profile
viewpoint
Sebastiaan van Stijn thaJeztah thaJeztah Netherlands @docker and @moby maintainer, member of the Moby TSC. Open Source contributions manager @ Docker, Inc. Feeds @GordonTheTurtle with issues and PR's

sirupsen/logrus 15256

Structured, pluggable logging for Go.

docker/classicswarm 5828

Swarm Classic: a container clustering system. Not to be confused with Docker Swarm which is at https://github.com/docker/swarmkit

moby/buildkit 2699

concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

docker/for-mac 1373

Bug reports for Docker Desktop for Mac

docker/for-win 1075

Bug reports for Docker Desktop for Windows

docker/go-plugins-helpers 259

Go helper packages to extend the Docker Engine

docker/hub-feedback 183

Feedback and bug reports for the Docker Hub

swarmzilla/swarm2k 81

The Docker Swarm 2000 Collaborative Project

docker/gordon-bot 33

Gordon the turtle IRC bot to rebuild Jenkins builds.

delete branch thaJeztah/cgroups

delete branch : bump_go_1.13

delete time in 33 minutes

delete branch thaJeztah/cgroups

delete branch : bump_logrus

delete time in 33 minutes

delete branch thaJeztah/cgroups

delete branch : bump_ebpf

delete time in 33 minutes

issue closedmoby/moby

Difference in behaviour between whitespace in front of comments and whitespace in front of empty escaped newlines

<!-- If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.

If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information.

For more information about reporting issues, see https://github.com/moby/moby/blob/master/CONTRIBUTING.md#reporting-other-issues


GENERAL SUPPORT INFORMATION

The GitHub issue tracker is for bug reports and feature requests. General support for docker can be found at the following locations:

  • Docker Support Forums - https://forums.docker.com
  • Slack - community.docker.com #general channel
  • Post a question on StackOverflow, using the Docker tag

General support for moby can be found at the following locations:

  • Moby Project Forums - https://forums.mobyproject.org
  • Slack - community.docker.com #moby-project channel
  • Post a question on StackOverflow, using the Moby tag

BUG REPORT INFORMATION

Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST -->

Description docker build handles whitespace in front of comments differently from escaped newlines. Should they be the same for consistency?

<!-- Briefly describe the problem you are having in a few paragraphs. -->

Steps to reproduce the issue:

  1. Create the Dockerfile below.
FROM alpine
RUN echo a\
# comment
bc
RUN echo a\
    # comment
bc
RUN echo a\
\
bc
RUN echo a\
    \
bc
  1. Build it.
$ docker build --no-cache .
Sending build context to Docker daemon  38.15MB
Step 1/5 : FROM alpine
 ---> a187dde48cd2
Step 2/5 : RUN echo abc
 ---> Running in 79d27c4ca35a
abc
Removing intermediate container 79d27c4ca35a
 ---> ea38504cb466
Step 3/5 : RUN echo abc
 ---> Running in 98bbef8a9d93
abc
Removing intermediate container 98bbef8a9d93
 ---> b5fbc315217d
Step 4/5 : RUN echo abc
 ---> Running in 28f19ca7f662
abc
Removing intermediate container 28f19ca7f662
 ---> 61cc66e30b11
Step 5/5 : RUN echo a    bc
 ---> Running in 9a5dab9f881e
a bc
Removing intermediate container 9a5dab9f881e
 ---> 2c7e72509911
Successfully built 2c7e72509911
  1. Notice how the first three prints abc but the fourth one prints a bc.
  2. The issue does not appear to be restricted to shell expansions caused by RUN and so on. The same behaviour occurs for EXPOSE.
FROM alpine
EXPOSE 800\
# comment
1
EXPOSE 800\
    # comment
2
EXPOSE 800\
\
3
EXPOSE 800\
    \
4
  1. Building will display the same issue with it exposing both ports 800 and 4.
$ docker build --no-cache .
Sending build context to Docker daemon  38.15MB
Step 1/5 : FROM alpine
 ---> a187dde48cd2
Step 2/5 : EXPOSE 8001
 ---> Running in 5cd4f43fad2b
Removing intermediate container 5cd4f43fad2b
 ---> 45591e5432f7
Step 3/5 : EXPOSE 8002
 ---> Running in 451a5da6eae1
Removing intermediate container 451a5da6eae1
 ---> abcbe582bd6a
Step 4/5 : EXPOSE 8003
 ---> Running in 1148717c152e
Removing intermediate container 1148717c152e
 ---> 88c4e85bb4d4
Step 5/5 : EXPOSE 800    4
 ---> Running in d3b52318efde
Removing intermediate container d3b52318efde
 ---> 32f8bb075f06
Successfully built 32f8bb075f06
  1. You can verify this with docker inspect.
$ docker inspect --format='{{json .Config.ExposedPorts }}' 32f8bb075f06
{
  "4/tcp": {},
  "800/tcp": {},
  "8001/tcp": {},
  "8002/tcp": {},
  "8003/tcp": {}
}

Describe the results you received: I noticed that whitespace in front of comments were ignored but the ones in front of an escape character were not.

Describe the results you expected: I would have expected them to be the same. Either they both respect the whitespace or they both ignore them.

Output of docker version:

$ docker version
Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:49:05 2019
 OS/Arch:           linux/amd64
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf583a
  Built:            Fri Oct 18 15:55:51 2019
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          v1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Output of docker info:

$ docker info
Client:
 Debug Mode: false
 Plugins:
  app: Docker Application (Docker Inc., v0.8.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 26
 Server Version: 19.03.4
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
 init version: fec3683
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 4.4.0-174-generic
 Operating System: Alpine Linux v3.10 (containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 31.4GiB
 Name: node1
 ID: AGBI:2YO2:52ND:VWNP:OD56:LL2U:GLGG:QACQ:ABNV:3NOI:SRUI:6Q7A
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 23
  Goroutines: 43
  System Time: 2020-04-06T12:07:58.957983198Z
  EventsListeners: 0
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  127.0.0.1
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Additional environment details (AWS, VirtualBox, physical, etc.): Tested online with PWD.

closed time in an hour

rcjsuen

issue commentmoby/moby

Difference in behaviour between whitespace in front of comments and whitespace in front of empty escaped newlines

Let me close this one as https://github.com/docker/cli/pull/2617 was merged (I'll backport it to be published on the docs soon)

rcjsuen

comment created time in an hour

Pull request review commentcontainerd/cri

vendor runc v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875

Perhaps leave a git describe -tags comment to give some indication what version this is

AkihiroSuda

comment created time in 2 hours

Pull request review commentcontainerd/cri

vendor runc v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.6.0 github.com/prometheus/client_model                  v0.2.0 github.com/prometheus/common                        v0.9.1 github.com/prometheus/procfs                        v0.0.11-github.com/russross/blackfriday                     v1.5.2+github.com/russross/blackfriday/v2                  v2.0.1+github.com/shurcooL/sanitized_anchor_name           v1.0.0 github.com/sirupsen/logrus                          v1.6.0 github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2-github.com/urfave/cli                               v1.22.0+github.com/urfave/cli                               v1.22.1

Should we add the comment here as well?

AkihiroSuda

comment created time in 2 hours

Pull request review commentcontainerd/cri

vendor runc v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.6.0 github.com/prometheus/client_model                  v0.2.0 github.com/prometheus/common                        v0.9.1 github.com/prometheus/procfs                        v0.0.11-github.com/russross/blackfriday                     v1.5.2+github.com/russross/blackfriday/v2                  v2.0.1+github.com/shurcooL/sanitized_anchor_name           v1.0.0 github.com/sirupsen/logrus                          v1.6.0 github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2-github.com/urfave/cli                               v1.22.0+github.com/urfave/cli                               v1.22.1 go.etcd.io/bbolt                                    v1.3.3 go.opencensus.io                                    v0.22.0+golang.org/x/xerrors                                9bdfabe68543c54f90421aeb9a60ef8061b5b544 golang.org/x/net                                    f3200d17e092c607f615320ecaad13d87ad9a2b3 golang.org/x/sync                                   42b317875d0fa942474b76e1b46a6060d720ae6e-golang.org/x/sys                                    5c8b2ff67527cb88b770f693cebf3799036d8bc0+golang.org/x/sys                                    9dae0f8f577553e0f21298e18926efc9644c281d golang.org/x/text                                   19e51611da83d6be54ddafce4a4af510cb3e9ea4 google.golang.org/genproto                          e50cd9704f63023d62cd06a1994b98227fc4d21a google.golang.org/grpc                              v1.27.1  # cgroups dependencies-github.com/cilium/ebpf                              4032b1d8aae306b7bb94a2a11002932caf88c644+github.com/cilium/ebpf                              a9f01edf17e335304d9bd17f40da4289442477c8

Can you update this to master to get rid of the golang.org/x/xerrors dependency?

