JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,042 Commits
7 Branches
72 Tags
26 MiB
Commit Graph

62 Commits (04d84a9c0cb28344c6ae4b79eceeaa07df274e0f)

Author SHA1 Message Date
Tibor Vass 1571380b2d executor/oci: fix panic when resolv.conf does not exist 
Signed-off-by: Tibor Vass <tibor@docker.com>
 2019-10-10 23:24:17 +00:00
Tibor Vass 0696bf3885 executor/oci: add TestResolvConfNotExist 
Signed-off-by: Tibor Vass <tibor@docker.com>
 2019-10-10 23:24:17 +00:00
Tonis Tiigi 0ef435687b runcexecutor: update go-runc call after contract change 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-09-11 10:57:51 -07:00
Akihiro Suda 5559a45319
Merge pull request #1139 from tonistiigi/oomscoreadj 
runcexecutor: avoid setting oomscoreadj from main process
 2019-08-19 15:17:59 +09:00
Tonis Tiigi a0dead0809 fix possible double release on mountable 
Refactor the interface to avoid such issues in the future.

BuildKit own mounts are stateless and not affected but
a different mountable implementation could get confused.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-08-16 08:03:16 -07:00
Tonis Tiigi 25ebc26d21 runcexecutor: avoid setting oomscoreadj from main process 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-08-15 23:16:02 -07:00
Tonis Tiigi 2cd19dbc34 executor: ignore workdir if already exists 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-07-26 16:28:43 -07:00
Andrey Smirnov 5dbb31a212 Use oci.With helpers 
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
 2019-07-18 17:35:31 +03:00
Andrey Smirnov 0abd2ca506 Fix updating /sys/fs/cgroup mount to 'rw' 
There were two bugs: Mount was matched by Type which is actually
`cgroup`, not `sysfs`. And the second problem was that copy of the value
was modified, not value in the slice.

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
 2019-07-18 01:09:58 +03:00
Tibor Vass 144958f91d executor/oci: compile on windows 
Signed-off-by: Tibor Vass <tibor@docker.com>
 2019-07-09 23:38:42 +00:00
Tibor Vass 8e692507ee executor: allow setting DNSConfig to be used by resolvconf 
This patch allows downstream code to pass a DNSConfig that is
then used by executor/oci.GetResolvConf.

This would allow the BuildKit-based builder in Docker to honor
the docker daemon's DNS configuration, thus fixing a feature gap
with the legacy builder.

Signed-off-by: Tibor Vass <tibor@docker.com>
 2019-06-17 20:43:33 +00:00
Tonis Tiigi 7b41906d89 executor: create hosts and resolv.conf with userns root 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-06-10 16:35:03 -07:00
Tonis Tiigi e7ad765fcd executor: create directories as 711 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-06-10 16:34:09 -07:00
Tibor Vass 749294397b executor: use systemd resolvconf if enabled 
Signed-off-by: Tibor Vass <tibor@docker.com>
 2019-06-04 15:22:47 +00:00
Tonis Tiigi 858b4c7076 executor: make sure cwd created with correct user 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-05-11 22:11:26 -07:00
Akihiro Suda 38d16c97cf executor/oci: remove /proc masks for NoProcessSandBox mode 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-05-08 22:04:41 +09:00
Akihiro Suda eba3ffc268 runexecutor: support NoPivot 
This flag allows DOCKER_BUILDKIT to be running on minikube host: https://github.com/kubernetes/minikube/issues/4143

moby/builder/build-next needs to be updated to set NoPivot when
$DOCKER_RAMDISK is set.

This flag is deprecated from its birth and not exposed to the standalone buildkitd OCI worker.
See https://github.com/kubernetes/minikube/issues/3512

