From 5d666ca66a8020779f3c2cca1050fcb0e3d9f4dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Mar 2022 13:34:02 +0000 Subject: [PATCH 1/2] Bump github.com/containerd/containerd from 1.5.9 to 1.5.10 Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.5.9 to 1.5.10. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](https://github.com/containerd/containerd/compare/v1.5.9...v1.5.10) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- .../containerd/runtime/v2/shim/shim.go | 6 ++++-- .../containerd/runtime/v2/shim/shim_unix.go | 20 ++++++++++++++++++- .../runtime/v2/shim/shim_windows.go | 5 ++++- .../containerd/containerd/version/version.go | 2 +- vendor/modules.txt | 2 +- 7 files changed, 32 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 510141ab4b..cabbfe58e5 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/cenkalti/backoff/v4 v4.1.1 github.com/containerd/cgroups v1.0.1 github.com/containerd/console v1.0.2 - github.com/containerd/containerd v1.5.9 + github.com/containerd/containerd v1.5.10 github.com/containerd/go-runc v1.0.0 github.com/containerd/ttrpc v1.1.0 github.com/containerd/typeurl v1.0.2 diff --git a/go.sum b/go.sum index db343ac1fe..2e89f181d7 100644 --- a/go.sum +++ b/go.sum @@ -136,8 +136,8 @@ github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7 github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI= github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= -github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4= -github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= +github.com/containerd/containerd v1.5.10 h1:3cQ2uRVCkJVcx5VombsE7105Gl9Wrl7ORAO3+4+ogf4= +github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= diff --git a/vendor/github.com/containerd/containerd/runtime/v2/shim/shim.go b/vendor/github.com/containerd/containerd/runtime/v2/shim/shim.go index c14aacca99..fbdee6047a 100644 --- a/vendor/github.com/containerd/containerd/runtime/v2/shim/shim.go +++ b/vendor/github.com/containerd/containerd/runtime/v2/shim/shim.go @@ -214,7 +214,7 @@ func run(id string, initFunc Init, config Config) error { "pid": os.Getpid(), "namespace": namespaceFlag, }) - go handleSignals(ctx, logger, signals) + go reap(ctx, logger, signals) response, err := service.Cleanup(ctx) if err != nil { return err @@ -310,7 +310,9 @@ func (s *Client) Serve() error { dumpStacks(logger) } }() - return handleSignals(s.context, logger, s.signals) + ctx, cancel := context.WithCancel(s.context) + go handleExitSignals(ctx, logger, cancel) + return reap(ctx, logger, s.signals) } // serve serves the ttrpc API over a unix socket at the provided path diff --git a/vendor/github.com/containerd/containerd/runtime/v2/shim/shim_unix.go b/vendor/github.com/containerd/containerd/runtime/v2/shim/shim_unix.go index a61b642089..ce599a501d 100644 --- a/vendor/github.com/containerd/containerd/runtime/v2/shim/shim_unix.go +++ b/vendor/github.com/containerd/containerd/runtime/v2/shim/shim_unix.go @@ -70,7 +70,7 @@ func serveListener(path string) (net.Listener, error) { return l, nil } -func handleSignals(ctx context.Context, logger *logrus.Entry, signals chan os.Signal) error { +func reap(ctx context.Context, logger *logrus.Entry, signals chan os.Signal) error { logger.Info("starting signal loop") for { @@ -78,6 +78,8 @@ func handleSignals(ctx context.Context, logger *logrus.Entry, signals chan os.Si case <-ctx.Done(): return ctx.Err() case s := <-signals: + // Exit signals are handled separately from this loop + // They get registered with this channel so that we can ignore such signals for short-running actions (e.g. `delete`) switch s { case unix.SIGCHLD: if err := reaper.Reap(); err != nil { @@ -89,6 +91,22 @@ func handleSignals(ctx context.Context, logger *logrus.Entry, signals chan os.Si } } +func handleExitSignals(ctx context.Context, logger *logrus.Entry, cancel context.CancelFunc) { + ch := make(chan os.Signal, 32) + signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM) + + for { + select { + case s := <-ch: + logger.WithField("signal", s).Debugf("Caught exit signal") + cancel() + return + case <-ctx.Done(): + return + } + } +} + func openLog(ctx context.Context, _ string) (io.Writer, error) { return fifo.OpenFifoDup2(ctx, "log", unix.O_WRONLY, 0700, int(os.Stderr.Fd())) } diff --git a/vendor/github.com/containerd/containerd/runtime/v2/shim/shim_windows.go b/vendor/github.com/containerd/containerd/runtime/v2/shim/shim_windows.go index 7339eb2a2e..955e2aecab 100644 --- a/vendor/github.com/containerd/containerd/runtime/v2/shim/shim_windows.go +++ b/vendor/github.com/containerd/containerd/runtime/v2/shim/shim_windows.go @@ -48,10 +48,13 @@ func serveListener(path string) (net.Listener, error) { return nil, errors.New("not supported") } -func handleSignals(ctx context.Context, logger *logrus.Entry, signals chan os.Signal) error { +func reap(ctx context.Context, logger *logrus.Entry, signals chan os.Signal) error { return errors.New("not supported") } +func handleExitSignals(ctx context.Context, logger *logrus.Entry, cancel context.CancelFunc) { +} + func openLog(ctx context.Context, _ string) (io.Writer, error) { return nil, errors.New("not supported") } diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index dda0ee93f6..73857aef8d 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.5.9+unknown" + Version = "1.5.10+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/vendor/modules.txt b/vendor/modules.txt index 2377e56d43..6462b39e28 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -21,7 +21,7 @@ github.com/containerd/cgroups/stats/v1 # github.com/containerd/console v1.0.2 ## explicit; go 1.13 github.com/containerd/console -# github.com/containerd/containerd v1.5.9 +# github.com/containerd/containerd v1.5.10 ## explicit; go 1.16 github.com/containerd/containerd/api/events github.com/containerd/containerd/api/services/ttrpc/events/v1 From 6401141451f8c89df2f1cacd47095ab49203dbff Mon Sep 17 00:00:00 2001 From: Maksim An Date: Thu, 3 Mar 2022 16:27:20 -0800 Subject: [PATCH 2/2] go mod tidy && go mod vendor test folder Signed-off-by: Maksim An --- test/go.mod | 2 +- test/go.sum | 4 +-- .../github.com/Microsoft/hcsshim/go.mod | 2 +- .../github.com/Microsoft/hcsshim/go.sum | 4 +-- .../containerd/containerd/.golangci.yml | 2 +- .../containerd/containerd/Vagrantfile | 2 +- .../containerd/containerd/oci/spec_opts.go | 26 +++++++++++++++++++ .../containerd/containerd/version/version.go | 2 +- test/vendor/modules.txt | 2 +- 9 files changed, 36 insertions(+), 10 deletions(-) diff --git a/test/go.mod b/test/go.mod index 91ad52c757..a0dacbfa68 100644 --- a/test/go.mod +++ b/test/go.mod @@ -5,7 +5,7 @@ go 1.16 require ( github.com/Microsoft/go-winio v0.4.17 github.com/Microsoft/hcsshim v0.8.23 - github.com/containerd/containerd v1.5.9 + github.com/containerd/containerd v1.5.10 github.com/containerd/go-runc v1.0.0 github.com/containerd/ttrpc v1.1.0 github.com/containerd/typeurl v1.0.2 diff --git a/test/go.sum b/test/go.sum index 567b80976e..b5048924d3 100644 --- a/test/go.sum +++ b/test/go.sum @@ -121,8 +121,8 @@ github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMX github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ= github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= -github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4= -github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= +github.com/containerd/containerd v1.5.10 h1:3cQ2uRVCkJVcx5VombsE7105Gl9Wrl7ORAO3+4+ogf4= +github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= diff --git a/test/vendor/github.com/Microsoft/hcsshim/go.mod b/test/vendor/github.com/Microsoft/hcsshim/go.mod index 510141ab4b..cabbfe58e5 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/go.mod +++ b/test/vendor/github.com/Microsoft/hcsshim/go.mod @@ -8,7 +8,7 @@ require ( github.com/cenkalti/backoff/v4 v4.1.1 github.com/containerd/cgroups v1.0.1 github.com/containerd/console v1.0.2 - github.com/containerd/containerd v1.5.9 + github.com/containerd/containerd v1.5.10 github.com/containerd/go-runc v1.0.0 github.com/containerd/ttrpc v1.1.0 github.com/containerd/typeurl v1.0.2 diff --git a/test/vendor/github.com/Microsoft/hcsshim/go.sum b/test/vendor/github.com/Microsoft/hcsshim/go.sum index db343ac1fe..2e89f181d7 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/go.sum +++ b/test/vendor/github.com/Microsoft/hcsshim/go.sum @@ -136,8 +136,8 @@ github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7 