The moby/profiles/seccomp module was extracted from the Moby repository
at commit [e1281f09fceec4aab518267c319a7bd4c79cf3c5][1].
[1]: e1281f09fc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Rewrite the resolvconf code to use libnetwork's internal packege, which
allows us to skip some of the moby-specific handling (writing to a file,
creating a hash of the file to detect changes made by the user (not
supported by BuildKit, which always mounts read-only).
This rewrite also allows us to skip GetNameservers, GetSearchDomains, GetOptions,
and FilterResolvDNS, which repeatedly would parse the resolvconf file for
each of them.
The new code parses the original resolvconf once, after which mutations
(overrides) are done in memory, after which we generate the resolv.conf to
write to disk.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a fork of github.com/docker/docker/daemon/libnetwork/internal/resolvconf,
taken at commit [254f64ded64027db0d2d1531a8ef9015de68e2f2]. I did not
preserve git history for this one (just a copy), but history can be found
in the Moby repository if needed.
[254f64ded64027db0d2d1531a8ef9015de68e2f2]: 254f64ded6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Convert usages of `github.com/docker/docker/pkg/idtools` to
`github.com/moby/sys/user` in order to break the dependency between
buildkit and docker.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Currently, mounts are not supported for WCOW builds,
see #5678. This commit introduces support for
bind and cache mounts. The remaining two require
a little more work and consultation with the platform
teams for enlightment.
WIP Checklist:
- [x] Support for bind mounts
- [x] Support for cache mounts
- [x] add frontend/dockerfile integration tests
- [x] add client integration tests (not all, `llb.AddMount` not
complete)
Fixes#5603
Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
In this case the current stack trace points to the line
where the context was created. Instead the stack should be
captured when the defer is running so the return path to
the defer call is also part of the stack.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
These were added in 0b5a315c22, because the
continuity/fs package did not provide a Windows implementation. They
were upstreamed in [continuity@3cbda8c], which is part of continuity v0.4.4,
so we can remove the implementation here.
[continuity@3cbda8c]: 3cbda8c24b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If container exits with error and has invoked OOMKiller
mark the origin error as ENOMEM so that it can be detected
on the client side.
gRPC will set ENOMEM as codes.ResouceExhausted based on #5182
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Commit 4b85f11164 migrated the use of the
userns package to the github.com/moby/sys/user module.
After further discussion with maintainers, it was decided to move the
userns package to a separate module, as it has no direct relation with
"user" operations (other than having "user" in its name).
This patch migrates our code to use the new module.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The userns package in libcontainer was integrated into the moby/sys/user
module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1].
The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.
[1]: 3778ae603c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If context is canceled before the process is ready
then kill goroutine returns early because there is nothing
to kill. But the process may still start after this and
that case remain running without cancellation. Fix is to skip
cancellation only if the run goroutine is ended, as then the
process will not be started.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>