Skip to content

Improve custom cgroup test #3468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fuweid merged 1 commit into from
Jul 31, 2019
Merged

Improve custom cgroup test #3468

fuweid merged 1 commit into from
Jul 31, 2019

Conversation

@crosbymichael
Copy link
Member

@crosbymichael crosbymichael commented Jul 30, 2019

Ref: #3272

Signed-off-by: Michael Crosby [email protected]

@crosbymichael
Improve custom cgroup test
f68186e 
Ref: containerd#3272

Signed-off-by: Michael Crosby <[email protected]>
jterry75
jterry75 approved these changes Jul 30, 2019
View reviewed changes
Copy link
Contributor

@jterry75 jterry75 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@theopenlab-ci
Copy link

theopenlab-ci bot commented Jul 30, 2019

Build succeeded.

@codecov-io
Copy link

codecov-io commented Jul 31, 2019

Codecov Report

Merging #3468 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #3468   +/-   ##
=======================================
  Coverage   44.24%   44.24%           
=======================================
  Files         124      124           
  Lines       13732    13732           
=======================================
  Hits         6076     6076           
  Misses       6725     6725           
  Partials      931      931
Flag Coverage Δ
#linux 48.04% <ø> (ø) ⬆️
#windows 39.86% <ø> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4195136...f68186e. Read the comment docs.

fuweid
fuweid reviewed Jul 31, 2019
View reviewed changes
Copy link
Member

@fuweid fuweid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fuweid fuweid merged commit a49df98 into containerd:master Jul 31, 2019
@nitkon nitkon mentioned this pull request Jul 31, 2019
Merged
akhilerm added a commit to akhilerm/containerd that referenced this pull request Jan 8, 2025
@akhilerm
update runc binary to v1.2.4
3a1b16e 
This is the fourth patch release of the 1.2.z release branch of runc. It
includes a fix for a regression introduced in 1.2.0 related to the
default device list.

- Re-add tun/tap devices to built-in allowed devices lists.

  In runc 1.2.0 we removed these devices from the default allow-list
(which were added seemingly by accident early in Docker's history) as
a precaution in order to try to reduce the attack surface of device
inodes available to most containers (containerd#3468). At the time we thought
that the vast majority of users using tun/tap would already be
specifying what devices they need (such as by using --device with
Docker/Podman) as opposed to doing the mknod manually, and thus
there would've been no user-visible change.

  Unfortunately, it seems that this regressed a noticeable number of
users (and not all higher-level tools provide easy ways to specify
devices to allow) and so this change needed to be reverted. Users
that do not need these devices are recommended to explicitly disable
them by adding deny rules in their container configuration. (containerd#4555,

diff: opencontainers/runc@v1.2.3...v1.2.4

Signed-off-by: Akhil Mohan <[email protected]>
@akhilerm akhilerm mentioned this pull request Jan 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fuweid fuweid fuweid left review comments

@jterry75 jterry75 jterry75 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@crosbymichael @codecov-io @jterry75 @fuweid