github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-12-26 13:02:48 +00:00
Code Issues Projects Releases Wiki Activity
7,896 Commits 1 Branch 31 Tags
01e242cad1500abb84ef31876c2f0d5461939bc7
Commit Graph

625 Commits

Author SHA1 Message Date
Dave Tucker
01e242cad1 trim-after-delete: Add go.mod 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 21:11:48 +00:00
Dave Tucker
158461502a sysfs: Add go.mod 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 21:11:48 +00:00
Dave Tucker
3244052389 sysctl: Add go.mod 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 21:11:48 +00:00
Dave Tucker
af7b87e99a mount: Use Go Modules 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 21:11:43 +00:00
Dave Tucker
93df9f736c memlogd: Use Go Modules 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 20:18:39 +00:00
Dave Tucker
3594ec48d4 logwrite: Use Go Modules 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 20:18:38 +00:00
Dave Tucker
0ee4d71562 kmsg: Use Go Modules 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 20:18:38 +00:00
Dave Tucker
65da053ac3 host-timesync-daemon: Use Go Modules 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 20:18:38 +00:00
Dave Tucker
599aedc9c5 format: Use Go Modules 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 20:18:38 +00:00
Dave Tucker
4ededf5ca3 extend: Migrate to Go Modules 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 20:18:38 +00:00
Dave Tucker
b22a7853a0 binfmt: Migrate to Go Modules 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 20:18:38 +00:00
Dave Tucker
fcaab549fe init: Migrate to Go Modules 
Moves vendoring over to Go modules.
Fixes issues found by Go Vet in Go 1.16

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2022-01-11 20:18:37 +00:00
Rolf Neugebauer
b5bf29c0f6 Merge pull request #3747 from sprat/fix-sshd 
Fix sshd
 2022-01-01 22:46:56 +00:00
Avi Deitcher
210a308602 Merge pull request #3746 from sprat/fix-openntpd 
openntpd: the "-s" flag is obsolete, this generates some error messages in the ntpd logs
 2021-12-29 21:24:02 +02:00
Sylvain Prat
a71a52b57c SSHd: allow access to all devices & fix a warning with tini 
Signed-off-by: Sylvain Prat <sylvain.prat@gmail.com>
 2021-12-22 19:03:43 +01:00
Sylvain Prat
42a3f80bec The "-s" flag is obsolete, this generates some errors messages in the ntpd logs 
Signed-off-by: Sylvain Prat <sylvain.prat@gmail.com>
 2021-12-22 17:13:59 +01:00
Frédéric Dalleau
3e38a8c323 Bump runc to 1.0.3 
Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
 2021-12-16 19:10:58 +01:00
Sylvain Prat
1c3e40ea2b Fixes #3738: add missing devices to acpid 
According to busybox' acpid code, acpid should be allowed to access /dev/input/event*, so we all all "input" devices (whose major number is 13)

Signed-off-by: Sylvain Prat <sylvain.prat@gmail.com>
 2021-12-09 21:05:34 +01:00
Avi Deitcher
4e7abb5250 document and simplify some releasing 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-11-29 16:39:06 +02:00
Emmanuel Briney
e254145257 Use RFC3339Nano for timestamps 
Signed-off-by: Emmanuel Briney <emmanuel.briney@docker.com>
 2021-11-26 16:41:51 +01:00
Avi Deitcher
7549a63c9f pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-11-09 14:02:42 +02:00
Tonis Tiigi
5af7c526ec init: add support for cgroupv2 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2021-10-24 23:03:51 -07:00
David Scott
476d5a0f2e Update alpine for containerd 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-21 11:34:59 +01:00
David Scott
7434e5f5aa pkg/kmsg: grant access to /dev/kmsg 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:02:44 +01:00
David Scott
6bc99c5ff2 pkg/metadata: grant access to all block devices 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:02:36 +01:00
David Scott
9209808ac3 pkg/losetup: grant access to all block devices 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:02:18 +01:00
David Scott
344d974ae1 pkg/extend: grant access to all block devices 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:02:11 +01:00
David Scott
71fa9f2cae pkg/dm-crypt: grant access to all devices 
The package needs block devices e.g. for /dev/sda

It also needs character devices for /dev/mapper/

Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:01:01 +01:00
David Scott
5895976b33 tools/mkimage: grant access to block devices 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:00:55 +01:00
David Scott
0cfaa9ce65 runc: update to v1.0.2 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:00:04 +01:00
Rolf Neugebauer
6efae97c20 Update alpine for containerd 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2021-10-16 16:57:15 +01:00
David Scott
7d76051bb0 runc: update to v1.0.0-rc95 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-16 16:57:15 +01:00
David Scott
46ea02f65b moby: device "all" will add to the cgroup whitelist 
After the runc security advisory[1] the default cgroup device
whitelist was changed.

