Commit Graph

5 Commits (8c9ff8697051ff5ee3388aa72f9d77945e87cb87)

Author SHA1 Message Date
Paul "TBBle" Hampson 8cd927c788 Refactor OCI Spec generation to use oci.SpecOpts more
This has the nice side-effect of unifying the mount- and
non-mount-changes made due to processMode and securityMode.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-07-31 02:49:39 +10:00
Paul "TBBle" Hampson 9fd4d731d6 Fix oci.hasPrefix to operate correctly on Windows
Due to use of filepath.Clean(), on Windows we end up operating on the
paths in Windows-slashed form, even if the inputs were Unix-slashed.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-07-28 18:07:20 +10:00
Chanhun Jeong d3d9abb100 fix mount options for userns env
Signed-off-by: Chanhun Jeong <chanhun.jeong@navercorp.com>
Signed-off-by: Sunho Kim <z.sunno@navercorp.com>
2020-06-05 03:52:00 +09:00
Akihiro Suda c54f4a986d support --oci-worker-no-process-sandbox
Note that this mode allows build executor containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
This mode should be enabled only when the BuildKit is running in a container as an unprivileged user.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-01-08 10:42:52 +09:00
Kunal Kushwaha e991a846be Default mounts set for buildkit
containerd/oci_specs mounts /run, which is not
required by buildkit.

Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
2018-06-07 14:43:44 +09:00