dilim/buildkit
1
0
Fork 0
mirror of https://github.com/moby/buildkit.git synced 2026-06-30 19:57:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,280 Commits 29 Branches 318 Tags
e3c9e064a930f5c8572c94ae8c782de01f206bbe
Commit Graph

69 Commits

Author SHA1 Message Date
Alex Suraci
e3c9e064a9 cniprovider: pass hostname as K8S_POD_NAME arg 
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
 2022-08-21 15:43:12 -04:00
Edgar Lee
d21254e7f7 Add events for exec op 
Signed-off-by: Edgar Lee <edgarl@netflix.com>
 2022-03-02 12:05:35 -08:00
Cory Bennett
559d079902 Allow signals to be sent to gateway exec containers 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2022-02-02 16:57:10 +00:00
CrazyMax
c82ef274bf cgroup-parent support 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
 2021-10-27 23:50:20 +02:00
Aaron Lehmann
890c3f77b6 Allow ExitError type to be transmitted over GRPC 
This will allow clients to retrieve exit error codes returned during a
solve without parsing the error messages.

Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
 2021-07-28 15:01:05 -07:00
Morlay
18b49fd7dc refactor to use util/bklog instead of using logurs directly 
Signed-off-by: Morlay <morlay.null@gmail.com>
 2021-07-13 11:42:31 +08:00
Tonis Tiigi
d512920c24 support collecting traces from llb.Exec 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2021-06-20 21:57:35 -07:00
Brian Goff
d9834f872c Add support for apparmor/selinux 
Set's an apparmor profile on the OCI spec if one is configred on the
worker.
Adds selinux labels to containers (only added if selinux is enabled on
the system).

This assumes that the specified apparmor profile is already loaded on
the system and does not try to load it or even check if it is loaded.

SELinux support requires the `selinux` build tag to be added.
Likewise, `runc` would require both the `apparmor` and `selinux` build
tags.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>

Vendored go-selinux to v1.8.0
Fixed tests

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 68bb095353)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-02-04 22:01:34 +01:00
Cory Bennett
9d3f55c400 move ExitError from solver/errdefs to frontend/gateway/errdefs 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-12-07 01:09:59 +00:00
Sebastiaan van Stijn
67bcfe699a copy containerd.UnknownExitStatus to local const 
Copy this const to a local constant to prevent importing the containerd
client in the front-end.

For consistency, I also updated the executor code to use the same const,
although not strictly needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-11-18 00:11:09 +01:00
Tonis Tiigi
bdcee17437 executor: change mount to struct 
Allows readonly passed cleanly.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-11-02 22:20:51 -08:00
Tonis Tiigi
e3b05289d8 add session injection to remote loading 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-11-02 22:20:44 -08:00
Akihiro Suda
dda009a58c Merge pull request #1739 from tonistiigi/empty-layer 
clear file mount stubs and fix empty layer cases
 2020-10-21 00:42:45 +09:00
Cory Bennett
b464f1e315 update go-runc to use runc.ExitError for container exec status 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-10-20 06:44:29 +00:00
Edgar Lee
5eaecb905c Merge pull request #1731 from coryb/issue-1714 
add tty support for runc executor
 2020-10-19 14:52:31 -07:00
Tonis Tiigi
17b4ca1edf executor: remove stub files from rootfs 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-10-18 23:39:17 -07:00
Cory Bennett
e308ef7874 add tty support for runc executor 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-10-16 17:36:56 +00:00
Lu Jingxiao
5e7ae230b2 Add hostname specifying for building 
Fix: #1301

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
 2020-10-14 14:45:36 +08:00
Cory Bennett
355e937e15 update gateway to add ability to run and exec into containers 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-08-31 21:13:59 +00:00
Cory Bennett
93344a9d24 remove *pixel from winsize struct, tweak ExitError handling for ctx.Err 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-31 20:22:12 +00:00
Cory Bennett
4b456f17f4 wrap errors from executor Run/Exec to allow access to exit code 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-31 19:14:30 +00:00
Sebastiaan van Stijn
f26452a847 executor/oci.GetUser(): remove unused context 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-07-30 11:31:03 +02:00
Tonis Tiigi
57a88b0afb lint: add misspell and unused 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-07-18 08:13:57 -07:00
Cory Bennett
5909d1642e simplify done channel handling, fix other pr comments. 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-11 01:14:37 +00:00
Cory Bennett
5e91dff4ed fix error handling for exec when container fails to start 
update run/exec tests for stdin and expected failures
move common tests for runc and container to shared tests package

Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-10 22:06:42 +00:00
Cory Bennett
6d58121c11 Update Executor interface for Run and Exec 
Signed-off-by: Cory Bennett <cbennett@netflix.com>
 2020-07-09 23:40:36 +00:00
Tonis Tiigi
90288ab716 errdefs: update to new packages 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-04-24 11:25:44 -07:00
Tonis Tiigi
0ef435687b runcexecutor: update go-runc call after contract change 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-09-11 10:57:51 -07:00
Akihiro Suda
5559a45319 Merge pull request #1139 from tonistiigi/oomscoreadj 
runcexecutor: avoid setting oomscoreadj from main process
 2019-08-19 15:17:59 +09:00
Tonis Tiigi
a0dead0809 fix possible double release on mountable 
Refactor the interface to avoid such issues in the future.

BuildKit own mounts are stateless and not affected but
a different mountable implementation could get confused.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-08-16 08:03:16 -07:00
Tonis Tiigi
25ebc26d21 runcexecutor: avoid setting oomscoreadj from main process 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-08-15 23:16:02 -07:00
Tonis Tiigi
2cd19dbc34 executor: ignore workdir if already exists 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-07-26 16:28:43 -07:00
Tibor Vass
8e692507ee executor: allow setting DNSConfig to be used by resolvconf 
This patch allows downstream code to pass a DNSConfig that is
then used by executor/oci.GetResolvConf.

This would allow the BuildKit-based builder in Docker to honor
the docker daemon's DNS configuration, thus fixing a feature gap
with the legacy builder.

Signed-off-by: Tibor Vass <tibor@docker.com>
 2019-06-17 20:43:33 +00:00
Tonis Tiigi
7b41906d89 executor: create hosts and resolv.conf with userns root 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-06-10 16:35:03 -07:00
Tonis Tiigi
e7ad765fcd executor: create directories as 711 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-06-10 16:34:09 -07:00
Tonis Tiigi
858b4c7076 executor: make sure cwd created with correct user 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-05-11 22:11:26 -07:00
Akihiro Suda
eba3ffc268 runexecutor: support NoPivot 
This flag allows DOCKER_BUILDKIT to be running on minikube host: https://github.com/kubernetes/minikube/issues/4143

moby/builder/build-next needs to be updated to set NoPivot when
$DOCKER_RAMDISK is set.

This flag is deprecated from its birth and not exposed to the standalone buildkitd OCI worker.
See https://github.com/kubernetes/minikube/issues/3512

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-05-07 23:22:55 +09:00
Tonis Tiigi
9f53ea3d78 userns support for sources and executor 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-04-02 18:26:04 -07:00
Kunal Kushwaha
a2bbb5ff39 security entitlement support 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 2019-03-27 13:57:03 +09:00
Akihiro Suda
c54f4a986d support --oci-worker-no-process-sandbox 
Note that this mode allows build executor containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
This mode should be enabled only when the BuildKit is running in a container as an unprivileged user.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2019-01-08 10:42:52 +09:00
Tonis Tiigi
76692bbe5f executor: clean up static config files 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-10-03 13:59:33 -07:00
Tonis Tiigi
f99352fee1 solver: make sure to return proper canceled errors 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-26 17:38:16 -07:00
Tonis Tiigi
bb3dc1b918 runc: fix process leak on cancellation 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-20 11:06:40 -07:00
Tonis Tiigi
4e810968f4 runcexecutor: revert forwardio 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-09-11 22:40:48 -07:00
Anda Xu
b0677e7ef1 allow customized cgroup-parent for runcexecutor 
Signed-off-by: Anda Xu <anda.xu@docker.com>
 2018-09-05 12:53:57 -07:00
Tibor Vass
2f0c048493 network: move handling of NetMode_UNSET to Default() 
This allows other workers to implement their own behavior for NetMode_UNSET

Signed-off-by: Tibor Vass <tibor@docker.com>
 2018-08-23 00:06:06 +00:00
Michael Crosby
b97bc71adb Refactor networking with ns paths 
This fixes the issues where buildkit and callers do not have to be a
subpreaper in order to use networking.  I can add CNI provider later,
with a hidden sub command to create a new network namespace and bind
mount it to buildkit's state dir.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-08-21 13:37:47 -04:00
Tonis Tiigi
130f5f5ab0 solver: net host with basic entitlements support 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-09 14:03:35 -07:00
Tonis Tiigi
f8dd602282 runc: improve canceling 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-07 11:51:56 -07:00
Kunal Kushwaha
765f1b64b9 executor: allow network providers 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2018-08-07 11:51:56 -07:00