From ce5c8efbcffd1d5f1ea7f47c2fc03f5cbe460cc2 Mon Sep 17 00:00:00 2001 From: Jacob Blain Christen Date: Mon, 9 Nov 2020 10:19:00 -0700 Subject: [PATCH] cri: bump to updated fork (#2478) Addresses rancher/k3s#2240 Signed-off-by: Jacob Blain Christen --- go.mod | 6 +- go.sum | 27 +++----- .../containerd/containerd/BUILDING.md | 4 +- .../github.com/containerd/containerd/Makefile | 30 ++++---- .../containerd/cmd/ctr/commands/signals.go | 9 +++ .../cmd/ctr/commands/signals_linux.go | 27 ++++++++ .../cmd/ctr/commands/signals_notlinux.go | 25 +++++++ .../cmd/ctr/commands/tasks/metrics.go | 2 +- .../contrib/seccomp/seccomp_default.go | 51 +++++++++++++- .../github.com/containerd/containerd/go.mod | 5 +- .../github.com/containerd/containerd/go.sum | 32 +++++++-- .../runtime/v1/shim/client/client.go | 33 +++++---- .../containerd/runtime/v1/shim/service.go | 2 +- .../containerd/runtime/v2/bundle.go | 2 +- .../containerd/services/tasks/local.go | 7 ++ .../containerd/containerd/version/version.go | 2 +- vendor/github.com/containerd/cri/README.md | 24 ++++--- .../containerd/cri/pkg/config/config_unix.go | 1 + .../cri/pkg/server/container_create_unix.go | 15 ++-- vendor/github.com/containerd/cri/vendor.conf | 26 +++---- vendor/github.com/containerd/go-cni/README.md | 68 ++++++++++++++----- vendor/github.com/containerd/go-cni/go.mod | 2 +- vendor/github.com/containerd/go-cni/go.sum | 4 +- .../plugins/pkg/ns/ns_linux.go | 15 +++- .../coreos/go-iptables/iptables/iptables.go | 29 ++++---- vendor/modules.txt | 14 ++-- 26 files changed, 326 insertions(+), 136 deletions(-) create mode 100644 vendor/github.com/containerd/containerd/cmd/ctr/commands/signals_linux.go create mode 100644 vendor/github.com/containerd/containerd/cmd/ctr/commands/signals_notlinux.go diff --git a/go.mod b/go.mod index 369d00a4e4..c3fd208cbd 100644 --- a/go.mod +++ b/go.mod @@ -8,8 +8,9 @@ replace ( github.com/containerd/btrfs => github.com/containerd/btrfs v0.0.0-20181101203652-af5082808c83 github.com/containerd/cgroups => github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59 github.com/containerd/console => github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 - github.com/containerd/containerd => github.com/rancher/containerd v1.4.0-k3s1 + github.com/containerd/containerd => github.com/rancher/containerd v1.4.1-k3s1 github.com/containerd/continuity => github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 + github.com/containerd/cri => github.com/rancher/cri v1.4.0-k3s.1 // k3s-release/1.4 github.com/containerd/fifo => github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328 github.com/containerd/typeurl => github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd @@ -65,9 +66,8 @@ require ( github.com/bronze1man/goStrongswanVici v0.0.0-20190828090544-27d02f80ba40 // indirect github.com/containerd/containerd v1.4.0 github.com/containerd/cri v1.11.1-0.20200820101445-b0cc07999aa5 - github.com/containernetworking/plugins v0.8.2 // indirect github.com/coreos/flannel v0.12.0 - github.com/coreos/go-iptables v0.4.2 + github.com/coreos/go-iptables v0.4.5 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f github.com/docker/docker v17.12.0-ce-rc1.0.20200821074627-7ae5222c72cc+incompatible github.com/erikdubbelboer/gspt v0.0.0-20190125194910-e68493906b83 diff --git a/go.sum b/go.sum index 67d04bf46f..3293558f8f 100644 --- a/go.sum +++ b/go.sum @@ -138,13 +138,10 @@ github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 h1:WMpHmC6AxwWb github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 h1:tN9D97v5A5QuKdcKHKt+UMKrkQ5YXUnD8iM7IAAjEfI= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/cri v1.11.1-0.20200810101850-4e6644c8cf7f/go.mod h1:DavH5Qa8+6jOmeOMO3dhWoqksucZDe06LfuhBz/xPZs= -github.com/containerd/cri v1.11.1-0.20200820101445-b0cc07999aa5 h1:PiJVfx4pkjk8fRItqifuGJ5uHDF9hbVL6vE04QLsV10= -github.com/containerd/cri v1.11.1-0.20200820101445-b0cc07999aa5/go.mod h1:DavH5Qa8+6jOmeOMO3dhWoqksucZDe06LfuhBz/xPZs= github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c h1:KFbqHhDeaHM7IfFtXHfUHMDaUStpM2YwBR+iJCIOsKk= github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= -github.com/containerd/go-cni v1.0.0 h1:A681A9YQ5Du9V2/gZGk/pTm6g69wF0aGd9qFN9syB1E= -github.com/containerd/go-cni v1.0.0/go.mod h1:8n8EnvP0b886Wmqum9jDXlN59aHCIBKgaNYQzcDvJbU= +github.com/containerd/go-cni v1.0.1 h1:VXr2EkOPD0v1gu7CKfof6XzEIDzsE/dI9yj/W7PSWLs= +github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU= github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328 h1:PRTagVMbJcCezLcHXe8UJvR1oBzp2lG3CEumeFOLOds= github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g= github.com/containerd/imgcrypt v1.0.1 h1:IyI3IIP4m6zrNFuNFT7HizGVcuD6BYJFpdM1JvPKCbQ= @@ -157,13 +154,11 @@ github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8h github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd h1:JNn81o/xG+8NEo3bC/vx9pbi/g2WI8mtP2/nXzu297Y= github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= github.com/containerd/zfs v0.0.0-20191030014035-9abf673ca6ff/go.mod h1:mp4bnlceN4Zxp2fwNMzdKcPMopBajlb+VrHYSpKipcE= -github.com/containernetworking/cni v0.7.