vendor: containerd c80284d4b5291a351bb471bcdabb5c1d95e7a583

full diff: 4d242818bf...c80284d4b5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-06-15 12:07:43 +02:00
parent 0d57a400b3
commit 458c2336c9
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
16 changed files with 302 additions and 324 deletions

View File

@ -3,7 +3,7 @@ github.com/agl/ed25519 5312a61534124124185d41f09206
github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109 github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
github.com/beorn7/perks 37c8de3658fcb183f997c4e13e8337516ab753e6 # v1.0.1 github.com/beorn7/perks 37c8de3658fcb183f997c4e13e8337516ab753e6 # v1.0.1
github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 # v1.0.0 github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 # v1.0.0
github.com/containerd/containerd 4d242818bf55542e5d7876ca276fea83029e803c github.com/containerd/containerd c80284d4b5291a351bb471bcdabb5c1d95e7a583 # master / v1.4.0-dev
github.com/containerd/continuity 26c1120b8d4107d2471b93ad78ef7ce1fc84c4c4 github.com/containerd/continuity 26c1120b8d4107d2471b93ad78ef7ce1fc84c4c4
github.com/containerd/cgroups 44306b6a1d46985d916b48b4199f93a378af314f github.com/containerd/cgroups 44306b6a1d46985d916b48b4199f93a378af314f
github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12 github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12

View File

@ -1,9 +1,9 @@
![containerd banner](https://raw.githubusercontent.com/cncf/artwork/master/projects/containerd/horizontal/color/containerd-horizontal-color.png) ![containerd banner](https://raw.githubusercontent.com/cncf/artwork/master/projects/containerd/horizontal/color/containerd-horizontal-color.png)
[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd) [![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd)
[![Build Status](https://travis-ci.org/containerd/containerd.svg?branch=master)](https://travis-ci.org/containerd/containerd) [![Build Status](https://github.com/containerd/containerd/workflows/CI/badge.svg)](https://github.com/containerd/containerd/actions?query=workflow%3ACI)
[![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master) [![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)
![](https://github.com/containerd/containerd/workflows/Nightly/badge.svg) [![Nightlies](https://github.com/containerd/containerd/workflows/Nightly/badge.svg)](https://github.com/containerd/containerd/actions?query=workflow%3ANightly)
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield) [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield)
[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd) [![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271)

View File

@ -92,7 +92,11 @@ func NewLabeledStore(root string, ls LabelStore) (content.Store, error) {
} }
func (s *store) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) { func (s *store) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
p := s.blobPath(dgst) p, err := s.blobPath(dgst)
if err != nil {
return content.Info{}, errors.Wrapf(err, "calculating blob info path")
}
fi, err := os.Stat(p) fi, err := os.Stat(p)
if err != nil { if err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
@ -123,7 +127,10 @@ func (s *store) info(dgst digest.Digest, fi os.FileInfo, labels map[string]strin
// ReaderAt returns an io.ReaderAt for the blob. // ReaderAt returns an io.ReaderAt for the blob.
func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) { func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
p := s.blobPath(desc.Digest) p, err := s.blobPath(desc.Digest)
if err != nil {
return nil, errors.Wrapf(err, "calculating blob path for ReaderAt")
}
fi, err := os.Stat(p) fi, err := os.Stat(p)
if err != nil { if err != nil {
if !os.IsNotExist(err) { if !os.IsNotExist(err) {
@ -150,7 +157,12 @@ func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.
// While this is safe to do concurrently, safe exist-removal logic must hold // While this is safe to do concurrently, safe exist-removal logic must hold
// some global lock on the store. // some global lock on the store.
func (s *store) Delete(ctx context.Context, dgst digest.Digest) error { func (s *store) Delete(ctx context.Context, dgst digest.Digest) error {
if err := os.RemoveAll(s.blobPath(dgst)); err != nil { bp, err := s.blobPath(dgst)
if err != nil {
return errors.Wrapf(err, "calculating blob path for delete")
}
if err := os.RemoveAll(bp); err != nil {
if !os.IsNotExist(err) { if !os.IsNotExist(err) {
return err return err
} }
@ -166,7 +178,11 @@ func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...str
return content.Info{}, errors.Wrapf(errdefs.ErrFailedPrecondition, "update not supported on immutable content store") return content.Info{}, errors.Wrapf(errdefs.ErrFailedPrecondition, "update not supported on immutable content store")
} }
p := s.blobPath(info.Digest) p, err := s.blobPath(info.Digest)
if err != nil {
return content.Info{}, errors.Wrapf(err, "calculating blob path for update")
}
fi, err := os.Stat(p) fi, err := os.Stat(p)
if err != nil { if err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
@ -512,7 +528,10 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di
// TODO(stevvooe): Need to actually store expected here. We have // TODO(stevvooe): Need to actually store expected here. We have
// code in the service that shouldn't be dealing with this. // code in the service that shouldn't be dealing with this.
if expected != "" { if expected != "" {
p := s.blobPath(expected) p, err := s.blobPath(expected)
if err != nil {
return nil, errors.Wrap(err, "calculating expected blob path for writer")
}
if _, err := os.Stat(p); err == nil { if _, err := os.Stat(p); err == nil {
return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", expected) return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", expected)
} }
@ -607,11 +626,17 @@ func (s *store) Abort(ctx context.Context, ref string) error {
return nil return nil
} }
func (s *store) blobPath(dgst digest.Digest) string { func (s *store) blobPath(dgst digest.Digest) (string, error) {
return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Hex()) if err := dgst.Validate(); err != nil {
return "", errors.Wrapf(errdefs.ErrInvalidArgument, "cannot calculate blob path from invalid digest: %v", err)
}
return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Hex()), nil
} }
func (s *store) ingestRoot(ref string) string { func (s *store) ingestRoot(ref string) string {
// we take a digest of the ref to keep the ingest paths constant length.
// Note that this is not the current or potential digest of incoming content.
dgst := digest.FromString(ref) dgst := digest.FromString(ref)
return filepath.Join(s.root, "ingest", dgst.Hex()) return filepath.Join(s.root, "ingest", dgst.Hex())
} }

