Fixes#5906, reverts #5980
Previously, due to lack of a sync mechanism, we'd end up
with some race condition (occassionally) due to one deferred
disableProcessPrivileges call happening before the rest
complete.
Fix this by introducing a mutex to coordinate the enabling
and disabling of the privileges.
Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
Allows similar time-based filter that is allowed for
prune requests so that DiskUsage request can be used to
check which records would be candidates for pruning.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Convert usages of `github.com/docker/docker/pkg/idtools` to
`github.com/moby/sys/user` in order to break the dependency between
buildkit and docker.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
When free-space filter is set without max-space or reserved-space
filter, the behaviour is that if the filter matches some records
then these records would be pruned, but if it doesn't match any
(there are more free space than filter sets already) then the keepBytes
would be left to 0, resulting records to be deleted as if no storage
constraint was set at all.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Currently, mounts are not supported for WCOW builds,
see #5678. This commit introduces support for
bind and cache mounts. The remaining two require
a little more work and consultation with the platform
teams for enlightment.
WIP Checklist:
- [x] Support for bind mounts
- [x] Support for cache mounts
- [x] add frontend/dockerfile integration tests
- [x] add client integration tests (not all, `llb.AddMount` not
complete)
Fixes#5603
Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
This is blocking upgrade to Github Actions Cache V2 API and
update to latest release has not happened.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Clears ModeIrregular from the checksum generation. This may be sent by
the client when the version of Go used is post Go 1.23. The behavior of
`os.Stat` was modified in Go 1.23 to set `ModeIrregular` on reparse
points in Windows. This clears `ModeIrregular` when any mode is set
which was the previous behavior of `os.Stat`.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
The prune logic would prune multiple times because one prune could cause
more things to be capable of pruning and change the logic. This was done
through a recursive invocation.
Since go doesn't have support for function tail calls, this would result
in a new stack entry for each loop. This unrolls the logic so the prune
function is invoked iteratively rather than recursively.
`prune` and `pruneOnce` have also had their names swapped. In general,
`pruneOnce` implies that it runs a single prune while `prune` sounds
like the top level function. The current code had this reversed and
`pruneOnce` would call `prune` and `prune` would call itself
recursively.
I've also updated a section in the controller that invoked prune on each
worker. In older versions of Go, the current version was correct because
those versions of Go would reuse the location for each loop which would
cause goroutines to all reference the same worker instead of different
workers.
Recent versions of Go have changed the behavior so this is no longer
needed.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
In this case the current stack trace points to the line
where the context was created. Instead the stack should be
captured when the defer is running so the return path to
the defer call is also part of the stack.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Before this commit, HandleChange would always recursively remove records
whenever any Modify change was applied to a directory path.
This was wasteful in the case where HandleChange was called only due to
a metadata modification to a directory. In that case, it makes sense to
*update* the directory's node but no existing entries under the
directory need to be thrown away.
Now, we only recursively remove records under a directory for the Delete
case and when a Modify change replaces a directory with a non-directory.
Signed-off-by: Erik Sipsma <erik@sipsma.dev>