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI= github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containernetworking/plugins v0.7.6/go.mod h1:dagHaAhNjXjT9QYOklkKJDGaQPTg4pf//FrUcJeb7FU= -github.com/containernetworking/plugins v0.8.2 h1:5lnwfsAYO+V7yXhysJKy3E1A2Gy9oVut031zfdOzI9w= -github.com/containernetworking/plugins v0.8.2/go.mod h1:TxALKWZpWL79BC3GOYKJzzXr7U8R23PdhwaLp6F3adc= +github.com/containernetworking/plugins v0.8.6 h1:npZTLiMa4CRn6m5P9+1Dz4O1j0UeFbm8VYN6dlsw568= +github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containers/ocicrypt v1.0.1 h1:EToign46OSLTFWnb2oNj9RG3XDnkOX8r28ZIXUuk5Pc= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI= @@ -171,8 +166,8 @@ github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkE github.com/coreos/etcd v3.1.11+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-iptables v0.4.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= -github.com/coreos/go-iptables v0.4.2 h1:KH0EwId05JwWIfb96gWvkiT2cbuOu8ygqUaB+yPAwIg= -github.com/coreos/go-iptables v0.4.2/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= +github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38= +github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -471,8 +466,6 @@ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U= -github.com/juju/testing v0.0.0-20190613124551-e81189438503/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/karrick/godirwalk v1.7.5 h1:VbzFqwXwNbAZoA6W5odrLr+hKK197CcENcPh6E/gJ0M= @@ -660,8 +653,10 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T github.com/quobyte/api v0.1.2/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI= github.com/rakelkar/gonetsh v0.0.0-20190930180311-e5c5ffe4bdf0 h1:iXE9kmlAqhusXxzkXictdNgWS7p4ZBnmv9SdyMgTf6E= github.com/rakelkar/gonetsh v0.0.0-20190930180311-e5c5ffe4bdf0/go.mod h1:4XHkfaUj+URzGO9sohoAgt2V9Y8nIW7fugpu0E6gShk= -github.com/rancher/containerd v1.4.0-k3s1 h1:3ZiF3vYP7sAuH3fTVa1P1tmUETKPpRw0rAAH3wB6xFs= -github.com/rancher/containerd v1.4.0-k3s1/go.mod h1:9GDw4Y295rEr7u9UZVleiAbsZM/d34thMi018FZStd4= +github.com/rancher/containerd v1.4.1-k3s1 h1:LjLaRPbmYma4wvYS1m0MLa77VV/FbqI6sjhREn1K5Ls= +github.com/rancher/containerd v1.4.1-k3s1/go.mod h1:sp2cwOHbS1O/EQtz0uNbkkkqiWvkyboQRooFTzNN34A= +github.com/rancher/cri v1.4.0-k3s.1 h1:8r0HA10alZf5ybnX0PUlN/u6Ja1YM+ljnGUOLy10OnQ= +github.com/rancher/cri v1.4.0-k3s.1/go.mod h1:Ht5T1dIKzm+4NExmb7wDVG6qR+j0xeXIjjhCv1d9geY= github.com/rancher/cri-tools v1.19.0-k3s1 h1:c6lqNWyoAB5+NaUREbpZxKXCuYl9he24/DZEgHywg+A= github.com/rancher/cri-tools v1.19.0-k3s1/go.mod h1:bitvtZRi5F7t505Yw3zPzp22LOao1lqJKHfx6x0hnpw= github.com/rancher/dynamiclistener v0.2.1 h1:QiY1jxs2TOLrKB04G36vE2ehEvPMPGiWp8zEHLKB1nE= @@ -722,7 +717,6 @@ github.com/rancher/kubernetes/staging/src/k8s.io/metrics v1.19.3-k3s1 h1:doNDlT3 github.com/rancher/kubernetes/staging/src/k8s.io/metrics v1.19.3-k3s1/go.mod h1:HZHgmugH8oA4ZxTPt9R8HYJBWEeLDegmaGoPo3HDK3I= github.com/rancher/kubernetes/staging/src/k8s.io/sample-apiserver v1.19.3-k3s1/go.mod h1:tl3x2SPSVsIqnioD4z87jXFemilbRh1EYDm3KirMsjI= github.com/rancher/moq v0.0.0-20190404221404-ee5226d43009/go.mod h1:wpITyDPTi/Na5h73XkbuEf2AP9fbgrIGqqxVzFhYD6U= -github.com/rancher/nocode v0.0.0-20200630202308-cb097102c09f/go.mod h1:iAAt6Amgbysi6srDJs9SxGSbG2j/JSRb/xCrnEtA69g= github.com/rancher/remotedialer v0.2.0 h1:xD7t3K6JYwTdAsxmGtTHQMkEkFgKouQ1foLxVW424Dc= github.com/rancher/remotedialer v0.2.0/go.mod h1:tkU8ZvrR5lRgaKWaX71nAy6daeqvPFx/lJEnbW7tXSI= github.com/rancher/wrangler v0.1.4/go.mod h1:EYP7cqpg42YqElaCm+U9ieSrGQKAXxUH5xsr+XGpWyE= @@ -999,7 +993,6 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/mcuadros/go-syslog.v2 v2.2.1/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U= -gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= diff --git a/vendor/github.com/containerd/containerd/BUILDING.md b/vendor/github.com/containerd/containerd/BUILDING.md index 7a37e1602a..556172fde0 100644 --- a/vendor/github.com/containerd/containerd/BUILDING.md +++ b/vendor/github.com/containerd/containerd/BUILDING.md @@ -117,13 +117,13 @@ You can build static binaries by providing a few variables to `make`: ```sudo make EXTRA_FLAGS="-buildmode pie" \ - EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"' \ + EXTRA_LDFLAGS='-linkmode external -extldflags "-fno-PIC -static"' \ BUILDTAGS="netgo osusergo static_build" ``` > *Note*: > - static build is discouraged -> - static containerd binary does not support loading plugins +> - static containerd binary does not support loading shared object plugins (`*.so`) # Via Docker container diff --git a/vendor/github.com/containerd/containerd/Makefile b/vendor/github.com/containerd/containerd/Makefile index 76795bef57..c0fecb9a6b 100644 --- a/vendor/github.com/containerd/containerd/Makefile +++ b/vendor/github.com/containerd/containerd/Makefile @@ -68,8 +68,22 @@ RELEASE=containerd-$(VERSION:v%=%).${GOOS}-${GOARCH} PKG=github.com/containerd/containerd +# Project binaries. +COMMANDS=ctr containerd containerd-stress +MANPAGES=ctr.8 containerd.8 containerd-config.8 containerd-config.toml.5 + +ifdef BUILDTAGS + GO_BUILDTAGS = ${BUILDTAGS} +endif +# Build tags apparmor and selinux are needed by CRI plugin. +GO_BUILDTAGS ?= apparmor selinux +GO_BUILDTAGS += ${DEBUG_TAGS} +GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(GO_BUILDTAGS)",) +GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)' +SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)' + # Project packages. -PACKAGES=$(shell go list ./... | grep -v /vendor/) +PACKAGES=$(shell go list ${GO_TAGS} ./... | grep -v /vendor/) INTEGRATION_PACKAGE=${PKG} TEST_REQUIRES_ROOT_PACKAGES=$(filter \ ${PACKAGES}, \ @@ -86,20 +100,6 @@ ifdef SKIPTESTS TEST_REQUIRES_ROOT_PACKAGES:=$(filter-out ${SKIPTESTS},${TEST_REQUIRES_ROOT_PACKAGES}) endif -# Project binaries. -COMMANDS=ctr containerd containerd-stress -MANPAGES=ctr.8 containerd.8 containerd-config.8 containerd-config.toml.5 - -ifdef BUILDTAGS - GO_BUILDTAGS = ${BUILDTAGS} -endif -# Build tags apparmor and selinux are needed by CRI plugin. -GO_BUILDTAGS ?