Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the oci-spec-rs to 0.6.1 to resolve seccomp rule issue #2029

Merged
merged 4 commits into from
Jun 10, 2023
Merged

Bump the oci-spec-rs to 0.6.1 to resolve seccomp rule issue #2029

merged 4 commits into from
Jun 10, 2023

Conversation

yihuaf
Copy link
Collaborator

@yihuaf yihuaf commented Jun 9, 2023
edited

Fix #2022

The detail of the cause of the issue and why 0.6.1 fixes the issue are explained in #2022.

However, the 0.6.1 introduced the time namespace into the runtime spec. For this PR, we set the time namespace to be unsupported. Both libc and nix crate have not provided the support. We should ideally wait for the support to land in either of this crate first before we support it. As a result, there are a number of functions needs to propagate errors now. This is a good add because in the future I imagine we will run into similar situations when new namespaces is introduced.

@yihuaf
minor fix to just
9dd047d 
Signed-off-by: yihuaf <yihuaf@unkies.org>
@yihuaf
minor fix to the basic_usage.md
6475556 
Signed-off-by: yihuaf <yihuaf@unkies.org>
@yihuaf
bump oci-spec version to 0.6.1
545b13d 
Signed-off-by: yihuaf <yihuaf@unkies.org>
@yihuaf
add some tracing
c23edc0 
Signed-off-by: yihuaf <yihuaf@unkies.org>
@yihuaf yihuaf marked this pull request as ready for review June 9, 2023 19:12
@yihuaf yihuaf requested review from utam0k and a team June 9, 2023 19:18
@codecov-commenter
Copy link

Codecov Report

Merging #2029 (c23edc0) into main (3a790df) will decrease coverage by 0.06%.
The diff coverage is 73.07%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2029      +/-   ##
==========================================
- Coverage   64.87%   64.82%   -0.06%     
==========================================
  Files         129      129              
  Lines       14802    14763      -39     
==========================================
- Hits         9603     9570      -33     
+ Misses       5199     5193       -6

@yihuaf yihuaf self-assigned this Jun 9, 2023
@utam0k
Copy link
Member

utam0k commented Jun 10, 2023

However, the 0.6.1 introduced the time namespace into the runtime spec. For this PR, we set the time namespace to be unsupported.

👍

@utam0k utam0k merged commit a49d14c into containers:main Jun 10, 2023
12 checks passed
@yihuaf yihuaf deleted the yihuaf/seccomp branch June 13, 2023 20:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@utam0k utam0k utam0k approved these changes

Assignees

@yihuaf yihuaf

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

youki need seccomp unconfined when runc/crun don't
3 participants
@yihuaf @codecov-commenter @utam0k