AkihiroSuda

comment created time in 2 hours

create barnchthaJeztah/cgroups

branch : bump_logrus

created branch time in 2 hours

PR opened containerd/cgroups

[draft] CI: test against Go 1.14
+3 -3

0 comment

2 changed files

pr created time in 2 hours

create barnchthaJeztah/cgroups

branch : bump_go_1.14

created branch time in 2 hours

PR opened containerd/cgroups

CI: update to go 1.13.12
+3 -3

0 comment

2 changed files

pr created time in 2 hours

create barnchthaJeztah/cgroups

branch : bump_go_1.13

created branch time in 2 hours

pull request commentopencontainers/selinux

Add glblub implementation

@yulicrunchy I haven't looked at the latest changes yet, but can you squash the commits? (I suspect having the vendor commit separate will break git bisect)

yulicrunchy

comment created time in 3 hours

delete branch thaJeztah/cli

delete branch : builder_comment_info

delete time in 3 hours

delete branch thaJeztah/cli

delete branch : refactor_opts_tests

delete time in 3 hours

Pull request review commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.3.0 github.com/prometheus/client_model                  v0.1.0 github.com/prometheus/common                        v0.7.0 github.com/prometheus/procfs                        v0.0.8-github.com/russross/blackfriday                     v1.5.2 github.com/sirupsen/logrus                          v1.6.0 github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2-github.com/urfave/cli                               v1.22.0+github.com/urfave/cli                               v1.22.1 go.etcd.io/bbolt                                    v1.3.5 go.opencensus.io                                    v0.22.0+golang.org/x/xerrors                                9bdfabe68543c54f90421aeb9a60ef8061b5b544

Opened https://github.com/opencontainers/runc/pull/2493 and https://github.com/containerd/cgroups/pull/169

dims

comment created time in 3 hours

PR opened containerd/cgroups

vendor: update cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775

full diff: https://github.com/cilium/ebpf/compare/4032b1d8aae3...1c8d4c9ef775

drops support for go1.12, and removes dependency on the transitional golang.org/x/xerrors package

+6 -2

0 comment

2 changed files

pr created time in 3 hours

create barnchthaJeztah/cgroups

branch : bump_ebpf

created branch time in 3 hours

PR opened opencontainers/runc

vendor: update cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775

full diff: https://github.com/cilium/ebpf/compare/a9f01edf17e3...1c8d4c9ef775

drops support for go1.12, and removes dependency on the golang.org/x/xerrors transitional package.

+1095 -1371

0 comment

44 changed files

pr created time in 3 hours

push eventthaJeztah/runc

Sebastiaan van Stijn

commit sha f49adb527770fa9ce613d76f8e52bcf9008c9e49

vendor: update cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775 full diff: https://github.com/cilium/ebpf/compare/a9f01edf17e3...1c8d4c9ef775 drops support for go1.12, and removes dependency on the golang.org/x/xerrors transitional package. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 3 hours

create barnchthaJeztah/runc

branch : bump_ebpf

created branch time in 3 hours

fork thaJeztah/go-criu

Go Bindings for CRIU

fork in 3 hours

push eventthaJeztah/runc

Lifubang

commit sha 2e8efc1bc72ed20aac5182b442d3103c554497e0

add prompt when rootless users have no read access to runc bin Signed-off-by: Lifubang <lifubang@acmcoder.com>

view details

Paweł Szulik

commit sha 7fa13b27737650e846995512245bbf1b2bbf64ce

intelrdt: change parseCpuInfoFile to return struct Signed-off-by: Paweł Szulik <pawel.szulik@intel.com>

view details

Paweł Szulik

commit sha d1e4c7b803e5e1986fd8f9aa6b67014886d4a5db

intelrdt: add mbm stats Signed-off-by: Paweł Szulik <pawel.szulik@intel.com>

view details

Chris Aniszczyk

commit sha 5c2a97828cbdf25029b770ef370fcb92490fbd56

Add CII Badge to README https://master.bestpractices.coreinfrastructure.org/projects/588 Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>

view details

Chris Aniszczyk

commit sha 7376bdc1428422f229aa689ae2fef37e6a77a83a

Fix reference to badge Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>

view details

Paweł Szulik

commit sha 799d94818d0012df524d20349f5f179be6d97f0e

intelrdt: Add Cache Monitoring Technology stats Signed-off-by: Paweł Szulik <pawel.szulik@intel.com>

view details

Kir Kolyshkin

commit sha c52a598d7421b9d0bf38a65d882577712fd9fe2b

Remove fatalf() It was only used in one place, all others are happy with `fatal(fmt.Errorf())`. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 1b84a21c51d9b75eb7d3f836ce4ccecf54567534

Don't print errors twice Function fatal() and method (*FatalWriter).Write log the error to the logger when prints it to stderr just be be sure. Since by default the logger is configured to write to os.Stderr, we get something like this as a result: > # ./runc checkpoint xx5 > ERRO[0000] Container cannot be checkpointed in stopped state > Container cannot be checkpointed in stopped state or > # ./runc sdf > ERRO[0000] No help topic for 'sdf' > No help topic for 'sdf' This is very annoying. To fix, check if logrus is logging into stderr, and if it is, skip the second write. After this commit: > # ./runc sdf > ERRO[0000] No help topic for 'sdf' > [root@kir-rhat runc]# ./runc --log=out sdf > No help topic for 'sdf' Note that now the logrus prefix might be in or out, depending on whether logrus is logging to stderr or not. This is not perfect, but better than the old behavior. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Katarzyna Kujawa

commit sha 407e9f9d0dd0741d3d172a2834d1e7c69f1fb6a0

Add reading of information from cpuacct.usage_all Remove logrus logs from tests Signed-off-by: Katarzyna Kujawa <katarzyna.kujawa@intel.com>

view details

Sebastiaan van Stijn

commit sha b48bbdd08db2ec78409f88450d0942b08ca9f4ea

vendor: opencontainers/selinux v1.5.1, update deprecated uses full diff: https://github.com/opencontainers/selinux/v1.4.0...v1.5.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Kir Kolyshkin

commit sha 64416d34f30eaf69af6938621137b393ada63a16

Merge pull request #2382 from thaJeztah/bump_selinux vendor: opencontainers/selinux v1.5.1, update deprecated uses

view details

lifubang

commit sha 657407ff23829938ad75455346b1b83414231b3f

fix runc events error in cgroup v2 Signed-off-by: lifubang <lifubang@acmcoder.com>

view details

Akihiro Suda

commit sha bf15cc99b1e7b486dfbb394992fcc4b38157d56e

cgroup v2: support rootless systemd Tested with both Podman (master) and Moby (master), on Ubuntu 19.10 . $ podman --cgroup-manager=systemd run -it --rm --runtime=runc \ --cgroupns=host --memory 42m --cpus 0.42 --pids-limit 42 alpine / # cat /proc/self/cgroup 0::/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope / # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/memory.max 44040192 / # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/cpu.max 42000 100000 / # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/pids.max 42 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

view details

Akihiro Suda

commit sha 492cfd8bf9ae904a40c588b42ab49155c488a3ec

Merge pull request #2352 from lifubang/eventsv2 fix runc events error in cgroup v2

view details

Mrunal Patel

commit sha 47a7343182bc05d0c3210ce874389790cbc7dfdf

Merge pull request #2373 from kolyshkin/logging-nits Logging nits

view details

Kir Kolyshkin

commit sha 2b31437caa905b7b944a891aee613e7dd0a1f898

Merge pull request #2281 from AkihiroSuda/rootless-systemd cgroup v2: support rootless systemd LGTMs: kolyshkin, mrunalp

view details

Alice Frosi

commit sha 128cb60f5801e6175ad9090308fae4d909441214

ebpf: fix big endian issue for s390x Load the full 32 bits word and take the lower 16 bits, instead of reading just 16 bits. Same fix as https://github.com/containers/crun/commit/07bae05e613df2086966a3f1d763729a8677f6a9 Signed-off-by: Alice Frosi <afrosi@de.ibm.com>

view details

Alice Frosi

commit sha b18a9650f8b3f5c29b6cf9370066a91e2682fc8f

test: update devicefilter tests The test cases need to take into account the assembly modifications. The instruction: LdXMemH dst: r2 src: r1 off: 0 imm: 0 has been replaced with: LdXMemW dst: r2 src: r1 off: 0 imm: 0 And32Imm dst: r2 imm: 65535 Signed-off-by: Alice Frosi <afrosi@de.ibm.com>

view details

Alice Frosi

commit sha 828e4ad89d25828f098894c4dc4f2b287af57088

epbf: update github.com/cilium/ebpf Update ebpf to include PR https://github.com/cilium/ebpf/pull/91. The update is needed to fix #2316. Signed-off-by: Alice Frosi <afrosi@de.ibm.com>

view details

Aleksa Sarai

commit sha 6621af89e5247d855229f61c991f359b265e1fa8

merge branch 'pr-2381' Alice Frosi (3): epbf: update github.com/cilium/ebpf test: update devicefilter tests ebpf: fix big endian issue for s390x LGTMs: @AkihiroSuda @cyphar Closes #2381

view details

push time in 3 hours

issue commentmoby/moby

`docker commit` causes layer to be cached in `docker build` when it was not successful

The --rm option is enabled by default, so when docker build is run and a step completes succesfully, the "intermediate" container is committed to an image, and the container is then removed. If a step fails, the build is aborted and the failing container is kept to allow the user to investigate why it failed (unless --force-rm is used).

The problem described here, is that despite that step failing, the user has manually committed that container to an image (effectively "ignoring" that it's a faulty step, and now marking it as an "ok" image). (for the classic builder) if it finds a cache-hit (image that satisfies the metadata), no container is ran for that step.

asottile

comment created time in 3 hours

Pull request review commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.3.0 github.com/prometheus/client_model                  v0.1.0 github.com/prometheus/common                        v0.7.0 github.com/prometheus/procfs                        v0.0.8-github.com/russross/blackfriday                     v1.5.2 github.com/sirupsen/logrus                          v1.6.0 github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2-github.com/urfave/cli                               v1.22.0+github.com/urfave/cli                               v1.22.1 go.etcd.io/bbolt                                    v1.3.5 go.opencensus.io                                    v0.22.0+golang.org/x/xerrors                                9bdfabe68543c54f90421aeb9a60ef8061b5b544

https://github.com/cilium/ebpf/pull/116 was accepted and merged, so we could potentially update that ebpf and not need the new dependency. @dims you may know if it's used in other places where it should be updated first?

hmm.. I see it's marked as a dependency of cgroups, which may be on an older version that doesn't have the x/xerrors dependency; https://github.com/containerd/containerd/blob/a6dd1f27d963801d8237d14b1caa61762a388628/vendor.conf#L56-L57

dims

comment created time in 3 hours

pull request commentcilium/ebpf

Drop support for go 1.12, and remove golang.org/x/xerrors

Oh, thanks! Missed your earlier comment, but see you pushed a commit to fix 👍 ❤️

thaJeztah

comment created time in 3 hours

delete branch thaJeztah/ebpf

delete branch : drop_go_1.12

delete time in 3 hours

delete branch thaJeztah/compose

delete branch : forward_port_changelog

delete time in 4 hours

delete branch thaJeztah/compose

delete branch : fix_docker_py_dep

delete time in 4 hours

issue commentdocker/compose

[1.26.1] AttributeError: 'Context' object has no attribute 'is_docker_host' with PyPI docker 4.2.1

PR with a fix (for master); https://github.com/docker/compose/pull/7579 (needs to be cherry-picked to the v1.26.x release branch once merged)

hartwork

comment created time in 5 hours

PR opened docker/compose

Reviewers
[master] forward-port "Bump 1.26.1"

forward-ports the changes from https://github.com/docker/compose/commit/f216ddbf05c131058cb11323023f8b43cd381926, except for the changes in compose/init.py (as master is already on v1.27-dev)

+14 -1

0 comment

2 changed files

pr created time in 5 hours

push eventthaJeztah/compose

Ulysses Souza

commit sha 7728bf6c8bfe28b2b9a35d5b3f5634a099371602

[master] forward-port "Bump 1.26.1" Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com> (cherry picked from commit f216ddbf05c131058cb11323023f8b43cd381926) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 5 hours

create barnchthaJeztah/compose

branch : forward_port_changelog

created branch time in 5 hours

pull request commentdocker/compose

setyp.py: fix minimum docker-py requirement to 4.2.2

ping @ulyssessouza @aiordache PTAL

thaJeztah

comment created time in 5 hours

PR opened docker/compose

Reviewers
setyp.py: fix minimum docker-py requirement to 4.2.2

fixes https://github.com/docker/compose/issues/7576

+1 -1

0 comment

1 changed file

pr created time in 5 hours

create barnchthaJeztah/compose

branch : fix_docker_py_dep

created branch time in 5 hours

push eventthaJeztah/compose

aiordache

commit sha 9c376dbe2fb8c150ab5757601834069c22782d07

check context in use targets a docker engine Signed-off-by: aiordache <anca.iordache@docker.com>

view details

Ulysses Souza

commit sha 15c1cabdadac535e9ed2fb2052b9a04dc08badb5

Merge pull request #7563 from aiordache/validate_context_endpoint Error out when context target is not a docker engine

view details

push time in 5 hours

Pull request review commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.3.0 github.com/prometheus/client_model                  v0.1.0 github.com/prometheus/common                        v0.7.0 github.com/prometheus/procfs                        v0.0.8-github.com/russross/blackfriday                     v1.5.2

https://github.com/containerd/containerd/pull/4239 was merged, so if you rebase, these changes would no longer be needed in this PR

dims

comment created time in 5 hours

issue commentopencontainers/runtime-spec

Prepare / Tag v1.0.3 release

Thinking of that, possibly https://github.com/opencontainers/runtime-spec/pull/1046 warrants a "minor" version bump as well, as it's adding new functionality.

thaJeztah

comment created time in 5 hours

issue commentopencontainers/runtime-spec

Prepare / Tag v1.0.3 release

Given that it's adding new features, #1040 should probably bump the minor version to stick with SemVer (so v1.1.0)

thaJeztah

comment created time in 5 hours

issue commentmoby/moby

`docker commit` causes layer to be cached in `docker build` when it was not successful

The "intermediate" container in this case is a tagged image (it was manually tagged, so docker build should not remove it).

To prevent the "failing" container from being preserved when the original build failed, use --force-rm when building;

docker build -t foo --force-rm -<<EOF
FROM ubuntu:bionic
RUN echo hi > f
RUN echo hello > g && exit 1
EOF

# Removing intermediate container fcc41b449f53
# The command '/bin/sh -c echo hello > g && exit 1' returned a non-zero code: 1

docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
# (no containers)


asottile

comment created time in 5 hours

Pull request review commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.3.0 github.com/prometheus/client_model                  v0.1.0 github.com/prometheus/common                        v0.7.0 github.com/prometheus/procfs                        v0.0.8-github.com/russross/blackfriday                     v1.5.2 github.com/sirupsen/logrus                          v1.6.0 github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2-github.com/urfave/cli                               v1.22.0+github.com/urfave/cli                               v1.22.1 go.etcd.io/bbolt                                    v1.3.5 go.opencensus.io                                    v0.22.0+golang.org/x/xerrors                                9bdfabe68543c54f90421aeb9a60ef8061b5b544

Opened https://github.com/cilium/ebpf/pull/116 to remove this dependency

dims

comment created time in 5 hours

pull request commentcilium/ebpf

Drop support for go 1.12, and remove golang.org/x/xerrors

@lmb PTAL

thaJeztah

comment created time in 5 hours

Pull request review commentcilium/ebpf

Drop support for go 1.12, and remove golang.org/x/xerrors

 func (ec *elfCode) loadPrograms(progSections map[elf.SectionIndex]*elf.Section,  		if btfSpec != nil { 			spec.BTF, err = btfSpec.Program(sec.Name, length)-			if err != nil && !xerrors.Is(err, btf.ErrNoExtendedInfo) {-				return nil, xerrors.Errorf("program %s: %w", sec.Name, funcSym.Name, err)+			if err != nil && !errors.Is(err, btf.ErrNoExtendedInfo) {+				return nil, fmt.Errorf("program %s %s: %w", sec.Name, funcSym.Name, err)

This was missing a %s placeholder; not sure if this is the right "format" for the error, so suggestions welcome

thaJeztah

comment created time in 5 hours

push eventthaJeztah/ebpf

Sebastiaan van Stijn

commit sha 395d685f26a1d1bed9907d3a2d927cefff8f3fc0

Drop support for go 1.12, and remove golang.org/x/xerrors Now that Go1.12 reached EOL, it should be possible to drop support for it, and to remove the transitional golang.org/x/xerrors dependency. This also fixes a minor bug, detected by Go 1.13+; # github.com/cilium/ebpf ./elf_reader.go:211: Errorf call needs 2 args but has 3 args FAIL github.com/cilium/ebpf [build failed] Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 5 hours

PR opened cilium/ebpf

Drop support for go 1.12, and remove golang.org/x/xerrors

Now that Go1.12 reached EOL, it should be possible to drop support for it, and to remove the transitional golang.org/x/xerrors dependency.

relates to https://github.com/cilium/ebpf/issues/37 relates to https://github.com/cilium/ebpf/issues/38

+414 -432

0 comment

36 changed files

pr created time in 5 hours

create barnchthaJeztah/ebpf

branch : drop_go_1.12

created branch time in 5 hours

Pull request review commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.3.0 github.com/prometheus/client_model                  v0.1.0 github.com/prometheus/common                        v0.7.0 github.com/prometheus/procfs                        v0.0.8-github.com/russross/blackfriday                     v1.5.2 github.com/sirupsen/logrus                          v1.6.0 github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2-github.com/urfave/cli                               v1.22.0+github.com/urfave/cli                               v1.22.1 go.etcd.io/bbolt                                    v1.3.5 go.opencensus.io                                    v0.22.0+golang.org/x/xerrors                                9bdfabe68543c54f90421aeb9a60ef8061b5b544

I'm new to this package. From the description:

This repository holds the transition packages for the new Go 1.13 error values. See golang.org/design/29934-error-values.

Looks like this is for the new errors.Is(), errors.Unwrap() functionality in Go 1.13. We should look where it's used and if it's actually needed, now that all current go versions support that

Looks like it's used by https://github.com/cilium/ebpf; https://github.com/cilium/ebpf/commit/5d50e74ed36f0420ef5004e84ed2cdd3e739ad3f (proposed in https://github.com/cilium/ebpf/issues/38).

Perhaps we should propose them to drop Go 1.12 (as it's EOL), and use the standard errors package.

dims

comment created time in 6 hours

push eventthaJeztah/containerd

Sebastiaan van Stijn

commit sha a6dd1f27d963801d8237d14b1caa61762a388628

update urfave/cli v1.22.1, go-md2man v2.0.0, blackfriday v2.0.1 This updates urfave/cli and its dependencies to v1.22.1: - diff for urfave/cli: https://github.com/urfave/cli/compare/v1.22.0...v1.22.1 - diff for go-md2man: https://github.com/cpuguy83/go-md2man/compare/v1.0.10...v2.0.0 - diff for blackfriday: https://github.com/russross/blackfriday/compare/v1.5.2...v2.0.1 Also adds github.com/shurcooL/sanitized_anchor_name as a new dependency, which is used by russross/blackfriday, but will be removed again in a future update (dependency is already removed on the v2 branch through russross/blackfriday@919b1f5b9bfe13933b93762ee39ea97de79039d9 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Wei Fu

commit sha c91c72c8670a3b88acb714bd9afd5632a8ac781c

Merge pull request #4239 from thaJeztah/md2manv2_urfave_bump update urfave/cli v1.22.1, go-md2man v2.0.0, blackfriday v2.0.1

view details

push time in 6 hours

pull request commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

https://github.com/containerd/containerd/pull/4239 was merged, so you can drop the urfave, and gomd2man bumps from this PR

I also opened https://github.com/opencontainers/runtime-spec/issues/1052 to ask the runtime-spec maintainers to consider a new release (not a blocker for this PR)

dims

comment created time in 6 hours

pull request commentcontainerd/containerd

update urfave/cli v1.22.1, go-md2man v2.0.0, blackfriday v2.0.1

do we need this urfave/cli#1092 ?

