No need to dereference the environment variable. Doing so will result in
a true evaluation, which was causing NEMU to be tracked as built, when
it actually wasn't. This only impacts 1.x workflows, and is why it
wasn't caught with 2.x release process.
Fixes: #1273
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
- actions: Pin to a particular sha for actions
- actions: Add action to perform checks for pull requests
57b64f35 actions: Pin to a particular sha for actions
1b157e50 actions: Add github actions to perform DCO check
0d96145c actions: Add action to perform WIP check for pull requests
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Since actions can access the github token, lets use a
particular version of sha rather than using master.
Fixes: #437
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Use github actions for performing WIP checks on PRs.
The action checks for keywords in subject line
as well labels.
Fixes: #437
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
- agent: fix protobuf depenedency
- ci: install rust back to 1.42.0 to avoid ci failure.
- release: actions: pin artifact to v1
1f21947d agent: fix protobuf depenedency
ba3078b8 ci: install rust back to 1.42.0 to avoid ci failure.
bf567135 release: actions: pin artifact to v1
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
There maybe a bug in the 1.43.1 cargo, so we need install rust back
to 1.42.0 to avoid the failure when make the rust agent using the latest
rust.
Fixes: #202
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
the actions upload/download-artifact moved to a new version
and master now is not comptible.
Fixes: #211
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
- Fix potentianl crash
- sandbox: fix the issue of missing setting hostname
- unify the rustjail's log to contain container id and exec id
- Refactor the way of creating container process
ba3c732 grpc: fix the issue of potential crashes
32431d7 rpc: fix the issue of kill container process
986e666 sandbox: fix the issue of missing setting hostname
7d9bdf7 grpc: Fix the issue passing wrong exec_id to exec process
9220fb8 rustjail: unify the rustjail's log to contain container id and exec id
c1b6838 rustjail: refactoring the way of creating container process
e56b10f rustjail: remove the unused imported crates
ded27f4 oci: add Default and Clone to oci spec objects
7df8ede rustjail: replace protocol spec with oci spec
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
It's better to check whether the sandbox's get_container
result instead of unwrap it directly, otherwise it would
crash the agent if the conainer id is invalid.
Fixes: #178
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
When kill a process, if the exec id is empty, then
it means to kill all processes in the container, if
the exec id isn't empty, then it will only kill the
specific exec process.
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Add the container id and exec id to start container's log
which would make it clearly to check the log.
Fixes: #173
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
In the previous implementation, create a container process
by forking the parent process as the container process,
and then at the forked child process do much more setting,
such as rootfs mounting, drop capabilities and so on, at
last exec the container entry cmd to switch into container
process.
But since the parent is a muti thread process, which would
cause a dead lock in the forked child. For example, if one
of the parent process's thread do some malloc operation, which
would take a mutex lock, and at the same time, the parent forked
a child process, since the mutex lock status would be inherited
by the child process but there's no chance to release the lock
in the child since the child process only has a single thread
which would meet a dead lock if it would do some malloc operation.
Thus, the new implementation would do exec directly after forked
and then do the setting in the exec process. Of course, this requred
a data communication between parent and child since the child cannot
depends on the shared memory by fork way.
Fixes: #166Fixes: #133
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
- actions: Add verbose information
- systemd-service: build rust-agent systemd services
- grpc: fix the issue of crash agent when didn't find the process
cd233c0 actions: Add verbose information
f0eaeac path-absolutize: version update
3136712 systemd-service: build rust-agent systemd services
289d617 grpc: fix the issue of crash agent when didn't find the process
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Adds a cmdline option to configure the stdout/stderr pipe sizes.
Uses `F_SETPIPE_SZ` to resize the write side of the pipe after
creation.
Example Cmdline option: `agent.container_pipe_size=2097152`
fixes#152
Signed-off-by: Alex Price <aprice@atlassian.com>
