JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,755 Commits
7 Branches
72 Tags
27 MiB
Commit Graph

59 Commits (2abe963e5967232b9b4fee07162b7a55f8bcea46)

Author SHA1 Message Date
Tonis Tiigi bdcee17437 executor: change mount to struct 
Allows readonly passed cleanly.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-11-02 22:20:51 -08:00
Tonis Tiigi e3b05289d8 add session injection to remote loading 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-11-02 22:20:44 -08:00
Akihiro Suda dda009a58c
Merge pull request #1739 from tonistiigi/empty-layer 
clear file mount stubs and fix empty layer cases
 2020-10-21 00:42:45 +09:00
Cory Bennett b464f1e315 update go-runc to use runc.ExitError for container exec status 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-10-20 06:44:29 +00:00
Edgar Lee 5eaecb905c
Merge pull request #1731 from coryb/issue-1714 
add tty support for runc executor
 2020-10-19 14:52:31 -07:00
Tonis Tiigi 17b4ca1edf executor: remove stub files from rootfs 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-10-18 23:39:17 -07:00
Cory Bennett e308ef7874 add tty support for runc executor 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-10-16 17:36:56 +00:00
Lu Jingxiao 5e7ae230b2 Add hostname specifying for building 
Fix: #1301

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
 2020-10-14 14:45:36 +08:00
Cory Bennett 355e937e15 update gateway to add ability to run and exec into containers 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-08-31 21:13:59 +00:00
Cory Bennett 93344a9d24 remove *pixel from winsize struct, tweak ExitError handling for ctx.Err 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-31 20:22:12 +00:00
Cory Bennett 4b456f17f4 wrap errors from executor Run/Exec to allow access to exit code 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-31 19:14:30 +00:00
Sebastiaan van Stijn f26452a847
executor/oci.GetUser(): remove unused context 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-07-30 11:31:03 +02:00
Tonis Tiigi 57a88b0afb lint: add misspell and unused 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-07-18 08:13:57 -07:00
Cory Bennett 5909d1642e simplify done channel handling, fix other pr comments. 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-11 01:14:37 +00:00
Cory Bennett 5e91dff4ed fix error handling for exec when container fails to start 
update run/exec tests for stdin and expected failures
move common tests for runc and container to shared tests package

Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-10 22:06:42 +00:00
Cory Bennett 6d58121c11 Update Executor interface for Run and Exec 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-09 23:40:36 +00:00
Tonis Tiigi 90288ab716 errdefs: update to new packages 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-04-24 11:25:44 -07:00
Tonis Tiigi 0ef435687b runcexecutor: update go-runc call after contract change 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-09-11 10:57:51 -07:00
Akihiro Suda 5559a45319
Merge pull request #1139 from tonistiigi/oomscoreadj 
runcexecutor: avoid setting oomscoreadj from main process
 2019-08-19 15:17:59 +09:00
Tonis Tiigi a0dead0809 fix possible double release on mountable 
Refactor the interface to avoid such issues in the future.

BuildKit own mounts are stateless and not affected but
a different mountable implementation could get confused.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-08-16 08:03:16 -07:00
Tonis Tiigi 25ebc26d21 runcexecutor: avoid setting oomscoreadj from main process 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-08-15 23:16:02 -07:00
Tonis Tiigi 2cd19dbc34 executor: ignore workdir if already exists 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-07-26 16:28:43 -07:00
Tibor Vass 8e692507ee executor: allow setting DNSConfig to be used by resolvconf 
This patch allows downstream code to pass a DNSConfig that is
then used by executor/oci.GetResolvConf.

This would allow the BuildKit-based builder in Docker to honor
the docker daemon's DNS configuration, thus fixing a feature gap
with the legacy builder.