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-05-07 23:22:55 +09:00
Tonis Tiigi 9f53ea3d78 userns support for sources and executor 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-04-02 18:26:04 -07:00
Kunal Kushwaha a2bbb5ff39 security entitlement support 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 2019-03-27 13:57:03 +09:00
Akihiro Suda c54f4a986d support --oci-worker-no-process-sandbox 
Note that this mode allows build executor containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
This mode should be enabled only when the BuildKit is running in a container as an unprivileged user.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2019-01-08 10:42:52 +09:00
Tonis Tiigi 09742778eb oci: avoid nonewprivileges in default spec 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-12-10 10:58:12 +00:00
Tonis Tiigi 76692bbe5f executor: clean up static config files 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-03 13:59:33 -07:00
Tonis Tiigi 9dc04755dd executor: reset file limit in default spec 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-02 23:24:43 -07:00
Tonis Tiigi cd451ec063 executor: make sure hostname is resolvable 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-02 23:24:37 -07:00
Tonis Tiigi ec0e352aae executor: mount cgroups in default spec 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-02 23:22:07 -07:00
Tonis Tiigi f99352fee1 solver: make sure to return proper canceled errors 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-26 17:38:16 -07:00
Tonis Tiigi 895950cecf executor: fix submount symlink resolution 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-24 17:42:38 -07:00
Tonis Tiigi bb3dc1b918 runc: fix process leak on cancellation 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-20 11:06:40 -07:00
Tonis Tiigi 0940cdc6fe update golint comments 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-18 22:06:47 -07:00
Tonis Tiigi 4e810968f4 runcexecutor: revert forwardio 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-11 22:40:48 -07:00
Michael Crosby 8eed5bfd15 Provide nil stdin to containerd when not required 
This allows builds that inspect stdin to not block and hang forever.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-09-11 14:22:22 -07:00
Anda Xu b0677e7ef1 allow customized cgroup-parent for runcexecutor 
Signed-off-by: Anda Xu <anda.xu@docker.com>
 2018-09-05 12:53:57 -07:00
Tibor Vass 2f0c048493 network: move handling of NetMode_UNSET to Default() 
This allows other workers to implement their own behavior for NetMode_UNSET

Signed-off-by: Tibor Vass <tibor@docker.com>
 2018-08-23 00:06:06 +00:00
Michael Crosby b97bc71adb Refactor networking with ns paths 
This fixes the issues where buildkit and callers do not have to be a
subpreaper in order to use networking.  I can add CNI provider later,
with a hidden sub command to create a new network namespace and bind
mount it to buildkit's state dir.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-08-21 13:37:47 -04:00
Tonis Tiigi 130f5f5ab0 solver: net host with basic entitlements support 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-09 14:03:35 -07:00
Tonis Tiigi f8dd602282 runc: improve canceling 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-07 11:51:56 -07:00
Kunal Kushwaha 765f1b64b9 executor: allow network providers 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-07 11:51:56 -07:00
Tonis Tiigi 96f24ca7bb executor: improve hosts cleanup 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-03 14:01:54 -07:00
Tonis Tiigi 4945fe758c llbsolver: add support for extra host records 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-03 13:56:13 -07:00
Miyachi Katsuya e1895c398c feat: create workdir permission with 755 according to existing docker 2018-07-23 18:21:03 +09:00
Akihiro Suda 72327724c0 rootless: refactor libcontainer_specconv 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-07-04 19:27:54 +09:00
Akihiro Suda f9eeae6f48 rootless: remove MapSubUIDGID flag that is ignored when already in userns 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-07-02 19:11:30 +09:00
Anda Xu 7f64188f17 add missing supplementary group IDs 
Signed-off-by: Anda Xu <anda.xu@docker.com>
 2018-06-29 18:50:03 -07:00
Akihiro Suda 43af03e59a oci-executor: eval symlink for root 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-06-07 16:05:06 +09:00
Kunal Kushwaha e991a846be Default mounts set for buildkit 
containerd/oci_specs mounts /run, which is not
required by buildkit.

Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 2018-06-07 14:43:44 +09:00
Akihiro Suda adef0dedef oci-worker: experimental support for rootless mode 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-05-31 16:05:13 +09:00
Tonis Tiigi 3b874e95f1 executor: runtime check if seccomp is supported 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-05-24 16:34:35 -07:00
Tonis Tiigi 566e28c174 snapshot: update mounts to mountable interface 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-04-27 17:58:24 -07:00
Tonis Tiigi bab967b352 runc: set command name from config 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-04-18 17:01:20 -07:00
Tonis Tiigi 2dba0488c8 runc: make command name configurable 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-04-17 20:39:19 -07:00