[release/1.6 backport] Add WithReadonlyTempMount to create readonly temporary mounts
#8299
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is necessary so we can mount snapshots more than once with overlayfs, otherwise mounts enter an unknown state. related: moby/buildkit#1100 Signed-off-by: Laura Brehm <laurabrehm@hey.com> Co-authored-by: Zou Nengren <zouyee1989@gmail.com> (cherry picked from commit daa3a76)
|
Hi @laurazard. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cc @thaJeztah |
|
Usually we do not backport new features |
|
It is a new feature in that it adds the new exported |
AkihiroSuda
approved these changes
Mar 22, 2023
|
/ok-to-test |
|
Yeah, most of the code looks like a bug fix for #6077. The feature part is exporting the internals of that. Given that 2.0 is still quite some time out, having the exported function already in the (LTS) release could help transitioning (and preventing more code-bases beyond just BuildKit to implement the same code). |
thaJeztah
approved these changes
Mar 22, 2023
|
/retest |
|
/test pull-containerd-node-e2e |
1 similar comment
|
/test pull-containerd-node-e2e |
|
Failure looks unrelated but is consistently failing, maybe something with the runner? |
|
/retest |
1 similar comment
|
/retest |
|
@laurazard: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
dmcgowan
approved these changes
Mar 22, 2023
Mengkzhaoyun
pushed a commit
to open-beagle/containerd
that referenced
this pull request
Apr 10, 2023
containerd 1.6.20 Welcome to the v1.6.20 release of containerd! The twentieth patch release for containerd 1.6 contains various fixes and updates. * **Disable looking up usernames and groupnames on host** ([#8230](containerd/containerd#8230)) * **Add support for Windows ArgsEscaped images** ([#8273](containerd/containerd#8273)) * **Update hcsshim to v0.9.8** ([#8274](containerd/containerd#8274)) * **Fix debug flag in shim** ([#8288](containerd/containerd#8288)) * **Add `WithReadonlyTempMount` to support readonly temporary mounts** ([#8299](containerd/containerd#8299)) * **Update ttrpc to fix file descriptor leak** ([#8308](containerd/containerd#8308)) * **Update runc binary to v1.1.5** ([#8324](containerd/containerd#8324)) * **Update image config to support ArgsEscaped** ([#8306](containerd/containerd#8306)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Sebastiaan van Stijn * Derek McGowan * Maksym Pavlenko * Akihiro Suda * Phil Estes * Eng Zer Jun * Justin Terry * Kazuyoshi Kato * Wei Fu * Abirdcfly * Gabriel Adrian Samfira * Henry Wang * Kang.Zhang * Kirtana Ashok * Laura Brehm * Luca Comellini * Paul "TBBle" Hampson * liyuxuan.darfux * ningmingxiao * wanglei <details><summary>48 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.20 ([#8310](containerd/containerd#8310)) * [`a039a2b9c`](containerd/containerd@a039a2b) Prepare release notes for v1.6.20 * [release/1.6]Updates oci image config to support upstream ArgsEscaped ([#8306](containerd/containerd#8306)) * [`5dd94a7e6`](containerd/containerd@5dd94a7) Updates oci image config to support upstream ArgsEscaped * [release/1.6] update runc binary to v1.1.5 ([#8324](containerd/containerd#8324)) * [`59fa6b191`](containerd/containerd@59fa6b1) update runc binary to v1.1.5 * [`0c0aad93e`](containerd/containerd@0c0aad9) go.mod: github.com/opencontainers/runc v1.1.5 * [release/1.6] Update ttrpc to v1.1.1 ([#8308](containerd/containerd#8308)) * [`50a6be0b4`](containerd/containerd@50a6be0) Update ttrpc to v1.1.1 * [release/1.6 backport] Add `WithReadonlyTempMount` to create readonly temporary mounts ([#8299](containerd/containerd#8299)) * [`8cead6594`](containerd/containerd@8cead65) Add `WithReadonlyTempMount` to create readonly temporary mounts * [release/1.6] Adds support for Windows ArgsEscaped images ([#8273](containerd/containerd#8273)) * [`f0dc0297d`](containerd/containerd@f0dc029) Adds support for Windows ArgsEscaped images * [release/1.6]go.mod: Bump hcsshim tag