.30.0 - [Commits](golang/mod@v0.29.0...v0.30.0) Updates `golang.org/x/sync` from 0.17.0 to 0.18.0 - [Commits](golang/sync@v0.17.0...v0.18.0) Updates `golang.org/x/sys` from 0.37.0 to 0.38.0 - [Commits](golang/sys@v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sync dependency-version: 0.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@6da8fa9...5be0e66) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ctions/checkout-5.0.1 build(deps): bump actions/checkout from 5.0.0 to 5.0.1
mkfs.ext4 supports creating filesystems from regular files. Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Bumps [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/containerd/cgroups/releases) - [Commits](containerd/cgroups@v3.1.0...v3.1.1) --- updated-dependencies: - dependency-name: github.com/containerd/cgroups/v3 dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Andrey Noskov <andreyn@microsoft.com>
…b.com/containerd/cgroups/v3-3.1.1 build(deps): bump github.com/containerd/cgroups/v3 from 3.1.0 to 3.1.1
fix: redact all query parameters in CRI error logs
…79ccb9dde build(deps): bump the k8s group with 3 updates
…oftprops/action-gh-release-2.4.2 build(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2
…g-x-c99a2255a7 build(deps): bump the golang-x group across 1 directory with 3 updates
In CI we run make root-test via gotestsum, which executes multiple
package tests concurrently. TestAutoclearTrueLoop attempts to invoke
LOOP_CLR_FD using a device name, which introduces a race condition.
Example race:
Process P1 represents mount.test which runs TestAutoclearTrueLoop
Process P2 represents manager.test which runs TestLoopbackMount
T1: P1 closes fd of loop-device (loop3) (kernel unsets backing-file on close)
T2: P2 gets loop3 from /dev/loop-control
T3: P2 configures loop3 with backing file successfully
T4: P1 invokes removeLoop to clear backing file for loop3
You might see that failure like this
```
=== FAIL: core/mount/manager TestLoopbackMount (0.05s)
log_hook.go:47: time="2025-10-23T21:49:22.532811960Z" level=debug msg="activating mount" func="manager.(*mountManager).Activate" file="/home/runner/work/containerd/containerd/core/mount/manager/manager.go:134" mounts="[{loop /tmp/TestLoopbackMount989607109/001/fs-1621892597 []} {format/ext4 {{ mount 0 }} []}]" name=id1 testcase=TestLoopbackMount
helpers.go:100: unmount /tmp/TestLoopbackMount989607109/001/test-mount-3030342351
manager_linux_test.go:80:
Error Trace: /home/runner/work/containerd/containerd/core/mount/manager/manager_linux_test.go:80
/home/runner/work/containerd/containerd/core/mount/manager/manager_linux_test.go:105
Error: Received unexpected error:
failed to get loop device info: no such device or address
Test: TestLoopbackMount
```
To fix this, the test now compares backing-file's inode directly and does
not call removeLoop when autoclear is set.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@014f16e...fdbfb4d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
`git.kernel.org` is suffering from network flakiness so just use github source for github workflows. Also, upgrade erofs-utils to the latest version, 1.8.10. Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
core/mount.test: should not call removeLoop when set autoclear
ci: use GitHub source for erofs-utils to fix network flakiness
This change maps ctr --gpus requests to CDI device requests. This is done by mapping --gpus ID to a nvidia.com/gpu=ID device request. This removes the dependence on the nvidia-container-cli and instead uses existing CDI specifications for nvidia devices if available on the system. Signed-off-by: Evan Lezar <elezar@nvidia.com>
Signed-off-by: Wei Fu <fuweid89@gmail.com>
.github: skip 5 critest cases for window-2022
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.12.0 to 1.13.1. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](opencontainers/selinux@v1.12.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-version: 1.13.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
bump containerd/cgroups to fix hugetlb.events parse errors Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
…version mode Use the same approach for appending UUID arguments in GenerateTarIndexAndAppendTar as done in ConvertTarErofs for consistency between the two modes. Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
cri/podsandbox: reduce dependencies to internal CRI APIs
The traditional mount() syscall has a PAGE_SIZE (typically 4KB) limit for mount options. Use the new mount API (fsopen/fsconfig/fsmount/ move_mount) introduced in Linux 5.2 to bypass this limitation. Fixed: #12662 Signed-off-by: ChengyuZhu6 <hudson@cyzhu.com>
Signed-off-by: Yohei Yamamoto <yhymmt123@gmail.com>
fix: typo in comment
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.2 to 1.18.3. - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.2...v1.18.3) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.18.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@9255dc7...8b402f5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
plugins/mount/erofs: use fsmount API to avoid PAGE_SIZE limit
…b.com/sirupsen/logrus-1.9.4 build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4
…ctions/cache-5.0.2 build(deps): bump actions/cache from 5.0.1 to 5.0.2
…b.com/klauspost/compress-1.18.3 build(deps): bump github.com/klauspost/compress from 1.18.2 to 1.18.3
…pod events PR #12491 fixed credential leaks in containerd logs but the gRPC error returned to kubelet still contained sensitive information. This was visible in Kubernetes pod events via `kubectl describe pod`. The issue was that SanitizeError was called inside the defer block, but errgrpc.ToGRPC(err) was evaluated before the defer ran, so the gRPC message contained the original unsanitized error. Move SanitizeError before the return statement so both the logged error and the gRPC error are sanitized. Ref: #5453 Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
…c-error-5453 fix: sanitize error before gRPC return to prevent credential leak in pod events
The layer blob immutable flag clearing logic was moved before storage.Remove() call to ensure that immutable files can be properly removed even if subsequent operations fail after storage.Remove(). The previous order had storage.Remove() called first, which meant if any subsequent operations failed, there would be no opportunity to remove the immutable flag on the layer blob files. Signed-off-by: jinda.ljd <jinda.ljd@alibaba-inc.com>
erofs: Move immutable file handling before storage.Remove
erofs-differ: use same UUID append style in tar index mode as tar conversion mode
Signed-off-by: Adrien Delorme <azr@users.noreply.github.com>
stability: multipart fetch pool
The CRI ImageId field was added in kubernetes/kubernetes#123508 to provide a unique image identifier on the node, separate from ImageRef which contains the manifest list digest for multi-arch images. Previously, ImageId was not populated, leaving it empty in the CRI response. This change populates ImageId with the platform-specific image config digest (stored in container.ImageRef during container creation). The ImageRef field continues to return the manifest list digest for backwards compatibility. Signed-off-by: Avinesh Singh <Avinesh.Singh@deshaw.com>
Signed-off-by: Avinesh Singh <Avinesh.Singh@deshaw.com>
Fix go mod replace and sync with latest api changes
Signed-off-by: Derek McGowan <derek@mcg.dev>
buf will generate the protobuf text file which can be used for viewing all protobuf changes in one file and quickly diffing changes. Signed-off-by: Derek McGowan <derek@mcg.dev>
Generate api/next.txtpb and name module
…cri-field cri: populate ImageId field in container status
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )