diff --git a/go.mod b/go.mod index ce52a422248a..5989608159d6 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.15 github.com/aws/aws-sdk-go-v2/service/s3 v1.48.1 github.com/containerd/console v1.0.4 - github.com/containerd/containerd v1.7.20 + github.com/containerd/containerd v1.7.21 github.com/containerd/containerd/api v1.7.19 github.com/containerd/continuity v0.4.3 github.com/containerd/errdefs v0.1.0 diff --git a/go.sum b/go.sum index f4354f0d06e6..037e3e16b805 100644 --- a/go.sum +++ b/go.sum @@ -94,8 +94,8 @@ github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaD github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= -github.com/containerd/containerd v1.7.20 h1:Sl6jQYk3TRavaU83h66QMbI2Nqg9Jm6qzwX57Vsn1SQ= -github.com/containerd/containerd v1.7.20/go.mod h1:52GsS5CwquuqPuLncsXwG0t2CiUce+KsNHJZQJvAgR0= +github.com/containerd/containerd v1.7.21 h1:USGXRK1eOC/SX0L195YgxTHb0a00anxajOzgfN0qrCA= +github.com/containerd/containerd v1.7.21/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g= github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA= github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= diff --git a/vendor/github.com/containerd/containerd/BUILDING.md b/vendor/github.com/containerd/containerd/BUILDING.md index 1a688169bf61..911e48742cdf 100644 --- a/vendor/github.com/containerd/containerd/BUILDING.md +++ b/vendor/github.com/containerd/containerd/BUILDING.md @@ -15,7 +15,7 @@ This doc includes: To build the `containerd` daemon, and the `ctr` simple test client, the following build system dependencies are required: -* Go 1.21.x or above +* Go 1.22.x or above * Protoc 3.x compiler and headers (download at the [Google protobuf releases page](https://github.com/protocolbuffers/protobuf/releases)) * Btrfs headers and libraries for your distribution. Note that building the btrfs driver can be disabled via the build tag `no_btrfs`, removing this dependency. diff --git a/vendor/github.com/containerd/containerd/Vagrantfile b/vendor/github.com/containerd/containerd/Vagrantfile index 63cfa47d713e..401f7198f0a2 100644 --- a/vendor/github.com/containerd/containerd/Vagrantfile +++ b/vendor/github.com/containerd/containerd/Vagrantfile @@ -104,7 +104,7 @@ EOF config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.21.12", + 'GO_VERSION': ENV['GO_VERSION'] || "1.22.6", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/vendor/github.com/containerd/containerd/archive/tar.go b/vendor/github.com/containerd/containerd/archive/tar.go index cdc7e14bfd85..c61f89ec8d8a 100644 --- a/vendor/github.com/containerd/containerd/archive/tar.go +++ b/vendor/github.com/containerd/containerd/archive/tar.go @@ -29,9 +29,10 @@ import ( "syscall" "time" + "github.com/moby/sys/userns" + "github.com/containerd/containerd/archive/tarheader" "github.com/containerd/containerd/pkg/epoch" - "github.com/containerd/containerd/pkg/userns" "github.com/containerd/continuity/fs" "github.com/containerd/log" ) diff --git a/vendor/github.com/containerd/containerd/archive/tar_unix.go b/vendor/github.com/containerd/containerd/archive/tar_unix.go index 8e883eee6275..fa611006098f 100644 --- a/vendor/github.com/containerd/containerd/archive/tar_unix.go +++ b/vendor/github.com/containerd/containerd/archive/tar_unix.go @@ -27,10 +27,11 @@ import ( "strings" "syscall" - "github.com/containerd/containerd/pkg/userns" + "github.com/moby/sys/userns" + "golang.org/x/sys/unix" + "github.com/containerd/continuity/fs" "github.com/containerd/continuity/sysx" - "golang.org/x/sys/unix" ) func chmodTarEntry(perm os.FileMode) os.FileMode { diff --git a/vendor/github.com/containerd/containerd/cio/io.go b/vendor/github.com/containerd/containerd/cio/io.go index 11724f8d88fe..8bd14c89c7fb 100644 --- a/vendor/github.com/containerd/containerd/cio/io.go +++ b/vendor/github.com/containerd/containerd/cio/io.go @@ -268,26 +268,6 @@ func BinaryIO(binary string, args map[string]string) Creator { } } -// TerminalBinaryIO forwards container STDOUT|STDERR directly to a logging binary -// It also sets the terminal option to true -func TerminalBinaryIO(binary string, args map[string]string) Creator { - return func(_ string) (IO, error) { - uri, err := LogURIGenerator("binary", binary, args) - if err != nil { - return nil, err - } - - res := uri.String() - return &logURI{ - config: Config{ - Stdout: res, - Stderr: res, - Terminal: true, - }, - }, nil - } -} - // LogFile creates a file on disk that logs the task's STDOUT,STDERR. // If the log file already exists, the logs will be appended to the file. func LogFile(path string) Creator { diff --git a/vendor/github.com/containerd/containerd/cio/io_unix.go b/vendor/github.com/containerd/containerd/cio/io_unix.go index 9dc21dcc88c0..7038883cec46 100644 --- a/vendor/github.com/containerd/containerd/cio/io_unix.go +++ b/vendor/github.com/containerd/containerd/cio/io_unix.go @@ -22,6 +22,7 @@ import ( "context" "fmt" "io" + "net/url" "os" "path/filepath" "sync" @@ -158,3 +159,37 @@ func NewDirectIO(ctx context.Context, fifos *FIFOSet) (*DirectIO, error) { }, }, err } + +// TerminalLogURI provides the raw logging URI +// as well as sets the terminal option to true. +func TerminalLogURI(uri *url.URL) Creator { + return func(_ string) (IO, error) { + return &logURI{ + config: Config{ + Stdout: uri.String(), + Stderr: uri.String(), + Terminal: true, + }, + }, nil + } +} + +// TerminalBinaryIO forwards container STDOUT|STDERR directly to a logging binary +// It also sets the terminal option to true +func TerminalBinaryIO(binary string, args map[string]string) Creator { + return func(_ string) (IO, error) { + uri, err := LogURIGenerator("binary", binary, args) + if err != nil { + return nil, err + } + + res := uri.String() + return &logURI{ + config: Config{ + Stdout: res, + Stderr: res, + Terminal: true, + }, + }, nil + } +} diff --git a/vendor/github.com/containerd/containerd/cio/io_windows.go b/vendor/github.com/containerd/containerd/cio/io_windows.go index 59b14c42ffc5..d67c4b30b3cf 100644 --- a/vendor/github.com/containerd/containerd/cio/io_windows.go +++ b/vendor/github.com/containerd/containerd/cio/io_windows.go @@ -20,6 +20,7 @@ import ( "context" "fmt" "io" + "net/url" winio "github.com/Microsoft/go-winio" "github.com/containerd/log" @@ -155,3 +156,42 @@ func NewDirectIOFromFIFOSet(ctx context.Context, stdin io.WriteCloser, stdout, s }, } } + +// TerminalLogURI provides the raw logging URI +// as well as sets the terminal option to true. +func TerminalLogURI(uri *url.URL) Creator { + return func(_ string) (IO, error) { + return &logURI{ + config: Config{ + Terminal: true, + Stdout: uri.String(), + + // Windows HCSShim requires that stderr is an empty string when using terminal. + // https://github.com/microsoft/hcsshim/blob/200feabd854da69f615a598ed6a1263ce9531676/cmd/containerd-shim-runhcs-v1/service_internal.go#L127 + Stderr: "", + }, + }, nil + } +} + +// TerminalBinaryIO forwards container STDOUT|STDERR directly to a logging binary +// It also sets the terminal option to true +func TerminalBinaryIO(binary string, args map[string]string) Creator { + return func(_ string) (IO, error) { + uri, err := LogURIGenerator("binary", binary, args) + if err != nil { + return nil, err + } + + return &logURI{ + config: Config{ + Terminal: true, + Stdout: uri.String(), + + // Windows HCSShim requires that stderr is an empty string when using terminal. + // https://github.com/microsoft/hcsshim/blob/200feabd854da69f615a598ed6a1263ce9531676/cmd/containerd-shim-runhcs-v1/service_internal.go#L127 + Stderr: "", + }, + }, nil + } +} diff --git a/vendor/github.com/containerd/containerd/diff/apply/apply_linux.go b/vendor/github.com/containerd/containerd/diff/apply/apply_linux.go index ee30a1d1c711..99f3278de9f2 100644 --- a/vendor/github.com/containerd/containerd/diff/apply/apply_linux.go +++ b/vendor/github.com/containerd/containerd/diff/apply/apply_linux.go @@ -23,12 +23,12 @@ import ( "os" "strings" + "github.com/moby/sys/userns" + "golang.org/x/sys/unix" + "github.com/containerd/containerd/archive" "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/pkg/userns" "github.com/containerd/errdefs" - - "golang.org/x/sys/unix" ) func apply(ctx context.Context, mounts []mount.Mount, r io.Reader, sync bool) (retErr error) { diff --git a/vendor/github.com/containerd/containerd/mount/mount_linux.go b/vendor/github.com/containerd/containerd/mount/mount_linux.go index 34aa639bb604..402def9c79f9 100644 --- a/vendor/github.com/containerd/containerd/mount/mount_linux.go +++ b/vendor/github.com/containerd/containerd/mount/mount_linux.go @@ -26,7 +26,7 @@ import ( "strings" "time" - "github.com/containerd/containerd/pkg/userns" + "github.com/moby/sys/userns" "golang.org/x/sys/unix" ) diff --git a/vendor/github.com/containerd/containerd/oci/utils_unix.go b/vendor/github.com/containerd/containerd/oci/utils_unix.go index b3cb8a600d90..602bbed148f5 100644 --- a/vendor/github.com/containerd/containerd/oci/utils_unix.go +++ b/vendor/github.com/containerd/containerd/oci/utils_unix.go @@ -24,7 +24,7 @@ import ( "os" "path/filepath" - "github.com/containerd/containerd/pkg/userns" + "github.com/moby/sys/userns" specs "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" ) diff --git a/vendor/github.com/containerd/containerd/pkg/deprecation/deprecation.go b/vendor/github.com/containerd/containerd/pkg/deprecation/deprecation.go index 06fda0638c01..813a0da3ae0f 100644 --- a/vendor/github.com/containerd/containerd/pkg/deprecation/deprecation.go +++ b/vendor/github.com/containerd/containerd/pkg/deprecation/deprecation.go @@ -73,11 +73,11 @@ var messages = map[Warning]string{ "Use a v2 runtime and `options` instead.", CRIRuntimeRoot: "The `runtime_root` property of [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.*] is deprecated since containerd v1.3 and will be removed in containerd v2.0. " + "Use a v2 runtime and `options.Root` instead.", - CRIRegistryMirrors: "The `mirrors` property of `[plugins.\"io.containerd.grpc.v1.cri\".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.0. " + + CRIRegistryMirrors: "The `mirrors` property of `[plugins.\"io.containerd.grpc.v1.cri\".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.1. " + "Use `config_path` instead.", - CRIRegistryAuths: "The `auths` property of `[plugins.\"io.containerd.grpc.v1.cri\".registry]` is deprecated since containerd v1.3 and will be removed in containerd v2.0. " + + CRIRegistryAuths: "The `auths` property of `[plugins.\"io.containerd.grpc.v1.cri\".registry]` is deprecated since containerd v1.3 and will be removed in containerd v2.1. " + "Use `ImagePullSecrets` instead.", - CRIRegistryConfigs: "The `configs` property of `[plugins.\"io.containerd.grpc.v1.cri\".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.0. " + + CRIRegistryConfigs: "The `configs` property of `[plugins.\"io.containerd.grpc.v1.cri\".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.1. " + "Use `config_path` instead.", CRIAPIV1Alpha2: "CRI API v1alpha2 is deprecated since containerd v1.7 and removed in containerd v2.0. Use CRI API v1 instead.", AUFSSnapshotter: "The aufs snapshotter is deprecated since containerd v1.5 and removed in containerd v2.0. Use the overlay snapshotter instead.", diff --git a/vendor/github.com/containerd/containerd/pkg/userns/userns_linux.go b/vendor/github.com/containerd/containerd/pkg/userns/userns_linux.go deleted file mode 100644 index 6656465efbca..000000000000 --- a/vendor/github.com/containerd/containerd/pkg/userns/userns_linux.go +++ /dev/null @@ -1,62 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package userns - -import ( - "bufio" - "fmt" - "os" - "sync" -) - -var ( - inUserNS bool - nsOnce sync.Once -) - -// RunningInUserNS detects whether we are currently running in a user namespace. -// Originally copied from github.com/lxc/lxd/shared/util.go -func RunningInUserNS() bool { - nsOnce.Do(func() { - file, err := os.Open("/proc/self/uid_map") - if err != nil { - // This kernel-provided file only exists if user namespaces are supported - return - } - defer file.Close() - - buf := bufio.NewReader(file) - l, _, err := buf.ReadLine() - if err != nil { - return - } - - line := string(l) - var a, b, c int64 - fmt.Sscanf(line, "%d %d %d", &a, &b, &c) - - /* - * We assume we are in the initial user namespace if we have a full - * range - 4294967295 uids starting at uid 0. - */ - if a == 