View File

@ -116,7 +116,7 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
var ( var (
ingest = filepath.Join(w.path, "data") ingest = filepath.Join(w.path, "data")
target = w.s.blobPath(dgst) target, _ = w.s.blobPath(dgst) // ignore error because we calculated this dgst
) )
// make sure parent directories of blob exist // make sure parent directories of blob exist

View File

@ -51,43 +51,43 @@ var (
// IsInvalidArgument returns true if the error is due to an invalid argument // IsInvalidArgument returns true if the error is due to an invalid argument
func IsInvalidArgument(err error) bool { func IsInvalidArgument(err error) bool {
return errors.Cause(err) == ErrInvalidArgument return errors.Is(err, ErrInvalidArgument)
} }
// IsNotFound returns true if the error is due to a missing object // IsNotFound returns true if the error is due to a missing object
func IsNotFound(err error) bool { func IsNotFound(err error) bool {
return errors.Cause(err) == ErrNotFound return errors.Is(err, ErrNotFound)
} }
// IsAlreadyExists returns true if the error is due to an already existing // IsAlreadyExists returns true if the error is due to an already existing
// metadata item // metadata item
func IsAlreadyExists(err error) bool { func IsAlreadyExists(err error) bool {
return errors.Cause(err) == ErrAlreadyExists return errors.Is(err, ErrAlreadyExists)
} }
// IsFailedPrecondition returns true if an operation could not proceed to the // IsFailedPrecondition returns true if an operation could not proceed to the
// lack of a particular condition // lack of a particular condition
func IsFailedPrecondition(err error) bool { func IsFailedPrecondition(err error) bool {
return errors.Cause(err) == ErrFailedPrecondition return errors.Is(err, ErrFailedPrecondition)
} }
// IsUnavailable returns true if the error is due to a resource being unavailable // IsUnavailable returns true if the error is due to a resource being unavailable
func IsUnavailable(err error) bool { func IsUnavailable(err error) bool {
return errors.Cause(err) == ErrUnavailable return errors.Is(err, ErrUnavailable)
} }
// IsNotImplemented returns true if the error is due to not being implemented // IsNotImplemented returns true if the error is due to not being implemented
func IsNotImplemented(err error) bool { func IsNotImplemented(err error) bool {
return errors.Cause(err) == ErrNotImplemented return errors.Is(err, ErrNotImplemented)
} }
// IsCanceled returns true if the error is due to `context.Canceled`. // IsCanceled returns true if the error is due to `context.Canceled`.
func IsCanceled(err error) bool { func IsCanceled(err error) bool {
return errors.Cause(err) == context.Canceled return errors.Is(err, context.Canceled)
} }
// IsDeadlineExceeded returns true if the error is due to // IsDeadlineExceeded returns true if the error is due to
// `context.DeadlineExceeded`. // `context.DeadlineExceeded`.
func IsDeadlineExceeded(err error) bool { func IsDeadlineExceeded(err error) bool {
return errors.Cause(err) == context.DeadlineExceeded return errors.Is(err, context.DeadlineExceeded)
} }

View File

@ -20,17 +20,14 @@ package sys
import "golang.org/x/sys/unix" import "golang.org/x/sys/unix"
// EpollCreate1 directly calls unix.EpollCreate1 // EpollCreate1 is an alias for unix.EpollCreate1
func EpollCreate1(flag int) (int, error) { // Deprecated: use golang.org/x/sys/unix.EpollCreate1
return unix.EpollCreate1(flag) var EpollCreate1 = unix.EpollCreate1
}
// EpollCtl directly calls unix.EpollCtl // EpollCtl is an alias for unix.EpollCtl
func EpollCtl(epfd int, op int, fd int, event *unix.EpollEvent) error { // Deprecated: use golang.org/x/sys/unix.EpollCtl
return unix.EpollCtl(epfd, op, fd, event) var EpollCtl = unix.EpollCtl
}
// EpollWait directly calls unix.EpollWait // EpollWait is an alias for unix.EpollWait
func EpollWait(epfd int, events []unix.EpollEvent, msec int) (int, error) { // Deprecated: use golang.org/x/sys/unix.EpollWait
return unix.EpollWait(epfd, events, msec) var EpollWait = unix.EpollWait
}

35
vendor/github.com/containerd/containerd/sys/filesys.go generated vendored Normal file
View File

@ -0,0 +1,35 @@
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sys
import "os"
// IsFifo checks if a file is a (named pipe) fifo
// if the file does not exist then it returns false
func IsFifo(path string) (bool, error) {
stat, err := os.Stat(path)
if err != nil {
if os.IsNotExist(err) {
return false, nil
}
return false, err
}
if stat.Mode()&os.ModeNamedPipe == os.ModeNamedPipe {
return true, nil
}
return false, nil
}

View File

@ -26,8 +26,8 @@ import (
"syscall" "syscall"
"unsafe" "unsafe"
winio "github.com/Microsoft/go-winio"
"github.com/Microsoft/hcsshim" "github.com/Microsoft/hcsshim"
"golang.org/x/sys/windows"
) )
const ( const (
@ -41,7 +41,8 @@ func MkdirAllWithACL(path string, perm os.FileMode) error {
return mkdirall(path, true) return mkdirall(path, true)
} }
// MkdirAll implementation that is volume path aware for Windows. // MkdirAll implementation that is volume path aware for Windows. It can be used
// as a drop-in replacement for os.MkdirAll()
func MkdirAll(path string, _ os.FileMode) error { func MkdirAll(path string, _ os.FileMode) error {
return mkdirall(path, false) return mkdirall(path, false)
} }
@ -111,26 +112,26 @@ func mkdirall(path string, adminAndLocalSystem bool) error {
// mkdirWithACL creates a new directory. If there is an error, it will be of // mkdirWithACL creates a new directory. If there is an error, it will be of
// type *PathError. . // type *PathError. .
// //
// This is a modified and combined version of os.Mkdir and syscall.Mkdir // This is a modified and combined version of os.Mkdir and windows.Mkdir
// in golang to cater for creating a directory am ACL permitting full // in golang to cater for creating a directory am ACL permitting full
// access, with inheritance, to any subfolder/file for Built-in Administrators // access, with inheritance, to any subfolder/file for Built-in Administrators
// and Local System. // and Local System.
func mkdirWithACL(name string) error { func mkdirWithACL(name string) error {
sa := syscall.SecurityAttributes{Length: 0} sa := windows.SecurityAttributes{Length: 0}
sd, err := winio.SddlToSecurityDescriptor(SddlAdministratorsLocalSystem) sd, err := windows.SecurityDescriptorFromString(SddlAdministratorsLocalSystem)
if err != nil { if err != nil {
return &os.PathError{Op: "mkdir", Path: name, Err: err} return &os.PathError{Op: "mkdir", Path: name, Err: err}
} }
sa.Length = uint32(unsafe.Sizeof(sa)) sa.Length = uint32(unsafe.Sizeof(sa))
sa.InheritHandle = 1 sa.InheritHandle = 1
sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0])) sa.SecurityDescriptor = sd
namep, err := syscall.UTF16PtrFromString(name) namep, err := windows.UTF16PtrFromString(name)
if err != nil { if err != nil {
return &os.PathError{Op: "mkdir", Path: name, Err: err} return &os.PathError{Op: "mkdir", Path: name, Err: err}
} }
e := syscall.CreateDirectory(namep, &sa) e := windows.CreateDirectory(namep, &sa)
if e != nil { if e != nil {
return &os.PathError{Op: "mkdir", Path: name, Err: e} return &os.PathError{Op: "mkdir", Path: name, Err: e}
} }
@ -153,7 +154,7 @@ func IsAbs(path string) bool {
return true return true
} }
// The origin of the functions below here are the golang OS and syscall packages, // The origin of the functions below here are the golang OS and windows packages,
// slightly modified to only cope with files, not directories due to the // slightly modified to only cope with files, not directories due to the
// specific use case. // specific use case.
// //
@ -185,74 +186,74 @@ func OpenFileSequential(name string, flag int, _ os.FileMode) (*os.File, error)
if name == "" { if name == "" {
return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT} return nil, &os.PathError{Op: "open", Path: name, Err: syscall.ENOENT}
} }
r, errf := syscallOpenFileSequential(name, flag, 0) r, errf := windowsOpenFileSequential(name, flag, 0)
if errf == nil { if errf == nil {
return r, nil return r, nil
} }
return nil, &os.PathError{Op: "open", Path: name, Err: errf} return nil, &os.PathError{Op: "open", Path: name, Err: errf}
} }
func syscallOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) { func windowsOpenFileSequential(name string, flag int, _ os.FileMode) (file *os.File, err error) {
r, e := syscallOpenSequential(name, flag|syscall.O_CLOEXEC, 0) r, e := windowsOpenSequential(name, flag|windows.O_CLOEXEC, 0)
if e != nil { if e != nil {
return nil, e return nil, e
} }
return os.NewFile(uintptr(r), name), nil return os.NewFile(uintptr(r), name), nil
} }
func makeInheritSa() *syscall.SecurityAttributes { func makeInheritSa() *windows.SecurityAttributes {
var sa syscall.SecurityAttributes var sa windows.SecurityAttributes
sa.Length = uint32(unsafe.Sizeof(sa)) sa.Length = uint32(unsafe.Sizeof(sa))
sa.InheritHandle = 1 sa.InheritHandle = 1
return &sa return &sa
} }
func syscallOpenSequential(path string, mode int, _ uint32) (fd syscall.Handle, err error) { func windowsOpenSequential(path string, mode int, _ uint32) (fd windows.Handle, err error) {
if len(path) == 0 { if len(path) == 0 {
return syscall.InvalidHandle, syscall.ERROR_FILE_NOT_FOUND return windows.InvalidHandle, windows.ERROR_FILE_NOT_FOUND
} }
pathp, err := syscall.UTF16PtrFromString(path) pathp, err := windows.UTF16PtrFromString(path)
if err != nil { if err != nil {
return syscall.InvalidHandle, err return windows.InvalidHandle, err
} }
var access uint32 var access uint32
switch mode & (syscall.O_RDONLY | syscall.O_WRONLY | syscall.O_RDWR) { switch mode & (windows.O_RDONLY | windows.O_WRONLY | windows.O_RDWR) {
case syscall.O_RDONLY: case windows.O_RDONLY:
access = syscall.GENERIC_READ access = windows.GENERIC_READ
case syscall.O_WRONLY: case windows.O_WRONLY:
access = syscall.GENERIC_WRITE access = windows.GENERIC_WRITE
case syscall.O_RDWR: case windows.O_RDWR:
access = syscall.GENERIC_READ | syscall.GENERIC_WRITE access = windows.GENERIC_READ | windows.GENERIC_WRITE
} }
if mode&syscall.O_CREAT != 0 { if mode&windows.O_CREAT != 0 {
access |= syscall.GENERIC_WRITE access |= windows.GENERIC_WRITE
} }
if mode&syscall.O_APPEND != 0 { if mode&windows.O_APPEND != 0 {
access &^= syscall.GENERIC_WRITE access &^= windows.GENERIC_WRITE
access |= syscall.FILE_APPEND_DATA access |= windows.FILE_APPEND_DATA
} }
sharemode := uint32(syscall.FILE_SHARE_READ | syscall.FILE_SHARE_WRITE) sharemode := uint32(windows.FILE_SHARE_READ | windows.FILE_SHARE_WRITE)
var sa *syscall.SecurityAttributes var sa *windows.SecurityAttributes
if mode&syscall.O_CLOEXEC == 0 { if mode&windows.O_CLOEXEC == 0 {
sa = makeInheritSa() sa = makeInheritSa()
} }
var createmode uint32 var createmode uint32
switch { switch {
case mode&(syscall.O_CREAT|syscall.O_EXCL) == (syscall.O_CREAT | syscall.O_EXCL): case mode&(windows.O_CREAT|windows.O_EXCL) == (windows.O_CREAT | windows.O_EXCL):
createmode = syscall.CREATE_NEW createmode = windows.CREATE_NEW
case mode&(syscall.O_CREAT|syscall.O_TRUNC) == (syscall.O_CREAT | syscall.O_TRUNC): case mode&(windows.O_CREAT|windows.O_TRUNC) == (windows.O_CREAT | windows.O_TRUNC):
createmode = syscall.CREATE_ALWAYS createmode = windows.CREATE_ALWAYS
case mode&syscall.O_CREAT == syscall.O_CREAT: case mode&windows.O_CREAT == windows.O_CREAT:
createmode = syscall.OPEN_ALWAYS createmode = windows.OPEN_ALWAYS
case mode&syscall.O_TRUNC == syscall.O_TRUNC: case mode&windows.O_TRUNC == windows.O_TRUNC:
createmode = syscall.TRUNCATE_EXISTING createmode = windows.TRUNCATE_EXISTING
default: default:
createmode = syscall.OPEN_EXISTING createmode = windows.OPEN_EXISTING
} }
// Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang. // Use FILE_FLAG_SEQUENTIAL_SCAN rather than FILE_ATTRIBUTE_NORMAL as implemented in golang.
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx // https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN const fileFlagSequentialScan = 0x08000000 // FILE_FLAG_SEQUENTIAL_SCAN
h, e := syscall.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0) h, e := windows.CreateFile(pathp, access, sharemode, sa, createmode, fileFlagSequentialScan, 0)
return h, e return h, e
} }