= apparmor selinux -GO_BUILDTAGS += ${DEBUG_TAGS} -GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(GO_BUILDTAGS)",) -GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)' -SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)' - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals.go index 51afb0f7bd..311608c26c 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals.go @@ -23,6 +23,7 @@ import ( "syscall" "github.com/containerd/containerd" + "github.com/containerd/containerd/errdefs" "github.com/sirupsen/logrus" ) @@ -36,8 +37,16 @@ func ForwardAllSignals(ctx gocontext.Context, task killer) chan os.Signal { signal.Notify(sigc) go func() { for s := range sigc { + if canIgnoreSignal(s) { + logrus.Debugf("Ignoring signal %s", s) + continue + } logrus.Debug("forwarding signal ", s) if err := task.Kill(ctx, s.(syscall.Signal)); err != nil { + if errdefs.IsNotFound(err) { + logrus.WithError(err).Debugf("Not forwarding signal %s", s) + return + } logrus.WithError(err).Errorf("forward signal %s", s) } } diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals_linux.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals_linux.go new file mode 100644 index 0000000000..f41abfcfd3 --- /dev/null +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals_linux.go @@ -0,0 +1,27 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package commands + +import ( + "os" + + "golang.org/x/sys/unix" +) + +func canIgnoreSignal(s os.Signal) bool { + return s == unix.SIGURG +} diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals_notlinux.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals_notlinux.go new file mode 100644 index 0000000000..6a9dccbc4e --- /dev/null +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/signals_notlinux.go @@ -0,0 +1,25 @@ +//+build !linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package commands + +import "os" + +func canIgnoreSignal(_ os.Signal) bool { + return false +} diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/metrics.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/metrics.go index 263f183a35..3fd1493811 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/metrics.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/metrics.go @@ -176,7 +176,7 @@ func printWindowsContainerStatistics(w *tabwriter.Writer, stats *wstats.WindowsC if stats.Processor != nil { fmt.Fprintf(w, "cpu.total_runtime_ns\t%d\t\n", stats.Processor.TotalRuntimeNS) fmt.Fprintf(w, "cpu.runtime_user_ns\t%d\t\n", stats.Processor.RuntimeUserNS) - fmt.Fprintf(w, "cpu.runtime_kernel_ns\t%d\t\n", stats.Processor.RuntimeUserNS) + fmt.Fprintf(w, "cpu.runtime_kernel_ns\t%d\t\n", stats.Processor.RuntimeKernelNS) } if stats.Memory != nil { fmt.Fprintf(w, "memory.commit_bytes\t%d\t\n", stats.Memory.MemoryUsageCommitBytes) diff --git a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go b/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go index 7da95a0c30..f1337e6db3 100644 --- a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go +++ b/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp_default.go @@ -55,6 +55,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "accept", "accept4", "access", + "adjtimex", "alarm", "bind", "brk", @@ -93,6 +94,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "exit", "exit_group", "faccessat", + "faccessat2", "fadvise64", "fadvise64_64", "fallocate", @@ -173,6 +175,9 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "ioprio_set", "io_setup", "io_submit", + "io_uring_enter", + "io_uring_register", + "io_uring_setup", "ipc", "kill", "lchown", @@ -190,6 +195,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "lstat", "lstat64", "madvise", + "membarrier", "memfd_create", "mincore", "mkdir", @@ -224,6 +230,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "_newselect", "open", "openat", + "openat2", "pause", "pipe", "pipe2", @@ -233,11 +240,13 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "prctl", "pread64", "preadv", + "preadv2", "prlimit64", "pselect6", "pselect6_time64", "pwrite64", "pwritev", + "pwritev2", "read", "readahead", "readlink", @@ -344,7 +353,6 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "sync_file_range", "syncfs", "sysinfo", - "syslog", "tee", "tgkill", "time", @@ -406,6 +414,28 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { }, }, }, + { + Names: []string{"personality"}, + Action: specs.ActAllow, + Args: []specs.LinuxSeccompArg{ + { + Index: 0, + Value: 0x20000, + Op: specs.