Determine if selinux is available before building cri-o with support.
Don't add ostree support to crio or any tools other then kpod.
cri-o does not use ostree.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If the playbook is run multiple times or a host already has
swap configured, re-adding swap over the existing file
will cause untold problems. Also, it will not persist across
reboots unless added to fstab.
Avoid this by checking if any swap is active. If not
create a unique swapfile and format it. Then enable
it to persist across reboots.
Signed-off-by: Chris Evich <cevich@redhat.com>
Tested on a REHL box and found out that the mounts were not showing up
Had a logic flaw, where if the mount was "host:container"
Was setting the mount source to "host" and destination to "ctrRunDir/container"
When instead, the mount source should be "ctrRunDir/container" and destination "container"
with the data copied from "host" to "ctrRunDir/container"
Signed-off-by: umohnani8 <umohnani@redhat.com>
New network test makes improper assumptions about conmon path.
Use predefined CONMON_BINARY variable instead.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Update our vendored copy of golang.org/x/sys to version
9aade4d3a3b7e6d876cd3823ad20ec45fc035402 to get the new Major() and
Minor() helpers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We should not error when we try to find a pod ID in a filtered
list of sandboxes; instead we should return an empty struct
and log it.
This fixes another cri-test failure.
Signed-off-by: baude <bbaude@redhat.com>
Container/storage has been enhanced to speed up the compiling and loading
of json files. This should make make cri-o a little bit faster.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We now can pass 37/55 tests with this PR. Remaining tests include may be fixed
with 1.8.
[Fail] [k8s.io] Security Context bucket [It] runtime should support RunAsUserName
[Fail] [k8s.io] Security Context NamespaceOption [It] runtime should support HostPID
[Fail] [k8s.io] PodSandbox runtime should support sysctls [It] should support unsafe sysctls
[Fail] [k8s.io] PodSandbox runtime should support basic operations on PodSandbox [It] runtime should support removing PodSandbox [Conformance]
[Fail] [k8s.io] Streaming runtime should support streaming interfaces [It] runtime should support portforward [Conformance]
[Fail] [k8s.io] Security Context SeccompProfilePath [It] runtime should not support a custom seccomp profile without using localhost/ as a prefix
[Fail] [k8s.io] Image Manager [It] listImage should get exactly 2 repoTags in the result image [Conformance]
[Fail] [k8s.io] PodSandbox runtime should support sysctls [It] should support safe sysctls
[Fail] [k8s.io] Security Context NoNewPrivs [It] should not allow privilege escalation when true
[Fail] [k8s.io] Security Context SeccompProfilePath [It] runtime should support an seccomp profile that blocks setting hostname with SYS_ADMIN
[Fail] [k8s.io] Container runtime should support mount propagation [It] mount with 'rslave' should support propagation from host to container
[Fail] [k8s.io] Container runtime should support mount propagation [It] mount with 'rshared' should support propagation from host to container and vice versa
[Fail] [k8s.io] Networking runtime should support networking [It] runtime should support port mapping with host port and container port [Conformance]
[Fail] [k8s.io] Security Context SeccompProfilePath [It] should support seccomp localhost/profile on the container
[Fail] [k8s.io] Container runtime should support log [It] runtime should support starting container with log [Conformance]
[Fail] [k8s.io] Security Context bucket [It] runtime should support RunAsUser
[Fail] [k8s.io] Security Context bucket [It] runtime should support SupplementalGroups
[Fail] [k8s.io] Security Context SeccompProfilePath docker/default [It] should support seccomp docker/default on the container
Signed-off-by: baude <bbaude@redhat.com>
