Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement crun features #1237

Merged
merged 4 commits into from
Jun 27, 2023
Merged

Conversation

sohankunkerkar
Copy link
Member

Fixes: #1177

src/features.c Outdated Show resolved Hide resolved
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for working on this. I've left some comments, also make sure make clang-format passes

src/features.c Outdated Show resolved Hide resolved
src/libcrun/container.c Outdated Show resolved Hide resolved
src/libcrun/container.c Outdated Show resolved Hide resolved
src/libcrun/container.c Outdated Show resolved Hide resolved
src/libcrun/container.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
@sohankunkerkar sohankunkerkar force-pushed the add-crun-features branch 2 times, most recently from 208485e to dd0ff1b Compare June 22, 2023 17:28
src/libcrun/container.c Outdated Show resolved Hide resolved
@sohankunkerkar sohankunkerkar force-pushed the add-crun-features branch 2 times, most recently from 62e582c to a4605dd Compare June 22, 2023 21:38
@sohankunkerkar sohankunkerkar force-pushed the add-crun-features branch 2 times, most recently from b6a43b0 to 7c8a4b1 Compare June 23, 2023 14:53
src/features.c Outdated Show resolved Hide resolved
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some more small comments. Also this is a completely new feature, so we need some tests too under tests to run with make check

Makefile.am Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/libcrun/container.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/features.c Outdated Show resolved Hide resolved
src/libcrun/container.c Outdated Show resolved Hide resolved
src/libcrun/container.c Show resolved Hide resolved
@sohankunkerkar sohankunkerkar force-pushed the add-crun-features branch 2 times, most recently from eee7303 to 337652b Compare June 25, 2023 04:25
tests/test_oci_features.py Outdated Show resolved Hide resolved
tests/test_oci_features.py Outdated Show resolved Hide resolved
tests/test_oci_features.py Outdated Show resolved Hide resolved
"SCMP_CMP_MASKED_EQ",
};

static const char *archs[] = {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am still not sure if we must list the arches. Not only we risk to not list all the supported values, but we also risk that the dynamically linked version of libseccomp doesn't have support for what we are listing here.

What do you think? Wouldn't it be safer for now to just drop the arches list from the JSON output?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, it makes sense. Does that sound good to you if we keep the reference of it in the code for the future but drop the entry from the final output for now?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is better to remove the code altogether, we can easily add it back if we ever need it in this form

@giuseppe
Copy link
Member

when I run the new test locally, I get the following error:

