linuxkit

mirror of https://github.com/linuxkit/linuxkit.git synced 2025-10-29 17:11:52 +00:00

Author	SHA1	Message	Date
Dave Tucker	fcaab549fe	init: Migrate to Go Modules Moves vendoring over to Go modules. Fixes issues found by Go Vet in Go 1.16 Signed-off-by: Dave Tucker <dave@dtucker.co.uk>	2022-01-11 20:18:37 +00:00
Rolf Neugebauer	b5bf29c0f6	Merge pull request #3747 from sprat/fix-sshd Fix sshd	2022-01-01 22:46:56 +00:00
Avi Deitcher	210a308602	Merge pull request #3746 from sprat/fix-openntpd openntpd: the "-s" flag is obsolete, this generates some error messages in the ntpd logs	2021-12-29 21:24:02 +02:00
Sylvain Prat	a71a52b57c	SSHd: allow access to all devices & fix a warning with tini Signed-off-by: Sylvain Prat <sylvain.prat@gmail.com>	2021-12-22 19:03:43 +01:00
Sylvain Prat	42a3f80bec	The "-s" flag is obsolete, this generates some errors messages in the ntpd logs Signed-off-by: Sylvain Prat <sylvain.prat@gmail.com>	2021-12-22 17:13:59 +01:00
Frédéric Dalleau	3e38a8c323	Bump runc to 1.0.3 Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>	2021-12-16 19:10:58 +01:00
Sylvain Prat	1c3e40ea2b	Fixes #3738 : add missing devices to acpid According to busybox' acpid code, acpid should be allowed to access /dev/input/event*, so we all all "input" devices (whose major number is 13) Signed-off-by: Sylvain Prat <sylvain.prat@gmail.com>	2021-12-09 21:05:34 +01:00
Avi Deitcher	4e7abb5250	document and simplify some releasing Signed-off-by: Avi Deitcher <avi@deitcher.net>	2021-11-29 16:39:06 +02:00
Emmanuel Briney	e254145257	Use RFC3339Nano for timestamps Signed-off-by: Emmanuel Briney <emmanuel.briney@docker.com>	2021-11-26 16:41:51 +01:00
Avi Deitcher	7549a63c9f	pkgs: Update packages to the latest linuxkit/alpine Signed-off-by: Avi Deitcher <avi@deitcher.net>	2021-11-09 14:02:42 +02:00
Tonis Tiigi	5af7c526ec	init: add support for cgroupv2 Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>	2021-10-24 23:03:51 -07:00
David Scott	476d5a0f2e	Update alpine for containerd Signed-off-by: David Scott <dave@recoil.org>	2021-10-21 11:34:59 +01:00
David Scott	7434e5f5aa	pkg/kmsg: grant access to /dev/kmsg Signed-off-by: David Scott <dave@recoil.org>	2021-10-18 21:02:44 +01:00
David Scott	6bc99c5ff2	pkg/metadata: grant access to all block devices Signed-off-by: David Scott <dave@recoil.org>	2021-10-18 21:02:36 +01:00
David Scott	9209808ac3	pkg/losetup: grant access to all block devices Signed-off-by: David Scott <dave@recoil.org>	2021-10-18 21:02:18 +01:00
David Scott	344d974ae1	pkg/extend: grant access to all block devices Signed-off-by: David Scott <dave@recoil.org>	2021-10-18 21:02:11 +01:00
David Scott	71fa9f2cae	pkg/dm-crypt: grant access to all devices The package needs block devices e.g. for /dev/sda It also needs character devices for /dev/mapper/ Signed-off-by: David Scott <dave@recoil.org>	2021-10-18 21:01:01 +01:00
David Scott	5895976b33	tools/mkimage: grant access to block devices Signed-off-by: David Scott <dave@recoil.org>	2021-10-18 21:00:55 +01:00
David Scott	0cfaa9ce65	runc: update to v1.0.2 Signed-off-by: David Scott <dave@recoil.org>	2021-10-18 21:00:04 +01:00
Rolf Neugebauer	6efae97c20	Update alpine for containerd Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>	2021-10-16 16:57:15 +01:00
David Scott	7d76051bb0	runc: update to v1.0.0-rc95 Signed-off-by: David Scott <dave@recoil.org>	2021-10-16 16:57:15 +01:00