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: specs.ActAllow, + Args: []specs.LinuxSeccompArg{ + { + Index: 0, + Value: 0x20008, + Op: specs.OpEqualTo, + }, + }, + }, { Names: []string{"personality"}, Action: specs.ActAllow, @@ -427,11 +457,20 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { // include by arch switch runtime.GOARCH { + case "ppc64le": + s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{ + Names: []string{ + "sync_file_range2", + }, + Action: specs.ActAllow, + Args: []specs.LinuxSeccompArg{}, + }) case "arm", "arm64": s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{ Names: []string{ "arm_fadvise64_64", "arm_sync_file_range", + "sync_file_range2", "breakpoint", "cacheflush", "set_tls", @@ -488,9 +527,11 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "mount", "name_to_handle_at", "perf_event_open", + "quotactl", "setdomainname", "sethostname", "setns", + "syslog", "umount", "umount2", "unshare", @@ -551,7 +592,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { Names: []string{ "settimeofday", "stime", - "adjtimex", + "clock_settime", }, Action: specs.ActAllow, Args: []specs.LinuxSeccompArg{}, @@ -562,6 +603,12 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { Action: specs.ActAllow, Args: []specs.LinuxSeccompArg{}, }) + case "CAP_SYSLOG": + s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{ + Names: []string{"syslog"}, + Action: specs.ActAllow, + Args: []specs.LinuxSeccompArg{}, + }) } } diff --git a/vendor/github.com/containerd/containerd/go.mod b/vendor/github.com/containerd/containerd/go.mod index 1f1543d8ba..62f3a86f1a 100644 --- a/vendor/github.com/containerd/containerd/go.mod +++ b/vendor/github.com/containerd/containerd/go.mod @@ -3,6 +3,7 @@ module github.com/containerd/containerd go 1.14 replace ( + github.com/containerd/cri => github.com/rancher/cri v1.11.1-0.20201105233134-0486eceb9306 // k3s-release/1.4 k8s.io/api => k8s.io/api v0.19.0 k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.19.0 k8s.io/apimachinery => k8s.io/apimachinery v0.19.0 @@ -42,13 +43,13 @@ require ( github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe github.com/containerd/cri v1.11.1-0.20200810101850-4e6644c8cf7f github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b - github.com/containerd/go-cni v1.0.0 // indirect + github.com/containerd/go-cni v1.0.1 // indirect github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328 github.com/containerd/imgcrypt v1.0.1 // indirect github.com/containerd/ttrpc v1.0.1 github.com/containerd/typeurl v1.0.1 github.com/containerd/zfs v0.0.0-20191030014035-9abf673ca6ff - github.com/containernetworking/plugins v0.7.6 // indirect + github.com/containernetworking/plugins v0.8.6 // indirect github.com/coreos/go-systemd/v22 v22.1.0 github.com/docker/docker v17.12.0-ce-rc1.0.20200310163718-4634ce647cf2+incompatible // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c diff --git a/vendor/github.com/containerd/containerd/go.sum b/vendor/github.com/containerd/containerd/go.sum index 21cfd47d88..c946c88ee8 100644 --- a/vendor/github.com/containerd/containerd/go.sum +++ b/vendor/github.com/containerd/containerd/go.sum @@ -36,9 +36,11 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317/go.mod h1:DF8FZRxMHMGv/vP2lQP6h+dYzzjpuRn24VeRiYn3qjQ= github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA= github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E= +github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= +github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= github.com/Microsoft/hcsshim v0.8.10-0.20200715222032-5eafd1556990 h1:1xpVY4dSUSbW3PcSGxZJhI8Z+CJiqbd933kM7HIinTc= @@ -59,6 +61,7 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= @@ -81,6 +84,7 @@ github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= +github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= @@ -131,14 +135,12 @@ github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe h1:PEmIrUvwG9Yyv+0WKZqjXfSFDeZjs/q15g0m08BYS9k= github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= -github.com/containerd/cri v1.11.1-0.20200810101850-4e6644c8cf7f h1:ykLRc6z/7ezblpYiNjJ3NnvbTcdF9wczim62jYP3Ncg= -github.com/containerd/cri v1.11.1-0.20200810101850-4e6644c8cf7f/go.mod h1:DavH5Qa8+6jOmeOMO3dhWoqksucZDe06LfuhBz/xPZs= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b h1:qUtCegLdOUVfVJOw+KDg6eJyE1TGvLlkGEd1091kSSQ= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= -github.com/containerd/go-cni v1.0.0 h1:A681A9YQ5Du9V2/gZGk/pTm6g69wF0aGd9qFN9syB1E= -github.com/containerd/go-cni v1.0.0/go.mod h1:8n8EnvP0b886Wmqum9jDXlN59aHCIBKgaNYQzcDvJbU= +github.com/containerd/go-cni v1.0.1 h1:VXr2EkOPD0v1gu7CKfof6XzEIDzsE/dI9yj/W7PSWLs= +github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU= github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328 h1:PRTagVMbJcCezLcHXe8UJvR1oBzp2lG3CEumeFOLOds= @@ -159,13 +161,14 @@ github.com/containerd/zfs v0.0.0-20191030014035-9abf673ca6ff/go.mod h1:mp4bnlceN github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI= github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containernetworking/plugins v0.7.6 h1:ls5oA8x1GrdkoREBg0j/97U9P6SX75UaXb++req5kIo= -github.com/containernetworking/plugins v0.7.6/go.mod h1:dagHaAhNjXjT9QYOklkKJDGaQPTg4pf//FrUcJeb7FU= +github.com/containernetworking/plugins v0.8.6 h1:npZTLiMa4CRn6m5P9+1Dz4O1j0UeFbm8VYN6dlsw568= +github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containers/ocicrypt v1.0.1 h1:EToign46OSLTFWnb2oNj9RG3XDnkOX8r28ZIXUuk5Pc= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -183,6 +186,10 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= +github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= +github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= +github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= +github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -298,6 +305,7 @@ github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85n github.com/go-ozzo/ozzo-validation v3.5.