Temporarily went back to v1.22.1. I need to dive into https://github.com/urfave/cli/issues/1092 again, there was a request to make it less "strict", will try to work on that today so that we can update to v1.22.5 if that's released

thaJeztah

comment created time in 6 hours

delete branch thaJeztah/containerd

delete branch : md2manv2_urfave_bump

delete time in 6 hours

Pull request review commentmoby/sys

mountinfo.Mounted: optimize by adding fast paths

 $(BINDIR)/golangci-lint: $(BINDIR)  $(BINDIR): 	mkdir -p $(BINDIR)++.PHONY: cross+cross:+	for os in $(CROSS_OSES); do \+		for arch in $(CROSS_ARCHES); do \+			echo "$$os/$$arch" | grep -qE $(OS_ARCH_SKIP) && continue; \

Looks like the list is;

linux/amd64
linux/arm
linux/arm64
linux/ppc64le
linux/s390
freebsd/amd64
freebsd/arm
darwin/amd64
darwin/arm
darwin/arm64
windows/amd64
windows/arm

Wondering if we need:

  • freebsd/arm
  • darwin/arm (likely not, darwin won't be 32-bit)
  • windows/arm (not sure; is windows on 32-bit arm a thing, or are they working on 64 bit only?)

If we remove those from the list;

linux/amd64
linux/arm
linux/arm64
linux/ppc64le
linux/s390
freebsd/amd64
darwin/amd64
darwin/arm64
windows/amd64

Wondering if it would be better to just define that list (easier read, and easier to maintain as well)

If would require splitting to GOOS and GOARCH then, so something like

GOARCH=${CROSS#*/}
GOOS=${CROSS%/*}

Or handle it with Make;

.PHONY: linux/% darwin/% freebsd/% windows/%
linux/% darwin/% freebsd/% windows/%:
        echo GOOS=$(@D)
        echo GOARCH=$(@F)
kolyshkin

comment created time in 6 hours

pull request commentmoby/moby

update runc binary to v1.0.0-rc91

Do we want the vendoring updated as well (not for cherry-picking), or won't work yet until containerd is updated?

AkihiroSuda

comment created time in 7 hours

Pull request review commentcontainerd/containerd

update urfave/cli v1.22.1, go-md2man v2.0.0, blackfriday v2.0.1

 github.com/prometheus/client_golang                 v1.3.0 github.com/prometheus/client_model                  v0.1.0 github.com/prometheus/common                        v0.7.0 github.com/prometheus/procfs                        v0.0.8-github.com/russross/blackfriday                     v1.5.2+github.com/russross/blackfriday/v2                  v2.0.1+github.com/shurcooL/sanitized_anchor_name           v1.0.0 github.com/sirupsen/logrus                          v1.6.0 github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2-github.com/urfave/cli                               v1.22.0+github.com/urfave/cli                               v1.22.1

Good suggestion; updated 👍

thaJeztah

comment created time in 7 hours

push eventthaJeztah/containerd

Sebastiaan van Stijn

commit sha a6dd1f27d963801d8237d14b1caa61762a388628

update urfave/cli v1.22.1, go-md2man v2.0.0, blackfriday v2.0.1 This updates urfave/cli and its dependencies to v1.22.1: - diff for urfave/cli: https://github.com/urfave/cli/compare/v1.22.0...v1.22.1 - diff for go-md2man: https://github.com/cpuguy83/go-md2man/compare/v1.0.10...v2.0.0 - diff for blackfriday: https://github.com/russross/blackfriday/compare/v1.5.2...v2.0.1 Also adds github.com/shurcooL/sanitized_anchor_name as a new dependency, which is used by russross/blackfriday, but will be removed again in a future update (dependency is already removed on the v2 branch through russross/blackfriday@919b1f5b9bfe13933b93762ee39ea97de79039d9 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 7 hours

issue openedopencontainers/runtime-spec

Prepare / Tag v1.0.3 release

(related to https://github.com/containerd/containerd/pull/4357/files#r448837520)

Runc tagged a new release (v1.0.0-rc91), and is currently depending on a non-tagged version of the runtime-spec. With various distribution packagers requiring tagged releases, and with go modules encouraging consumers to packages to use tagged releases, I'm wondering if a new release should be tagged.

runc is currently consuming 237cc4f519e2e8f9b235bacccfa8ef5a84df2875, (changes since v1.0.2: https://github.com/opencontainers/runtime-spec/compare/v1.0.2...237cc4f519e2e8f9b235bacccfa8ef5a84df2875), but there's a couple more changes in master (https://github.com/opencontainers/runtime-spec/compare/237cc4f519e2e8f9b235bacccfa8ef5a84df2875...master)

Are there pending pull requests that should be merged before tagging v1.0.3? (perhaps https://github.com/opencontainers/runtime-spec/pull/1046 would be nice to have). tags should be "cheap" so, perhaps not a blocker for a v1.0.3, but suggestions welcome 🤗

@cyphar @crosbymichael @tianon @mrunalp @vbatts

created time in 7 hours

Pull request review commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875

😞 looks like this is needed for https://github.com/opencontainers/runc/pull/2424. Let me open a request to have a new tag

Meanwhile, could you perhaps add a comment to describe which version this is?

github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 # v1.0.2-8-g237cc4f
dims

comment created time in 7 hours

push eventthaJeztah/runtime-spec

W. Trevor King

commit sha ec0fc3d877bb80334662e11961a7e725ec766656

runtime: Clarify ociVersion as based on the state schema The old wording was ambiguous. For example, if the configuration had ociVersion set to 1.0.0 and the container was created with a 1.1.0 runtime, which version should show up in the state? With this commit, we use the version which matches the state schema, because the config/runtime versions used for creation don't seem particularly important once the container has been created, while the state schema version is important for state consumers. For example, if new properties were added to the state spec between 1.0.0 and 1.1.0, a consumer would want to see 1.1.0 in the state's ociVersion so it could decide whether it could rely on those new properties. Signed-off-by: W. Trevor King <wking@tremily.us>

view details

0x0916

commit sha 574182a3fed7d3738f965fcf4c732c940e4187c0

schema/defs-linux: change weight type to uint16 Signed-off-by: 0x0916 <w@laoqinren.net>

view details

W. Trevor King

commit sha dba5778ec950be373dea3123e219976e868af34d

config: Collapse extensibility to a single MUST Generating an error seems like one potential violation of the requirement to ignore unknown properties. Compliance testing for the ignore requirement can cite the MUST I've written here for any noticeable runtime activity around the unknown property without needing a error-specific MUST. We've had the two MUSTs since 27a05de3 (Add text about extensions, 2016-06-26, #510), citing [1]. I'd asked for consolidated phrasing then [2,3], but hadn't followed up after the commit landed. I've left a line mentioning the error activity as non-normative clarification, but am also happy to drop that line completely. Also: * Update the unknown annotation entry to reference the generic extensibility section, because there's nothing annotation-specific in how we want runtimes to handle unknown keys. * Remove "reading or processing" language. This initially landed in 27a05de3 with a bump in b92cf90a (consistency and style fix, 2017-05-12, #811). Some thought was put into this phrasing there [4,5] and earlier in #510 [6], but we never got around to dropping this qualifier. However, the purpose of this qualifier is unclear to me. What is the point of compliance requirements for runtimes which don't read or process a configuration? [1]: https://github.com/opencontainers/image-spec/pull/164 [2]: https://github.com/opencontainers/runtime-spec/pull/510#r69845853 [3]: https://github.com/opencontainers/runtime-spec/pull/510#r69846114 [4]: https://github.com/opencontainers/runtime-spec/pull/811#discussion_r116294608 [5]: https://github.com/opencontainers/runtime-spec/pull/811#discussion_r116465503 [6]: https://github.com/opencontainers/runtime-spec/pull/510#r69846021 Signed-off-by: W. Trevor King <wking@tremily.us>

view details

Aleksa Sarai

commit sha 6b04c632705945f4efd28f4a571a0a4c586be5f5

config: add "umask" field to POSIX "user" section Users may want to specify the umask(2) of the init process in a container. This value is identical in semantics to POSIX. This is in order to allow usage of an OCI container for a service which normally only inherits the umask given to it. Signed-off-by: Aleksa Sarai <asarai@suse.de>

view details

Danail Branekov

commit sha 234aa0be754a5dfe53be5c20ddeb48face08d675

config-linux: Add Memory cgroup's use_hierarchy Co-authored-by: Claudia Beresford <cberesford@pivotal.io> Signed-off-by: Danail Branekov <danailster@gmail.com>

view details

Kenta Tada

commit sha fbda535679880b7c577ee5927d9f87f5e653dfcd

Fix Namespaces to use LinuxNamespaceType Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>

view details

Michael Crosby

commit sha 5b71a03e2700cbb1091b78849b8748f5e1692650

Merge pull request #1007 from KentaTada/Fix-Namespaces-to-use-LinuxNamespaceType Fix Namespaces to use LinuxNamespaceType

view details

Kenta Tada

commit sha ef6e0cdd41aaec4ed132ab16ddf645f158ccbdda

Fix ociVersion of Configuration Schema Example to support ambient capability Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>

