github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-01-16 16:31:21 +00:00
Code Issues Projects Releases Wiki Activity
7,866 Commits 1 Branch 31 Tags
f5a720bcbb49f51a25517ee93dd458996023157f
Commit Graph

607 Commits

Author SHA1 Message Date
Avi Deitcher
4e7abb5250 document and simplify some releasing 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-11-29 16:39:06 +02:00
Emmanuel Briney
e254145257 Use RFC3339Nano for timestamps 
Signed-off-by: Emmanuel Briney <emmanuel.briney@docker.com>
 2021-11-26 16:41:51 +01:00
Avi Deitcher
7549a63c9f pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-11-09 14:02:42 +02:00
Tonis Tiigi
5af7c526ec init: add support for cgroupv2 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2021-10-24 23:03:51 -07:00
David Scott
476d5a0f2e Update alpine for containerd 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-21 11:34:59 +01:00
David Scott
7434e5f5aa pkg/kmsg: grant access to /dev/kmsg 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:02:44 +01:00
David Scott
6bc99c5ff2 pkg/metadata: grant access to all block devices 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:02:36 +01:00
David Scott
9209808ac3 pkg/losetup: grant access to all block devices 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:02:18 +01:00
David Scott
344d974ae1 pkg/extend: grant access to all block devices 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:02:11 +01:00
David Scott
71fa9f2cae pkg/dm-crypt: grant access to all devices 
The package needs block devices e.g. for /dev/sda

It also needs character devices for /dev/mapper/

Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:01:01 +01:00
David Scott
5895976b33 tools/mkimage: grant access to block devices 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:00:55 +01:00
David Scott
0cfaa9ce65 runc: update to v1.0.2 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-18 21:00:04 +01:00
Rolf Neugebauer
6efae97c20 Update alpine for containerd 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2021-10-16 16:57:15 +01:00
David Scott
7d76051bb0 runc: update to v1.0.0-rc95 
Signed-off-by: David Scott <dave@recoil.org>
 2021-10-16 16:57:15 +01:00
David Scott
46ea02f65b moby: device "all" will add to the cgroup whitelist 
After the runc security advisory[1] the default cgroup device
whitelist was changed.

In previous versions every container had "rwm" (read, write, mknod)
for every device ("a" for all). Typically this was overridden by
container engines like Docker. In LinuxKit we left the permissive
default.

In recent `runc` versions the default allow-all rule was removed,
so a container can only access a device if it is specifically
granted access, which LinuxKit handles via a device: entry.

However it is inconvenient for pkg/format, pkg/mount, pkg/swap
to list all possible block devices up-front. Therefore we add the
ability to grant access to an entire class of device with a single
rule:

```
- path: all
  type: b
```

Obviously a paranoid user can still override this with a specific
major/minor number in a device: rule.

[1] https://github.com/opencontainers/runc/security/advisories/GHSA-g54h-m393-cpwq

Signed-off-by: David Scott <dave@recoil.org>
 2021-10-14 16:14:21 +01:00
David Scott
24db42dd68 moby: add a Devices array to the image yml 
According to https://github.com/linuxkit/linuxkit/pull/3684#issuecomment-860128095

runc removed the console as a default device, so now it must be specified
explicitly in the OCI config.

See 60e21ec26e

The similar code in moby/moby is here: https://github.com/moby/moby/blob/master/oci/devices_linux.go

This patch allows packages to declare a `devices` array, which can contain `/dev/console` etc.

Signed-off-by: David Scott <dave@recoil.org>
 2021-10-14 16:14:05 +01:00
David Scott
e463855425 trim-after-delete: avoid building on s390x 
Signed-off-by: David Scott <dave@recoil.org>
 2021-05-18 13:39:20 +01:00
Anca Iordache
d326c1b2e6 Add more event types to trigger fstrim 
Signed-off-by: Anca Iordache <anca.iordache@docker.com>
 2021-05-12 16:12:14 +02:00
Avi Deitcher
ef3e45ac02 pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2021-04-28 09:13:18 +03:00
Rolf Neugebauer
e48d5294ee Merge pull request #3539 from djs55/trim-after-delete-container 
trim-after-delete: handle containers and volumes as well as images
 2021-04-05 13:21:02 +01:00
Michael Aldridge
b820b0a129 Support metaldata metadata provider 
Signed-off-by: Michael Aldridge <aldridge.mac@gmail.com>
 2021-01-21 23:03:49 -08:00
Petr Fedchenkov
564a4ece26 strip containerd binaries 
Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>
 2021-01-06 19:04:49 +03:00
Avi Deitcher
203cbd9b9f multiple containerd options 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-21 11:11:48 +03:00
Avi Deitcher
54be4048f0 fix reversed equals error 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-19 20:54:14 +03:00
Avi Deitcher
865ed8a1ce add containerd cli opts 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-19 14:49:15 +03:00
David Scott
76c7f6c1a6 trim-after-delete: also handle containers and volumes 
We already run the command after an image delete but

- a container delete
- a volume delete

will also free space on the filesystem.

Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: David Scott <dave@recoil.org>
 2020-10-16 16:56:53 +01:00
Avi Deitcher
a1427d0b7b Merge pull request #3558 from deitch/containerd-141 
containerd 1.4.1 from latest version of lkt/alpine
 2020-10-08 10:39:44 +03:00
Avi Deitcher
3143c04de9 containerd 1.4.1 from latest version of lkt/alpine 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-07 20:33:08 +03:00
Avi Deitcher
26d46d6c82 include openssh-client in sshd pkg 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-10-07 20:15:28 +03:00
Rolf Neugebauer
ea8ecd146d pkgs: Update packages to the latest linuxkit/alpine 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-05-10 14:52:05 +01:00
Rolf Neugebauer
47063eee62 Merge pull request #3512 from saljam/master 
metadata: add support for digitalocean
 2020-05-08 11:53:50 +01:00
Justin Cormack
c01f72d556 Add Risc-V support and only ship binaries we use 
Ported from https://github.com/docker/binfmt/pull/21

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2020-05-07 11:53:30 +01:00
Rolf Neugebauer
dbcf2611a0 Merge pull request #3515 from justincormack/qemu-up 
Update to Qemu 4.2.0 from Debian testing
 2020-05-06 23:27:53 +01:00
Ilya Dmitrichenko
86fb6ba0aa pkg/init: Mount /sys/fs/bpf 
NOTE: This will be a shared mount, due to root being turned into a
shared with `MC_REC` set: `mount("", "/", "", rec|shared, "")`.
For some reason setting `shared` when mounting `/sys/fs/bpf` doesn't
work at all, perhaps that's just a kernel feature.

Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2020-05-06 11:06:54 +01:00
Justin Cormack
d2f55af35c Update to Qemu 4.2.0 from Debian testing 
This has fixed a lot of outstanding emulation issues, see comments
in https://github.com/docker/binfmt/pull/24

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2020-05-04 16:22:52 +01:00
salman aljammaz
35ae4e028c metadata: add support for digitalocean 
This adds support for fetching metadata and user data from the
DigitalOcean metadata service.

https://www.digitalocean.com/docs/droplets/resources/metadata/

Signed-off-by: salman aljammaz <s@aljmz.com>
 2020-05-02 11:24:11 -04:00
Avi Deitcher
3678adeca8 find cloud-init on cdrom by label 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-04-27 17:00:42 +03:00
Rolf Neugebauer
2427145dfc pkg/init: Revert "workaround bad containerd bug" 
This reverts commit 6653c3387e.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-26 22:49:48 +01:00
Rolf Neugebauer
1b8cb8b235 pkg/runc: Update to v1.0.0-rc10 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-26 22:47:48 +01:00
Rolf Neugebauer
db1f9c8dc8 pkgs" Update containerd to v1.3.4 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-26 22:47:48 +01:00
Federico Pellegatta
6133c561fd Add GUID Partition Table (GPT) support to extend and mount packages 
Signed-off-by: Federico Pellegatta <12744504+federico-pellegatta@users.noreply.github.com>
 2020-04-24 12:54:48 +02:00
Federico Pellegatta
5fc196c289 Add partition table type selector (defaulted to DOS/MBR) to format package 
Signed-off-by: Federico Pellegatta <12744504+federico-pellegatta@users.noreply.github.com>
 2020-04-23 10:16:36 +02:00
Avi Deitcher
59697ffc62 read cdrom userdata from spec location 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-04-20 10:03:17 +03:00
Rolf Neugebauer
463216acda pkg: Add gcc for all packages build for arm64 
This is a workaround for https://github.com/linuxkit/linuxkit/issues/3496

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-17 10:36:03 +01:00
Rolf Neugebauer
5301dbf352 pkg/firmware: Disable firmware packages for s390x 
Reduce the number of packages to build for s390x. Firmware
is only used for physical devices, so disable it for s390x
where we mostly run in virtual machines.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-17 10:36:03 +01:00
Rolf Neugebauer
cd92ad3f16 pkg/firmware: Fix firmware extraction 
Some drivers offer mutliple firmwares with the WHENCE file
defining the default. Use the cope-firmware.sh script to
create a copy of the firmware repository with the defaults
copied in to the right place.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-17 10:36:03 +01:00
Rolf Neugebauer
384b439d05 pkg/firmware: Use kernel v5.4.x as the base 
this determines which firmware packages are included.

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-17 10:36:03 +01:00
Rolf Neugebauer
bd5fb29ba1 pkg/firmware: update to latest 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-17 10:36:03 +01:00
Rolf Neugebauer
0b750af7cd pkg/node_exporter: Fix build 
Add curla and gcc

Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-17 10:36:03 +01:00
Rolf Neugebauer
facc612603 pkg/node_exporter: Bump to v0.18.1 
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
 2020-04-17 10:36:03 +01:00