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= +github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME= @@ -394,6 +402,7 @@ github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= +github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a/go.mod h1:wK6yTYYcgjHE1Z1QtXACPDjcFJyBskHEdagmnq3vsP8= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -447,6 +456,7 @@ github.com/marten-seemann/qtls v0.2.3/go.mod h1:xzjG7avBwGGbdZ8dTGxlBnLArsVKLvwm github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= @@ -483,6 +493,7 @@ github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= +github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -490,6 +501,7 @@ github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -565,6 +577,8 @@ github.com/prometheus/procfs v0.1.3 h1:F0+tqvhOksq22sc6iCHF5WGlWjdwj92p0udFh1VFB github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quobyte/api v0.1.2/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI= +github.com/rancher/cri v1.11.1-0.20201105233134-0486eceb9306 h1:rgUBUm01ocN+oSQr/XInMPzUHG5aZu3dHSFBb84vBaA= +github.com/rancher/cri v1.11.1-0.20201105233134-0486eceb9306/go.mod h1:Ht5T1dIKzm+4NExmb7wDVG6qR+j0xeXIjjhCv1d9geY= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/robfig/cron v1.1.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= @@ -575,6 +589,7 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= @@ -582,6 +597,7 @@ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAm github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= @@ -635,7 +651,9 @@ github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= +github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= +github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200520041808-52d707b772fe/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= @@ -670,6 +688,7 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190123085648-057139ce5d2b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -714,6 +733,7 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go index 562ee6ca48..9653454afc 100644 --- a/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go +++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go @@ -22,6 +22,7 @@ import ( "context" "fmt" "io" + "io/ioutil" "net" "os" "os/exec" @@ -67,23 +68,25 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa } defer f.Close() - var stdoutLog io.ReadWriteCloser - var stderrLog io.ReadWriteCloser - if debug { - stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir) - if err != nil { - return nil, nil, errors.Wrapf(err, "failed to create stdout log") - } - - stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir) - if err != nil { - return nil, nil, errors.Wrapf(err, "failed to create stderr log") - } - - go io.Copy(os.Stdout, stdoutLog) - go io.Copy(os.Stderr, stderrLog) + stdoutCopy := ioutil.Discard + stderrCopy := ioutil.Discard + stdoutLog, err := v1.OpenShimStdoutLog(ctx, config.WorkDir) + if err != nil { + return nil, nil, errors.Wrapf(err, "failed to create stdout log") } + stderrLog, err := v1.OpenShimStderrLog(ctx, config.WorkDir) + if err != nil { + return nil, nil, errors.Wrapf(err, "failed to create stderr log") + } + if debug { + stdoutCopy = os.Stdout + stderrCopy = os.Stderr + } + + go io.Copy(stdoutCopy, stdoutLog) + go io.Copy(stderrCopy, stderrLog) + cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog) if err != nil { return nil, nil, err diff --git a/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go b/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go index 6bd6aefa22..2f5a8c2f21 100644 --- a/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go +++ b/vendor/github.com/containerd/containerd/runtime/v1/shim/service.go @@ -514,7 +514,7 @@ func (s *Service) checkProcesses(e runc.Exit) { } s.mu.Unlock() if p == nil { - log.G(s.context).Infof("process with id:%d wasn't found", e.Pid) + log.G(s.context).Debugf("process with id:%d wasn't found", e.Pid) return } if ip, ok := p.(*process.Init); ok { diff --git a/vendor/github.com/containerd/containerd/runtime/v2/bundle.go b/vendor/github.com/containerd/containerd/runtime/v2/bundle.go index 6e21a875f9..1a58e627b5 100644 --- a/vendor/github.com/containerd/containerd/runtime/v2/bundle.go +++ b/vendor/github.com/containerd/containerd/runtime/v2/bundle.go @@ -121,7 +121,7 @@ func (b *Bundle) Delete() error { if err := mount.UnmountAll(rootfs, 0); err != nil { return errors.Wrapf(err, "unmount rootfs %s", rootfs) } - if err := os.Remove(rootfs); err != nil && os.IsNotExist(err) { + if err := os.Remove(rootfs); err != nil && !os.IsNotExist(err) { return errors.Wrap(err, "failed to remove bundle rootfs") } err := atomicDelete(b.Path) diff --git a/vendor/github.com/containerd/containerd/services/tasks/local.go b/vendor/github.com/containerd/containerd/services/tasks/local.go index e33c30d987..340cdf4b8b 100644 --- a/vendor/github.com/containerd/containerd/services/tasks/local.go +++ b/vendor/github.com/containerd/containerd/services/tasks/local.go @@ -118,6 +118,13 @@ func initFunc(ic *plugin.InitContext) (interface{}, error) { l.monitor.Monitor(t) } } + v2Tasks, err := l.v2Runtime.Tasks(ic.Context, true) + if err != nil { + return nil, err + } + for _, t := range v2Tasks { + l.monitor.Monitor(t) + } return l, nil } diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index 3eb8c902bf..9a23540288 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.4.0+unknown" + Version = "1.4.1+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md index 45adba23d8..1b3663ac96 100644 --- a/vendor/github.com/containerd/cri/README.md +++ b/vendor/github.com/containerd/cri/README.md @@ -1,17 +1,25 @@ +# Moved to [`github.com/containerd/containerd/pkg/cri`](https://github.com/containerd/containerd/tree/master/pkg/cri) + +On October 7, 2020, the contents of this repo were merged into [the `containerd/containerd` repo](https://github.com/containerd/cri). +For example, the source code previously stored under [`containerd/cri/pkg`](https://github.com/containerd/cri/tree/release/1.4/pkg) +was moved to [`containerd/containerd/pkg/cri` package](https://github.com/containerd/containerd/tree/master/pkg/cri). + +**Pull requests are no longer accepted in the master branch of this repo.