[draft] update to runc v1.0.0-rc92-215-gcf6c0741 #4678
Conversation
|
Skipping CI for Draft Pull Request. |
|
/test all |
|
@thaJeztah: No jobs can be run with
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test pull-containerd-build |
|
/test pull-containerd-node-e2e |
|
Build succeeded.
|
|
@AkihiroSuda dod you know if the node-e2e is just a flaky, or is there a regression? |
|
/test pull-containerd-node-e2e |
2 similar comments
|
/test pull-containerd-node-e2e |
|
/test pull-containerd-node-e2e |
|
@thaJeztah: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@thaJeztah Could you change PR to only update runc binary but keep libcontainer library? |
|
@AkihiroSuda I see you used a more recent version in the moby PR as well; opencontainers/runc@cf6c074...8591c33 oh, nevermind, looks to be only test-changes, so should not make a different Let me push a "revert" of this commit, and patch |
|
Rebased as well while I'm at it |
|
Build succeeded.
|
|
Looks like it's green with just the binary updated, so may indeed be something in libcontainer? Let me try going back to the original version (both runc and libcontainer updated) |
There was a problem hiding this comment.
This line might be related, I guess
There was a problem hiding this comment.
Not at my computer right now; would you be able to open a ticket in runc?
There was a problem hiding this comment.
I'm not sure we should have a ticket in runc repo, if the runc binary itself isn't breaking compatibility. runc basically doesn't care about compatibility of libcontainer Go pkgs.
|
Build succeeded.
|
|
Could you try this diff --git a/pkg/cri/server/helpers_linux.go b/pkg/cri/server/helpers_linux.go
index 6fc70ede8..b0d1c93e5 100644
--- a/pkg/cri/server/helpers_linux.go
+++ b/pkg/cri/server/helpers_linux.go
@@ -142,6 +142,9 @@ func checkSelinuxLevel(level string) error {
}
func (c *criService) apparmorEnabled() bool {
+ if _, err := os.Stat("/sbin/apparmor_parser"); err != nil {
+ return false
+ }
return runcapparmor.IsEnabled() && !c.config.DisableApparmor
}
|
|
@AkihiroSuda added; wondering if that check should ideally be separate (also if we should log a warning if AppArmor is enabled, but the binary is missing 🤔) |
|
Build succeeded.
|
|
Build succeeded.
|
diffs: - opencontainers/runc@v1.0.0-rc92...v1.0.0-rc92-215-gcf6c0741 - opencontainers/runtime-spec@4d89ac9...f9c09b4 - syndtr/gocapability@d983527...42c35b4 The updated version of runc and gocapability add support for new capabilities added in kernel 5.9 - CAP_PERFMON - CAP_BPF - CAP_CHECKPOINT_RESTORE Signed-off-by: Sebastiaan van Stijn <[email protected]>
|
Build succeeded.
|
|
CI failing: |
|
v1.0.0-rc93 is now ready |
|
closing in favor of #4717 |
3 participants
Testing the latest master of runc; a significant amount of fixes/improvements went in runc since the latest release, so it's good to test if everything works well in containerd with those changes (and if a new release should be cut).
diffs:
The updated version of runc and gocapability add support for new capabilities
added in kernel 5.9