View File

@ -21,6 +21,7 @@ import (
"syscall" "syscall"
"unsafe" "unsafe"
"github.com/containerd/containerd/log"
"github.com/pkg/errors" "github.com/pkg/errors"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
) )
@ -30,9 +31,8 @@ func FMountat(dirfd uintptr, source, target, fstype string, flags uintptr, data
var ( var (
sourceP, targetP, fstypeP, dataP *byte sourceP, targetP, fstypeP, dataP *byte
pid uintptr pid uintptr
ws unix.WaitStatus
err error err error
errno syscall.Errno errno, status syscall.Errno
) )
sourceP, err = syscall.BytePtrFromString(source) sourceP, err = syscall.BytePtrFromString(source)
@ -60,37 +60,62 @@ func FMountat(dirfd uintptr, source, target, fstype string, flags uintptr, data
runtime.LockOSThread() runtime.LockOSThread()
defer runtime.UnlockOSThread() defer runtime.UnlockOSThread()
var pipefds [2]int
if err := syscall.Pipe2(pipefds[:], syscall.O_CLOEXEC); err != nil {
return errors.Wrap(err, "failed to open pipe")
}
defer func() {
// close both ends of the pipe in a deferred function, since open file
// descriptor table is shared with child
syscall.Close(pipefds[0])
syscall.Close(pipefds[1])
}()
pid, errno = forkAndMountat(dirfd, pid, errno = forkAndMountat(dirfd,
uintptr(unsafe.Pointer(sourceP)), uintptr(unsafe.Pointer(sourceP)),
uintptr(unsafe.Pointer(targetP)), uintptr(unsafe.Pointer(targetP)),
uintptr(unsafe.Pointer(fstypeP)), uintptr(unsafe.Pointer(fstypeP)),
flags, flags,
uintptr(unsafe.Pointer(dataP))) uintptr(unsafe.Pointer(dataP)),
pipefds[1],
)
if errno != 0 { if errno != 0 {
return errors.Wrap(errno, "failed to fork thread") return errors.Wrap(errno, "failed to fork thread")
} }
_, err = unix.Wait4(int(pid), &ws, 0, nil) defer func() {
_, err := unix.Wait4(int(pid), nil, 0, nil)
for err == syscall.EINTR { for err == syscall.EINTR {
_, err = unix.Wait4(int(pid), &ws, 0, nil) _, err = unix.Wait4(int(pid), nil, 0, nil)
} }
if err != nil { if err != nil {
return errors.Wrapf(err, "failed to find pid=%d process", pid) log.L.WithError(err).Debugf("failed to find pid=%d process", pid)
}
}()
_, _, errno = syscall.RawSyscall(syscall.SYS_READ,
uintptr(pipefds[0]),
uintptr(unsafe.Pointer(&status)),
unsafe.Sizeof(status))
if errno != 0 {
return errors.Wrap(errno, "failed to read pipe")
} }
errno = syscall.Errno(ws.ExitStatus()) if status != 0 {
if errno != 0 { return errors.Wrap(status, "failed to mount")
return errors.Wrap(errno, "failed to mount")
} }
return nil return nil
} }
// forkAndMountat will fork thread, change working dir and mount. // forkAndMountat will fork thread, change working dir and mount.
// //
// precondition: the runtime OS thread must be locked. // precondition: the runtime OS thread must be locked.
func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr) (pid uintptr, errno syscall.Errno) { func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr, pipefd int) (pid uintptr, errno syscall.Errno) {
// block signal during clone // block signal during clone
beforeFork() beforeFork()
@ -114,6 +139,7 @@ func forkAndMountat(dirfd uintptr, source, target, fstype, flags, data uintptr)
_, _, errno = syscall.RawSyscall6(syscall.SYS_MOUNT, source, target, fstype, flags, data, 0) _, _, errno = syscall.RawSyscall6(syscall.SYS_MOUNT, source, target, fstype, flags, data, 0)
childerr: childerr:
_, _, errno = syscall.RawSyscall(syscall.SYS_WRITE, uintptr(pipefd), uintptr(unsafe.Pointer(&errno)), unsafe.Sizeof(errno))
syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0) syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0)
panic("unreachable") panic("unreachable")
} }