** + +Bug-fix PRs for `release/1.3` and `release/1.4` branches are still accepted in this repo. +However, the master branch for `containerd/cri` integration work is now located in the `containerd/containerd` repository, +and as such new commits should be merged there. + +This repo will be archived after the EOL of containerd 1.4. + +- - - + # cri

-*Note: The standalone `cri-containerd` binary is end-of-life. `cri-containerd` is -transitioning from a standalone binary that talks to containerd to a plugin within -containerd. This github branch is for the `cri` plugin. See -[standalone-cri-containerd branch](https://github.com/containerd/cri/tree/standalone-cri-containerd) -for information about the standalone version of `cri-containerd`.* - -*Note: You need to [drain your node](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/) before upgrading from standalone `cri-containerd` to containerd with `cri` plugin.* - [![Build Status](https://api.travis-ci.org/containerd/cri.svg?style=flat-square)](https://travis-ci.org/containerd/cri) [![Go Report Card](https://goreportcard.com/badge/github.com/containerd/cri)](https://goreportcard.com/report/github.com/containerd/cri) diff --git a/vendor/github.com/containerd/cri/pkg/config/config_unix.go b/vendor/github.com/containerd/cri/pkg/config/config_unix.go index 9df456b53a..62ea662072 100644 --- a/vendor/github.com/containerd/cri/pkg/config/config_unix.go +++ b/vendor/github.com/containerd/cri/pkg/config/config_unix.go @@ -43,6 +43,7 @@ func DefaultConfig() PluginConfig { Options: new(toml.Primitive), }, }, + DisableSnapshotAnnotations: true, }, DisableTCPService: true, StreamServerAddress: "127.0.0.1", diff --git a/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go b/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go index 28863cb0c0..eb28220a6c 100644 --- a/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go +++ b/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go @@ -101,9 +101,10 @@ func (c *criService) containerMounts(sandboxID string, config *runtime.Container sandboxDevShm = devShm } mounts = append(mounts, &runtime.Mount{ - ContainerPath: devShm, - HostPath: sandboxDevShm, - Readonly: false, + ContainerPath: devShm, + HostPath: sandboxDevShm, + Readonly: false, + SelinuxRelabel: true, }) } return mounts @@ -182,11 +183,15 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3 if !c.config.DisableProcMount { // Apply masked paths if specified. // If the container is privileged, this will be cleared later on. - specOpts = append(specOpts, oci.WithMaskedPaths(securityContext.GetMaskedPaths())) + if maskedPaths := securityContext.GetMaskedPaths(); maskedPaths != nil { + specOpts = append(specOpts, oci.WithMaskedPaths(maskedPaths)) + } // Apply readonly paths if specified. // If the container is privileged, this will be cleared later on. - specOpts = append(specOpts, oci.WithReadonlyPaths(securityContext.GetReadonlyPaths())) + if readonlyPaths := securityContext.GetReadonlyPaths(); readonlyPaths != nil { + specOpts = append(specOpts, oci.WithReadonlyPaths(readonlyPaths)) + } } if securityContext.GetPrivileged() { diff --git a/vendor/github.com/containerd/cri/vendor.conf b/vendor/github.com/containerd/cri/vendor.conf index ab6d986d55..be7827dc94 100644 --- a/vendor/github.com/containerd/cri/vendor.conf +++ b/vendor/github.com/containerd/cri/vendor.conf @@ -2,7 +2,7 @@ github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/opencontainers/selinux v1.6.0 github.com/tchap/go-patricia v2.2.6 -github.com/willf/bitset d5bec3311243426a3c6d1b7a795f24b17c686dbb # 1.1.10+ used by selinux pkg +github.com/willf/bitset v1.1.11 # containerd dependencies github.com/beorn7/perks v1.0.1 @@ -10,7 +10,7 @@ github.com/BurntSushi/toml v0.3.1 github.com/cespare/xxhash/v2 v2.1.1 github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff github.com/containerd/console v1.0.0 -github.com/containerd/containerd v1.4.0 +github.com/containerd/containerd v1.4.1 github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 github.com/containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c @@ -77,21 +77,21 @@ golang.org/x/oauth2 858c2ad4c8b6c5d10852cb89079f golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82 gopkg.in/inf.v0 v0.9.1 gopkg.in/yaml.v2 v2.2.8 -k8s.io/api v0.19.0-rc.4 -k8s.io/apiserver v0.19.0-rc.4 -k8s.io/apimachinery v0.19.0-rc.4 -k8s.io/client-go v0.19.0-rc.4 -k8s.io/component-base v0.19.0-rc.4 -k8s.io/cri-api v0.19.0-rc.4 +k8s.io/api v0.19.2 +k8s.io/apiserver v0.19.2 +k8s.io/apimachinery v0.19.2 +k8s.io/client-go v0.19.2 +k8s.io/component-base v0.19.2 +k8s.io/cri-api v0.19.2 k8s.io/klog/v2 v2.2.0 -k8s.io/utils 2df71ebbae66f39338aed4cd0bb82d2212ee33cc -sigs.k8s.io/structured-merge-diff/v3 v3.0.0 +k8s.io/utils d5654de09c73da55eb19ae4ab4f734f7a61747a6 +sigs.k8s.io/structured-merge-diff/v4 v4.0.1 sigs.k8s.io/yaml v1.2.0 # cni dependencies -github.com/containerd/go-cni v1.0.0 -github.com/containernetworking/cni v0.7.1 -github.com/containernetworking/plugins v0.7.6 +github.com/containerd/go-cni v1.0.1 +github.com/containernetworking/cni v0.8.0 +github.com/containernetworking/plugins v0.8.6 github.com/fsnotify/fsnotify v1.4.9 # image decrypt depedencies diff --git a/vendor/github.com/containerd/go-cni/README.md b/vendor/github.com/containerd/go-cni/README.md index 3b1a4aa753..837cb467da 100644 --- a/vendor/github.com/containerd/go-cni/README.md +++ b/vendor/github.com/containerd/go-cni/README.md @@ -13,35 +13,67 @@ go-cni aims to support plugins that implement [Container Network Interface](http ## Usage ```go +package main + +import ( + "context" + "fmt" + "log" + + gocni "github.com/containerd/go-cni" +) + func main() { - id := "123456" - netns := "/proc/9999/ns/net" + id := "example" + netns := "/var/run/netns/example-ns-1" + + // CNI allows multiple CNI configurations and the network interface + // will be named by eth0, eth1, ..., ethN. + ifPrefixName := "eth" defaultIfName := "eth0" - // Initialize library - l = gocni.New(gocni.WithMinNetworkCount(2), - gocni.WithPluginConfDir("/etc/mycni/net.d"), - gocni.WithPluginDir([]string{"/opt/mycni/bin", "/opt/cni/bin"}), - gocni.WithDefaultIfName(defaultIfName)) - - // Load the cni configuration - err:= l.Load(gocni.WithLoNetwork, gocni.WithDefaultConf) - if err != nil{ - log.Errorf("failed to load cni configuration: %v", err) - return + + // Initializes library + l, err := gocni.New( + // one for loopback network interface + gocni.WithMinNetworkCount(2), + gocni.WithPluginConfDir("/etc/cni/net.d"), + gocni.WithPluginDir([]string{"/opt/cni/bin"}), + // Sets the prefix for network interfaces, eth by default + gocni.WithInterfacePrefix(ifPrefixName)) + if err != nil { + log.Fatalf("failed to initialize cni library: %v", err) } - + + // Load the cni configuration + if err := l.Load(gocni.WithLoNetwork, gocni.WithDefaultConf); err != nil { + log.Fatalf("failed to load cni configuration: %v", err) + } + // Setup network for namespace. labels := map[string]string{ "K8S_POD_NAMESPACE": "namespace1", "K8S_POD_NAME": "pod1", "K8S_POD_INFRA_CONTAINER_ID": id, + // Plugin tolerates all Args embedded by unknown labels, like + // K8S_POD_NAMESPACE/NAME/INFRA_CONTAINER_ID... + "IgnoreUnknown": "1", } - result, err := l.Setup(id, netns, gocni.WithLabels(labels)) + + ctx := context.Background() + + // Teardown network + defer func() { + if err := l.Remove(ctx, id, netns, gocni.WithLabels(labels)); err != nil { + log.Fatalf("failed to teardown network: %v", err) + } + }() + + // Setup network + result, err := l.Setup(ctx, id, netns, gocni.WithLabels(labels)) if err != nil { - log.Errorf("failed to setup network for namespace %q: %v",id, err) - return + log.Fatalf("failed to setup network for namespace: %v", err) } - + // Get IP of the default interface IP := result.Interfaces[defaultIfName].IPConfigs[0].IP.String() fmt.Printf("IP of the default interface %s:%s", defaultIfName, IP) diff --git a/vendor/github.com/containerd/go-cni/go.mod b/vendor/github.com/containerd/go-cni/go.mod index 0040b34b7a..0185c18051 100644 --- a/vendor/github.com/containerd/go-cni/go.mod +++ b/vendor/github.com/containerd/go-cni/go.mod @@ -1,7 +1,7 @@ module github.com/containerd/go-cni require ( - github.com/containernetworking/cni v0.7.1 + github.com/containernetworking/cni v0.8.0 github.com/davecgh/go-spew v1.1.1 // indirect github.com/onsi/ginkgo v1.10.3 // indirect github.com/onsi/gomega v1.7.1 // indirect diff --git a/vendor/github.com/containerd/go-cni/go.sum b/vendor/github.com/containerd/go-cni/go.sum index 967f986b10..d173e02d91 100644 --- a/vendor/github.com/containerd/go-cni/go.sum +++ b/vendor/github.com/containerd/go-cni/go.sum @@ -1,5 +1,5 @@ -github.com/containernetworking/cni v0.7.1 h1:fE3r16wpSEyaqY4Z4oFrLMmIGfBYIKpPrHK31EJ9FzE= -github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= +github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI= +github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= diff --git a/vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go index 31ad5f622f..a34f97170e 100644 --- a/vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go +++ b/vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go @@ -178,7 +178,16 @@ func (ns *netNS) Do(toRun func(NetNS) error) error { if err = ns.Set(); err != nil { return fmt.Errorf("error switching to ns %v: %v", ns.file.Name(), err) } - defer threadNS.Set() // switch back + defer func() { + err := threadNS.Set() // switch back + if err == nil { + // Unlock the current thread only when we successfully switched back + // to the original namespace; otherwise leave the thread locked which + // will force the runtime to scrap the current thread, that is maybe + // not as optimal but at least always safe to do. + runtime.UnlockOSThread() + } + }() return toRun(hostNS) } @@ -193,6 +202,10 @@ func (ns *netNS) Do(toRun func(NetNS) error) error { var wg sync.WaitGroup wg.Add(1) + // Start the callback in a new green thread so that if we later fail + // to switch the namespace back to the original one, we can safely + // leave the thread locked to die without a risk of the current thread + // left lingering with incorrect namespace. var innerError error go func() { defer wg.Done() diff --git a/vendor/github.com/coreos/go-iptables/iptables/iptables.go b/vendor/github.com/coreos/go-iptables/iptables/iptables.go index 2ed875bb58..1074275b02 100644 --- a/vendor/github.com/coreos/go-iptables/iptables/iptables.go +++ b/vendor/github.com/coreos/go-iptables/iptables/iptables.go @@ -48,9 +48,13 @@ func (e *Error) Error() string { // IsNotExist returns true if the error is due to the chain or rule not existing func (e *Error) IsNotExist() bool { - return e.ExitStatus() == 1 && - (e.msg == fmt.Sprintf("%s: Bad rule (does a matching rule exist in that chain?).