Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: opencontainers/runc
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.2.1
Choose a base ref
...
head repository: opencontainers/runc
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.2.2
Choose a head ref
  • 18 commits
  • 11 files changed
  • 6 contributors

Commits on Nov 1, 2024

  1. VERSION: back to development 

    Signed-off-by: Rodrigo Campos <[email protected]>
    @rata @cyphar
    rata authored and cyphar committed Nov 1, 2024
    Configuration menu
    Copy the full SHA
    5fc3558 View commit details
    Browse the repository at this point in the history

  2. merge #4500 into opencontainers/runc:release-1.2 

    Rodrigo Campos (2):
  VERSION: back to development
  VERSION: release v1.2.1

LGTMs: AkihiroSuda kolyshkin cyphar
    @cyphar
    cyphar committed Nov 1, 2024
    Configuration menu
    Copy the full SHA
    7a8738e View commit details
    Browse the repository at this point in the history

Commits on Nov 2, 2024

  1. docs: remove prompt symbols from shell snippets 

    Remove prompt symbols (`$`, `%`) for ease of copy-pasting

Signed-off-by: Akihiro Suda <[email protected]>
(cherry picked from commit c8f5d03)
Signed-off-by: Austin Vazquez <[email protected]>
    @AkihiroSuda @austinvazquez
    AkihiroSuda authored and austinvazquez committed Nov 2, 2024
    Configuration menu
    Copy the full SHA
    6575ab1 View commit details
    Browse the repository at this point in the history

Commits on Nov 4, 2024

  1. merge #4507 into opencontainers/runc:release-1.2 

    Akihiro Suda (1):
  docs: remove prompt symbols from shell snippets

LGTMs: AkihiroSuda cyphar
    @cyphar
    cyphar committed Nov 4, 2024
    Configuration menu
    Copy the full SHA
    2327ec2 View commit details
    Browse the repository at this point in the history

Commits on Nov 13, 2024

  1. Vagrantfile.fedora: bump Fedora to 41 

    Signed-off-by: Akihiro Suda <[email protected]>
(cherry picked from commit 9ce7392)
Signed-off-by: lfbzhm <[email protected]>
    @AkihiroSuda @lifubang
    AkihiroSuda authored and lifubang committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    2d6fe54 View commit details
    Browse the repository at this point in the history

  2. Vagrantfile.fedora: stop using dnf shell 

    In Fedora 41, dnf5 is used and it does not have dnf shell. Let's use
old dnf update; dnf install instead. It is two transactions instead
of one, but dnf5 is faster.

While at it:
 - add `--setopt=tsflags=nodocs` as we don't need docs in CI;
 - change golang-go to golang as this is a new rpm name;
 - remove gcc as it is now required by golang-bin;
 - remove container-selinux, criu, fuse-sshfs, iptables from rpms
   as they are already installed.

Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit 609e9a5)
Signed-off-by: lfbzhm <[email protected]>
    @kolyshkin @lifubang
    kolyshkin authored and lifubang committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    213e121 View commit details
    Browse the repository at this point in the history

  3. runc delete: fix for rootless cgroup + ro cgroupfs 

    An issue with runc 1.2.0 was reported to buildkit, in which
runc delete returns with an error, with the log saying:

> unable to destroy container: unable to remove container's cgroup: open /sys/fs/cgroup/snschvixiy3s74w74fjantrdg: no such file or directory

Apparently, what happens is runc is running with no cgroup access
(because /sys/fs/cgroup is mounted read-only). In this case error to
create a cgroup path (in runc create/run) is ignored, but cgroup removal
(in runc delete) is not.

This is caused by commit d3d7f7d, which changes the cgroup removal
logic in RemovePath. In the current code, if the initial rmdir has
failed (in this case with EROFS), but the subsequent os.ReadDir returns
ENOENT, it is returned (instead of being ignored -- as the path does not
exist and so there is nothing to remove).

Here is the minimal fix for the issue.

Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit db59489)
Signed-off-by: lfbzhm <[email protected]>
    @kolyshkin @lifubang
    kolyshkin authored and lifubang committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    e01db00 View commit details
    Browse the repository at this point in the history

  4. libct/cg: RemovePath: simplify logic 

    If the sub-cgroup RemovePath has failed for any reason, return the
error right away. This way, we don't have to check for err != nil
before retrying rmdir.

This is a cosmetic change and should not change any functionality.

Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit 12e06a7)
Signed-off-by: lfbzhm <[email protected]>
    @kolyshkin @lifubang
    kolyshkin authored and lifubang committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    79cdf11 View commit details
    Browse the repository at this point in the history

  5. libct/cg: RemovePath: improve comments 

    Let's explain in greater details what's happening here and why.

Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit ba3d026)
Signed-off-by: lfbzhm <[email protected]>
    @kolyshkin @lifubang
    kolyshkin authored and lifubang committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    e41cc27 View commit details
    Browse the repository at this point in the history

Commits on Nov 14, 2024

  1. Merge pull request #4528 from lifubang/backport-4505 

    [1.2] CI: bump Fedora 40 -> 41
    @AkihiroSuda
    AkihiroSuda authored Nov 14, 2024
    Configuration menu
    Copy the full SHA
    8bfc3b5 View commit details
    Browse the repository at this point in the history

Commits on Nov 15, 2024

  1. libct/cg: add test for remove a non-existent dir in a ro mount point 

    Signed-off-by: lfbzhm <[email protected]>
(cherry picked from commit 119111a)
Signed-off-by: lfbzhm <[email protected]>
    @lifubang
    lifubang committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    832faf0 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #4531 from lifubang/backport-4523 

    [1.2] runc delete: fix for rootless cgroup + ro cgroupfs
    @thaJeztah
    thaJeztah authored Nov 15, 2024
    Configuration menu
    Copy the full SHA
    1b42ebc View commit details
    Browse the repository at this point in the history

  3. dmz: overlay: set xino=off to disable dmesg spam 

    If /run/runc and /usr/bin are on different filesystems, overlayfs may
enable the xino feature which results in the following log message:

  kernel: overlayfs: "xino" feature enabled using 3 upper inode bits.

Each time we have to protect /proc/self/exe. So disable xino to remove
the log message (we don't care about the inode numbers of the files
anyway).

Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit 9bc42d6)
Signed-off-by: lfbzhm <[email protected]>
    @cyphar @kolyshkin
    cyphar authored and kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    b1f733b View commit details
    Browse the repository at this point in the history

  4. memfd-bind: mention that overlayfs obviates the need for it 

    Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit aa505bf)
Signed-off-by: lfbzhm <[email protected]>
    @cyphar @kolyshkin
    cyphar authored and kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    2421b59 View commit details
    Browse the repository at this point in the history

  5. readme: drop unused memfd-bind reference 

    Fixes: 871057d ("drop runc-dmz solution according to overlay solution")
Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit b9dfb22)
Signed-off-by: lfbzhm <[email protected]>
    @cyphar @kolyshkin
    cyphar authored and kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    82f3af8 View commit details
    Browse the repository at this point in the history

  6. memfd-bind: elaborate kernel requirements for overlayfs protection 

    Arguably these docs should live elsewhere (especially if we plan to
remove memfd-bind in the future), but for now this is the only place
that fully explains this issue.

Suggested-by: Rodrigo Campos <[email protected]>
Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit ac43589)
Signed-off-by: lfbzhm <[email protected]>
    @cyphar @kolyshkin
    cyphar authored and kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    eb676de View commit details
    Browse the repository at this point in the history

  7. Merge pull request #4530 from lifubang/backport-4509-4525 

    [1.2] dmz: overlay: minor fixups
    @kolyshkin
    kolyshkin authored Nov 15, 2024
    Configuration menu
    Copy the full SHA
    24591c0 View commit details
    Browse the repository at this point in the history

  8. VERSION: release v1.2.2 

    Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    7cb3632 View commit details
    Browse the repository at this point in the history
Loading