Release notes:
https://github.com/opencontainers/runc/releases/tag/v1.1.3
In particular, this one is important:
* Retry on dbus disconnect logic in libcontainer/cgroups/systemd now
works as intended; this fix does not affect runc binary itself but
is important for libcontainer users such as Kubernetes. (#3476)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This updates vendored runc/libcontainer to 1.1.0,
and google/cadvisor to a version updated to runc 1.1.0
(google/cadvisor#3048).
Changes in vendor are generated by (roughly):
./hack/pin-dependency.sh github.com/google/cadvisor v0.44.0
./hack/pin-dependency.sh github.com/opencontainers/runc v1.1.0
./hack/update-vendor.sh
./hack/lint-dependencies.sh # And follow all its recommendations.
./hack/update-vendor.sh
./hack/update-internal-modules.sh
./hack/lint-dependencies.sh # Re-check everything again.
Co-Authored-By: Kir Kolyshkin <kolyshkin@gmail.com>
fix GetStats for unsupported hugetlb needed to run on RaspberryPi4 with non-hugetlb compiled kernel (standard). This includes the https://github.com/opencontainers/runc/pull/3233
Used commands from hack folder to generate the new dependency:
```
hack/pin-dependency.sh github.com/opencontainers/runc v1.0.3
hack/update-vendor.sh
hack/lint-dependencies.sh
```
For the complete release notes, see
- https://github.com/opencontainers/runc/releases/tag/v1.0.2
In particular, this fixes the check cgroup v1 systemd manager check
if a container needs to be frozen before Set(), and adds a knob to
skip the check/freeze entirely (to be used by the next commit).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This is to check if runc 1.0.0 (to be released shortly) works with k8s.
The commands used were (roughly):
hack/pin-dependency.sh github.com/opencontainers/runc v1.0.0
hack/lint-dependencies.sh
# Follow its recommendations.
hack/pin-dependency.sh github.com/cilium/ebpf v0.6.1
hack/pin-dependency.sh github.com/opencontainers/selinux v1.8.2
hack/pin-dependency.sh github.com/sirupsen/logrus v1.8.1
# Recheck.
hack/lint-dependencies.sh
GO111MODULE=on go mod edit -dropreplace github.com/willf/bitset
hack/update-vendor.sh
# Recheck.
hack/lint-dependencies.sh
hack/update-internal-modules.sh
# Recheck.
hack/lint-dependencies.sh
[v2: rebased, updated runc 3a0234e1fe2e82 -> 2f8e8e9d977500]
[v3: testing master + runc pr 3019]
[v4: updated to 93a01cd4d0b7a0f08a]
[v5: updated to f093cca13d3cf8a484]
[v6: rebased]
[v7: updated to runc v1.0.0]
[v8: rebased]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
runc rc95 contains a fix for CVE-2021-30465.
runc rc94 provides fixes and improvements.
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
when the systemd cgroup manager is used, controllers not handled by
systemd are created manually afterwards.
libcontainer didn't correctly cleanup these cgroups that were leaked
on cgroup v1.
Closes: https://github.com/kubernetes/kubernetes/issues/92766
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The upgrade of dependencies in #78187 introduced a regression in
detecting if SELinux is enabled or not. As the library requires
the golang build tag `selinux` to be enabled after that version update.
Fixes bug report #83679
PR opencontainers/runc#1754 works around an issue in manager.Apply(-1) that
makes Kubelet startup hang when using systemd cgroup driver (by adding a
timeout) and further PR opencontainers/runc#1772 fixes that bug by
checking the proper error status before waiting on the channel.
PR opencontainers/runc#1776 checks whether Delegate works in slices,
which keeps libcontainer systemd cgroup driver working on systemd v237+.
PR opencontainers/runc#1781 makes the channel buffered, so if we time
out waiting on the channel, the updater will not block trying to it
since there are no longer any consumers.
