github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-08-12 12:01:50 +00:00
Code Issues Projects Releases Wiki Activity
7,123 Commits 1 Branch 27 Tags 240 MiB
8972f35d9a
Commit Graph

7123 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Justin Cormack
167d739354
Merge pull request #2833 from justincormack/mobyup 
Update Moby tool
 2018-01-04 15:32:23 +00:00
Justin Cormack
976eab2499
Merge pull request #2832 from tklauser/unix-reboot 
Use pure Go unix.Reboot function in rc.init
 2018-01-04 15:01:52 +00:00
Justin Cormack
baac3e98c9 Update linuxkit deps in line with moby 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2018-01-04 13:55:42 +00:00
Tobias Klauser
a43bfba832 Update YAML files to linuxkit/init:5a577d070817b4f17821657823082651baafd4ed 
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
 2018-01-04 14:18:53 +01:00
Tobias Klauser
642c6f23ac Use pure Go unix.Reboot function in rc.init 
Use unix.Reboot from golang.org/x/sys/unix for poweroff and reboot
instead of relying on external commands.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
 2018-01-04 13:16:28 +01:00
Justin Cormack
b0ea58bd90 Update Moby tool 
- containerd 1.0 vendoring
- yaml omitempty
- null pointer dereference

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2018-01-04 12:14:51 +00:00
Justin Cormack
1aca4eefa5
Merge pull request #190 from ijc/containerd-v1.0.0-rc.0 
Bump to containerd v1.0.0
 2018-01-04 11:28:10 +00:00
Justin Cormack
b5615a3714
Merge pull request #192 from w9n/fix_empty_container_config 
allow ImageInspect.Config to be nil when parsing
 2018-01-04 11:27:42 +00:00
Justin Cormack
41d67e3bf3
Merge pull request #194 from w9n/yml_omitempty 
add omitempty for yml config
 2018-01-04 11:26:54 +00:00
Rolf Neugebauer
c84b6ea474
Merge pull request #2831 from rn/kup 
Kernel update to 4.14.11/4.9.74/4.4.109
 2018-01-03 14:58:33 +00:00
Rolf Neugebauer
b646fccc04 Update YAML files to latest kernels 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-03 11:56:10 +00:00
Rolf Neugebauer
821cb0b829 kernel: Enable KPTI for 4.14 on x86_64 
This is the new Lernel Page Table Isolation (KPTI,
formerly KAISER) introduced with 4.14.11 (and in
4.15.rcX).

KPTI runs the kernel and userspace off separate
pagetables (and uses PCID on more recent processors
to minimise the TLB flush penalty). It comes with
a performance hit but is enabled by default as a
workaround around some serious, not yet disclosed,
bug in Intel processors.

When enabled in the kernel config, KPTI will be
be dynamically enabled at boot time deping on the
CPU it is executing (currently all Intel x86 CPUs).

Depending on the environment, you may choose to
disable it using 'pti=off' on the kernel commandline.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-03 11:21:04 +00:00
Rolf Neugebauer
7abc1df0ad kernel: Update to 4.14.11/4.9.74/4.4.109 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-03 11:03:52 +00:00
Rolf Neugebauer
ff91872969
Merge pull request #2823 from eyz/sysctlCommentFixSetWarnsNoReadonly 
pkg/sysctl fixes: support commented KV lines, additional seperator and comment character, no post-crit KV set skips
 2018-01-02 16:11:15 +00:00
Isaac Rodman
f42922f6c8 Updated image tag to linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 
Signed-off-by: Isaac Rodman <isaac@eyz.us>
 2018-01-02 07:43:06 -07:00
isaac.rodman
6ac2ab8924 pkg/sysctl fixes: support commented KV lines, no post-crit KV set skips, support adding sysctl .conf files 
- Previously, KV lines which were commented would attempt to be set. Now any commented KV lines will also be ignored.
- Comments can start with a hash or semicolon
- Splitting KV on both period and forward slash
- Some kernels may not have certain features enabled (such as IPv6) in the default etc/sysctl.d/*.conf, and thus pkg/sysctl would only set the KV until the first failure, and then silently skip the rest of the KVs. Now any failure is logged as a WARN, and those lines can now be commented per the above change, as they will be identified.

Signed-off-by: Isaac Rodman <isaac@eyz.us>
 2018-01-02 07:33:13 -07:00
Justin Cormack
9e65276160
Merge pull request #2821 from rgl/master 
add the -gui flag to vbox run
 2018-01-02 11:06:22 +00:00
Rolf Neugebauer
53d48363f1
Merge pull request #2828 from rn/more-kern 
kernel update to 4.14.10/4.9.73 (plus wireguard update)
 2017-12-31 00:40:08 +01:00
Rolf Neugebauer
e50d0da7ea Update YAML files to latest kernels 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-30 16:18:41 +00:00
Rolf Neugebauer
37291f5967 kernel: Update to 4.14.10/4.9.73 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-30 16:11:10 +00:00
Rolf Neugebauer
57c8383ce0 kernel: Update WireGuard to 0.0.20171221 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-30 16:08:43 +00:00
Justin Cormack
f8b3ee798f
Merge pull request #2825 from rn/kern-up 
Update kernels
 2017-12-28 22:57:26 +00:00
Rolf Neugebauer
09558c35ed Update YAML files to latest kernels 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-28 20:19:55 +00:00
Rolf Neugebauer
8419b030c0 kernel: Adjust 4.14.x config for x86_64 
The UNWINDER config options where renamed in:
8af220c9e240 ("x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*'")