view details

Justin Cormack

commit sha 5cc25d0a579261273809ff9db503a49af4771aaa

Add Linux personality support A lot of people use the Linux `personality` support to allow a 64 bit machine to emulate a 32 bit machine. In particular if you just run 32 bit binaries, many build processes will fail as `uname` will still return a value appropriate for a 64 bit system. Including the personality syscall wil change this to reflect the value from a 32 bit system, such as `i686` rather than `x86_64`. Note that this patch only supports the base 32 bit/64 bit calls. The other options are largely obsolete and rarely used. I left flexibility to add other base domains and to add flags in future, but I am not sure there is any demand for them. The only use case I found in the recent past was the `ADDR_NO_RANDOMIZE` option that disables ASLR, which older versions of Emacs required, but generally they set this themselves, so it is not needed as a Runc option, and it is a serious security reduction. The 32 bit option is different as if you are running 32 bit containers for build, they generally do not know they are "supposed" to run 32 bit, and so this option allows you do do the equivalent of running a `chroot` with `linux32` as is often done on non containerised build systems. Signed-off-by: Justin Cormack <justin.cormack@docker.com>

view details

Michael Crosby

commit sha 8ffda149bac31804bdae35e5ec8ee563fe0f3459

Merge pull request #1009 from KentaTada/Fix-sample-ociVersion Fix ociVersion of Configuration Schema Example to support ambient capability

view details

Odin Ugedal

commit sha 759f58ad646648abeaef435f161a73d7202f793b

config-linux: add more info about hugetlb page size Currently the docs don't say anything about what the "pageSize" is other than the fact that it is a string. This makes it easier for developers to understand how it works, and may help avoiding mistakes which are hard to spot. Signed-off-by: Odin Ugedal <odin@ugedal.com>

view details

Michael Crosby

commit sha 7a49e344a7639b84278dda9ad0671298d223c661

Merge pull request #1011 from odinuge/hugetlb-pattern config-linux: add more info about hugetlb page size

view details

Odin Ugedal

commit sha 78ab98c0761136f84e6e21b24b4dcd0be68ab782

Fix markdown escape in config-linux Signed-off-by: Odin Ugedal <odin@ugedal.com>

view details

Tianon Gravi

commit sha a950415649c735f9fd9ec3b8869efef24b67cef4

Merge pull request #1013 from odinuge/hugetlb-pattern-fix Fix markdown escape in config-linux

view details

Phil Estes

commit sha 23c4be20fcbb63c86ba1df844b7bac8f7e8f61dc

Update meeting info section to point to "org" repo We should keep the OCI contributor/maintainer dev meeting information in the new "org" repo and all other repos should point there. This minimizes places we need to update in the future if our meeting technology or meeting frequency changes again. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>

view details

Michael Crosby

commit sha c9a5f6194441d1dcaf8b0651841f6cace6a8fd46

Merge pull request #1016 from estesp/update-meetings Update meeting info section to point to "org" repo

view details

Giuseppe Scrivano

commit sha ff32f0202c85ae4172040f5f505b3adda0ebe081

implementations.md: fix repository for crun crun was moved from github.com/giuseppe/crun to github.com/containers/crun. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Tianon Gravi

commit sha 4f2ab155bbdde8ae6013649e061baf3707a0ed98

Merge pull request #1017 from giuseppe/fix-crun-repository implementations.md: fix repository for crun

view details

Giuseppe Scrivano

commit sha d1ef109cd0b39239ff82c267df314f7ed2da576b

config-linux: support seccomp flags allow to specify what flags must be passed to seccomp(2) when installing the filter. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Qiang Huang

commit sha 52e2591aa9f7211d64c49c4fed8691a183189284

Merge pull request #1018 from giuseppe/seccomp-flags config-linux: support seccomp flags

view details

push time in 7 hours

Pull request review commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.3.0 github.com/prometheus/client_model                  v0.1.0 github.com/prometheus/common                        v0.7.0 github.com/prometheus/procfs                        v0.0.8-github.com/russross/blackfriday                     v1.5.2

I updated https://github.com/containerd/containerd/pull/4239

dims

comment created time in 7 hours

pull request commentcontainerd/containerd

update urfave/cli v1.22.1, go-md2man v2.0.0, blackfriday v2.0.1

Updated this to use urfave/cli v1.22.1, and moved it out of draft

thaJeztah

comment created time in 7 hours

push eventthaJeztah/containerd

Sebastiaan van Stijn

commit sha 9095eb9a0d5d3d62046fd71e7164155b2a6b6499

update urfave/cli v1.22.1, go-md2man v2.0.0, blackfriday v2.0.1 This updates urfave/cli and its dependencies to v1.22.1: - diff for urfave/cli: https://github.com/urfave/cli/compare/v1.22.0...v1.22.1 - diff for go-md2man: https://github.com/cpuguy83/go-md2man/compare/v1.0.10...v2.0.0 - diff for blackfriday: https://github.com/russross/blackfriday/compare/v1.5.2...v2.0.1 Also adds github.com/shurcooL/sanitized_anchor_name as a new dependency, which is used by russross/blackfriday, but will be removed again in a future update (dependency is already removed on the v2 branch through russross/blackfriday@919b1f5b9bfe13933b93762ee39ea97de79039d9 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 7 hours

push eventthaJeztah/containerd

Sebastiaan van Stijn

commit sha f212e7d1fe7cec094f749ca3357c098064de4c08

vendor: github.com/pkg/errors v0.9.1 full diff: https://github.com/pkg/errors/compare/v0.8.1...v0.9.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Akihiro Suda

commit sha 834f58bd0cbeb1e3371f583b745ef0ad2fca238e

Merge pull request #4237 from thaJeztah/bump_pkg_errors vendor: github.com/pkg/errors v0.9.1

view details

Sebastiaan van Stijn

commit sha dc92ad65206d9c43ba87f483a794bc6566e83e91

Replace errors.Cause() with errors.Is() Dependencies may be switching to use the new `%w` formatting option to wrap errors; switching to use `errors.Is()` makes sure that we are still able to unwrap the error and detect the underlying cause. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Michael Crosby

commit sha ed261720c86d1e700cd5d39175128322baac6dda

Update ttrpc/typeurl to v1.0.1 This updates the two packages to their released versions. Signed-off-by: Michael Crosby <michael@thepasture.io>

view details

Michael Crosby

commit sha d5d94afd08644818ba5a37bb2a37edb0600709c1

Merge pull request #4238 from thaJeztah/what_is_the_cause Replace errors.Cause() with errors.Is()

view details

Maksym Pavlenko

commit sha c80284d4b5291a351bb471bcdabb5c1d95e7a583

Merge pull request #4241 from crosbymichael/update-ttrpc-typeurl Update ttrpc/typeurl to v1.0.1

view details

Akihiro Suda

commit sha bd3210d29e0db19ab229f1fbb4b80c018db389f3

remove releases/*-beta.toml Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

view details

Derek McGowan

commit sha e9e765d6e555b3e362a47bdba6580cbcd3537661

Use tagged versions in vendor file Reverts change from tagged versions to sha. Removes tag ambiguity on what version a sha points to when multiple tags available. Makes comparing versions from previous releases more straight forward, without parsing potentially incorrect comment. Fixes sync issue between tag in comment and sha, the selinux comment was incorrect here. Updates reflect2 library to correctly tagged version, includes global variable fix. Signed-off-by: Derek McGowan <derek@mcg.dev>

view details

Derek McGowan

commit sha f5c5c08bedbd916b7b54e88e6c77a2984ed154b5

Merge pull request #4243 from AkihiroSuda/remove-beta-release-notes remove releases/*-beta.toml

view details

Wei Fu

commit sha 83084c9328800291b430c0a27ef629a88e301a46

Merge pull request #4244 from dmcgowan/tagged-vendors Use tagged versions in vendor file

view details

Sebastiaan van Stijn

commit sha 1b9640496e846dc976339bd3f8ad2271c76e749c

ConfigureHosts: remove deprecated DualStack option The `DualStack` option was deprecated in Go 1.12, and is now enabled by default (through commit github.com/golang/go@efc185029bf770894defe63cec2c72a4c84b2ee9). > The Dialer.DualStack field is now meaningless and documented as deprecated. > > To disable fallback, set FallbackDelay to a negative value. The default `FallbackDelay` is 300ms; to make this more explicit, this patch sets `FallbackDelay` to the default value. Note that Docker Hub currently does not support IPv6 (DNS for registry-1.docker.io has no AAAA records, so we should not hit the 300ms delay). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 0d198fd0965f4bba44468793e6b665671c3384d0

vendor: roll docker/distribution back to latest (v2.7.1) release Now that 901bcb2231466229d27aee8d38a6e2fcdc95015e was merged in containerd, we no longer depend on the ParseDockerRef utility from docker/distribution, so we can safely roll back to the latest release for this dependency. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha a4f8be1d4343739227a1a32df039de519c9b388a

vendor: kubernetes v1.18.2 Fix client watch reestablishment handling of client-side timeouts Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 2c77dc63a42f6536e51b5cbb934c0893a4d2c4da

vendor: update containerd/cri to current master - Remove dependency on libcontainer/system - Get rid of socat for port forwarding - Roll docker/distribution back to latest (v2.7.1) release Now that 901bcb2231466229d27aee8d38a6e2fcdc95015e was merged in containerd, we no longer depend on the ParseDockerRef utility from docker/distribution, so we can safely roll back to the latest release for this dependency. - vendor: kubernetes v1.18.2 Fix client watch reestablishment handling of client-side timeouts - Add config flag to default empty seccomp profile Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

