This will release the MCS Label to be used again. Only do this if we
don't have another sandbox using the same label.
Also vendor in the latest selinux go bindings, which fixes a leak and
properly reserves the SELinux label we are going to use.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Container/storage has been enhanced to speed up the compiling and loading
of json files. This should make make cri-o a little bit faster.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This package is used in authenticating a user for kpod login
and can be used for authentication in kpod push, pull etc.
Signed-off-by: umohnani8 <umohnani@redhat.com>
If the user provides kpod pull a short name like 'debian', we
still want the pull to be sucessful. As such, when a short
name is provided, we get the list of searchable registries via
the systemregistries code in containers-storage. We then
append a tag of 'latest' (if not provided) and we formulate
a list of possible fully-qualified image names to try.
Vendor update for containers-storage to bring in the system_registries
code.
Also includes a patch from Nalin to fix compilation errors.
Signed-off-by: baude <bbaude@redhat.com>
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
vndr was previously removing .go files in runc/libcontainer since they weren't used anywhere
in cri-o, but kpod stats will use them
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
Add functions to go templates such as truncating a field. Also add
the table keyword, which, if placed at the beginning of a format string,
adds headers to the output
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
Need to mv to latest released and supported version of logrus
switch github.com/Sirupsen/logrus github.com/sirupsen/logrus
Also vendor in latest containers/storage and containers/image
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This update allows the creation of docker-archive files when the
destination does not exists or is empty. kpod save needs this functionality.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Bump containers/image (pulling in its new dependency on ostree-go),
containers/storage, and updated image-spec.
This pulls in the OCI v1.0 specifications and code that allows us to
support 1.0 images.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Update the vendored commit for containers/image, because the previous
version did not include the function ListNames() in transports
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
Vendor and use docker/pkg/pools.
pools are used to lower the number of memory allocations and reuse buffers when
processing large streams operations..
The use of pools.Copy avoids io.Copy's internal buffer allocation.
This commit replaces io.Copy with pools.Copy to avoid the allocation of
buffers in io.Copy.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Update the vendored copy of github.com/containers/image to revision
efae29995d4846ffa6163eb4d466fd61bda43aae.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Update the vendored copy of github.com/containers/storage to revision
d10d8680af74070b362637408a7fe28c4b1f1eff.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
fsnotify is needed by the new ocicni monitoring implementation.
As ocicni switched to logrus, glog is no longer needed.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