David Scott	46ea02f65b	moby: device "all" will add to the cgroup whitelist After the runc security advisory[1] the default cgroup device whitelist was changed. In previous versions every container had "rwm" (read, write, mknod) for every device ("a" for all). Typically this was overridden by container engines like Docker. In LinuxKit we left the permissive default. In recent `runc` versions the default allow-all rule was removed, so a container can only access a device if it is specifically granted access, which LinuxKit handles via a device: entry. However it is inconvenient for pkg/format, pkg/mount, pkg/swap to list all possible block devices up-front. Therefore we add the ability to grant access to an entire class of device with a single rule: ``` - path: all type: b ``` Obviously a paranoid user can still override this with a specific major/minor number in a device: rule. [1] https://github.com/opencontainers/runc/security/advisories/GHSA-g54h-m393-cpwq Signed-off-by: David Scott <dave@recoil.org>	2021-10-14 16:14:21 +01:00
David Scott	24db42dd68	moby: add a Devices array to the image yml According to https://github.com/linuxkit/linuxkit/pull/3684#issuecomment-860128095 runc removed the console as a default device, so now it must be specified explicitly in the OCI config. See `60e21ec26e` The similar code in moby/moby is here: https://github.com/moby/moby/blob/master/oci/devices_linux.go This patch allows packages to declare a `devices` array, which can contain `/dev/console` etc. Signed-off-by: David Scott <dave@recoil.org>	2021-10-14 16:14:05 +01:00
David Scott	e463855425	trim-after-delete: avoid building on s390x Signed-off-by: David Scott <dave@recoil.org>	2021-05-18 13:39:20 +01:00
Anca Iordache	d326c1b2e6	Add more event types to trigger fstrim Signed-off-by: Anca Iordache <anca.iordache@docker.com>	2021-05-12 16:12:14 +02:00
Avi Deitcher	ef3e45ac02	pkgs: Update packages to the latest linuxkit/alpine Signed-off-by: Avi Deitcher <avi@deitcher.net>	2021-04-28 09:13:18 +03:00
Sebastiaan van Stijn	a63ff3c480	pkg/trim-after-delete: make docker socket path configurable Docker Desktop proxies the docker socket at its default location (/var/run/docker.sock), but allows connecting to the non-proxied socket through /var/run/docker.sock.raw. This patch allows the trim-after-delete utility to customize the docker socket path, so that it can connect to the non-proxied socket. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-04-21 13:11:12 +02:00
Rolf Neugebauer	e48d5294ee	Merge pull request #3539 from djs55/trim-after-delete-container trim-after-delete: handle containers and volumes as well as images	2021-04-05 13:21:02 +01:00
Michael Aldridge	b820b0a129	Support metaldata metadata provider Signed-off-by: Michael Aldridge <aldridge.mac@gmail.com>	2021-01-21 23:03:49 -08:00
Petr Fedchenkov	564a4ece26	strip containerd binaries Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>	2021-01-06 19:04:49 +03:00
Avi Deitcher	203cbd9b9f	multiple containerd options Signed-off-by: Avi Deitcher <avi@deitcher.net>	2020-10-21 11:11:48 +03:00
Avi Deitcher	54be4048f0	fix reversed equals error Signed-off-by: Avi Deitcher <avi@deitcher.net>	2020-10-19 20:54:14 +03:00
Avi Deitcher	865ed8a1ce	add containerd cli opts Signed-off-by: Avi Deitcher <avi@deitcher.net>	2020-10-19 14:49:15 +03:00
