Commit Graph

237 Commits

Author SHA1 Message Date
Jonathan A. Sternberg
66016a8c63 vendor: switch from idtools to moby/sys/user
Convert usages of `github.com/docker/docker/pkg/idtools` to
`github.com/moby/sys/user` in order to break the dependency between
buildkit and docker.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2025-04-02 10:22:02 -05:00
Tonis Tiigi
b5286f8dcb apply x/tools/modernize fixes
Autogenerated with couple of manual patches.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-03-07 08:18:45 -08:00
Anthony Nandaa
877d8a771e feat: wcow: add support for bind and cache mounts
Currently, mounts are not supported for WCOW builds,
see #5678. This commit introduces support for
bind and cache mounts. The remaining two require
a little more work and consultation with the platform
teams for enlightment.

WIP Checklist:

- [x] Support for bind mounts
- [x] Support for cache mounts
- [x] add frontend/dockerfile integration tests
- [x] add client integration tests (not all, `llb.AddMount` not
  complete)

Fixes #5603

Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
2025-02-20 21:19:03 +03:00
CrazyMax
3c072dcffc cdi: support custom and wildcard class for injection
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-02-11 16:38:23 +01:00
Tonis Tiigi
f61e01c14c llbsolver: on-demand CDI devices with automatic setup
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-02-11 11:21:48 +01:00
CrazyMax
6667434ec4 cdi: support optional devices
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-02-11 11:21:47 +01:00
CrazyMax
d69cc70521 cdi: use worker cdi manager when generating devices oci spec
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-02-11 11:21:47 +01:00
Tonis Tiigi
3adcf53d1a enable CDI by default for buildkitd
Access should be managed by entitlements checks

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-02-11 11:21:46 +01:00
CrazyMax
319bf56d8d exec: cdi device support
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-02-11 11:21:44 +01:00
Marat Radchenko
5be7edb69c Upgrade to containerd 2
Co-authored-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
2025-01-13 16:42:48 -08:00
Marat Radchenko
0a5a80cfec Remove pre-Go 1.17 build tags
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
2024-11-21 10:58:27 +03:00
Tonis Tiigi
e05a89e0b8 improve stacks of cancels from defers
In this case the current stack trace points to the line
where the context was created. Instead the stack should be
captured when the defer is running so the return path to
the defer call is also part of the stack.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-11-19 18:40:00 -08:00
Sebastiaan van Stijn
c8f9cd7068 util/system: remove Atime implementation for containerd/continuity/fs
These were added in 0b5a315c22, because the
continuity/fs package did not provide a Windows implementation. They
were upstreamed in [continuity@3cbda8c], which is part of continuity v0.4.4,
so we can remove the implementation here.

[continuity@3cbda8c]: 3cbda8c24b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-11-19 22:36:35 +01:00
MohammadHasan Akbari
41124702e0 fix: lint ci issue
Signed-off-by: MohammadHasan Akbari <jarqvi.jarqvi@gmail.com>
2024-10-02 09:12:27 +00:00
MohammadHasan Akbari
b4fd6b4f76 chore: return an error when AppArmor is unsupported and profile specifie
Signed-off-by: MohammadHasan Akbari <jarqvi.jarqvi@gmail.com>
2024-10-01 06:19:40 +00:00
Tõnis Tiigi
e15601a00f Merge pull request #5339 from jedevc/exec-exit-codes
exec: allow specifying non-zero exit codes for execs
2024-09-17 10:21:13 -07:00
Justin Chadwell
7e6c20a0db exec: allow specifying non-zero exit codes for execs
Signed-off-by: Justin Chadwell <me@jedevc.com>
2024-09-17 11:36:07 +01:00
Tõnis Tiigi
734a6cc656 Merge pull request #5276 from slonopotamus/darwin
Add stub implementations to make buildkitd buildable for Darwin
2024-09-16 14:25:57 -07:00
Marat Radchenko
64f4631d8b Add stub implementations to make buildkitd build for Darwin
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
2024-09-16 12:18:36 +03:00
CrazyMax
d09677c568 Merge pull request #5207 from Ka0o0/fix-resolvd-host-network
fix: check network mode when choosing resolv.conf
2024-09-02 09:16:59 +02:00
Tõnis Tiigi
11a4a07060 Merge pull request #5260 from tonistiigi/executor-oomkiller
executor: detect containers killed by OOMKiller
2024-08-23 12:54:46 +03:00
Tonis Tiigi
bc9e857d0f executor: detect containers killed by OOMKiller
If container exits with error and has invoked OOMKiller
mark the origin error as ENOMEM so that it can be detected
on the client side.

gRPC will set ENOMEM as codes.ResouceExhausted based on #5182

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-08-16 11:56:58 +03:00
Tonis Tiigi
df0d9d791d ci: update golangci-lint to v1.60.1
Previous version runs out of memory on go1.23

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-08-14 16:29:22 +03:00
Kai Takac
fa157f452d In host networking mode, unconditionally use "/etc/resolv.conf"
Signed-off-by: Kai Takac <kai.takac@gmail.com>
2024-08-12 09:01:37 +02:00
thompson-shaun
b9992472a4 Merge pull request #5179 from tonistiigi/executor-err-upt
executor error improvements
2024-08-09 11:27:35 -04:00
Sebastiaan van Stijn
b4a189390e migrate to github.com/moby/sys/userns
Commit 4b85f11164 migrated the use of the
userns package to the github.com/moby/sys/user module.

