Commit Graph

253 Commits

Author SHA1 Message Date
Vigilans
30ef2919a9 Rename isolated to hypervIsolation
Signed-off-by: Vigilans <vigilans@foxmail.com>
2025-09-16 23:59:37 +08:00
Vigilans
209509356a Support isolated option in containerd executor in Windows
Signed-off-by: Vigilans <vigilans@foxmail.com>
2025-09-15 17:32:18 +08:00
CrazyMax
d31230ea96 lint: gopls fixes
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-09-09 14:13:04 +02:00
CrazyMax
9b68dbe71d simplify resolvconf path resolution
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-07-23 09:26:32 +02:00
CrazyMax
05c55e56fd move resolvconf package to util
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-07-23 09:26:31 +02:00
Sebastiaan van Stijn
db725345ce executor/oci: migrate to moby/profiles/seccomp module
The moby/profiles/seccomp module was extracted from the Moby repository
at commit [e1281f09fceec4aab518267c319a7bd4c79cf3c5][1].

[1]: e1281f09fc

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-22 18:14:12 +02:00
Sebastiaan van Stijn
4e1e0fe7f6 executor/oci: use buildkit bklog instead of containerd/log
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-21 15:11:16 +02:00
Sebastiaan van Stijn
2614833a2a executor/oci: resolvconf: use buildkit errdefs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-21 15:08:40 +02:00
Sebastiaan van Stijn
ce4e767ffe executor/oci: resolvconf: remove unused code
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-21 15:08:40 +02:00
Sebastiaan van Stijn
b2d103fecf executor/oci: use fork of libnetwork/resolvconf
Rewrite the resolvconf code to use libnetwork's internal packege, which
allows us to skip some of the moby-specific handling (writing to a file,
creating a hash of the file to detect changes made by the user (not
supported by BuildKit, which always mounts read-only).

This rewrite also allows us to skip GetNameservers, GetSearchDomains, GetOptions,
and FilterResolvDNS, which repeatedly would parse the resolvconf file for
each of them.

The new code parses the original resolvconf once, after which mutations
(overrides) are done in memory, after which we generate the resolv.conf to
write to disk.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-21 15:08:40 +02:00
Sebastiaan van Stijn
504b10d47b executor/oci: resolvconf: rewrite tests using testify
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-21 15:08:39 +02:00
Sebastiaan van Stijn
44a7014d69 executor/oci: add fork of moby resolvconf (does not compile)
Add a fork of github.com/docker/docker/daemon/libnetwork/internal/resolvconf,
taken at commit [254f64ded64027db0d2d1531a8ef9015de68e2f2]. I did not
preserve git history for this one (just a copy), but history can be found
in the Moby repository if needed.

[254f64ded64027db0d2d1531a8ef9015de68e2f2]: 254f64ded6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-21 15:08:39 +02:00
Tonis Tiigi
9fcedf9807 update gopls to go1.24 compatible version
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-05-07 18:23:20 -07:00
Tonis Tiigi
69d3d44145 lint: add unconvert
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-05-02 12:44:01 -07:00
Tonis Tiigi
c6a1dcd6b5 lint: correcting errorlint and some err113 cases
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-05-02 12:19:22 -07:00
Tonis Tiigi
f1f56c2b77 golangci-lint: v2 upgrade
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-05-02 12:19:17 -07:00
Jonathan A. Sternberg
66016a8c63 vendor: switch from idtools to moby/sys/user
Convert usages of `github.com/docker/docker/pkg/idtools` to
`github.com/moby/sys/user` in order to break the dependency between
buildkit and docker.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2025-04-02 10:22:02 -05:00
Tonis Tiigi
b5286f8dcb apply x/tools/modernize fixes
Autogenerated with couple of manual patches.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-03-07 08:18:45 -08:00
Anthony Nandaa
877d8a771e feat: wcow: add support for bind and cache mounts
Currently, mounts are not supported for WCOW builds,
see #5678. This commit introduces support for
bind and cache mounts. The remaining two require
a little more work and consultation with the platform
teams for enlightment.

WIP Checklist:

- [x] Support for bind mounts
- [x] Support for cache mounts
- [x] add frontend/dockerfile integration tests
- [x] add client integration tests (not all, `llb.AddMount` not
  complete)

Fixes #5603

Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
2025-02-20 21:19:03 +03:00
CrazyMax
3c072dcffc cdi: support custom and wildcard class for injection
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-02-11 16:38:23 +01:00
Tonis Tiigi
f61e01c14c llbsolver: on-demand CDI devices with automatic setup
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-02-11 11:21:48 +01:00
CrazyMax
6667434ec4 cdi: support optional devices
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-02-11 11:21:47 +01:00
CrazyMax
d69cc70521 cdi: use worker cdi manager when generating devices oci spec
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-02-11 11:21:47 +01:00
Tonis Tiigi
3adcf53d1a enable CDI by default for buildkitd
Access should be managed by entitlements checks

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-02-11 11:21:46 +01:00
CrazyMax
319bf56d8d exec: cdi device support
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-02-11 11:21:44 +01:00
Marat Radchenko
5be7edb69c Upgrade to containerd 2
Co-authored-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
2025-01-13 16:42:48 -08:00
Marat Radchenko
0a5a80cfec Remove pre-Go 1.17 build tags
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
2024-11-21 10:58:27 +03:00
Tonis Tiigi
e05a89e0b8 improve stacks of cancels from defers
In this case the current stack trace points to the line
where the context was created. Instead the stack should be
captured when the defer is running so the return path to
the defer call is also part of the stack.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-11-19 18:40:00 -08:00
Sebastiaan van Stijn
c8f9cd7068 util/system: remove Atime implementation for containerd/continuity/fs
These were added in 0b5a315c22, because the
continuity/fs package did not provide a Windows implementation. They
were upstreamed in [continuity@3cbda8c], which is part of continuity v0.4.4,
so we can remove the implementation here.