Complete features dictionary: {'ociVersionMin': '1.0.0', 'ociVersionMax': '1.1.0-rc.3', 'hooks': ['prestart', 'createRuntime', 'createContainer', 'startContainer', 'poststart', 'poststop'], 'mountOptions': ['rw', 'rrw', 'ro', 'rro', 'rdirsync', 'rdiratime', 'rnodev', 'rnorelatime', 'nodiratime', 'rnodiratime', 'diratime', 'rnoatime', 'rnomand', 'ratime', 'rmand', 'mand', 'idmap', 'noatime', 'nomand', 'dirsync', 'rnosuid', 'atime', 'rnoexec', 'nodev', 'rbind', 'norelatime', 'bind', 'rnostrictatime', 'strictatime', 'rstrictatime', 'rprivate', 'rsuid', 'remount', 'suid', 'nostrictatime', 'rrelatime', 'nosuid', 'noexec', 'rslave', 'dev', 'rdev', 'rsync', 'relatime', 'sync', 'shared', 'rshared', 'unbindable', 'runbindable', 'defaults', 'async', 'rasync', 'private', 'tmpcopyup', 'rexec', 'exec', 'slave'], 'linux': {'namespaces': ['cgroup', 'ipc', 'mount', 'network', 'pid', 'user', 'uts'], 'capabilities': ['CAP_CHOWN', 'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH', 'CAP_FOWNER', 'CAP_FSETID', 'CAP_KILL', 'CAP_SETGID', 'CAP_SETUID', 'CAP_SETPCAP', 'CAP_LINUX_IMMUTABLE', 'CAP_NET_BIND_SERVICE', 'CAP_NET_BROADCAST', 'CAP_NET_ADMIN', 'CAP_NET_RAW', 'CAP_IPC_LOCK', 'CAP_IPC_OWNER', 'CAP_SYS_MODULE', 'CAP_SYS_RAWIO', 'CAP_SYS_CHROOT', 'CAP_SYS_PTRACE', 'CAP_SYS_PACCT', 'CAP_SYS_ADMIN', 'CAP_SYS_BOOT', 'CAP_SYS_NICE', 'CAP_SYS_RESOURCE', 'CAP_SYS_TIME', 'CAP_SYS_TTY_CONFIG', 'CAP_MKNOD', 'CAP_LEASE', 'CAP_AUDIT_WRITE', 'CAP_AUDIT_CONTROL', 'CAP_SETFCAP', 'CAP_MAC_OVERRIDE', 'CAP_MAC_ADMIN', 'CAP_SYSLOG', 'CAP_WAKE_ALARM', 'CAP_BLOCK_SUSPEND', 'CAP_AUDIT_READ', 'CAP_PERFMON', 'CAP_BPF', 'CAP_CHECKPOINT_RESTORE'], 'cgroup': {'v1': True, 'v2': True, 'systemd': True, 'systemdUser': True}, 'seccomp': {'enabled': True, 'actions': ['SCMP_ACT_ALLOW', 'SCMP_ACT_ERRNO', 'SCMP_ACT_KILL', 'SCMP_ACT_KILL_PROCESS', 'SCMP_ACT_KILL_THREAD', 'SCMP_ACT_LOG', 'SCMP_ACT_NOTIFY', 'SCMP_ACT_TRACE', 'SCMP_ACT_TRAP'], 'operators': ['SCMP_CMP_NE', 'SCMP_CMP_LT', 'SCMP_CMP_LE', 'SCMP_CMP_EQ', 'SCMP_CMP_GE', 'SCMP_CMP_GT', 'SCMP_CMP_MASKED_EQ']}, 'apparmor': {'enabled': True}, 'selinux': {'enabled': True}}, 'annotations': {'io.github.seccomp.libseccomp.version': '2.5.3', 'org.opencontainers.runc.checkpoint.enabled': True, 'run.oci.crun.checkpoint.enabled': True, 'io.github.containers.crun.commit': '9738116147984a9fb6d993394f74217b0e532be8', 'io.github.containers.crun.version': '1.8.5.0.0.0.31-33cb'}}
Mismatch in feature: linux
Expected: {'namespaces': ['cgroup', 'ipc', 'mount', 'network', 'pid', 'user', 'uts'], 'capabilities': ['CAP_CHOWN', 'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH', 'CAP_FOWNER', 'CAP_FSETID', 'CAP_KILL', 'CAP_SETGID', 'CAP_SETUID', 'CAP_SETPCAP', 'CAP_LINUX_IMMUTABLE', 'CAP_NET_BIND_SERVICE', 'CAP_NET_BROADCAST', 'CAP_NET_ADMIN', 'CAP_NET_RAW', 'CAP_IPC_LOCK', 'CAP_IPC_OWNER', 'CAP_SYS_MODULE', 'CAP_SYS_RAWIO', 'CAP_SYS_CHROOT', 'CAP_SYS_PTRACE', 'CAP_SYS_PACCT', 'CAP_SYS_ADMIN', 'CAP_SYS_BOOT', 'CAP_SYS_NICE', 'CAP_SYS_RESOURCE', 'CAP_SYS_TIME', 'CAP_SYS_TTY_CONFIG', 'CAP_MKNOD', 'CAP_LEASE', 'CAP_AUDIT_WRITE', 'CAP_AUDIT_CONTROL', 'CAP_SETFCAP', 'CAP_MAC_OVERRIDE', 'CAP_MAC_ADMIN', 'CAP_SYSLOG', 'CAP_WAKE_ALARM', 'CAP_BLOCK_SUSPEND', 'CAP_AUDIT_READ', 'CAP_PERFMON', 'CAP_BPF', 'CAP_CHECKPOINT_RESTORE'], 'cgroup': {'v1': True, 'v2': True, 'systemd': True, 'systemdUser': True}, 'seccomp': {'actions': ['SCMP_ACT_ALLOW', 'SCMP_ACT_ERRNO', 'SCMP_ACT_KILL', 'SCMP_ACT_KILL_PROCESS', 'SCMP_ACT_KILL_THREAD', 'SCMP_ACT_LOG', 'SCMP_ACT_NOTIFY', 'SCMP_ACT_TRACE', 'SCMP_ACT_TRAP'], 'operators': ['SCMP_CMP_NE', 'SCMP_CMP_LT', 'SCMP_CMP_LE', 'SCMP_CMP_EQ', 'SCMP_CMP_GE', 'SCMP_CMP_GT', 'SCMP_CMP_MASKED_EQ']}, 'apparmor': {'enabled': True}, 'selinux': {'enabled': True}}
Actual: {'namespaces': ['cgroup', 'ipc', 'mount', 'network', 'pid', 'user', 'uts'], 'capabilities': ['CAP_CHOWN', 'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH', 'CAP_FOWNER', 'CAP_FSETID', 'CAP_KILL', 'CAP_SETGID', 'CAP_SETUID', 'CAP_SETPCAP', 'CAP_LINUX_IMMUTABLE', 'CAP_NET_BIND_SERVICE', 'CAP_NET_BROADCAST', 'CAP_NET_ADMIN', 'CAP_NET_RAW', 'CAP_IPC_LOCK', 'CAP_IPC_OWNER', 'CAP_SYS_MODULE', 'CAP_SYS_RAWIO', 'CAP_SYS_CHROOT', 'CAP_SYS_PTRACE', 'CAP_SYS_PACCT', 'CAP_SYS_ADMIN', 'CAP_SYS_BOOT', 'CAP_SYS_NICE', 'CAP_SYS_RESOURCE', 'CAP_SYS_TIME', 'CAP_SYS_TTY_CONFIG', 'CAP_MKNOD', 'CAP_LEASE', 'CAP_AUDIT_WRITE', 'CAP_AUDIT_CONTROL', 'CAP_SETFCAP', 'CAP_MAC_OVERRIDE', 'CAP_MAC_ADMIN', 'CAP_SYSLOG', 'CAP_WAKE_ALARM', 'CAP_BLOCK_SUSPEND', 'CAP_AUDIT_READ', 'CAP_PERFMON', 'CAP_BPF', 'CAP_CHECKPOINT_RESTORE'], 'cgroup': {'v1': True, 'v2': True, 'systemd': True, 'systemdUser': True}, 'seccomp': {'enabled': True, 'actions': ['SCMP_ACT_ALLOW', 'SCMP_ACT_ERRNO', 'SCMP_ACT_KILL', 'SCMP_ACT_KILL_PROCESS', 'SCMP_ACT_KILL_THREAD', 'SCMP_ACT_LOG', 'SCMP_ACT_NOTIFY', 'SCMP_ACT_TRACE', 'SCMP_ACT_TRAP'], 'operators': ['SCMP_CMP_NE', 'SCMP_CMP_LT', 'SCMP_CMP_LE', 'SCMP_CMP_EQ', 'SCMP_CMP_GE', 'SCMP_CMP_GT', 'SCMP_CMP_MASKED_EQ']}, 'apparmor': {'enabled': True}, 'selinux': {'enabled': True}}
not ok 1 - crun-features