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-28 17:57:43 +00:00
Rolf Neugebauer
dfb1982c65 kernel: Update to 4.14.9/4.9.72/4.4.108 
This contains the fixes to the eBPF verifier which allowed
privilege escalation in 4.9 and 4.14 kernels.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-28 16:43:14 +00:00
Rolf Neugebauer
e140ab4acc kernel: Update to 4.14.8/4.9.71/4.4.107 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-28 14:48:20 +00:00
Rolf Neugebauer
b5d4940f4e
Merge pull request #2824 from justincormack/aws-fixes 
Fix sriov flag on AWS
 2017-12-27 22:49:59 +01:00
Justin Cormack
d04e9ba2a2 Improve docs for vmimport to mention role. 
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
 2017-12-27 19:12:46 +00:00
Justin Cormack
1e97929ec5 Fix sriov flag on AWS 
This needs to be set to nil if empty.

Signed-off-by: Justin Cormack <justin@specialbusservice.com>
 2017-12-27 18:17:45 +00:00
Robin Winkelewski
175fadb3d4 add omitempty for yml config 
Signed-off-by: Robin Winkelewski <w9ncontact@gmail.com>
 2017-12-27 03:08:44 +01:00
Rolf Neugebauer
d19adc172f
Merge pull request #2822 from rn/ebpf-priv-esc 
Mitigate ebpf privilege escalation
 2017-12-26 09:59:16 +01:00
Rolf Neugebauer
9b3f2b301e Update YAML files with new sysctl package 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-25 15:52:30 +01:00
Rolf Neugebauer
720fb219ce pkg/sysctl: Prevent ebpf privilege escalation 
On 4.9.x and 4.14.x kernels ebpf verifier bugs allow ebpf
programs to access (read/write) random memory. Setting
kernel.unprivileged_bpf_disabled=1 mitigates this somewhat
until it is fixed upstream.

See:
- https://lwn.net/Articles/742170
- https://lwn.net/Articles/742169

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-25 15:32:57 +01:00
Rui Lopes
f36b4a7e59 add the -gui flag to vbox run 
Signed-off-by: Rui Lopes <rgl@ruilopes.com>
 2017-12-24 10:15:02 +00:00
Ian Campbell
a7e7a39f89
Merge pull request #2818 from errordeveloper/master 
Improve error message for new packages
 2017-12-19 11:04:08 +00:00
Rolf Neugebauer
a763c8eeb6
Merge pull request #2819 from rn/kup 
Kernel update to 4.14.7/4.9.70/4.4.106
 2017-12-18 19:05:27 +00:00
Rolf Neugebauer
a3d46fd491 Update YAMLs to latest kernel 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-18 16:59:21 +00:00
Rolf Neugebauer
467c1af0e2 kernel: Update to 4.14.7/4.9.70/4.4.106 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-18 16:59:21 +00:00
Rolf Neugebauer
36e46a55c8 kernel: Add forcepush/forcebuild targets for kernel and perf packages 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-18 16:59:21 +00:00
Ilya Dmitrichenko
142ebf6f82
Improve error message for new packages 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-12-18 16:46:00 +00:00
Justin Cormack
8eeda0164b
Merge pull request #2811 from ijc/update-moby-tool 
Bump moby tool to d9d2a91780
 2017-12-18 13:55:31 +00:00
Rolf Neugebauer
256ca3340a
Merge pull request #2814 from ijc/use-auditd-package 
Use auditd package from Alpine 3.7
 2017-12-15 18:16:54 +00:00
Rolf Neugebauer
8502b28269
Merge pull request #2815 from ijc/pointer-to-moby-docs 
README: Add a pointer to the moby tool yml docs.
 2017-12-15 18:15:01 +00:00
Ian Campbell
10cede2e03 README: Add a pointer to the moby tool yml docs. 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-12-15 11:17:57 +00:00
Ian Campbell
abf0a5d098 auditd: Use package from alpine 3.7 
This was added to alpine since our package was created. Now we have upgraded we
can just use the binary.

The package contains an auditd.conf but we have a tweak local copy which writes
to stdio (which goes to /var/log/auditd.*.log already). The package doesn't
have an audit.rules so keep that here too.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-12-15 11:07:55 +00:00
Ian Campbell
d01f4e97d7 Add audit package to mirror. 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-12-15 11:00:19 +00:00
Ian Campbell
de242facca auditd: move config into build.yml 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-12-15 10:16:37 +00:00
Justin Cormack
336e0e6704
Merge pull request #2784 from Manouchehri/vagrant 
Added initial Vagrant support.
 2017-12-14 15:17:45 -08:00
Rolf Neugebauer
f0e046c30e
Merge pull request #2812 from rn/kern-up 
Update kernels to 4.14.6/4.9.69
 2017-12-14 16:43:00 +00:00
Rolf Neugebauer
5bf636b9aa Update YAML files to latest kernels 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-14 12:50:05 +00:00