payall4u

commit sha b437938d2f237ba3cbb48242c773321c743edac5

Transfer error to ErrNotFound when kill a not exist container, also add test case. Signed-off-by: payall4u <404977848@qq.com> Add integration test case Signed-off-by: payall4u <404977848@qq.com>

view details

Phil Estes

commit sha f03fc406ab6092d935d79a8adb3dbbf1e7443415

Merge pull request #4246 from thaJeztah/bump_cri vendor: update containerd/cri to current master

view details

Phil Estes

commit sha 04985039cede6aafbb7dfb3206c9c4d04e2f924d

Merge pull request #4214 from payall4u/bugfix-check-not-exist Transfer error to ErrNotFound when kill a not exist container

view details

Sebastiaan van Stijn

commit sha c5078a5b7248c386557f89239fef27c19cc39b06

vendor: containerd/continuity d3ef23f19fbb106bb73ffde425d07a9187e30745 full diff: https://github.com/containerd/continuity/compare/0ec596719c75bfd42908850990acea594b7593ac...d3ef23f19fbb106bb73ffde425d07a9187e30745 - fs: support for OpenBSD - sysx/xattr: fix and improve - remove Windows' Readlink fork Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha d9d1d5b624cf997fba66b9ea3242584fbbfb3332

vendor: containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf full diff: https://github.com/containerd/fifo/compare/bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13...f15a3290365b9d2627d189e619ab4008e0069caf - add go.mod - replace "golang.org/x/net/context" Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha f09e999099b1dd3cfef9a91e8a769fe8c160813f

vendor: containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c full diff: https://github.com/containerd/go-runc/compare/a5c2862aed5e6358b305b0e16bfce58e0549b1cd...7016d3ce2328dd2cb1192b2076ebd565c4e8df0c - add go.mod - Parse runc version even if commit is missing Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 7 hours

push eventthaJeztah/containerd

Johannes Frey

commit sha 87f9fdb06519594d8f26d6a20f85e79b9a35d8bf

Cope with double quotes in Linux Mountinfo Signed-off-by: Johannes Frey <me@johannes-frey.de>

view details

Johannes Frey

commit sha cb91b1724dec212db7ba68958f2b7aba8a4ceee9

Add testcase containing mountpoint with escaped backslash Signed-off-by: Johannes Frey <me@johannes-frey.de>

view details

Johannes Frey

commit sha 8897e152030ec3d6076558388f84e447a7be1b64

Add more test cases with single quotes Signed-off-by: Johannes Frey <me@johannes-frey.de>

view details

Johannes Frey

commit sha ee734e867ab9732a7c42028be1e8a8a76ac3da84

Add test case with backticks Signed-off-by: Johannes Frey <me@johannes-frey.de>

view details

Akihiro Suda

commit sha fd99b6566be4f2303e71274976e2cd6eee4553c0

decrease log level of cgroup2 ToggleController error when running in UserNS Fix #4312 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

view details

Sebastiaan van Stijn

commit sha b96f5f4b524f58755ea18540513f80c99cc07b76

Fix deprecation warnings in CRI tests due to missing unix:// scheme [BeforeEach] [k8s.io] Security Context /home/runner/work/containerd/containerd/src/github.com/kubernetes-sigs/cri-tools/pkg/framework/framework.go:50 W0624 12:26:28.532644 30569 util_unix.go:103] Using "/var/run/containerd/containerd.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/containerd/containerd.sock". W0624 12:26:28.532700 30569 util_unix.go:103] Using "/var/run/containerd/containerd.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/containerd/containerd.sock". Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Phil Estes

commit sha f85375bbbd91a13774086065aaf97889a7d428dd

Merge pull request #4341 from thaJeztah/fix_cri_warnings Fix deprecation warnings in CRI tests due to missing unix:// scheme

view details

Avi Deitcher

commit sha e7f069e2c337bf77d31b7460bda980482fdaf508

describe content flow and dependencies Signed-off-by: Avi Deitcher <avi@deitcher.net>

view details

Derek McGowan

commit sha 1127ffc7400e2d1b438979fd782b7ed9c73e5c9b

Merge pull request #4207 from deitch/doc-content describe content flow and dependencies

view details

Michael Crosby

commit sha 492c014136a301eff66a970311cd480d1d31228b

Merge pull request #4340 from AkihiroSuda/fix-4312 decrease log level of cgroup2 ToggleController error when running in UserNS

view details

Michael Crosby

commit sha c75180740937d4b2d44b9c1edc1c27b208e66e32

Merge pull request #4325 from c445/mountinfo-linux-double-quotes Cope with double quotes in Linux Mountinfo

view details

Florian Schmaus

commit sha e977564a8b2bcf57d0c45b0e12b0ecedaeb4debb

seccomp: allow 'rseq' syscall in default seccomp profile Restartable Sequences (rseq) are a kernel-based mechanism for fast update operations on per-core data in user-space. Some libraries, like the newest version of Google's TCMalloc, depend on it [1]. This also makes dockers default seccomp profile on par with systemd's, which enabled 'rseq' in early 2019 [2]. 1: https://google.github.io/tcmalloc/design.html 2: systemd/systemd@6fee3be Signed-off-by: Florian Schmaus <flo@geekplace.eu>

view details

Phil Estes

commit sha 01a53c24b383b4ad991825616a03395b76443434

Merge pull request #4347 from Flowdalic/allow-rseq-seccomp seccomp: allow 'rseq' syscall in default seccomp profile

view details

Brian Goff

commit sha aa191deff1ab80a0dd31538f04bb862591fce10b

Change log for unknown mt to debug This log message shows up in the client's logs. For any media type that the client doesn't know about it will wind up with a warning log. Downgrade this to debug since it is more of a development concern. We encountered this trying to fetch Docker plugins which has a media type for plugin configs. Signed-off-by: Brian Goff <cpuguy83@gmail.com>

view details

Phil Estes

commit sha 97a3f52c6335f24cf7b32e0fcdc8b58e2513d7a7

Merge pull request #4351 from cpuguy83/pull_mediatype_debug Change log for unknown mt to debug

view details

Phil Estes

commit sha 57a9f0b50d6a8dd6e01cd774d6e9fcdd786e5bb0

Minor actions fixes/updates - always apt-get update before installing packages - move to tagged official create_release action The official GH create_release action now has support for body text from file. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>

view details

Akihiro Suda

commit sha 468d4e1ccf4ccb1425cca6417a49837d15605c73

Merge pull request #4356 from estesp/actions-fixes Minor actions fixes/updates

view details

push time in 7 hours

Pull request review commentcontainerd/containerd

[WIP] Update runc to v1.0.0-rc91

 github.com/Microsoft/go-winio                       v0.4.14 github.com/Microsoft/hcsshim                        v0.8.9 github.com/opencontainers/go-digest                 v1.0.0 github.com/opencontainers/image-spec                v1.0.1-github.com/opencontainers/runc                      v1.0.0-rc10-github.com/opencontainers/runtime-spec              v1.0.2+github.com/opencontainers/runc                      v1.0.0-rc91+github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 github.com/pkg/errors                               v0.9.1 github.com/prometheus/client_golang                 v1.3.0 github.com/prometheus/client_model                  v0.1.0 github.com/prometheus/common                        v0.7.0 github.com/prometheus/procfs                        v0.0.8-github.com/russross/blackfriday                     v1.5.2

probably needs blackfriday/v2 ? Perhaps I should dust off https://github.com/containerd/containerd/pull/4239, and change it to urfave v1.22.1, as I think there were some other changes needed

dims

comment created time in 7 hours

push eventdocker/docker.github.io

Ali Oğuzhan Yıldız

commit sha 9031360ae77681cd8e12e0eae25f2ffdb8ed66af

rename psycopg2 to psycopg2-binary

view details

Ali Oğuzhan Yıldız

commit sha f2349251f10bed99a9228a151875409da83d4dec

Merge branch 'master' into patch-1

view details

Andre Almar

commit sha 6f38ea561b0c9bc55813328ad478259e33b8eca4

Fixing ImageList Go code Original: on line 18 we have `images, err := cli.ImageList(context.Background(), types.ImageListOptions{})` which gives us an error of: ``` # command-line-arguments ./main.go:12:2: ctx declared but not used ``` *Fix:* on line 18 we need to have `images, err := cli.ImageList(ctx, types.ImageListOptions{})`

view details

Alan Bondarchuk

commit sha ea11c504106a2bc9ae79ccd4a787182f1b729464

Add missing space (#11061)

view details

Sebastiaan van Stijn

commit sha 6775518067698e85f51b7f9dd3a422c47b173e70

Merge pull request #11059 from andrealmar/fixing-ImageList-Go-code Fixing ImageList Go code

view details

Sobhan Attar

commit sha 9fd5223c7efb5cb6de2d1c5bb21b53140268e03d

add not for non existence daemon.json

view details

Sujay Pillai

commit sha 8d1b473aa721f2b53777faabf46e37ab8863661b

Add a note to create a context in different subscription (#11065) * Add a note to create a context in different subscription * Minor style updates Made a minor tweak to the style and wrapped the new note to 80 chars Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>

view details

Lester Covax

commit sha e43aa440e3f8a945221c90f60867342a8ac699b6

Fixed typo (#11045) s/form/from

view details

Usha Mandya

commit sha 2fbf05c10e7aa18dfc331af4be7a6cc2a7f29231

Merge pull request #11066 from sobhanattar/patch-1 add a note for non existence daemon.json

view details

Usha Mandya

commit sha e7899d34ed7e721a6a0e36874955760be48bd6f3

Merge pull request #7349 from alioguzhan/patch-1 rename psycopg2 to psycopg2-binary

view details

Martin Joly

commit sha dbd9ba12f988f81882f20ed28a8e685d71dd8ae7

Fix wrong information (#10977) Postgres last version is now >12.0.0.