@giuseppe
Copy link
Member

we can't hardcode the list of capabilities in the test. We only need to verify some well known capabilities are in the list, e.g. CAP_SYS_ADMIN, CAP_KILL, CAP_NET_BIND_SERVICE

@sohankunkerkar
Copy link
Member Author

sohankunkerkar commented Jun 26, 2023

we can't hardcode the list of capabilities in the test. We only need to verify some well known capabilities are in the list, e.g. CAP_SYS_ADMIN, CAP_KILL, CAP_NET_BIND_SERVICE

I can do this

def get_linux_capabilities():
    capabilities_file = '/proc/self/status'
    capabilities = []

    with open(capabilities_file, 'r') as file:
        lines = file.readlines()

    for line in lines:
        if line.startswith('Cap') and ':' in line:
            cap_name, cap_value = line.split(':', 1)
            cap_name = cap_name.strip()
            cap_value = cap_value.strip()
            if cap_name.startswith('CapBnd:'):
                cap_hex = cap_value.split()
                for cap in cap_hex:
                    cap_int = int(cap, 16)
                    capabilities.append(cap_int)

    return capabilities

when I run the new test locally, I get the following error:

Complete features dictionary: {'ociVersionMin': '1.0.0', 'ociVersionMax': '1.1.0-rc.3', 'hooks': ['prestart', 'createRuntime', 'createContainer', 'startContainer', 'poststart', 'poststop'], 'mountOptions': ['rw', 'rrw', 'ro', 'rro', 'rdirsync', 'rdiratime', 'rnodev', 'rnorelatime', 'nodiratime', 'rnodiratime', 'diratime', 'rnoatime', 'rnomand', 'ratime', 'rmand', 'mand', 'idmap', 'noatime', 'nomand', 'dirsync', 'rnosuid', 'atime', 'rnoexec', 'nodev', 'rbind', 'norelatime', 'bind', 'rnostrictatime', 'strictatime', 'rstrictatime', 'rprivate', 'rsuid', 'remount', 'suid', 'nostrictatime', 'rrelatime', 'nosuid', 'noexec', 'rslave', 'dev', 'rdev', 'rsync', 'relatime', 'sync', 'shared', 'rshared', 'unbindable', 'runbindable', 'defaults', 'async', 'rasync', 'private', 'tmpcopyup', 'rexec', 'exec', 'slave'], 'linux': {'namespaces': ['cgroup', 'ipc', 'mount', 'network', 'pid', 'user', 'uts'], 'capabilities': ['CAP_CHOWN', 'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH', 'CAP_FOWNER', 'CAP_FSETID', 'CAP_KILL', 'CAP_SETGID', 'CAP_SETUID', 'CAP_SETPCAP', 'CAP_LINUX_IMMUTABLE', 'CAP_NET_BIND_SERVICE', 'CAP_NET_BROADCAST', 'CAP_NET_ADMIN', 'CAP_NET_RAW', 'CAP_IPC_LOCK', 'CAP_IPC_OWNER', 'CAP_SYS_MODULE', 'CAP_SYS_RAWIO', 'CAP_SYS_CHROOT', 'CAP_SYS_PTRACE', 'CAP_SYS_PACCT', 'CAP_SYS_ADMIN', 'CAP_SYS_BOOT', 'CAP_SYS_NICE', 'CAP_SYS_RESOURCE', 'CAP_SYS_TIME', 'CAP_SYS_TTY_CONFIG', 'CAP_MKNOD', 'CAP_LEASE', 'CAP_AUDIT_WRITE', 'CAP_AUDIT_CONTROL', 'CAP_SETFCAP', 'CAP_MAC_OVERRIDE', 'CAP_MAC_ADMIN', 'CAP_SYSLOG', 'CAP_WAKE_ALARM', 'CAP_BLOCK_SUSPEND', 'CAP_AUDIT_READ', 'CAP_PERFMON', 'CAP_BPF', 'CAP_CHECKPOINT_RESTORE'], 'cgroup': {'v1': True, 'v2': True, 'systemd': True, 'systemdUser': True}, 'seccomp': {'enabled': True, 'actions': ['SCMP_ACT_ALLOW', 'SCMP_ACT_ERRNO', 'SCMP_ACT_KILL', 'SCMP_ACT_KILL_PROCESS', 'SCMP_ACT_KILL_THREAD', 'SCMP_ACT_LOG', 'SCMP_ACT_NOTIFY', 'SCMP_ACT_TRACE', 'SCMP_ACT_TRAP'], 'operators': ['SCMP_CMP_NE', 