View File

@ -24,8 +24,6 @@ import (
"os" "os"
"strconv" "strconv"
"strings" "strings"
"github.com/opencontainers/runc/libcontainer/system"
) )
// OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer // OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer
@ -40,7 +38,7 @@ func SetOOMScore(pid, score int) error {
} }
defer f.Close() defer f.Close()
if _, err = f.WriteString(strconv.Itoa(score)); err != nil { if _, err = f.WriteString(strconv.Itoa(score)); err != nil {
if os.IsPermission(err) && (system.RunningInUserNS() || RunningUnprivileged()) { if os.IsPermission(err) && (RunningInUserNS() || RunningUnprivileged()) {
return nil return nil
} }
return err return err

View File

@ -1,80 +0,0 @@
// +build linux
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sys
import (
"bufio"
"fmt"
"os"
"strconv"
"strings"
"github.com/opencontainers/runc/libcontainer/system"
)
const nanoSecondsPerSecond = 1e9
var clockTicksPerSecond = uint64(system.GetClockTicks())
// GetSystemCPUUsage returns the host system's cpu usage in
// nanoseconds. An error is returned if the format of the underlying
// file does not match.
//
// Uses /proc/stat defined by POSIX. Looks for the cpu
// statistics line and then sums up the first seven fields
// provided. See `man 5 proc` for details on specific field
// information.
func GetSystemCPUUsage() (uint64, error) {
var line string
f, err := os.Open("/proc/stat")
if err != nil {
return 0, err
}
bufReader := bufio.NewReaderSize(nil, 128)
defer func() {
bufReader.Reset(nil)
f.Close()
}()
bufReader.Reset(f)
err = nil
for err == nil {
line, err = bufReader.ReadString('\n')
if err != nil {
break
}
parts := strings.Fields(line)
switch parts[0] {
case "cpu":
if len(parts) < 8 {
return 0, fmt.Errorf("bad format of cpu stats")
}
var totalClockTicks uint64
for _, i := range parts[1:8] {
v, err := strconv.ParseUint(i, 10, 64)
if err != nil {
return 0, fmt.Errorf("error parsing cpu stats")
}
totalClockTicks += v
}
return (totalClockTicks * nanoSecondsPerSecond) /
clockTicksPerSecond, nil
}
}
return 0, fmt.Errorf("bad stats format")
}

View File

@ -1,69 +0,0 @@
// +build !windows
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sys
import (
"golang.org/x/sys/unix"
)
// Exit is the wait4 information from an exited process
type Exit struct {
Pid int
Status int
}
// Reap reaps all child processes for the calling process and returns their
// exit information
func Reap(wait bool) (exits []Exit, err error) {
var (
ws unix.WaitStatus
rus unix.Rusage
)
flag := unix.WNOHANG
if wait {
flag = 0
}
for {
pid, err := unix.Wait4(-1, &ws, flag, &rus)
if err != nil {
if err == unix.ECHILD {
return exits, nil
}
return exits, err
}
if pid <= 0 {
return exits, nil
}
exits = append(exits, Exit{
Pid: pid,
Status: exitStatus(ws),
})
}
}
const exitSignalOffset = 128
// exitStatus returns the correct exit status for a process based on if it
// was signaled or exited cleanly
func exitStatus(status unix.WaitStatus) int {
if status.Signaled() {
return exitSignalOffset + int(status.Signal())
}
return status.ExitStatus()
}