to v0.9.8 ([#8274](containerd/containerd#8274)) * [`5981a24e2`](containerd/containerd@5981a24) Update hcsshim tag to v0.9.8 * [1.6] shim: fix debug flag not working ([#8288](containerd/containerd#8288)) * [`28f1e32e3`](containerd/containerd@28f1e32) shim: fix debug flag not working * [release/1.6] cherry-pick: Update go-restful to v3 ([#8271](containerd/containerd#8271)) * [`5a8ea75df`](containerd/containerd@5a8ea75) Update go-restful to v3 * [`59bdc1d5a`](containerd/containerd@59bdc1d) go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 * [release/1.6] Go 1.19.7 ([#8238](containerd/containerd#8238)) * [`86e0bd9e3`](containerd/containerd@86e0bd9) Go 1.19.7 * [release/1.6 backport] archive: disable looking up usernames and groupnames on the host ([#8230](containerd/containerd#8230)) * [`063ad2f19`](containerd/containerd@063ad2f) archive: disable looking up usernames and groupnames on the host * [release/1.6 backport] assorted linting, and golang update-related changes ([#8229](containerd/containerd#8229)) * [`9cbea6fe7`](containerd/containerd@9cbea6f) Enable dupword linter * [`c73f1abff`](containerd/containerd@c73f1ab) Bump golangci-lint to v1.50.1 * [`f198f7724`](containerd/containerd@f198f77) update golangci-lint to v1.49.0 * [`e6179af1e`](containerd/containerd@e6179af) remove unneeded nolint-comments (nolintlint), disable deprecated linters * [`77160e6b5`](containerd/containerd@77160e6) [release/1.6] adjust some nolint comments * [`95655f4ce`](containerd/containerd@95655f4) clean-up "nolint" comments, remove unused ones * [`9f0617ecc`](containerd/containerd@9f0617e) pkg/cri/(server|sbserver): criService.getTLSConfig() add TODO to verify nolint * [`e66397d83`](containerd/containerd@e66397d) golangci-lint: sort linters in config file * [`682a567e9`](containerd/containerd@682a567) linting: address gosec G112/G114 * [`627f563e6`](containerd/containerd@627f563) chore: remove duplicate word in comments * [`efb88a8bb`](containerd/containerd@efb88a8) pkg/cri/streaming: increase ReadHeaderTimeout * [`45f055df6`](containerd/containerd@45f055d) Update protobuf definitions * [`584707524`](containerd/containerd@5847075) Run gofmt 1.19 * [`f33e38572`](containerd/containerd@f33e385) Switch to Go 1.19 * [`fc10cd23a`](containerd/containerd@fc10cd2) remove duplicate * [`7cbb9e746`](containerd/containerd@7cbb9e7) Update linters to use t.Setenv * [`4347a3265`](containerd/containerd@4347a32) Use t.Setenv instead of os.Setenv * [`10357eab5`](containerd/containerd@10357ea) Address some timeout issues in the Windows CI * [`977ce8ef5`](containerd/containerd@977ce8e) Enable gosec linter for golangci-lint * [`c23945c5f`](containerd/containerd@c23945c) test: remove redundant `mountPoint` * [`588ed91d3`](containerd/containerd@588ed91) test: use `T.TempDir` to create temporary test directory * [`c2ed63c86`](containerd/containerd@c2ed63c) Remove hardcoded /tmp in tempfile paths * [`7e382c516`](containerd/containerd@7e382c5) fix Implicit memory aliasing in for loop </p> </details> <details><summary>2 commits</summary> <p> * [release/1.1] server: Fix connection leak when receiving ECONNRESET ([#136](containerd/ttrpc#136)) * [`8977f59`](containerd/ttrpc@8977f59) server: Fix connection leak when receiving ECONNRESET </p> </details> * **github.com/Microsoft/hcsshim** v0.9.7 -> v0.9.8 * **github.com/containerd/ttrpc** v1.1.0 -> v1.1.1 * **github.com/emicklei/go-restful/v3** v3.7.3 **_new_** * **github.com/opencontainers/image-spec** c5a74bcca799 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.2 -> v1.1.5 Previous release can be found at [v1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #8259
Backporting since we'd like to use this in:
docker diffmoby/moby#44964potential concerns
the changes do functionally change the code in
diff/walking/differ.go-Compare()to make the temp mount readonly. I don't think that should introduce any issues (and addresses #6077) but I thought it worth mentioning.