'SCMP_CMP_LT', 'SCMP_CMP_LE', 'SCMP_CMP_EQ', 'SCMP_CMP_GE', 'SCMP_CMP_GT', 'SCMP_CMP_MASKED_EQ']}, 'apparmor': {'enabled': True}, 'selinux': {'enabled': True}}, 'annotations': {'io.github.seccomp.libseccomp.version': '2.5.3', 'org.opencontainers.runc.checkpoint.enabled': True, 'run.oci.crun.checkpoint.enabled': True, 'io.github.containers.crun.commit': '9738116147984a9fb6d993394f74217b0e532be8', 'io.github.containers.crun.version': '1.8.5.0.0.0.31-33cb'}}
Mismatch in feature: linux
Expected: {'namespaces': ['cgroup', 'ipc', 'mount', 'network', 'pid', 'user', 'uts'], 'capabilities': ['CAP_CHOWN', 'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH', 'CAP_FOWNER', 'CAP_FSETID', 'CAP_KILL', 'CAP_SETGID', 'CAP_SETUID', 'CAP_SETPCAP', 'CAP_LINUX_IMMUTABLE', 'CAP_NET_BIND_SERVICE', 'CAP_NET_BROADCAST', 'CAP_NET_ADMIN', 'CAP_NET_RAW', 'CAP_IPC_LOCK', 'CAP_IPC_OWNER', 'CAP_SYS_MODULE', 'CAP_SYS_RAWIO', 'CAP_SYS_CHROOT', 'CAP_SYS_PTRACE', 'CAP_SYS_PACCT', 'CAP_SYS_ADMIN', 'CAP_SYS_BOOT', 'CAP_SYS_NICE', 'CAP_SYS_RESOURCE', 'CAP_SYS_TIME', 'CAP_SYS_TTY_CONFIG', 'CAP_MKNOD', 'CAP_LEASE', 'CAP_AUDIT_WRITE', 'CAP_AUDIT_CONTROL', 'CAP_SETFCAP', 'CAP_MAC_OVERRIDE', 'CAP_MAC_ADMIN', 'CAP_SYSLOG', 'CAP_WAKE_ALARM', 'CAP_BLOCK_SUSPEND', 'CAP_AUDIT_READ', 'CAP_PERFMON', 'CAP_BPF', 'CAP_CHECKPOINT_RESTORE'], 'cgroup': {'v1': True, 'v2': True, 'systemd': True, 'systemdUser': True}, 'seccomp': {'actions': ['SCMP_ACT_ALLOW', 'SCMP_ACT_ERRNO', 'SCMP_ACT_KILL', 'SCMP_ACT_KILL_PROCESS', 'SCMP_ACT_KILL_THREAD', 'SCMP_ACT_LOG', 'SCMP_ACT_NOTIFY', 'SCMP_ACT_TRACE', 'SCMP_ACT_TRAP'], 'operators': ['SCMP_CMP_NE', 'SCMP_CMP_LT', 'SCMP_CMP_LE', 'SCMP_CMP_EQ', 'SCMP_CMP_GE', 'SCMP_CMP_GT', 'SCMP_CMP_MASKED_EQ']}, 'apparmor': {'enabled': True}, 'selinux': {'enabled': True}}
Actual: {'namespaces': ['cgroup', 'ipc', 'mount', 'network', 'pid', 'user', 'uts'], 'capabilities': ['CAP_CHOWN', 'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH', 'CAP_FOWNER', 'CAP_FSETID', 'CAP_KILL', 'CAP_SETGID', 'CAP_SETUID', 'CAP_SETPCAP', 'CAP_LINUX_IMMUTABLE', 'CAP_NET_BIND_SERVICE', 'CAP_NET_BROADCAST', 'CAP_NET_ADMIN', 'CAP_NET_RAW', 'CAP_IPC_LOCK', 'CAP_IPC_OWNER', 'CAP_SYS_MODULE', 'CAP_SYS_RAWIO', 'CAP_SYS_CHROOT', 'CAP_SYS_PTRACE', 'CAP_SYS_PACCT', 'CAP_SYS_ADMIN', 'CAP_SYS_BOOT', 'CAP_SYS_NICE', 'CAP_SYS_RESOURCE', 'CAP_SYS_TIME', 'CAP_SYS_TTY_CONFIG', 'CAP_MKNOD', 'CAP_LEASE', 'CAP_AUDIT_WRITE', 'CAP_AUDIT_CONTROL', 'CAP_SETFCAP', 'CAP_MAC_OVERRIDE', 'CAP_MAC_ADMIN', 'CAP_SYSLOG', 'CAP_WAKE_ALARM', 'CAP_BLOCK_SUSPEND', 'CAP_AUDIT_READ', 'CAP_PERFMON', 'CAP_BPF', 'CAP_CHECKPOINT_RESTORE'], 'cgroup': {'v1': True, 'v2': True, 'systemd': True, 'systemdUser': True}, 'seccomp': {'enabled': True, 'actions': ['SCMP_ACT_ALLOW', 'SCMP_ACT_ERRNO', 'SCMP_ACT_KILL', 'SCMP_ACT_KILL_PROCESS', 'SCMP_ACT_KILL_THREAD', 'SCMP_ACT_LOG', 'SCMP_ACT_NOTIFY', 'SCMP_ACT_TRACE', 'SCMP_ACT_TRAP'], 'operators': ['SCMP_CMP_NE', 'SCMP_CMP_LT', 'SCMP_CMP_LE', 'SCMP_CMP_EQ', 'SCMP_CMP_GE', 'SCMP_CMP_GT', 'SCMP_CMP_MASKED_EQ']}, 'apparmor': {'enabled': True}, 'selinux': {'enabled': True}}
not ok 1 - crun-features

