Merge fixes from master to release-3.10 for rc.2 #798
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
the current help sections are somewhat out of order with respect to the actual processing, and this is a quick and easy fix to change the order to better reflect the actual processing. Signed-off-by: vsoch <vsoch@users.noreply.github.com>
The experimental `--sif-fuse` code was attempting to pass the boolean that controls whether starter spawns the CleanupHost process, for unmounting the FUSE SIF mount, in the starter config structure. The starter config structure is setup from the Go engine 'prepare' code, which runs in stage1 *after* the point at which CleanupHost is spawned from the starter C code... so the boolean was never true. Unfortunately, all the tests we have were passing, because due to a bad negation in an if statement, the `CleanupHost` process was *always* executed. Switch to using an env var (`CLEANUP_HOST`) to control whether the `CleanupHost` process is spawned by starter. This is the right way to control starter behavior that needs to occur before 'prepare' in stage1. It's the same approach used to control whether the overlay module is loaded via `LOAD_OVERLAY_MODULE`. While we are at it, ensure a `CleanupHost` process is never run in setuid mode. We don't support this yet, and if support is added we need to pay attention to permanent priv drop etc. Add a bit more debug logging so it's easier to see what's going on. Fixes #777
docs: updating singularity help build for sections to reflect order
fix: Pass CleanupHost boolean to starter correctly
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.14+incompatible to 20.10.15+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](moby/moby@v20.10.14...v20.10.15) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ci: add release-3.10 branch to Dependabot config
This commit includes adding the singularity stats command group (and docs) and the start of the function that retrieves the instance to interact with. Next I will need to figure out enabling cgroups to instantiate a manager and get stats for the instance from it Signed-off-by: vsoch <vsoch@users.noreply.github.com>
Add/container stats
If an image cannot be read, attempts to open it with the various image format handling code will fail. Since we are using a fall-through approach to find the correct image format, these failures did not give a sensible error message. Add an explicit check that the image is readable. Fixes #786
fix: Check image can be read before opening
In singularity, cgroups device limits have always defaulted to allow-all. When a cgroups config is provided with no explicit device rules, no cgroups mediated device limits have applied. We recently switched to runc/libcontainer/cgroups as our cgroups manager (from containerd/cgroups), and this applies a default deny rule for devices. Revert to previous behavior by asking runc/libcontainer/cgroups to skip application of device limits if no limits are provided in the spec that has been passed. Fixes #787
The units GiB / KiB / MiB may or may not be present depending on the specification of the system on which the tests are run, so we can't insist they are present.
…6.0 (#793) * build(deps): bump github.com/sylabs/scs-build-client from 0.5.2 to 0.6.0 Bumps [github.com/sylabs/scs-build-client](https://github.com/sylabs/scs-build-client) from 0.5.2 to 0.6.0. - [Release notes](https://github.com/sylabs/scs-build-client/releases) - [Changelog](https://github.com/sylabs/scs-build-client/blob/master/.goreleaser.yml) - [Commits](sylabs/scs-build-client@v0.5.2...v0.6.0) --- updated-dependencies: - dependency-name: github.com/sylabs/scs-build-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * tidy Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Adam Hughes <9903835+tri-adam@users.noreply.github.com>
fix: cgroups: ensure cgroups device limits are default allow
chore: bump to go 1.18.2
Add (Files).Stage() and (FileTransport).SourcePath() helper functions. Refactor code to use helpers.
When a build context cannot be uploaded, print a log message indicating that the build service in use may not yet support '%files'.
'%files' Support for Remote Build
tri-adam
approved these changes
May 11, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the Pull Request (PR):
Bulk merge from master -> release-3.10 that will bring in all fixes for a 3.10-rc.2 as there is no post 3.10 divergence on master yet.
Before submitting a PR, make sure you have done the following:
make checkand tested this PR locally with amake test, andmake testallif possible (see CONTRIBUTING.md).