Kir Kolyshkin
Kir Kolyshkin
1. For some reason we were not running localrootlessintegration test on CentOS Stream 9. Fix this. 2. We can run localrootlessintegration with systemd driver on CS9. Amends: #3427
This makes libseccomp produce a BPF which uses a binary tree for syscalls (instead of linear set of if statements). This should speed up doing syscalls from containers that were...
Happened once in Cirrus CI (https://cirrus-ci.com/task/5418288451682304?logs=unit_tests#L549) while running CI for https://github.com/opencontainers/runc/pull/3512 ``` === RUN TestFreezeBeforeSet === RUN TestFreezeBeforeSet/slice,skip-devices freeze_test.go:171: failed to write "0\n": write /sys/fs/cgroup/cpuset/system.slice/system-runc_test_freeze_1.slice/cpuset.mems: no such device === RUN...
~~_Based on and currently includes #3375. Draft until that one is merged._~~ This - moves logging setup out of `func init()` and into `StartInitialization()` (where it should belong); - moves...
Don't get me wrong, I love regular expressions. But the regexp package is somewhat big and slow, and we can do just fine without. Remove two last uses of regexp...
This is a followup to #3510, doing some refactoring of the code introduced by #2576. This does the following: 1. Simplify `mount` call by removing the procfd argument, and use...
1. Bump shfmt to v3.5.1. Release notes: https://github.com/mvdan/sh/releases 2. Since shfmt v3.5.0, specifying `-l bash` (or `-l bats`) is no longer necessary. Therefore, we can use shfmt to find all...
Apparently, https://pkg.go.dev/gvisor.dev/gvisor/pkg/seccomp can potentially be used (instead of libseccomp / libseccomp-golang) to implement seccomp in runc. Need to look into it.
With cgroup v1, when we set the memory limit to below the current usage (`runc update` on a running container), the kernel returns EBUSY and runc fails with a nice...
As pointed out by @mrunalp in https://github.com/opencontainers/runc/pull/3433#issuecomment-1079806993, libcontainer packages should not do any logging, since this is a library used by other users. Unfortunately, libcontainer is also a part of...