view details

Mathieu Champlon

commit sha dba80f363198da36e61bef6e12c9105710b6eac7

Correct proxies documentation for Docker Desktop (mac) (#11069) * Update index.md The proxies set in the Docker Desktop settings are actually not propagated in the containers automatically. The rationale being that we want the same UX on Windows/Mac and as on Linux. Related to https://github.com/docker/docker.github.io/pull/10890 * Minor update Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>

view details

Mathieu Champlon

commit sha 39a054a0161bad312bc415d434933d7ab6173086

Correct proxies documentation for Docker Desktop (windows) (#10890) * Correct proxies documentation for Docker Desktop The proxies set in the Docker Desktop settings are actually not propagated in the containers automatically. The rationale being that we want the same UX on Windows/Mac and as on Linux. Closes https://github.com/docker/for-win/issues/3676 * Minor style updates * Wrap to 80 chars Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>

view details

Ulysses Souza

commit sha 7b70c20f1f2f02b3917100ab96cb9e0d0a258c7f

Bump docker-compose 1.26.1 (#11068) * Bump docker-compose 1.26.1 Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com> * Minor style updates Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>

view details

Usha Mandya

commit sha ff1578ba9d66d1da608ac66d8ed14f1b5ae861de

Update image push reference

view details

Usha Mandya

commit sha 9031d8729513633e250984015d4d76b594833087

Update to use lowercase

view details

Sebastiaan van Stijn

commit sha 89b17b237fc63ef42f5f9bf4add4c208c8d53da9

Merge pull request #11071 from usha-mandya/compose-push-patch Update image push reference

view details

Sebastiaan van Stijn

commit sha f038b9a4d06abd2e556ff851057c8a9fee4c3a38

Merge pull request #11070 from docker/master Publish the latest updates from master

view details

push time in 18 hours

PR merged docker/docker.github.io

Reviewers
Publish the latest updates from master

PR to publish the latest updates from master

+44 -32

1 comment

12 changed files

usha-mandya

pr closed time in 18 hours

pull request commentcontainerd/cri

Move to go modules

oh, good catch; perhaps (just for testing) rename vendor.conf to see if everything else would work, and then work out how to change that utils.sh

chenrui333

comment created time in 19 hours

pull request commentopencontainers/selinux

pkg/pwalk: fix data race with err

Looks like there's support for github reviews in the v2 syntax that we're using (https://v2-docs.pullapprove.com/groups/github_reviews/), but v3 is the current version of the config format (not sure if that allows approval through comments), but yes, I think GitHub's native reviews should work fine for this

kolyshkin

comment created time in 19 hours

push eventopencontainers/selinux

Kir Kolyshkin

commit sha ed6ee1e4ce75597e22bf2618f0d81d2295664c68

pkg/pwalk: fix data race with err Go race detector found a race in the code wrt err read/write: > $ cd pkg/pwalk && go test -run Many -race . > === RUN TestWalkManyErrors > ================== > WARNING: DATA RACE > Read at 0x00c0000a0510 by goroutine 7: > github.com/opencontainers/selinux/pkg/pwalk.WalkN() > /home/kir/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:91 +0x1f8 > github.com/opencontainers/selinux/pkg/pwalk.Walk() > /home/kir/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:35 +0x321 > ... > Previous write at 0x00c0000a0510 by goroutine 8: > github.com/opencontainers/selinux/pkg/pwalk.WalkN.func1() > /home/kir/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:53 +0xa6 Indeed, we wait for all runner goroutines but do not wait for the filetree reading goroutine (the one that calls filepath.Walk). One way to fix it would be to not assign value to global variable err in the filetree reading goroutine, but do that in a runner. Unfortunately, that way we might mix up and not return the first error. Fix by using waitgroup for the reading goroutine as well. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Sebastiaan van Stijn

commit sha dad7ff989fc5f9ba19a7bf2bbaa62ab59a3d17f9

Merge pull request #109 from kolyshkin/pwalk-race pkg/pwalk: fix data race with err

view details

push time in 19 hours

PR merged opencontainers/selinux

pkg/pwalk: fix data race with err

Fixes: https://github.com/opencontainers/selinux/issues/108

Go race detector found a race in the code wrt err read/write:

cd pkg/pwalk && go test -run Many -race . RUN TestWalkManyErrors

WARNING: DATA RACE Read at 0x00c0000a0510 by goroutine 7: github.com/opencontainers/selinux/pkg/pwalk.WalkN() /home/kir/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:91 +0x1f8 github.com/opencontainers/selinux/pkg/pwalk.Walk() /home/kir/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:35 +0x321 ... Previous write at 0x00c0000a0510 by goroutine 8: github.com/opencontainers/selinux/pkg/pwalk.WalkN.func1() /home/kir/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:53 +0xa6 ...

Indeed, we wait for all runner goroutines but do not wait for the filetree reading goroutine (the one that calls filepath.Walk).

One way to fix it would be to not assign value to global variable err in the filetree reading goroutine, but do that in a runner. Unfortunately, that way we might mix up and not return the first error.

Fix by using waitgroup for the reading goroutine as well. Slightly more complex than not assiging err in there, but guarantee we'll return the first error.

+6 -2

6 comments

1 changed file

kolyshkin

pr closed time in 19 hours

issue closedopencontainers/selinux

data race exists in pwalk

to reproduce: $ TESTFLAGS=-race make test

<snip>
    TestWalk: pwalk_test.go:40: concurrency: 8, files found: 61
--- PASS: TestWalk (0.01s)
=== RUN   TestWalkManyErrors
==================
WARNING: DATA RACE
Read at 0x00c00011a080 by goroutine 17:
  github.com/opencontainers/selinux/pkg/pwalk.WalkN()
      /home/vagrant/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:91 +0x1f8
  github.com/opencontainers/selinux/pkg/pwalk.Walk()
      /home/vagrant/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:35 +0x321
  github.com/opencontainers/selinux/pkg/pwalk.TestWalkManyErrors()
      /home/vagrant/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk_test.go:54 +0x2e8
  testing.tRunner()
      /usr/local/go/src/testing/testing.go:992 +0x1eb

Previous write at 0x00c00011a080 by goroutine 18:
  github.com/opencontainers/selinux/pkg/pwalk.WalkN.func1()
      /home/vagrant/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:53 +0xa6

Goroutine 17 (running) created at:
  testing.(*T).Run()
      /usr/local/go/src/testing/testing.go:1043 +0x660
  testing.runTests.func1()
      /usr/local/go/src/testing/testing.go:1285 +0xa6
  testing.tRunner()
      /usr/local/go/src/testing/testing.go:992 +0x1eb
  testing.runTests()
      /usr/local/go/src/testing/testing.go:1283 +0x527
  testing.(*M).Run()
      /usr/local/go/src/testing/testing.go:1200 +0x2ff
  main.main()
      _testmain.go:48 +0x223

Goroutine 18 (finished) created at:
  github.com/opencontainers/selinux/pkg/pwalk.WalkN()
      /home/vagrant/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:52 +0x125
  github.com/opencontainers/selinux/pkg/pwalk.Walk()
      /home/vagrant/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go:35 +0x321
  github.com/opencontainers/selinux/pkg/pwalk.TestWalkManyErrors()
      /home/vagrant/go/src/github.com/opencontainers/selinux/pkg/pwalk/pwalk_test.go:54 +0x2e8
  testing.tRunner()
      /usr/local/go/src/testing/testing.go:992 +0x1eb
==================
    TestWalkManyErrors: pwalk_test.go:61: found 192 of 361 files
    TestWalkManyErrors: testing.go:906: race detected during execution of test
--- FAIL: TestWalkManyErrors (0.05s)
    : testing.go:906: race detected during execution of test
FAIL
FAIL	github.com/opencontainers/selinux/pkg/pwalk	0.069s
FAIL
make: *** [Makefile:48: test] Error 1

closed time in 19 hours

yulicrunchy

pull request commentopencontainers/selinux

pkg/pwalk: fix data race with err

oh, wow, that's "silly"

kolyshkin

comment created time in 19 hours

pull request commentopencontainers/selinux

pkg/pwalk: fix data race with err

LGTM

kolyshkin

comment created time in 19 hours

pull request commentopencontainers/selinux

pkg/pwalk: fix data race with err

ooooh, so it doesn't look at "reviews", only "comments"?

kolyshkin

comment created time in 19 hours

pull request commentmoby/sys

mountinfo.Mounted: optimize by adding fast paths

Cross is failing;

for os in linux freebsd darwin windows; do \
	for arch in amd64 arm arm64 ppc64le s390x; do \
		echo "$os/$arch" | grep -qE '^((freebsd|darwin|windows)/(ppc64le|s390x)|windows/arm64|freebsd/s390x)$' && continue; \
		echo "# building for $os/$arch"; \
		GOOS=$os GOARCH=$arch go build ./...; \
	done; \
done
# building for linux/amd64
##[error]mount/mount.go:9:2: cannot find package "github.com/moby/sys/mountinfo" in any of:
	/opt/hostedtoolcache/go/1.13.12/x64/src/github.com/moby/sys/mountinfo (from $GOROOT)
	/home/runner/go/src/github.com/moby/sys/mountinfo (from $GOPATH)
##[error]mount/flags_linux.go:4:2: cannot find package "golang.org/x/sys/unix" in any of:
	/opt/hostedtoolcache/go/1.13.12/x64/src/golang.org/x/sys/unix (from $GOROOT)
	/home/runner/go/src/golang.org/x/sys/unix (from $GOPATH)
##[error]Makefile:33: recipe for target 'cross' failed
make: *** [cross] Error 1
##[error]Process completed with exit code 2.