github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI= github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= -github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4= -github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= +github.com/containerd/containerd v1.5.10 h1:3cQ2uRVCkJVcx5VombsE7105Gl9Wrl7ORAO3+4+ogf4= +github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= diff --git a/test/vendor/github.com/containerd/containerd/.golangci.yml b/test/vendor/github.com/containerd/containerd/.golangci.yml index 9fa9f44d63..4eba7d8d19 100644 --- a/test/vendor/github.com/containerd/containerd/.golangci.yml +++ b/test/vendor/github.com/containerd/containerd/.golangci.yml @@ -6,7 +6,7 @@ linters: - unconvert - gofmt - goimports - - golint + - revive - ineffassign - vet - unused diff --git a/test/vendor/github.com/containerd/containerd/Vagrantfile b/test/vendor/github.com/containerd/containerd/Vagrantfile index 2d790a774b..e294fe111f 100644 --- a/test/vendor/github.com/containerd/containerd/Vagrantfile +++ b/test/vendor/github.com/containerd/containerd/Vagrantfile @@ -77,7 +77,7 @@ Vagrant.configure("2") do |config| config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.16.12", + 'GO_VERSION': ENV['GO_VERSION'] || "1.16.14", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/test/vendor/github.com/containerd/containerd/oci/spec_opts.go b/test/vendor/github.com/containerd/containerd/oci/spec_opts.go index 5a952f6166..4199a85d93 100644 --- a/test/vendor/github.com/containerd/containerd/oci/spec_opts.go +++ b/test/vendor/github.com/containerd/containerd/oci/spec_opts.go @@ -590,6 +590,8 @@ func WithUser(userstr string) SpecOpts { if err != nil { return err } + + mounts = tryReadonlyMounts(mounts) return mount.WithTempMount(ctx, mounts, f) default: return fmt.Errorf("invalid USER value %s", userstr) @@ -643,6 +645,8 @@ func WithUserID(uid uint32) SpecOpts { if err != nil { return err } + + mounts = tryReadonlyMounts(mounts) return mount.WithTempMount(ctx, mounts, func(root string) error { user, err := UserFromPath(root, func(u user.User) bool { return u.Uid == int(uid) @@ -692,6 +696,8 @@ func WithUsername(username string) SpecOpts { if err != nil { return err } + + mounts = tryReadonlyMounts(mounts) return mount.WithTempMount(ctx, mounts, func(root string) error { user, err := UserFromPath(root, func(u user.User) bool { return u.Name == username @@ -776,6 +782,8 @@ func WithAdditionalGIDs(userstr string) SpecOpts { if err != nil { return err } + + mounts = tryReadonlyMounts(mounts) return mount.WithTempMount(ctx, mounts, setAdditionalGids) } } @@ -1264,3 +1272,21 @@ func WithDevShmSize(kb int64) SpecOpts { return ErrNoShmMount } } + +// tryReadonlyMounts is used by the options which are trying to get user/group +// information from container's rootfs. Since the option does read operation +// only, this helper will append ReadOnly mount option to prevent linux kernel +// from syncing whole filesystem in umount syscall. +// +// TODO(fuweid): +// +// Currently, it only works for overlayfs. I think we can apply it to other +// kinds of filesystem. Maybe we can return `ro` option by `snapshotter.Mount` +// API, when the caller passes that experimental annotation +// `containerd.io/snapshot/readonly.mount` something like that. +func tryReadonlyMounts(mounts []mount.Mount) []mount.Mount { + if len(mounts) == 1 && mounts[0].Type == "overlay" { + mounts[0].Options = append(mounts[0].Options, "ro") + } + return mounts +} diff --git a/test/vendor/github.com/containerd/containerd/version/version.go b/test/vendor/github.com/containerd/containerd/version/version.go index dda0ee93f6..73857aef8d 100644 --- a/test/vendor/github.com/containerd/containerd/version/version.go +++ b/test/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.5.9+unknown" + Version = "1.5.10+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/test/vendor/modules.txt b/test/vendor/modules.txt index f3b797862a..87353b20ac 100644 --- a/test/vendor/modules.txt +++ b/test/vendor/modules.txt @@ -80,7 +80,7 @@ github.com/cenkalti/backoff/v4 github.com/containerd/cgroups/stats/v1 # github.com/containerd/console v1.0.2 github.com/containerd/console -# github.com/containerd/containerd v1.5.9 +# github.com/containerd/containerd v1.5.10 ## explicit github.com/containerd/containerd github.com/containerd/containerd/api/events