Signed-off-by: Tibor Vass <tibor@docker.com>
 2019-06-17 20:43:33 +00:00
Tonis Tiigi 7b41906d89 executor: create hosts and resolv.conf with userns root 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-06-10 16:35:03 -07:00
Tonis Tiigi e7ad765fcd executor: create directories as 711 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-06-10 16:34:09 -07:00
Tonis Tiigi 858b4c7076 executor: make sure cwd created with correct user 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-05-11 22:11:26 -07:00
Akihiro Suda eba3ffc268 runexecutor: support NoPivot 
This flag allows DOCKER_BUILDKIT to be running on minikube host: https://github.com/kubernetes/minikube/issues/4143

moby/builder/build-next needs to be updated to set NoPivot when
$DOCKER_RAMDISK is set.

This flag is deprecated from its birth and not exposed to the standalone buildkitd OCI worker.
See https://github.com/kubernetes/minikube/issues/3512

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-05-07 23:22:55 +09:00
Tonis Tiigi 9f53ea3d78 userns support for sources and executor 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-04-02 18:26:04 -07:00
Kunal Kushwaha a2bbb5ff39 security entitlement support 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 2019-03-27 13:57:03 +09:00
Akihiro Suda c54f4a986d support --oci-worker-no-process-sandbox 
Note that this mode allows build executor containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
This mode should be enabled only when the BuildKit is running in a container as an unprivileged user.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2019-01-08 10:42:52 +09:00
Tonis Tiigi 76692bbe5f executor: clean up static config files 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-03 13:59:33 -07:00
Tonis Tiigi f99352fee1 solver: make sure to return proper canceled errors 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-26 17:38:16 -07:00
Tonis Tiigi bb3dc1b918 runc: fix process leak on cancellation 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-20 11:06:40 -07:00
Tonis Tiigi 4e810968f4 runcexecutor: revert forwardio 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-11 22:40:48 -07:00
Anda Xu b0677e7ef1 allow customized cgroup-parent for runcexecutor 
Signed-off-by: Anda Xu <anda.xu@docker.com>
 2018-09-05 12:53:57 -07:00
Tibor Vass 2f0c048493 network: move handling of NetMode_UNSET to Default() 
This allows other workers to implement their own behavior for NetMode_UNSET

Signed-off-by: Tibor Vass <tibor@docker.com>
 2018-08-23 00:06:06 +00:00
Michael Crosby b97bc71adb Refactor networking with ns paths 
This fixes the issues where buildkit and callers do not have to be a
subpreaper in order to use networking.  I can add CNI provider later,
with a hidden sub command to create a new network namespace and bind
mount it to buildkit's state dir.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-08-21 13:37:47 -04:00
Tonis Tiigi 130f5f5ab0 solver: net host with basic entitlements support 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-09 14:03:35 -07:00
Tonis Tiigi f8dd602282 runc: improve canceling 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-07 11:51:56 -07:00
Kunal Kushwaha 765f1b64b9 executor: allow network providers 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-07 11:51:56 -07:00
Tonis Tiigi 96f24ca7bb executor: improve hosts cleanup 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-03 14:01:54 -07:00
Tonis Tiigi 4945fe758c llbsolver: add support for extra host records 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-03 13:56:13 -07:00
Miyachi Katsuya e1895c398c feat: create workdir permission with 755 according to existing docker 2018-07-23 18:21:03 +09:00
Akihiro Suda 72327724c0 rootless: refactor libcontainer_specconv 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-07-04 19:27:54 +09:00
Akihiro Suda f9eeae6f48 rootless: remove MapSubUIDGID flag that is ignored when already in userns 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-07-02 19:11:30 +09:00
Anda Xu 7f64188f17 add missing supplementary group IDs 
Signed-off-by: Anda Xu <anda.xu@docker.com>
 2018-06-29 18:50:03 -07:00
Akihiro Suda 43af03e59a oci-executor: eval symlink for root 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-06-07 16:05:06 +09:00
Akihiro Suda adef0dedef oci-worker: experimental support for rootless mode 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-05-31 16:05:13 +09:00
Tonis Tiigi 3b874e95f1 executor: runtime check if seccomp is supported 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-05-24 16:34:35 -07:00
Tonis Tiigi 566e28c174 snapshot: update mounts to mountable interface 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-04-27 17:58:24 -07:00