Does it need the same trickery as we use for test? https://github.com/moby/sys/blob/fb9f8cf904285111be4c0db77af0ee5b3b4fdba3/Makefile#L10-L12

Starting to wonder if it would be cleaner to have separate Makefiles in each module, and then call those targets from the main Makefile (also beginning to feel the pain of the submodules 😓 - do you think it causes more issues to have them in the same repository than to have to maintain two repositories?)

kolyshkin

comment created time in 19 hours

pull request commentcontainerd/cri

Move to go modules

Looks like we're getting closer; I see vendor validation is failing:

 ../project/script/validate/vendor
2020/07/01 18:54:44 Collecting initial packages
2020/07/01 18:54:44 Download dependencies
2020/07/01 18:54:47 Starting whole vndr cycle because no package specified
...

And that is because this PR adds a go.mod, but doesn't remove the vendor.conf. The validation script does this check: https://github.com/containerd/project/blob/6cc8c883e567db6fff1adb651e1ccee4c80adb6f/script/validate/vendor#L20-L23

if [ -f vendor.conf ]; then
  rm -rf vendor/
  vndr |& grep -v -i clone
else
  go mod tidy
...
...

So if it finds a vendor.conf if assumes that that's the vendoring tool to use, so if you can remove the vendor.conf (preferably in the same commit as the one that's adding the go.mod), then that check should likely pass.

chenrui333

comment created time in 19 hours

pull request commentmoby/moby

Upgrading the versions of images in Dockerfile.

Thanks, @wanghuaiqing2010 !

wanghuaiqing2010

comment created time in 19 hours

delete branch thaJeztah/docker

delete branch : bump_selinux

delete time in 19 hours

push eventdocker/docker.github.io

Usha Mandya

commit sha ff1578ba9d66d1da608ac66d8ed14f1b5ae861de

Update image push reference

view details

Usha Mandya

commit sha 9031d8729513633e250984015d4d76b594833087

Update to use lowercase

view details

Sebastiaan van Stijn

commit sha 89b17b237fc63ef42f5f9bf4add4c208c8d53da9

Merge pull request #11071 from usha-mandya/compose-push-patch Update image push reference

view details

push time in a day

PR merged docker/docker.github.io

Update image push reference

Made a minor update to the username (Docker ID) and description in the example

+1 -1

2 comments

1 changed file

usha-mandya

pr closed time in a day

issue commentmoby/moby

low memory on start causing strange failure condition

It will be closed if https://github.com/moby/moby/pull/41168 is merged. That doesn't fix the limit itself, but at least produces a more readable error ☺️

benbuzbee

comment created time in a day

Pull request review commentdocker/docker.github.io

Publish the latest updates from master

 For more information, see: #### Proxies  Docker Desktop detects HTTP/HTTPS Proxy Settings from macOS and automatically-propagates these to Docker and to your containers. For example, if you set your+propagates these to Docker. For example, if you set your proxy settings to `http://proxy.example.com`, Docker uses this proxy when pulling containers. -When you start a container, your proxy settings propagate into the containers.-For example:+Your proxy settings, however, will not be propagated into the containers you start.+If you wish to set the proxy settings for your containers, you need to define+environment variables for them, just like you would do on Linux, for example:

Do we no longer set the cli configuration (https://github.com/docker/cli/pull/93)? Or did we not do so on Docker Desktop?

We should probably link to that section to explain how to set these proxies automatically for docker run and docker build (https://github.com/docker/cli/pull/2224)

I think we have another location where we explain those (need to search)

usha-mandya

comment created time in a day

Pull request review commentdocker/docker.github.io

Publish the latest updates from master

 services:    service2:     build: .-    image: youruser/yourimage  # goes to youruser DockerHub registry+    image: youruser/yourimage  # goes to your user DockerHub registry

Wondering if this was a correct change (but I can see the confusion) I think this was meant to spell youruser as that's the example username on Docker Hub.

Perhaps we should change to your-user or your-username or hub-username

We should likely change DockerHub to Docker Hub though 😅

usha-mandya

comment created time in a day

Pull request review commentdocker/docker.github.io

Publish the latest updates from master

 containers. Alternatively, you can opt not to share it by selecting **Cancel**. #### Proxies  Docker Desktop lets you configure HTTP/HTTPS Proxy Settings and-automatically propagates these to Docker and to your containers.  For example,-if you set your proxy settings to `http://proxy.example.com`, Docker uses this-proxy when pulling containers.+automatically propagates these to Docker. For example, if you set your proxy+settings to `http://proxy.example.com`, Docker uses this proxy when pulling containers. -When you start a container, your proxy settings propagate into the containers. For example:+Your proxy settings, however, will not be propagated into the containers you start.+If you wish to set the proxy settings for your containers, you need to define+environment variables for them, just like you would do on Linux, for example:  ```ps-> docker run alpine env+> docker run -e HTTP_PROXY=http://proxy.example.com:3128 alpine env

See my other comment

usha-mandya

comment created time in a day

issue commentmoby/moby

overlay2 infinitely eats server disk space

I do not stop active container/services. But still, having 53GB of stuff here does not make sense.

  • Do you have services/containers that bind-mount paths from the host? (there's known situations where bind-mounting paths from the host can cause mounts from other namespaces to get "pulled" into the container's mount-namespace, and as a result can cause those mounts to not be unmountable, causing them to not be removed)
    • are there errors / warnings in the daemon logs that may be interesting? (e.g. failed to unmount, filesystem in use errors)
  • If you're able to; does the disk space clean up after all containers and images are removed from that host?
  • Do your containers write data to the container's filesystem? What does docker ps -a --size show?
vartagg

comment created time in a day

issue commentmoby/moby

Docker Remote API 1.7 document missing info on ExposedPorts and PortBindings

@anselmobattisti do you have more details (I see you commented in https://github.com/moby/moby/issues/2785#issuecomment-651309741 as well). I'm unable to reproduce that problem;

https://github.com/moby/moby/issues/2785#issuecomment-651746355

Create a foobar container, running nginx:alpine that publishes port 80 on host port 8080:

curl -v \
  --unix-socket /var/run/docker.sock \
  "http://localhost/v1.40/containers/create?name=foobar" \
  -H "Content-Type: application/json" \
  -d '{"Image":"nginx:alpine", "HostConfig":{"PortBindings":{"80/tcp":[{"HostPort":"8080"}]}}}'

Start the container:

curl -v \
  --unix-socket /var/run/docker.sock \
  -X POST \
  "http://localhost/v1.40/containers/foobar/start"

connect to the container and verify that we get the "Welcome to nginx" page

curl -s localhost:8080 | grep Welcome
<title>Welcome to nginx!</title>
<h1>Welcome to nginx!</h1>
hychan

comment created time in a day

issue commentdocker/for-linux

Unable to do dns-lookup when using custom user ids

I created 1000 and all of the 100x users in the same way

Where are you creating the users? Note that for a container, the user doesn't have to exist (when using numeric ID's) the --user option specifies the uid/gid used to start the container's process, but containers are not VM's, and there's no "login session" started, only a sandboxed process.

Do you see the problem with a minimal example, e.g. the one I used above;

docker run --rm -u 1006:1001 --entrypoint="" linuxserver/nextcloud nslookup -type=A google.com
lightlike

comment created time in a day

pull request commentmoby/sys

mountinfo.Mounted: optimize by adding fast paths

Looks like there's still a duplicate declaration for mounted() on darwin;

file darwin freebsd linux windows
mountinfo_unix :white_check_mark: :white_check_mark: :white_check_mark: -
mountinfo_unsupported :white_check_mark: - - -
mountinfo_windows - - - :white_check_mark:
conflict? :warning: :white_check_mark: :white_check_mark: :white_check_mark:
kolyshkin

comment created time in a day

pull request commentdocker/cli

docs/builder: add note about handling of leading whitespace

@silvin-lubecki @tonistiigi PTAL

thaJeztah

comment created time in a day

issue commentmoby/moby

Difference in behaviour between whitespace in front of comments and whitespace in front of empty escaped newlines

I opened https://github.com/docker/cli/pull/2617 to improve the documentation; feel free to comment on that PR if you have suggestions 👍

rcjsuen

comment created time in a day

push eventthaJeztah/cli

Sebastiaan van Stijn

commit sha 6776f7cdcd6b33d749850f26033755ccc395975b

docs/builder: add note about handling of leading whitespace Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in a day

push eventthaJeztah/cli

Sebastiaan van Stijn

commit sha 70cf792bb9fc53434e759e9afcb301f0ef6c1b2e

docs/builder: add note about handling of leading whitespace Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in a day

PR opened docker/cli

docs/builder: add note about handling of leading whitespace area/builder kind/docs process/cherry-pick status/3-docs-review

fixes https://github.com/moby/moby/issues/40781

+28 -0

0 comment

1 changed file

pr created time in a day

create barnchthaJeztah/cli

branch : builder_comment_info

created branch time in a day

pull request commentcontainerd/cri

Move to go modules

Ah, perfect! I think for now we could downgrade logr to v0.1.0 (if that helps making CI pass)

chenrui333

comment created time in a day

pull request commentmoby/moby

vendor: mattn/go-shellwords v1.0.10

Haven't looked closely yet, but I think this dependency overlaps in functionality with google/shlex (wondering if we could replace one for the other)

thaJeztah

comment created time in a day

more