In previous versions every container had "rwm" (read, write, mknod)
for every device ("a" for all). Typically this was overridden by
container engines like Docker. In LinuxKit we left the permissive
default.

In recent `runc` versions the default allow-all rule was removed,
so a container can only access a device if it is specifically
granted access, which LinuxKit handles via a device: entry.

However it is inconvenient for pkg/format, pkg/mount, pkg/swap
to list all possible block devices up-front. Therefore we add the
ability to grant access to an entire class of device with a single
rule:

```
- path: all
  type: b
```

Obviously a paranoid user can still override this with a specific
major/minor number in a device: rule.

[1] https://github.com/opencontainers/runc/security/advisories/GHSA-g54h-m393-cpwq

Signed-off-by: David Scott <dave@recoil.org>
 2021-10-14 16:14:21 +01:00
David Scott
24db42dd68 moby: add a Devices array to the image yml 
According to https://github.com/linuxkit/linuxkit/pull/3684#issuecomment-860128095

runc removed the console as a default device, so now it must be specified
explicitly in the OCI config.

See 60e21ec26e

The similar code in moby/moby is here: https://github.com/moby/moby/blob/master/oci/devices_linux.go

This patch allows packages to declare a `devices` array, which can contain `/dev/console` etc.

Signed-off-by: David Scott <dave@recoil.org>
 2021-10-14 16:14:05 +01:00
David Scott
e463855425 trim-after-delete: avoid building on s390x 
Signed-off-by: David Scott <dave@recoil.org>
 2021-05-18 13:39:20 +01:00
Anca Iordache
d326c1b2e6 Add more event types to trigger fstrim 
Signed-off-by: Anca Iordache <anca.iordache@docker.com>
 2021-05-12 16:12:14 +02:00
Avi Deitcher
ef3e45ac02 pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-04-28 09:13:18 +03:00
Rolf Neugebauer
e48d5294ee Merge pull request #3539 from djs55/trim-after-delete-container 
trim-after-delete: handle containers and volumes as well as images
 2021-04-05 13:21:02 +01:00
Michael Aldridge
b820b0a129 Support metaldata metadata provider 
Signed-off-by: Michael Aldridge <aldridge.mac@gmail.com>
 2021-01-21 23:03:49 -08:00
Petr Fedchenkov
564a4ece26 strip containerd binaries 
Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>
 2021-01-06 19:04:49 +03:00
Avi Deitcher
203cbd9b9f multiple containerd options 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-21 11:11:48 +03:00
Avi Deitcher
54be4048f0 fix reversed equals error 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-19 20:54:14 +03:00
Avi Deitcher
865ed8a1ce add containerd cli opts 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-19 14:49:15 +03:00
David Scott
76c7f6c1a6 trim-after-delete: also handle containers and volumes 
We already run the command after an image delete but

- a container delete
- a volume delete

will also free space on the filesystem.

Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: David Scott <dave@recoil.org>
 2020-10-16 16:56:53 +01:00
Avi Deitcher
a1427d0b7b Merge pull request #3558 from deitch/containerd-141 
containerd 1.4.1 from latest version of lkt/alpine
 2020-10-08 10:39:44 +03:00
Avi Deitcher
3143c04de9 containerd 1.4.1 from latest version of lkt/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-07 20:33:08 +03:00
Avi Deitcher
26d46d6c82 include openssh-client in sshd pkg 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-07 20:15:28 +03:00
Rolf Neugebauer
ea8ecd146d pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-05-10 14:52:05 +01:00
Rolf Neugebauer
47063eee62 Merge pull request #3512 from saljam/master 
metadata: add support for digitalocean
 2020-05-08 11:53:50 +01:00
Justin Cormack
c01f72d556 Add Risc-V support and only ship binaries we use 
Ported from https://github.com/docker/binfmt/pull/21

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2020-05-07 11:53:30 +01:00