View File

@ -1,52 +0,0 @@
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sys
import (
"unsafe"
"golang.org/x/sys/unix"
)
// If arg2 is nonzero, set the "child subreaper" attribute of the
// calling process; if arg2 is zero, unset the attribute. When a
// process is marked as a child subreaper, all of the children
// that it creates, and their descendants, will be marked as
// having a subreaper. In effect, a subreaper fulfills the role
// of init(1) for its descendant processes. Upon termination of
// a process that is orphaned (i.e., its immediate parent has
// already terminated) and marked as having a subreaper, the
// nearest still living ancestor subreaper will receive a SIGCHLD
// signal and be able to wait(2) on the process to discover its
// termination status.
const setChildSubreaper = 36
// SetSubreaper sets the value i as the subreaper setting for the calling process
func SetSubreaper(i int) error {
return unix.Prctl(setChildSubreaper, uintptr(i), 0, 0, 0)
}
// GetSubreaper returns the subreaper setting for the calling process
func GetSubreaper() (int, error) {
var i uintptr
if err := unix.Prctl(unix.PR_GET_CHILD_SUBREAPER, uintptr(unsafe.Pointer(&i)), 0, 0, 0); err != nil {
return -1, err
}
return int(i), nil
}

View File

@ -0,0 +1,62 @@
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sys
import (
"bufio"
"fmt"
"os"
"sync"
)
var (
inUserNS bool
nsOnce sync.Once
)
// RunningInUserNS detects whether we are currently running in a user namespace.
// Originally copied from github.com/lxc/lxd/shared/util.go
func RunningInUserNS() bool {
nsOnce.Do(func() {
file, err := os.Open("/proc/self/uid_map")
if err != nil {
// This kernel-provided file only exists if user namespaces are supported
return
}
defer file.Close()
buf := bufio.NewReader(file)
l, _, err := buf.ReadLine()
if err != nil {
return
}
line := string(l)
var a, b, c int64
fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
/*
* We assume we are in the initial user namespace if we have a full
* range - 4294967295 uids starting at uid 0.
*/
if a == 0 && b == 0 && c == 4294967295 {
return
}
inUserNS = true
})
return inUserNS
}

View File

@ -0,0 +1,25 @@
// +build !linux
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sys
// RunningInUserNS is a stub for non-Linux systems
// Always returns false
func RunningInUserNS() bool {
return false
}

View File

@ -2,16 +2,16 @@ github.com/beorn7/perks 37c8de3658fcb183f997c4e13e83
github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1 github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1
github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1 github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
github.com/containerd/btrfs 153935315f4ab9be5bf03650a1341454b05efa5d github.com/containerd/btrfs 153935315f4ab9be5bf03650a1341454b05efa5d
github.com/containerd/cgroups 7347743e5d1e8500d9f27c8e748e689ed991d92b github.com/containerd/cgroups b4448137398923af7f4918b8b2ad8249172ca7a6
github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 # v1.0.0
github.com/containerd/continuity 0ec596719c75bfd42908850990acea594b7593ac github.com/containerd/continuity 0ec596719c75bfd42908850990acea594b7593ac
github.com/containerd/fifo bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13 github.com/containerd/fifo bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13
github.com/containerd/go-runc a5c2862aed5e6358b305b0e16bfce58e0549b1cd github.com/containerd/go-runc a5c2862aed5e6358b305b0e16bfce58e0549b1cd
github.com/containerd/ttrpc 92c8520ef9f86600c650dd540266a007bf03670f github.com/containerd/ttrpc 72bb1b21c5b0a4a107f59dd85f6ab58e564b68d6 # v1.0.1
github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40 github.com/containerd/typeurl cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1
github.com/coreos/go-systemd/v22 2d78030078ef61b3cae27f42ad6d0e46db51b339 # v22.0.0 github.com/coreos/go-systemd/v22 2d78030078ef61b3cae27f42ad6d0e46db51b339 # v22.0.0
github.com/cpuguy83/go-md2man 7762f7e404f8416dfa1d9bb6a8c192aa9acb4d19 # v1.0.10 github.com/cpuguy83/go-md2man 7762f7e404f8416dfa1d9bb6a8c192aa9acb4d19 # v1.0.10
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1 github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0 github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
github.com/godbus/dbus/v5 37bf87eef99d69c4f1d3528bd66e3a87dc201472 # v5.0.3 github.com/godbus/dbus/v5 37bf87eef99d69c4f1d3528bd66e3a87dc201472 # v5.0.3
@ -25,65 +25,78 @@ github.com/hashicorp/errwrap 8a6fb523712970c966eefc6b39ed
github.com/hashicorp/go-multierror 886a7fbe3eb1c874d46f623bfa70af45f425b3d1 # v1.0.0 github.com/hashicorp/go-multierror 886a7fbe3eb1c874d46f623bfa70af45f425b3d1 # v1.0.0
github.com/hashicorp/golang-lru 7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3 github.com/hashicorp/golang-lru 7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
github.com/imdario/mergo 7c29201646fa3de8506f701213473dd407f19646 # v0.3.7 github.com/imdario/mergo 7c29201646fa3de8506f701213473dd407f19646 # v0.3.7
github.com/konsorten/go-windows-terminal-sequences 5c8c8bd35d3832f5d134ae1e1e375b69a4d25242 # v1.0.1 github.com/konsorten/go-windows-terminal-sequences edb144dfd453055e1e49a3d8b410a660b5a87613 # v1.0.3
github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1 github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14 github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
github.com/Microsoft/hcsshim 0b571ac85d7c5842b26d2571de4868634a4c39d7 # v0.8.7-24-g0b571ac8 github.com/Microsoft/hcsshim 5bc557dd210ff2caf615e6e22d398123de77fc11 # v0.8.9
github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7 github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7
github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1 github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
github.com/opencontainers/runc dc9208a3303feef5b3839f4323d9beb36df0a9dd # v1.0.0-rc10 github.com/opencontainers/runc dc9208a3303feef5b3839f4323d9beb36df0a9dd # v1.0.0-rc10
github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db github.com/opencontainers/runtime-spec c4ee7d12c742ffe806cd9350b6af3b4b19faed6f # v1.0.2
github.com/pkg/errors ba968bfe8b2f7e042a574c888954fccecfa385b4 # v0.8.1 github.com/pkg/errors 614d223910a179a466c1767a985424175c39b465 # v0.9.1
github.com/prometheus/client_golang c42bebe5a5cddfc6b28cd639103369d8a75dfa89 # v1.3.0 github.com/prometheus/client_golang c42bebe5a5cddfc6b28cd639103369d8a75dfa89 # v1.3.0
github.com/prometheus/client_model d1d2010b5beead3fa1c5f271a5cf626e40b3ad6e # v0.1.0 github.com/prometheus/client_model d1d2010b5beead3fa1c5f271a5cf626e40b3ad6e # v0.1.0
github.com/prometheus/common 287d3e634a1e550c9e463dd7e5a75a422c614505 # v0.7.0 github.com/prometheus/common 287d3e634a1e550c9e463dd7e5a75a422c614505 # v0.7.0
github.com/prometheus/procfs 6d489fc7f1d9cd890a250f3ea3431b1744b9623f # v0.0.8 github.com/prometheus/procfs 6d489fc7f1d9cd890a250f3ea3431b1744b9623f # v0.0.8
github.com/russross/blackfriday 05f3235734ad95d0016f6a23902f06461fcf567a # v1.5.2 github.com/russross/blackfriday 05f3235734ad95d0016f6a23902f06461fcf567a # v1.5.2
github.com/sirupsen/logrus 8bdbc7bcc01dcbb8ec23dc8a28e332258d25251f # v1.4.1 github.com/sirupsen/logrus 60c74ad9be0d874af0ab0daef6ab07c5c5911f0d # v1.6.0
github.com/syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2 github.com/syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2
github.com/urfave/cli bfe2e925cfb6d44b40ad3a779165ea7e8aff9212 # v1.22.0 github.com/urfave/cli bfe2e925cfb6d44b40ad3a779165ea7e8aff9212 # v1.22.0
go.etcd.io/bbolt a0458a2b35708eef59eb5f620ceb3cd1c01a824d # v1.3.3 go.etcd.io/bbolt a0458a2b35708eef59eb5f620ceb3cd1c01a824d # v1.3.3
go.opencensus.io 9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0 go.opencensus.io 9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0
golang.org/x/net f3200d17e092c607f615320ecaad13d87ad9a2b3 golang.org/x/net f3200d17e092c607f615320ecaad13d87ad9a2b3
golang.org/x/sync 42b317875d0fa942474b76e1b46a6060d720ae6e golang.org/x/sync 42b317875d0fa942474b76e1b46a6060d720ae6e
golang.org/x/sys c990c680b611ac1aeb7d8f2af94a825f98d69720 https://github.com/golang/sys golang.org/x/sys 5c8b2ff67527cb88b770f693cebf3799036d8bc0
golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
google.golang.org/genproto e50cd9704f63023d62cd06a1994b98227fc4d21a google.golang.org/genproto e50cd9704f63023d62cd06a1994b98227fc4d21a
google.golang.org/grpc f495f5b15ae7ccda3b38c53a1bfcde4c1a58a2bc # v1.27.1 google.golang.org/grpc f495f5b15ae7ccda3b38c53a1bfcde4c1a58a2bc # v1.27.1
gotest.tools 1083505acf35a0bd8a696b26837e1fb3187a7a83 # v2.3.0 gotest.tools/v3 bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2
# cgroups dependencies
github.com/cilium/ebpf 4032b1d8aae306b7bb94a2a11002932caf88c644
# cri dependencies # cri dependencies
github.com/containerd/cri c0294ebfe0b4342db85c0faf7727ceb8d8c3afce # master github.com/containerd/cri 65830369b6b2b4edc454bf5cebbd9b76c1c1ac66 # master
github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
github.com/containernetworking/cni 4cfb7b568922a3c79a23e438dc52fe537fc9687e # v0.7.1
github.com/containernetworking/plugins 9f96827c7cabb03f21d86326000c00f61e181f6a # v0.7.6
github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1 github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580 github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
github.com/docker/docker d1d5f6476656c6aad457e2a91d3436e66b6f2251 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f
github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
github.com/emicklei/go-restful b993709ae1a4f6dd19cfa475232614441b11c9d5 # v2.9.5 github.com/emicklei/go-restful b993709ae1a4f6dd19cfa475232614441b11c9d5 # v2.9.5
github.com/google/gofuzz f140a6486e521aad38f5917de355cbf147cc0496 # v1.0.0 github.com/google/gofuzz db92cf7ae75e4a7a28abc005addab2b394362888 # v1.1.0
github.com/json-iterator/go 03217c3e97663914aec3faafde50d081f197a0a2 # v1.1.8 github.com/json-iterator/go 03217c3e97663914aec3faafde50d081f197a0a2 # v1.1.8
github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3 github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
github.com/modern-go/reflect2 4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd # 1.0.1 github.com/modern-go/reflect2 4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd # 1.0.1
github.com/opencontainers/selinux 5215b1806f52b1fcc2070a8826c542c9d33cd3cf github.com/opencontainers/selinux 0d49ba2a6aae052c614dfe5de62a158711a6c461 # 1.5.1
github.com/seccomp/libseccomp-golang 689e3c1541a84461afc49c1c87352a6cedf72e9c # v0.9.1 github.com/seccomp/libseccomp-golang 689e3c1541a84461afc49c1c87352a6cedf72e9c # v0.9.1
github.com/stretchr/testify 221dbe5ed46703ee255b1da0dec05086f5035f62 # v1.4.0 github.com/stretchr/testify 221dbe5ed46703ee255b1da0dec05086f5035f62 # v1.4.0
github.com/tchap/go-patricia 666120de432aea38ab06bd5c818f04f4129882c9 # v2.2.6 github.com/tchap/go-patricia 666120de432aea38ab06bd5c818f04f4129882c9 # v2.2.6
golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382 golang.org/x/crypto bac4c82f69751a6dd76e702d54b3ceb88adab236
golang.org/x/oauth2 0f29369cfe4552d0e4bcddc57cc75f4d7e672a33 golang.org/x/oauth2 0f29369cfe4552d0e4bcddc57cc75f4d7e672a33
golang.org/x/time 9d24e82272b4f38b78bc8cff74fa936d31ccd8ef golang.org/x/time 9d24e82272b4f38b78bc8cff74fa936d31ccd8ef
gopkg.in/inf.v0 d2d2541c53f18d2a059457998ce2876cc8e67cbf # v0.9.1 gopkg.in/inf.v0 d2d2541c53f18d2a059457998ce2876cc8e67cbf # v0.9.1
gopkg.in/yaml.v2 53403b58ad1b561927d19068c655246f2db79d48 # v2.2.8 gopkg.in/yaml.v2 53403b58ad1b561927d19068c655246f2db79d48 # v2.2.8
k8s.io/api 7643814f1c97f24ccfb38c2b85a7bb3c7f494346 # kubernetes-1.17.1 k8s.io/api d2dce8e1788e4be2be3a62b6439b3eaa087df0df # v0.18.0
k8s.io/apimachinery 79c2a76c473a20cdc4ce59cae4b72529b5d9d16b # kubernetes-1.17.1 k8s.io/apimachinery 105e0c6d63f10531ed07f3b5a2195771a0fa444b # v0.18.0
k8s.io/apiserver 5381f05fcb881d39af12eeecab5645364229300c # kubernetes-1.17.1 k8s.io/apiserver 5c8e895629a454efd75a453d1dea5b8142db0013 # v0.18.0
k8s.io/client-go 69012f50f4b0243bccdb82c24402a10224a91f51 # kubernetes-1.17.1 k8s.io/client-go 0b19784585bd0a0ee5509855829ead81feaa2bdc # v0.18.0
k8s.io/cri-api 775aa3c1cf7380ba8b7362f5a52f1e6d2e130bb9 # kubernetes-1.17.1 k8s.io/cri-api 3d1680d8d202aa12c5dc5689170c3c03a488d35b # v0.18.0
k8s.io/klog 2ca9ad30301bf30a8a6e0fa2110db6b8df699a91 # v1.0.0 k8s.io/klog 2ca9ad30301bf30a8a6e0fa2110db6b8df699a91 # v1.0.0
k8s.io/kubernetes d224476cd0730baca2b6e357d144171ed74192d6 # v1.17.1 k8s.io/kubernetes 9e991415386e4cf155a24b1da15becaa390438d8 # v1.18.0
k8s.io/utils e782cd3c129fc98ee807f3c889c0f26eb7c9daf5 k8s.io/utils a9aa75ae1b89e1b992c33383f48e942d97e52dae
sigs.k8s.io/yaml fd68e9863619f6ec2fdd8625fe1f02e7c877e480 # v1.1.0 sigs.k8s.io/structured-merge-diff/v3 877aee05330847a873a1a8998b40e12a1e0fde25 # v3.0.0
sigs.k8s.io/yaml 9fc95527decd95bb9d28cc2eab08179b2d0f6971 # v1.2.0
# cni dependencies
github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
github.com/containernetworking/cni 4cfb7b568922a3c79a23e438dc52fe537fc9687e # v0.7.1
github.com/containernetworking/plugins 9f96827c7cabb03f21d86326000c00f61e181f6a # v0.7.6
github.com/fsnotify/fsnotify 4bf2d1fec78374803a39307bfb8d340688f4f28e # v1.4.8
# image decrypt depedencies
github.com/containerd/imgcrypt 9e761ccd6069fb707ec9493435f31475b5524b38 # v1.0.1
github.com/containers/ocicrypt 0343cc6053fd65069df55bce6838096e09b4033a # v1.0.1 from containerd/imgcrypt
github.com/fullsailor/pkcs7 8306686428a5fe132eac8cb7c4848af725098bd4 # from containers/ocicrypt
gopkg.in/square/go-jose.v2 730df5f748271903322feb182be83b43ebbbe27d # v2.3.1 from containers/ocicrypt
# zfs dependencies # zfs dependencies
github.com/containerd/zfs 9abf673ca6ff9ab8d9bd776a4ceff8f6dc699c3d github.com/containerd/zfs 9abf673ca6ff9ab8d9bd776a4ceff8f6dc699c3d
@ -91,6 +104,3 @@ github.com/mistifyio/go-zfs f784269be439d704d3dfa1906f45
# aufs dependencies # aufs dependencies
github.com/containerd/aufs 371312c1e31c210a21e49bf3dfd3f31729ed9f2f github.com/containerd/aufs 371312c1e31c210a21e49bf3dfd3f31729ed9f2f
# cgroups dependencies
github.com/cilium/ebpf 60c3aa43f488292fe2ee50fb8b833b383ca8ebbb