I think you will need to enable seccomp locally before running that test.

@giuseppe
Copy link
Member

def get_linux_capabilities():
capabilities_file = '/proc/self/status'
capabilities = []

with open(capabilities_file, 'r') as file:
    lines = file.readlines()

for line in lines:
    if line.startswith('Cap') and ':' in line:
        cap_name, cap_value = line.split(':', 1)
        cap_name = cap_name.strip()
        cap_value = cap_value.strip()
        if cap_name.startswith('CapBnd:'):
            cap_hex = cap_value.split()
            for cap in cap_hex:
                cap_int = int(cap, 16)
                capabilities.append(cap_int)

return capabilities

we cannot do that. The kernel could have capabilities that libseccomp doesn't know about, so they could still be missing in the crun features json

Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@giuseppe
Copy link
Member

giuseppe commented Jun 27, 2023

made some small changes, I'll merge as soon as the CI is green.

@sohankunkerkar something that is not clear to me yet, is how will you use this feature to decide whether wasm is supported or not?

Wouldn't we need to add that information?

@AkihiroSuda
Copy link

wasm

👍 as a custom annotation (until its JSON property is officially defined in the spec)

@giuseppe giuseppe force-pushed the add-crun-features branch from 5991ad8 to 1d6c429 Compare June 27, 2023 07:46
@giuseppe
Copy link
Member

noticed there is something more to fix, I'll push another version

@giuseppe giuseppe force-pushed the add-crun-features branch from 1d6c429 to 7ab96c6 Compare June 27, 2023 08:55
@giuseppe
Copy link
Member

I've added a patch. Now wasm support is recorded in a custom annotation

@giuseppe
Copy link
Member

@flouthoc could you please review the last patch?

Fixes: containers#1177
Signed-off-by: Sohan Kunkerkar <[email protected]>
src/libcrun/container.c Outdated Show resolved Hide resolved
@giuseppe giuseppe force-pushed the add-crun-features branch from 7ab96c6 to ee3ff35 Compare June 27, 2023 09:02
@flouthoc
Copy link
Collaborator

@giuseppe patch for WASM feature flag looks good to me.

Copy link
Collaborator

@flouthoc flouthoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@giuseppe giuseppe force-pushed the add-crun-features branch 2 times, most recently from e29dd9d to deeef64 Compare June 27, 2023 09:21
sohankunkerkar and others added 2 commits June 27, 2023 11:42
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe giuseppe force-pushed the add-crun-features branch from deeef64 to d006733 Compare June 27, 2023 09:42
@giuseppe giuseppe merged commit d5e50d3 into containers:main Jun 27, 2023
@sohankunkerkar sohankunkerkar deleted the add-crun-features branch June 27, 2023 13:21
0xaead added a commit to 0xaead/containerd that referenced this pull request Aug 12, 2023
containers/crun#1237 was merged to master and was tagged `crun-1.8.6' on Jun 27, 2023.

Signed-off-by: match man <[email protected]>
0xaead added a commit to 0xaead/containerd that referenced this pull request Aug 12, 2023
containers/crun#1237 was merged to master and was tagged `crun-1.8.6' on Jun 27, 2023.

Signed-off-by: match man <[email protected]>
0xaead added a commit to 0xaead/containerd that referenced this pull request Oct 27, 2023
1177 fix containers/crun#1237 was merged to master and was tagged `crun-1.8.6' on Jun 27, 2023.

Signed-off-by: match man <[email protected]>
0xaead added a commit to 0xaead/go-runc that referenced this pull request Oct 27, 2023
1177 fix containers/crun#1237 was merged to master and was tagged `crun-1.8.6' on Jun 27, 2023.

Signed-off-by: match man <[email protected]>
robertgzr added a commit to robertgzr/crun that referenced this pull request Nov 9, 2023
The work to support features introduced another point of dependency on
libcap that previously wasn't guarded by ifdefs

Refs: containers#1237
Signed-off-by: Robert Günzler <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

implement "crun features"
5 participants