[continuity@3cbda8c]: 3cbda8c24b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-11-19 22:36:35 +01:00
MohammadHasan Akbari
41124702e0 fix: lint ci issue
Signed-off-by: MohammadHasan Akbari <jarqvi.jarqvi@gmail.com>
2024-10-02 09:12:27 +00:00
MohammadHasan Akbari
b4fd6b4f76 chore: return an error when AppArmor is unsupported and profile specifie
Signed-off-by: MohammadHasan Akbari <jarqvi.jarqvi@gmail.com>
2024-10-01 06:19:40 +00:00
Tõnis Tiigi
e15601a00f Merge pull request #5339 from jedevc/exec-exit-codes
exec: allow specifying non-zero exit codes for execs
2024-09-17 10:21:13 -07:00
Justin Chadwell
7e6c20a0db exec: allow specifying non-zero exit codes for execs
Signed-off-by: Justin Chadwell <me@jedevc.com>
2024-09-17 11:36:07 +01:00
Tõnis Tiigi
734a6cc656 Merge pull request #5276 from slonopotamus/darwin
Add stub implementations to make buildkitd buildable for Darwin
2024-09-16 14:25:57 -07:00
Marat Radchenko
64f4631d8b Add stub implementations to make buildkitd build for Darwin
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
2024-09-16 12:18:36 +03:00
CrazyMax
d09677c568 Merge pull request #5207 from Ka0o0/fix-resolvd-host-network
fix: check network mode when choosing resolv.conf
2024-09-02 09:16:59 +02:00
Tõnis Tiigi
11a4a07060 Merge pull request #5260 from tonistiigi/executor-oomkiller
executor: detect containers killed by OOMKiller
2024-08-23 12:54:46 +03:00
Tonis Tiigi
bc9e857d0f executor: detect containers killed by OOMKiller
If container exits with error and has invoked OOMKiller
mark the origin error as ENOMEM so that it can be detected
on the client side.

gRPC will set ENOMEM as codes.ResouceExhausted based on #5182

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-08-16 11:56:58 +03:00
Tonis Tiigi
df0d9d791d ci: update golangci-lint to v1.60.1
Previous version runs out of memory on go1.23

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-08-14 16:29:22 +03:00
Kai Takac
fa157f452d In host networking mode, unconditionally use "/etc/resolv.conf"
Signed-off-by: Kai Takac <kai.takac@gmail.com>
2024-08-12 09:01:37 +02:00
thompson-shaun
b9992472a4 Merge pull request #5179 from tonistiigi/executor-err-upt
executor error improvements
2024-08-09 11:27:35 -04:00
Sebastiaan van Stijn
b4a189390e migrate to github.com/moby/sys/userns
Commit 4b85f11164 migrated the use of the
userns package to the github.com/moby/sys/user module.

After further discussion with maintainers, it was decided to move the
userns package to a separate module, as it has no direct relation with
"user" operations (other than having "user" in its name).

This patch migrates our code to use the new module.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-08 12:36:57 +02:00
Sebastiaan van Stijn
86b550e427 migrate to github.com/moby/sys/user/userns
The userns package in libcontainer was integrated into the moby/sys/user
module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1].

The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.

[1]: 3778ae603c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-25 14:11:04 +02:00
Tonis Tiigi
2f8ab30774 executor: rebase the path of submount error
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-07-22 12:34:31 -07:00
Tonis Tiigi
a7720ed2b1 executor: ensure deeper stacktraces for system errors
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-07-22 12:34:31 -07:00
Akihiro Suda
1f3eab8c59 Merge pull request #5107 from tonistiigi/json-decoder-fix
fix incorrect usage of json.NewDecoder
2024-07-02 12:42:50 +09:00
Tonis Tiigi
f8bc2e06da fix incorrect usage of json.NewDecoder
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-07-01 16:41:14 -07:00
Tonis Tiigi
7089987af1 executor: fix cancellation before start signal
If context is canceled before the process is ready
then kill goroutine returns early because there is nothing
to kill. But the process may still start after this and
that case remain running without cancellation. Fix is to skip
cancellation only if the run goroutine is ended, as then the
process will not be started.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-07-01 15:45:57 -07:00
Alano Terblanche
c3925da302 Refactor containerd NewWorkerOpt & containerdexecutor New parameters
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-06-25 10:24:47 +02:00
Tonis Tiigi
4103099d94 ensure context.WithoutCancel in defer funcs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-06-12 19:18:32 -07:00