The github.com/mitchellh/hashstructure/v2 module was archived, and
there's a maintained fork in the gohugoio org.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Merge the `tracing/env` and `tracing/exec` package into a single package
with some common types shared between the two.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Use os.OpenRoot for resolv.conf and hosts state file creation, and
adapt executor callers and tests to the root-relative helper API.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The moby/profiles/seccomp module was extracted from the Moby repository
at commit [e1281f09fceec4aab518267c319a7bd4c79cf3c5][1].
[1]: e1281f09fc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Rewrite the resolvconf code to use libnetwork's internal packege, which
allows us to skip some of the moby-specific handling (writing to a file,
creating a hash of the file to detect changes made by the user (not
supported by BuildKit, which always mounts read-only).
This rewrite also allows us to skip GetNameservers, GetSearchDomains, GetOptions,
and FilterResolvDNS, which repeatedly would parse the resolvconf file for
each of them.
The new code parses the original resolvconf once, after which mutations
(overrides) are done in memory, after which we generate the resolv.conf to
write to disk.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a fork of github.com/docker/docker/daemon/libnetwork/internal/resolvconf,
taken at commit [254f64ded64027db0d2d1531a8ef9015de68e2f2]. I did not
preserve git history for this one (just a copy), but history can be found
in the Moby repository if needed.
[254f64ded64027db0d2d1531a8ef9015de68e2f2]: 254f64ded6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Convert usages of `github.com/docker/docker/pkg/idtools` to
`github.com/moby/sys/user` in order to break the dependency between
buildkit and docker.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Currently, mounts are not supported for WCOW builds,
see #5678. This commit introduces support for
bind and cache mounts. The remaining two require
a little more work and consultation with the platform
teams for enlightment.
WIP Checklist:
- [x] Support for bind mounts
- [x] Support for cache mounts
- [x] add frontend/dockerfile integration tests
- [x] add client integration tests (not all, `llb.AddMount` not
complete)
Fixes#5603
Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
Commit 4b85f11164 migrated the use of the
userns package to the github.com/moby/sys/user module.
After further discussion with maintainers, it was decided to move the
userns package to a separate module, as it has no direct relation with
"user" operations (other than having "user" in its name).
This patch migrates our code to use the new module.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The userns package in libcontainer was integrated into the moby/sys/user
module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1].
The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.
[1]: 3778ae603c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Historic layer limit for Docker images is 127. Because in
overlayfs mounting 127 layers usually reaches the page size
limit of mount options in Linux kernel, there is special code
to work around the limitation.
This custom code was used for rootfs of container because
runc takes rootfs as a directory path, meaning buildkit needs
to mount it and then pass the path. For non-rootfs mounts
runc takes them as direct mount configuration and performs
the mount itself. As runc does not have this special way to
mount long overlayfs mounts it will perform the mount with clipped
options what will fail in some way in kernel depending on the
precise cutoff point.
Workaround is to detect when the mount passed to runc is too
long for runc to mount it itself and it that case let
BuildKit mount it and in runc perform bind of the BuildKit mount.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The source path changed in v0.13 and there are reports
that new path can cause error on starting a container. While
this is investigated, check for missing path and make
mounting optional like it was in v0.12.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
While submount paths were already validated there are some
cases where the parent mount may not be immutable while the
submount is created.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 2529ec4121bcd8c35bcd96218083da175c2e5b77)
