seccomp: add pidfd syscalls#4730
Merged
estesp merged 2 commits intocontainerd:masterfrom Nov 13, 2020
Merged
Conversation
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Member
Author
|
@AkihiroSuda ptal; should we backport this to the 1.4 branch (so that it matches dockerd's profile?) |
|
Build succeeded.
|
This was referenced Nov 13, 2020
thaJeztah
added a commit
to thaJeztah/containerd-packaging
that referenced
this pull request
Nov 26, 2020
- Update to containerd 1.4.2 - Update Golang runtime to 1.15.5 Upstream containerd 1.4.2 release notes: https://github.com/containerd/containerd/releases/tag/v1.4.2 Welcome to the v1.4.2 release of containerd! ------------------------------------------------------ The second patch release for containerd 1.4 includes multiple minor fixes and updates. Notable Updates - Fix bug limiting the number of layers by default containerd/cri#1602 - Fix selinux shared memory issue by relabeling /dev/shm containerd/cri#1605 - Fix unknown state preventing removal of containers containerd/containerd#4656 - Fix nil pointer error when restoring checkpoint containerd/containerd#4754 - Improve image pull performance when using HTTP 1.1 containerd/containerd#4653 - Update default seccomp profile for pidfd containerd/containerd#4730 - Update Go to 1.15 Windows - Fix integer overflow on Windows containerd/containerd#4589 - Fix lcow snapshotter to read trailing tar data containerd/containerd#4628 Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Nov 26, 2020
NOTE: the Dockerfile currently uses a single version of Golang for all
stages. This means that currently, all binaries are built with Go
1.13.x, including the containerd binary; upstream containerd switched
to use Go 1.15.
full diff: containerd/containerd@v1.4.1...v1.4.2
Release notes:
Welcome to the v1.4.2 release of containerd!
------------------------------------------------------
The second patch release for containerd 1.4 includes multiple minor fixes
and updates.
Notable Updates
- Fix bug limiting the number of layers by default containerd/cri#1602
- Fix selinux shared memory issue by relabeling /dev/shm containerd/cri#1605
- Fix unknown state preventing removal of containers containerd/containerd#4656
- Fix nil pointer error when restoring checkpoint containerd/containerd#4754
- Improve image pull performance when using HTTP 1.1 containerd/containerd#4653
- Update default seccomp profile for pidfd containerd/containerd#4730
- Update Go to 1.15
Windows
- Fix integer overflow on Windows containerd/containerd#4589
- Fix lcow snapshotter to read trailing tar data containerd/containerd#4628
Signed-off-by: Sebastiaan van Stijn <[email protected]>
docker-jenkins
pushed a commit
to docker-archive/docker-ce
that referenced
this pull request
Nov 30, 2020
NOTE: the Dockerfile currently uses a single version of Golang for all
stages. This means that currently, all binaries are built with Go
1.13.x, including the containerd binary; upstream containerd switched
to use Go 1.15.
full diff: containerd/containerd@v1.4.1...v1.4.2
Release notes:
Welcome to the v1.4.2 release of containerd!
------------------------------------------------------
The second patch release for containerd 1.4 includes multiple minor fixes
and updates.
Notable Updates
- Fix bug limiting the number of layers by default containerd/cri#1602
- Fix selinux shared memory issue by relabeling /dev/shm containerd/cri#1605
- Fix unknown state preventing removal of containers containerd/containerd#4656
- Fix nil pointer error when restoring checkpoint containerd/containerd#4754
- Improve image pull performance when using HTTP 1.1 containerd/containerd#4653
- Update default seccomp profile for pidfd containerd/containerd#4730
- Update Go to 1.15
Windows
- Fix integer overflow on Windows containerd/containerd#4589
- Fix lcow snapshotter to read trailing tar data containerd/containerd#4628
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Upstream-commit: 703951197c3338631ee0529dd9dd814d16f037f0
Component: engine
thaJeztah
added a commit
to thaJeztah/containerd-packaging
that referenced
this pull request
Dec 2, 2020
- Update to containerd 1.4.2 - Update Golang runtime to 1.15.5 Upstream containerd 1.4.2 release notes: https://github.com/containerd/containerd/releases/tag/v1.4.2 Welcome to the v1.4.2 release of containerd! ------------------------------------------------------ The second patch release for containerd 1.4 includes multiple minor fixes and updates. Notable Updates - Fix bug limiting the number of layers by default containerd/cri#1602 - Fix selinux shared memory issue by relabeling /dev/shm containerd/cri#1605 - Fix unknown state preventing removal of containers containerd/containerd#4656 - Fix nil pointer error when restoring checkpoint containerd/containerd#4754 - Improve image pull performance when using HTTP 1.1 containerd/containerd#4653 - Update default seccomp profile for pidfd containerd/containerd#4730 - Update Go to 1.15 Windows - Fix integer overflow on Windows containerd/containerd#4589 - Fix lcow snapshotter to read trailing tar data containerd/containerd#4628 Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Feb 12, 2021
NOTE: the Dockerfile currently uses a single version of Golang for all
stages. This means that currently, all binaries are built with Go
1.13.x, including the containerd binary; upstream containerd switched
to use Go 1.15.
full diff: containerd/containerd@v1.4.1...v1.4.2
Release notes:
Welcome to the v1.4.2 release of containerd!
------------------------------------------------------
The second patch release for containerd 1.4 includes multiple minor fixes
and updates.
Notable Updates
- Fix bug limiting the number of layers by default containerd/cri#1602
- Fix selinux shared memory issue by relabeling /dev/shm containerd/cri#1605
- Fix unknown state preventing removal of containers containerd/containerd#4656
- Fix nil pointer error when restoring checkpoint containerd/containerd#4754
- Improve image pull performance when using HTTP 1.1 containerd/containerd#4653
- Update default seccomp profile for pidfd containerd/containerd#4730
- Update Go to 1.15
Windows
- Fix integer overflow on Windows containerd/containerd#4589
- Fix lcow snapshotter to read trailing tar data containerd/containerd#4628
Signed-off-by: Sebastiaan van Stijn <[email protected]>
(cherry picked from commit 7039511)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Similar to the changes merged in moby/moby#41665 (thanks @mikroskeem)
pidfd_openandpidfd_send_signalpidfd_getfdsyscall (gated byCAP_SYS_PTRACE)