People really want to play around with this, so adding them here makes
it possible. Just as iproute2 is part of these, so should
wireguard-tools.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commits an initial version of the Memorizer tracing tool. It collects and
outputs detailed data on the objects (traced from kmalloc/kmem_cache_alloc) and
accesses, tracking the context of each event with respect to thread ID, program
counter, and for allocations name of process.
Signed-off-by: Nathan Dautenhahn <ndd@cis.upenn.edu>
The motivation for this is networking out (in particular, testing NFS
support) from the VM.
We could be a lot more user friendly (a la libvirt) by creating the tap
device for users and allowing them to specify a bridge instead, but then
we'd need root to create this tap device. For now, let's make people do
their own tap devices, and just use them. A tap device can be created for a
bridge as follows:
# ip tuntap add linuxkit0 mode tap user `whoami`
# ip link set linuxkit0 up
# ip link set linuxkit0 master $bridge_name
and then used by:
$ ./bin/linuxkit run qemu -tap-device linuxkit0 linuxkit
Signed-off-by: Tycho Andersen <tycho@docker.com>
Since these are the user login containers, having the ability to add packages
is useful (e.g. I quite often find I want strace).
Doing this requires that we not share `/var` with the login containers since we
want the apk database therein. Previously it was thought that the containers
might need some parts of `/var` for `ctr` to work (e.g. `/var/lib/containerd`)
but this is not the case now (if it ever was) based on my testing.
Fixes#2206.
Signed-off-by: Ian Campbell <ijc@docker.com>
This is actually containerd#1141 rebased onto v1.0.0-alpha1.
The `dist` command has been integreated into `ctr` and so is removed, including
from the getty and sshd bind mounts and the test which uses it is updated..
There is no change to the version of runc vendored by containerd, so this is
unchanged.
Signed-off-by: Ian Campbell <ijc@docker.com>
If the configuration .json has contents like:
{
"etc": {
"ssl": {
"certs": {
"ca-certificates.crt": {
"perm": "0644",
"content": "large amount of certificate text"
}
}
}
},
...
}
then we print a warning because the node "ssl" has no "perm".
Previously the warning would include the contents of "ssl", which
would be large (and in theory could include secret information).
This patch modifies the warning print to only print the key and
not the value.
Without this patch, I see on the console:
2017/07/20 10:03:04 CDROM: Probe succeeded
2017/07/20 10:03:04 No permission provided ssl:map[certs:map[ca-certificates.crt:map[perm:0644 content:large amount of certificate text]]]
- 000-metadata
With this patch, I see on the console:
2017/07/20 09:54:18 CDROM: Probe succeeded
2017/07/20 09:54:18 No permission provided ssl
- 000-metadata
Signed-off-by: David Scott <dave.scott@docker.com>
It's slightly embarrassing that this old snapshot was kept around here
rotting for so long, but thankfully something is finally being done
about it.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
I noticed that running the runes in docs/vendoring.md made a bunch of files
which are omitted by modern vndr come back, presumably due to the old version
of vndr referenced there. So update the go-compile package to the current
version everywhere.
Also correct the use of `make` variable syntax (`$(PWD)`) where shell syntax
command substitution for `pwd` was desired.
Signed-off-by: Ian Campbell <ijc@docker.com>
The sample init script from opengcs is quite basic (and doesn't
set up several mounts and symlinks). Use the relevant portion
from rc.init from the LinuxKit init package instead.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Apart from adding the recursive target itself this required:
- Unescaping the @ in the image names, this was confusing `make` into always
rebuilding and wasn't necessary (I had previously thought I had seen oddities
due to these being interpreted by the `patsubst`, but I think that was just the
colons.
- Making the recursive rules silent (prepending an @), those command lines are
not especially enlightening and they obscure the output in the show-tags case.
With this the output is like:
$ make --no-print-directory -C image-cache/ show-tags
linuxkitprojects/kubernetes-image-cache-common:94a0715c6b3604e909bc0da74260dc7f1142d90d-dirty
linuxkitprojects/kubernetes-image-cache-control-plane:94a0715c6b3604e909bc0da74260dc7f1142d90d-dirty
Signed-off-by: Ian Campbell <ijc@docker.com>
The total size of the images in the common and control-plane cache is 251M and
528M respectively.
This changes drops the size of the cache images from 353M to 274M and from 630M
to 530M, reducing the overhead from ~100M to ~20M.
The initrd images shrink from 273M to 246M and from 416M to 363M (the initrd's
are compressed).
Signed-off-by: Ian Campbell <ijc@docker.com>
