Skip to content

Update containerd v1.2.5, runc 2b18fe1d885ee5083ef9f0838fee39b62d653e30 #38873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cpuguy83 merged 4 commits into from
Mar 15, 2019
Merged

Update containerd v1.2.5, runc 2b18fe1d885ee5083ef9f0838fee39b62d653e30 #38873

cpuguy83 merged 4 commits into from
Mar 15, 2019

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Mar 13, 2019

Update containerd v1.2.5, runc 2b18fe1d885ee5083ef9f0838fee39b62d653e30

Notable Updates

  • Fix an issue that non-existent parent directory in image layers is created with permission 0700. containerd#3017
  • Fix an issue that snapshots of the base image can be deleted by mistake, when images built on top of it are deleted. containerd#3087
  • Support for GC references to content from snapshot and container objects. containerd#3080
  • cgroups updated to dbea6f2bd41658b84b00417ceefa416b97 to fix issues for systemd 420 and non-existent cgroups. containerd#3079
  • runc updated to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 to include the improved fix for CVE-2019-5736. containerd#3082
  • cri: Fix a bug that pod can't get started when the same volume is defined differently in the image and the pod spec. cri#1059
  • cri: Fix a bug that causes container start failure after in-place upgrade containerd to 1.2.4+ or 1.1.6+. cri#1082
  • cri updated to a92c40017473cbe0239ce180125f12669757e44f. containerd#3084

vendor containerd/cgroups dbea6f2bd41658b84b00417ceefa416b979cbf10

containerd/cgroups@5e61083...dbea6f2

changes included:

@thaJeztah
Update containerd v1.2.5, runc 2b18fe1d885ee5083ef9f0838fee39b62d653e30
25cdae2 
Notable Updates

- Fix an issue that non-existent parent directory in image layers is created with permission 0700. containerd#3017
- Fix an issue that snapshots of the base image can be deleted by mistake, when images built on top of it are deleted. containerd#3087
- Support for GC references to content from snapshot and container objects. containerd#3080
- cgroups updated to dbea6f2bd41658b84b00417ceefa416b97 to fix issues for systemd 420 and non-existent cgroups. containerd#3079
- runc updated to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 to include the improved fix for CVE-2019-5736. containerd#3082
- cri: Fix a bug that pod can't get started when the same volume is defined differently in the image and the pod spec. cri#1059
- cri: Fix a bug that causes container start failure after in-place upgrade containerd to 1.2.4+ or 1.1.6+. cri#1082
- cri updated to a92c40017473cbe0239ce180125f12669757e44f. containerd#3084

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
Vendor runc 2b18fe1d885ee5083ef9f0838fee39b62d653e30
79f5fbe 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor containerd client v1.2.5
69f7263 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor containerd/cgroups dbea6f2bd41658b84b00417ceefa416b979cbf10
386b06e 
Relevant changes:

- containerd/containerd#51 Fix empty device type
- containerd/containerd#52 Remove call to unitName
  - Calling unitName incorrectly appends -slice onto the end of the slice cgroup we are looking for
  - addresses containerd/containerd#47 cgroups: cgroup deleted
- containerd/containerd#53 systemd-239+ no longer allows delegate slice
- containerd/containerd#54 Bugfix: can't write to cpuset cgroup
- containerd/containerd#63 Makes Load function more lenient on subsystems' checking
  - addresses containerd/containerd#58 Very strict checking of subsystems' existence while loading cgroup
- containerd/containerd#67 Add functionality for retrieving all tasks of a cgroup
- containerd/containerd#68 Fix net_prio typo
- containerd/containerd#69 Blkio weight/leafWeight pointer value
- containerd/containerd#77 Check for non-active/supported cgroups
  - addresses containerd/containerd#76 unable to find * in controller set: unknown
  - addresses docker/for-linux#545 Raspbian: Error response from daemon: unable to find "net_prio" in controller set: unknown
  - addresses docker/for-linux#552 Error response from daemon: unable to find "cpuacct" in controller set: unknown
  - addresses docker/for-linux#545 Raspbian: Error response from daemon: unable to find "net_prio" in controller set: unknown

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah requested a review from tianon as a code owner March 13, 2019 20:44
@thaJeztah
Copy link
Member Author

thaJeztah commented Mar 13, 2019

ping @dmcgowan @tonistiigi @crosbymichael ptal 🤗

@codecov
Copy link

codecov bot commented Mar 14, 2019

Codecov Report

❗ No coverage uploaded for pull request base (master@46036c2). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master   #38873   +/-   ##
=========================================
  Coverage          ?   36.48%           
=========================================
  Files             ?      613           
  Lines             ?    45830           
  Branches          ?        0           
=========================================
  Hits              ?    16720           
  Misses            ?    26829           
  Partials          ?     2281

@thaJeztah thaJeztah mentioned this pull request Mar 15, 2019
Merged
cpuguy83
cpuguy83 approved these changes Mar 15, 2019
View reviewed changes
Copy link
Member

@cpuguy83 cpuguy83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cpuguy83 cpuguy83 merged commit 05e7d00 into moby:master Mar 15, 2019
@thaJeztah thaJeztah deleted the update_containerd_1.2.5 branch March 15, 2019 08:34
@thaJeztah thaJeztah mentioned this pull request Mar 15, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpuguy83 cpuguy83 cpuguy83 approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@tianon tianon Awaiting requested review from tianon tianon is a code owner

Assignees

No one assigned

Labels

area/runtime Runtime impact/changelog status/2-code-review

Projects

None yet

Milestone

No milestone

5 participants

@thaJeztah @cpuguy83 @AkihiroSuda @conradKE @GordonTheTurtle