Skip to content

components/execd 1.0.20

Choose a tag to compare

View all tags
@Pangjiping Pangjiping released this 29 Jun 06:07
· 8 commits to main since this release
docker/execd/v1.0.20
ae452d4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's New

✨ Features

  • Filesystem isolation with bubblewrap (bwrap). New pkg/isolation/ package adds a bubblewrap-based filesystem isolation layer for sandbox command execution. Includes an Isolator interface, bwrap argv builder, startup probe, upper directory management, and seccomp loading. The bwrap binary is now statically built (musl-gcc) and injected into the execd container image via init container alongside execd itself. Configurable via isolation flags (upper root, max bytes, diff max bytes, allowed writable) with env var overrides. Diff/commit support deferred to Phase 2 (returns 503). Includes a CI smoke test validating static linking and bwrap namespace creation. (#1008)

🐛 Bug Fixes

  • False command failures from global signal interference resolved. execd could report a successfully-executed command as CommandExecError when cmd.Wait() returned a spurious ECHILD ("waitid: no child processes"). Root cause: signal.Notify(signals) with no signal list captured ALL signals (including SIGCHLD/SIGURG used by Go runtime for child reaping and async preemption), and signal.Reset() was process-global, racing across concurrent commands. Now uses an explicit signal set with signal.Stop() for scoped cleanup, and ignores spurious ECHILD from Wait() when the child already ran to completion. (#1042)

  • Auto-created parent directories now inherit owner/group. When uploading a file to a path whose parent directories don't exist, resolveUploadTarget now propagates owner/group metadata to each newly created parent directory via the new MkdirAllWithOwnership helper. Pre-existing directories are left untouched. The MakeDir API also uses this helper for consistent behavior during multi-level directory creation. (#1075)

📖 Documentation

  • DEVELOPMENT.md rewritten. Reduced from 598 to 99 lines — removed generic Go boilerplate and fixed all code examples from Beego to Gin to match the current codebase (migrated in v1.0.3). (#1071)

  • Missing EXECD_ACCESS_TOKEN env var documented. The README env var table now includes EXECD_ACCESS_TOKEN, which parser.go defines but was previously undocumented. (#1071)

  • Docs site links updated. execd component docs updated as part of the VitePress docs site restructure — fixed broken cross-references and aligned with the new section-based information architecture. (#1090)

👥 Contributors

Thanks to these contributors ❤️

  • Docker Hub: opensandbox/execd:v1.0.20
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.20

Contributors

LavenderQAQ, Pangjiping, and ninan-nn
Assets 2
Loading