\n", getIptablesCommand(e.proto)) || - e.msg == fmt.Sprintf("%s: No chain/target/match by that name.\n", getIptablesCommand(e.proto))) + if e.ExitStatus() != 1 { + return false + } + cmdIptables := getIptablesCommand(e.proto) + msgNoRuleExist := fmt.Sprintf("%s: Bad rule (does a matching rule exist in that chain?).\n", cmdIptables) + msgNoChainExist := fmt.Sprintf("%s: No chain/target/match by that name.\n", cmdIptables) + return strings.Contains(e.msg, msgNoRuleExist) || strings.Contains(e.msg, msgNoChainExist) } // Protocol to differentiate between IPv4 and IPv6 @@ -101,7 +105,13 @@ func NewWithProtocol(proto Protocol) (*IPTables, error) { return nil, err } vstring, err := getIptablesVersionString(path) + if err != nil { + return nil, fmt.Errorf("could not get iptables version: %v", err) + } v1, v2, v3, mode, err := extractIptablesVersion(vstring) + if err != nil { + return nil, fmt.Errorf("failed to extract iptables version from [%s]: %v", vstring, err) + } checkPresent, waitPresent, randomFullyPresent := getIptablesCommandSupport(v1, v2, v3) @@ -348,18 +358,6 @@ func (ipt *IPTables) executeList(args []string) ([]string, error) { rules = rules[:len(rules)-1] } - // nftables mode doesn't return an error code when listing a non-existent - // chain. Patch that up. - if len(rules) == 0 && ipt.mode == "nf_tables" { - v := 1 - return nil, &Error{ - cmd: exec.Cmd{Args: args}, - msg: fmt.Sprintf("%s: No chain/target/match by that name.\n", getIptablesCommand(ipt.proto)), - proto: ipt.proto, - exitStatus: &v, - } - } - for i, rule := range rules { rules[i] = filterRuleOutput(rule) } @@ -437,6 +435,7 @@ func (ipt *IPTables) runWithOutput(args []string, stdout io.Writer) error { } ul, err := fmu.tryLock() if err != nil { + syscall.Close(fmu.fd) return err } defer ul.Unlock() diff --git a/vendor/modules.txt b/vendor/modules.txt index e20b39ba1d..8976a0450b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -172,7 +172,7 @@ github.com/containerd/cgroups/v2 github.com/containerd/cgroups/v2/stats # github.com/containerd/console v1.0.0 => github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 github.com/containerd/console -# github.com/containerd/containerd v1.4.0 => github.com/rancher/containerd v1.4.0-k3s1 +# github.com/containerd/containerd v1.4.0 => github.com/rancher/containerd v1.4.1-k3s1 ## explicit github.com/containerd/containerd github.com/containerd/containerd/api/events @@ -317,7 +317,7 @@ github.com/containerd/continuity/pathdriver github.com/containerd/continuity/proto github.com/containerd/continuity/syscallx github.com/containerd/continuity/sysx -# github.com/containerd/cri v1.11.1-0.20200820101445-b0cc07999aa5 +# github.com/containerd/cri v1.11.1-0.20200820101445-b0cc07999aa5 => github.com/rancher/cri v1.4.0-k3s.1 ## explicit github.com/containerd/cri github.com/containerd/cri/pkg/annotations @@ -348,7 +348,7 @@ github.com/containerd/cri/pkg/streaming/remotecommand github.com/containerd/cri/pkg/util # github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b => github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c github.com/containerd/fifo -# github.com/containerd/go-cni v1.0.0 +# github.com/containerd/go-cni v1.0.1 github.com/containerd/go-cni # github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328 => github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328 github.com/containerd/go-runc @@ -367,8 +367,7 @@ github.com/containernetworking/cni/pkg/types/020 github.com/containernetworking/cni/pkg/types/current github.com/containernetworking/cni/pkg/utils github.com/containernetworking/cni/pkg/version -# github.com/containernetworking/plugins v0.8.2 -## explicit +# github.com/containernetworking/plugins v0.8.6 github.com/containernetworking/plugins/pkg/ns # github.com/containers/ocicrypt v1.0.1 github.com/containers/ocicrypt @@ -391,7 +390,7 @@ github.com/coreos/flannel/network github.com/coreos/flannel/pkg/ip github.com/coreos/flannel/subnet github.com/coreos/flannel/subnet/kube -# github.com/coreos/go-iptables v0.4.2 +# github.com/coreos/go-iptables v0.4.5 ## explicit github.com/coreos/go-iptables/iptables # github.com/coreos/go-oidc v2.1.0+incompatible @@ -2928,8 +2927,9 @@ vbom.ml/util/sortorder # github.com/containerd/btrfs => github.com/containerd/btrfs v0.0.0-20181101203652-af5082808c83 # github.com/containerd/cgroups => github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59 # github.com/containerd/console => github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 -# github.com/containerd/containerd => github.com/rancher/containerd v1.4.0-k3s1 +# github.com/containerd/containerd => github.com/rancher/containerd v1.4.1-k3s1 # github.com/containerd/continuity => github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 +# github.com/containerd/cri => github.com/rancher/cri v1.4.0-k3s.1 # github.com/containerd/fifo => github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c # github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328 # github.com/containerd/typeurl => github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd