[pull] main from containerd:main #56
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ctions/checkout-5.0.1 build(deps): bump actions/checkout from 5.0.0 to 5.0.1
mkfs.ext4 supports creating filesystems from regular files. Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Bumps [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/containerd/cgroups/releases) - [Commits](containerd/cgroups@v3.1.0...v3.1.1) --- updated-dependencies: - dependency-name: github.com/containerd/cgroups/v3 dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Andrey Noskov <andreyn@microsoft.com>
…b.com/containerd/cgroups/v3-3.1.1 build(deps): bump github.com/containerd/cgroups/v3 from 3.1.0 to 3.1.1
fix: redact all query parameters in CRI error logs
…79ccb9dde build(deps): bump the k8s group with 3 updates
…oftprops/action-gh-release-2.4.2 build(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2
…g-x-c99a2255a7 build(deps): bump the golang-x group across 1 directory with 3 updates
In CI we run make root-test via gotestsum, which executes multiple
package tests concurrently. TestAutoclearTrueLoop attempts to invoke
LOOP_CLR_FD using a device name, which introduces a race condition.
Example race:
Process P1 represents mount.test which runs TestAutoclearTrueLoop
Process P2 represents manager.test which runs TestLoopbackMount
T1: P1 closes fd of loop-device (loop3) (kernel unsets backing-file on close)
T2: P2 gets loop3 from /dev/loop-control
T3: P2 configures loop3 with backing file successfully
T4: P1 invokes removeLoop to clear backing file for loop3
You might see that failure like this
```
=== FAIL: core/mount/manager TestLoopbackMount (0.05s)
log_hook.go:47: time="2025-10-23T21:49:22.532811960Z" level=debug msg="activating mount" func="manager.(*mountManager).Activate" file="/home/runner/work/containerd/containerd/core/mount/manager/manager.go:134" mounts="[{loop /tmp/TestLoopbackMount989607109/001/fs-1621892597 []} {format/ext4 {{ mount 0 }} []}]" name=id1 testcase=TestLoopbackMount
helpers.go:100: unmount /tmp/TestLoopbackMount989607109/001/test-mount-3030342351
manager_linux_test.go:80:
Error Trace: /home/runner/work/containerd/containerd/core/mount/manager/manager_linux_test.go:80
/home/runner/work/containerd/containerd/core/mount/manager/manager_linux_test.go:105
Error: Received unexpected error:
failed to get loop device info: no such device or address
Test: TestLoopbackMount
```
To fix this, the test now compares backing-file's inode directly and does
not call removeLoop when autoclear is set.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@014f16e...fdbfb4d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
`git.kernel.org` is suffering from network flakiness so just use github source for github workflows. Also, upgrade erofs-utils to the latest version, 1.8.10. Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
core/mount.test: should not call removeLoop when set autoclear
ci: use GitHub source for erofs-utils to fix network flakiness
This change maps ctr --gpus requests to CDI device requests. This is done by mapping --gpus ID to a nvidia.com/gpu=ID device request. This removes the dependence on the nvidia-container-cli and instead uses existing CDI specifications for nvidia devices if available on the system. Signed-off-by: Evan Lezar <elezar@nvidia.com>
Add tests for the WithTemporary mount activation used by `ctr images mount`. Covers bind mount and overlay scenarios to catch regressions like #12549. Signed-off-by: Jérôme Poulin <jeromepoulin@gmail.com>
The bind mount created for temporary activations was missing the Options field, causing mount to fail with "no such device" because the MS_BIND flag wasn't being set. Fixes #12549 Signed-off-by: Jérôme Poulin <jeromepoulin@gmail.com>
Signed-off-by: Wei Fu <fuweid89@gmail.com>
.github: skip 5 critest cases for window-2022
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.12.0 to 1.13.1. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](opencontainers/selinux@v1.12.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-version: 1.13.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
bump containerd/cgroups to fix hugetlb.events parse errors Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
bump containerd/cgroups to v3.1.2
Skip processing early if we get a nil adjustment from NRI. Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
ci(release): set GO_VERSION in Dockerfile
…ithub/codeql-action-4.31.5 build(deps): bump github/codeql-action from 4.31.3 to 4.31.5
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@93cb6ef...1af3b93) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ctions/checkout-6.0.0 build(deps): bump actions/checkout from 5.0.1 to 6.0.0
cri/nri: short-circuit nil adjustment.
…b.com/opencontainers/selinux-1.13.1 build(deps): bump github.com/opencontainers/selinux from 1.12.0 to 1.13.1
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.2 to 1.18.3. - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.2...v1.18.3) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.18.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@9255dc7...8b402f5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
plugins/mount/erofs: use fsmount API to avoid PAGE_SIZE limit
…b.com/sirupsen/logrus-1.9.4 build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4
…ctions/cache-5.0.2 build(deps): bump actions/cache from 5.0.1 to 5.0.2
…b.com/klauspost/compress-1.18.3 build(deps): bump github.com/klauspost/compress from 1.18.2 to 1.18.3
…pod events PR #12491 fixed credential leaks in containerd logs but the gRPC error returned to kubelet still contained sensitive information. This was visible in Kubernetes pod events via `kubectl describe pod`. The issue was that SanitizeError was called inside the defer block, but errgrpc.ToGRPC(err) was evaluated before the defer ran, so the gRPC message contained the original unsanitized error. Move SanitizeError before the return statement so both the logged error and the gRPC error are sanitized. Ref: #5453 Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
…c-error-5453 fix: sanitize error before gRPC return to prevent credential leak in pod events
The layer blob immutable flag clearing logic was moved before storage.Remove() call to ensure that immutable files can be properly removed even if subsequent operations fail after storage.Remove(). The previous order had storage.Remove() called first, which meant if any subsequent operations failed, there would be no opportunity to remove the immutable flag on the layer blob files. Signed-off-by: jinda.ljd <jinda.ljd@alibaba-inc.com>
erofs: Move immutable file handling before storage.Remove
erofs-differ: use same UUID append style in tar index mode as tar conversion mode
Signed-off-by: Adrien Delorme <azr@users.noreply.github.com>
stability: multipart fetch pool
The CRI ImageId field was added in kubernetes/kubernetes#123508 to provide a unique image identifier on the node, separate from ImageRef which contains the manifest list digest for multi-arch images. Previously, ImageId was not populated, leaving it empty in the CRI response. This change populates ImageId with the platform-specific image config digest (stored in container.ImageRef during container creation). The ImageRef field continues to return the manifest list digest for backwards compatibility. Signed-off-by: Avinesh Singh <Avinesh.Singh@deshaw.com>
Signed-off-by: Avinesh Singh <Avinesh.Singh@deshaw.com>
Fix go mod replace and sync with latest api changes
Signed-off-by: Derek McGowan <derek@mcg.dev>
buf will generate the protobuf text file which can be used for viewing all protobuf changes in one file and quickly diffing changes. Signed-off-by: Derek McGowan <derek@mcg.dev>
Generate api/next.txtpb and name module
…cri-field cri: populate ImageId field in container status
Signed-off-by: Wei Fu <fuweid89@gmail.com>
.github: re-enable windows image pull/list tests
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
CI: add almalinux/10
Change the mkfs.erofs command logging to Debug level in both ConvertTarErofs and GenerateTarIndexAndAppendTar. This keeps Info level quiet as intended per project conventions while still making the commands visible for debugging. Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
…ogs-fix erofs: Log mkfs command at Debug level
…no-such-device Fix ctr image mount failing with no such device
Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
ci: bump go 1.24.12, 1.25.6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )