Add notes to README.md about needing to install ostree-devel, or
libostree-dev, or building ostree from source.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Bump containers/image (pulling in its new dependency on ostree-go),
containers/storage, and updated image-spec.
This pulls in the OCI v1.0 specifications and code that allows us to
support 1.0 images.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
update libkpod's New() function to use a config struct, and update
server.New() to call into libkpod.New()
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
During my testing in OpenShift I've noticed that conmon leaves some
zombies processes. The reason is that we are using
PR_SET_CHILD_SUBREAPER in conmon and runC forks a new process (runc
init) each time we start a container. Using g_child_watch_add only on
the main runc process and on the container process is not enough as we
do not cleanup any other zombie process.
Since glib doesn't allow to catch SIGCHLD and to better integrate in the
existing code, catch it with signal(2) then raise a SIGUSR1 that glib
handles.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
bin2img/checkseccomp/copyimg are file targets and should not be .PHONY.
This prevents to build them if not necessary.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Build all of our binaries with the same build tags and the same LDFLAGS.
This means we add $(LDFLAGS) to bin2img, copyimg, and cri-o,
$(BUILDTAGS) to kpod, and both to crioctl and checkseccomp.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If sandbox is in the same package as server, there will be a circular dependency when
kpod create is implemented
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
When the integration test image is run on a system with apparmor
enabled, it needs binaries from the 'apparmor' package, so ensure that
it's always there.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Basically none of the clever storage drivers will work when we're on top
of AUFS, so if we find ourselves in that situation when running tests,
default to storage options of "--storage-driver vfs".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Move container state data to libkpod, separate from the sandbox
data in server. However, the move was structured such that sandbox
data could easily be moved over into libkpod in the future
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
go list {{.Imports}} outputs imports as an array, and the leading
and trailing square brackets can get caught in the name of a package.
Add a pipe in the dependency command to remove the brackets
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
Move non-kubernetes-dependent portions of server struct to libkpod.
So far, only the struct fields have been moved and not their dependent
functions
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>