After further discussion with maintainers, it was decided to move the
userns package to a separate module, as it has no direct relation with
"user" operations (other than having "user" in its name).

This patch migrates our code to use the new module.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-08 12:36:57 +02:00
Sebastiaan van Stijn
86b550e427 migrate to github.com/moby/sys/user/userns
The userns package in libcontainer was integrated into the moby/sys/user
module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1].

The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.

[1]: 3778ae603c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-25 14:11:04 +02:00
Tonis Tiigi
2f8ab30774 executor: rebase the path of submount error
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-07-22 12:34:31 -07:00
Tonis Tiigi
a7720ed2b1 executor: ensure deeper stacktraces for system errors
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-07-22 12:34:31 -07:00
Akihiro Suda
1f3eab8c59 Merge pull request #5107 from tonistiigi/json-decoder-fix
fix incorrect usage of json.NewDecoder
2024-07-02 12:42:50 +09:00
Tonis Tiigi
f8bc2e06da fix incorrect usage of json.NewDecoder
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-07-01 16:41:14 -07:00
Tonis Tiigi
7089987af1 executor: fix cancellation before start signal
If context is canceled before the process is ready
then kill goroutine returns early because there is nothing
to kill. But the process may still start after this and
that case remain running without cancellation. Fix is to skip
cancellation only if the run goroutine is ended, as then the
process will not be started.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-07-01 15:45:57 -07:00
Alano Terblanche
c3925da302 Refactor containerd NewWorkerOpt & containerdexecutor New parameters
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-06-25 10:24:47 +02:00
Tonis Tiigi
4103099d94 ensure context.WithoutCancel in defer funcs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-06-12 19:18:32 -07:00
Tonis Tiigi
fc936ae3d7 lint: more testifylint fixes
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-06-10 21:16:51 -07:00
Tonis Tiigi
03c7a6d769 lint: fix some testifylint warnings
This does not cover all warning yet but split
into chunks to ease review.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-05-30 11:32:55 -07:00
Tonis Tiigi
265d18f2e6 lint: enable gocritic
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-05-15 16:44:38 -07:00
racequite
f24c5756d6 chore: fix function names in comment
Signed-off-by: racequite <quiterace@gmail.com>
2024-04-19 12:23:28 +08:00
Akihiro Suda
5a19fb4759 Merge pull request #4829 from tonistiigi/gopls-linters
add extra linters from gopls
2024-04-12 06:25:34 +09:00
Tonis Tiigi
8665364c6c lint: unusedparams fixes for freebsd
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-04-09 07:23:16 -07:00
Tonis Tiigi
a07a92e157 lint: unusedparams fixes for windows
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-04-09 07:23:16 -07:00
Tonis Tiigi
1f9988911f lint: unusedparams fixes
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-04-09 07:23:16 -07:00
Sebastiaan van Stijn
137269cb78 vendor: github.com/docker/docker v26.0.0
full diff: https://github.com/docker/docker/compare/v26.0.0-rc1...v26.0.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 13:13:44 +02:00
Tonis Tiigi
1510288571 oci: fix missing release call
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-04-01 16:16:17 -07:00
Tonis Tiigi
2c9d934e5d executor: fix overlay layer limit for non-rootfs mounts
Historic layer limit for Docker images is 127. Because in
overlayfs mounting 127 layers usually reaches the page size
limit of mount options in Linux kernel, there is special code
to work around the limitation.

This custom code was used for rootfs of container because
runc takes rootfs as a directory path, meaning buildkit needs
to mount it and then pass the path. For non-rootfs mounts
runc takes them as direct mount configuration and performs
the mount itself. As runc does not have this special way to
mount long overlayfs mounts it will perform the mount with clipped
options what will fail in some way in kernel depending on the
precise cutoff point.

Workaround is to detect when the mount passed to runc is too
long for runc to mount it itself and it that case let
BuildKit mount it and in runc perform bind of the BuildKit mount.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-03-31 17:34:04 -07:00
Tonis Tiigi
33b347a8fb oci: make mounting oci socket optional
The source path changed in v0.13 and there are reports
that new path can cause error on starting a container. While
this is investigated, check for missing path and make
mounting optional like it was in v0.12.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-03-18 11:12:52 -07:00
CrazyMax
c50447e340 move network sample to resources types
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-02-29 09:15:20 +01:00
CrazyMax
94e2370023 provenance: move types to a dedicated package
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-02-25 20:39:50 +01:00
CrazyMax
b5506327cf keep local dns in resolv.conf when host network enabled
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-02-09 09:27:39 +01:00
Akihiro Suda
3436b4d075 Merge pull request #4604 from tonistiigi/0131-fix-subpaths-mount
exec: add extra validation for submount sources
2024-02-01 06:57:02 +09:00