Cache mount instances are shared between multiple vertextes/builds
so if one of the cloned instance gets committed reference count
will get corrupted as other parts of the code still see reference as
mountable.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 3660e5f9c8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The FlagsUsed contains a list of flags that were used, which allows the classic
(non-buildkit) builder in dockerd to produce an error when non-supported options
are used in a Dockerfile.
This is a short-term solution; a more permanent solution will be to keep track
of which version of the Dockerfile syntax is supported, and to have the classic
builder pass the maximum supported version of the syntax.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ebed917e43)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Cache mismatch can happen if fileop switches input indexes
between different actions.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 8d70777537)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Seccomp 2.4.2 is needed for new time64 syscalls not to error in
applications
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 1fd4c49605)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Set's an apparmor profile on the OCI spec if one is configred on the
worker.
Adds selinux labels to containers (only added if selinux is enabled on
the system).
This assumes that the specified apparmor profile is already loaded on
the system and does not try to load it or even check if it is loaded.
SELinux support requires the `selinux` build tag to be added.
Likewise, `runc` would require both the `apparmor` and `selinux` build
tags.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Vendored go-selinux to v1.8.0
Fixed tests
Signed-off-by: Tibor Vass <tibor@docker.com>
There was a race with context getting cancelled and new request
arriving that could resulted new request to receive cancelled result
as well. This happened because lock was held when getting the Done()
channel but it could have been already released by the time returned
channel was closed.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Preprocess should not be taken into account when calculating
cache-slow state. But it should be used to detect if dep is complete
so preprocess runs before parent's exec function.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
- this allows one to use a non-standard ssh username like repo@host
rather than assuming it must be git@host
Signed-off-by: Alex Couture-Beil <alex@earthly.dev>
If source root sets the platform for a state, vertexes should
keep that instead of using the global value passed on marshal.
Already worked properly for exec, but not for file.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Tõnis Tiigi
Tibor Vass
Sebastiaan van Stijn
Brian Goff
Tibor Vass
Akihiro Suda
Alex Couture-Beil
CrazyMax
CrazyMax