0 && b == 0 && c == 4294967295 { - return - } - inUserNS = true - }) - return inUserNS -} diff --git a/vendor/github.com/containerd/containerd/pkg/userns/userns_unsupported.go b/vendor/github.com/containerd/containerd/pkg/userns/userns_unsupported.go deleted file mode 100644 index c67f773d0a1e..000000000000 --- a/vendor/github.com/containerd/containerd/pkg/userns/userns_unsupported.go +++ /dev/null @@ -1,25 +0,0 @@ -//go:build !linux - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package userns - -// RunningInUserNS is a stub for non-Linux systems -// Always returns false -func RunningInUserNS() bool { - return false -} diff --git a/vendor/github.com/containerd/containerd/services/introspection/local.go b/vendor/github.com/containerd/containerd/services/introspection/local.go index 757408bbde80..8c992047dcfb 100644 --- a/vendor/github.com/containerd/containerd/services/introspection/local.go +++ b/vendor/github.com/containerd/containerd/services/introspection/local.go @@ -163,6 +163,9 @@ func (l *Local) getUUID() (string, error) { } return "", err } + if len(data) == 0 { + return l.generateUUID() + } u := string(data) if _, err := uuid.Parse(u); err != nil { return "", err diff --git a/vendor/github.com/containerd/containerd/snapshots/overlay/overlayutils/check.go b/vendor/github.com/containerd/containerd/snapshots/overlay/overlayutils/check.go index 313947b0772a..23a39e016d21 100644 --- a/vendor/github.com/containerd/containerd/snapshots/overlay/overlayutils/check.go +++ b/vendor/github.com/containerd/containerd/snapshots/overlay/overlayutils/check.go @@ -24,9 +24,10 @@ import ( "path/filepath" "syscall" + "github.com/moby/sys/userns" + kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion" "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/pkg/userns" "github.com/containerd/continuity/fs" "github.com/containerd/log" ) diff --git a/vendor/github.com/containerd/containerd/sys/oom_linux.go b/vendor/github.com/containerd/containerd/sys/oom_linux.go index bb2a3eafb4f9..01ebbebb5960 100644 --- a/vendor/github.com/containerd/containerd/sys/oom_linux.go +++ b/vendor/github.com/containerd/containerd/sys/oom_linux.go @@ -22,7 +22,7 @@ import ( "strconv" "strings" - "github.com/containerd/containerd/pkg/userns" + "github.com/moby/sys/userns" "golang.org/x/sys/unix" ) diff --git a/vendor/github.com/containerd/containerd/task_opts.go b/vendor/github.com/containerd/containerd/task_opts.go index 7bcd8a4e6aa0..3774d6592d58 100644 --- a/vendor/github.com/containerd/containerd/task_opts.go +++ b/vendor/github.com/containerd/containerd/task_opts.go @@ -158,6 +158,12 @@ type ProcessDeleteOpts func(context.Context, Process) error // WithProcessKill will forcefully kill and delete a process func WithProcessKill(ctx context.Context, p Process) error { + // Skip killing tasks with PID 0 + // https://github.com/containerd/containerd/issues/10441 + if p.Pid() == 0 { + return nil + } + ctx, cancel := context.WithCancel(ctx) defer cancel() // ignore errors to wait and kill as we are forcefully killing diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index d9fdca56654c..315867d21f5a 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.7.20+unknown" + Version = "1.7.21+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/vendor/modules.txt b/vendor/modules.txt index f2297b36092a..4757a66465ff 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -252,7 +252,7 @@ github.com/containerd/cgroups/stats/v1 # github.com/containerd/console v1.0.4 ## explicit; go 1.13 github.com/containerd/console -# github.com/containerd/containerd v1.7.20 +# github.com/containerd/containerd v1.7.21 ## explicit; go 1.21 github.com/containerd/containerd github.com/containerd/containerd/archive @@ -301,7 +301,6 @@ github.com/containerd/containerd/pkg/transfer github.com/containerd/containerd/pkg/transfer/proxy github.com/containerd/containerd/pkg/transfer/streaming github.com/containerd/containerd/pkg/unpack -github.com/containerd/containerd/pkg/userns github.com/containerd/containerd/plugin github.com/containerd/containerd/protobuf github.com/containerd/containerd/protobuf/proto