David Scott	76c7f6c1a6	trim-after-delete: also handle containers and volumes We already run the command after an image delete but - a container delete - a volume delete will also free space on the filesystem. Co-authored-by: Sebastiaan van Stijn <github@gone.nl> Signed-off-by: David Scott <dave@recoil.org>	2020-10-16 16:56:53 +01:00
Avi Deitcher	a1427d0b7b	Merge pull request #3558 from deitch/containerd-141 containerd 1.4.1 from latest version of lkt/alpine	2020-10-08 10:39:44 +03:00
Avi Deitcher	3143c04de9	containerd 1.4.1 from latest version of lkt/alpine Signed-off-by: Avi Deitcher <avi@deitcher.net>	2020-10-07 20:33:08 +03:00
Avi Deitcher	26d46d6c82	include openssh-client in sshd pkg Signed-off-by: Avi Deitcher <avi@deitcher.net>	2020-10-07 20:15:28 +03:00
Rolf Neugebauer	ea8ecd146d	pkgs: Update packages to the latest linuxkit/alpine Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>	2020-05-10 14:52:05 +01:00
Rolf Neugebauer	47063eee62	Merge pull request #3512 from saljam/master metadata: add support for digitalocean	2020-05-08 11:53:50 +01:00
Justin Cormack	c01f72d556	Add Risc-V support and only ship binaries we use Ported from https://github.com/docker/binfmt/pull/21 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2020-05-07 11:53:30 +01:00
Rolf Neugebauer	dbcf2611a0	Merge pull request #3515 from justincormack/qemu-up Update to Qemu 4.2.0 from Debian testing	2020-05-06 23:27:53 +01:00
Ilya Dmitrichenko	86fb6ba0aa	pkg/init: Mount /sys/fs/bpf NOTE: This will be a shared mount, due to root being turned into a shared with `MC_REC` set: `mount("", "/", "", rec\|shared, "")`. For some reason setting `shared` when mounting `/sys/fs/bpf` doesn't work at all, perhaps that's just a kernel feature. Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>	2020-05-06 11:06:54 +01:00
Justin Cormack	d2f55af35c	Update to Qemu 4.2.0 from Debian testing This has fixed a lot of outstanding emulation issues, see comments in https://github.com/docker/binfmt/pull/24 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2020-05-04 16:22:52 +01:00
salman aljammaz	35ae4e028c	metadata: add support for digitalocean This adds support for fetching metadata and user data from the DigitalOcean metadata service. https://www.digitalocean.com/docs/droplets/resources/metadata/ Signed-off-by: salman aljammaz <s@aljmz.com>	2020-05-02 11:24:11 -04:00
Avi Deitcher	3678adeca8	find cloud-init on cdrom by label Signed-off-by: Avi Deitcher <avi@deitcher.net>	2020-04-27 17:00:42 +03:00
Rolf Neugebauer	2427145dfc	pkg/init: Revert "workaround bad containerd bug" This reverts commit `6653c3387e`. Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>	2020-04-26 22:49:48 +01:00
Rolf Neugebauer	1b8cb8b235	pkg/runc: Update to v1.0.0-rc10 Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>	2020-04-26 22:47:48 +01:00
Rolf Neugebauer	db1f9c8dc8	pkgs" Update containerd to v1.3.4 Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>	2020-04-26 22:47:48 +01:00
Federico Pellegatta	6133c561fd	Add GUID Partition Table (GPT) support to extend and mount packages Signed-off-by: Federico Pellegatta <12744504+federico-pellegatta@users.noreply.github.com>	2020-04-24 12:54:48 +02:00
Federico Pellegatta	5fc196c289	Add partition table type selector (defaulted to DOS/MBR) to format package Signed-off-by: Federico Pellegatta <12744504+federico-pellegatta@users.noreply.github.com>	2020-04-23 10:16:36 +02:00

1 2 3 4 5 ...

715 Commits