Skip to content

[v0.20] cherry-picks for v0.20.1#5803

Merged
crazy-max merged 6 commits intomoby:v0.20from
crazy-max:0.20_picks_0.20.1
Mar 5, 2025
Merged

[v0.20] cherry-picks for v0.20.1#5803
crazy-max merged 6 commits intomoby:v0.20from
crazy-max:0.20_picks_0.20.1

Conversation

@crazy-max
Copy link
Copy Markdown
Member

@crazy-max crazy-max commented Mar 3, 2025
edited
Loading

@tonistiigi @crazy-max
vendor: update cdi to v0.8.1 for panic fix
547d083 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@tonistiigi @crazy-max
vendor: update action-cache with longer azure retries
b15731b 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@github-actions github-actions Bot added area/dependencies Pull requests that update a dependency file area/buildkitd labels Mar 3, 2025
@tonistiigi @crazy-max
update binfmt to v9.2.2
b1b594e 
Should help with segmentation fault on libc-bin

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@AkihiroSuda @crazy-max
rootless: update docs and examples
bfe3c17 
Fix issue 5763

- Discourage `--oci-worker-no-process-sandbox`, due to the leakage of
  the processes (by design).
  Instead, encourage setting `systempaths=unconfined` in `docker run`.
  This corresponds to `securityContext.procMount: Unmasked` in Kubernetes,
  however, the configuration is hard on Kubernetes, as it has to be used
  in conjunction with `hostUsers: false`.

- Remove `--device /dev/fuse`, as fuse-overlayfs is no longer used typically.

- Use the new Kubernetes struct for AppArmor

- Add a hint about `kernel.apparmor_restrict_unprivileged_userns`

- Remove `$` from command snippets for ease of copypasting

- Make `job.*.yaml` more practical

- Add `*.userns.yaml`. Needs `UserNamespaceSupport` feature gate to be enabled.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
@crazy-max crazy-max marked this pull request as ready for review March 4, 2025 14:53
@tonistiigi @crazy-max
dockerfile: normalize platform in image config
2c40436 
Base image may use unnormalized platform so if platform
is inherited normalize needs to be called again.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@tonistiigi @crazy-max
vendor: update containerd to v2.0.3
cc210c8 
Brings in the gRPC message size fix for writing SBOMs.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
tonistiigi
tonistiigi approved these changes Mar 4, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like there aren't any other containerd changes in vendor with 2.0.3 bump. Otherwise there is a patch without vendor update also in #5785

@crazy-max crazy-max merged commit de56a3c into moby:v0.20 Mar 5, 2025
@crazy-max crazy-max deleted the 0.20_picks_0.20.1 branch March 5, 2025 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

@jsternberg jsternberg Awaiting requested review from jsternberg

Assignees

No one assigned

Labels

area/buildkitd area/dependencies Pull requests that update a dependency file area/dockerfile area/docs area/examples area/frontend area/project

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@crazy-max @tonistiigi @AkihiroSuda