Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/1.7] Ensure /run/containerd gets created with correct perms #10534

Conversation

k8s-infra-cherrypick-robot

This is an automated cherry-pick of #10516

/assign samuelkarp

There are a couple directories that get created under the default
state directory ("/run/containerd") even when containerd is configured
to use a different location for its state directory. Create the default
state directory even if containerd is configured to use a different
state directory location. This ensure pkg/shim and pkg/fifo won't create
the default state directory with incorrect permissions when calling
os.MkdirAll for their respective subdirectories.

Signed-off-by: Erikson Tung <etung@netflix.com>
@k8s-ci-robot
Copy link

Hi @k8s-infra-cherrypick-robot. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@dosubot dosubot bot added the area/runtime Runtime label Jul 31, 2024
@samuelkarp
Copy link
Member

/ok-to-test

@samuelkarp samuelkarp merged commit 8d78761 into containerd:release/1.7 Jul 31, 2024
57 checks passed
@samuelkarp samuelkarp changed the title [release/1.7] Ensure /run/containerd gets created with correct perms [release/1.7] Ensure /run/containerd gets created with correct perms Aug 9, 2024
Mengkzhaoyun pushed a commit to open-beagle/containerd that referenced this pull request Sep 4, 2024
containerd 1.7.21

Welcome to the v1.7.21 release of containerd!

The twenty-first patch release for containerd 1.7 contains various fixes
and updates.

* Regenerate introspection UUID if state is empty ([#10510](containerd/containerd#10510))
* Set stderr to empty string when using terminal on Windows ([#10499](containerd/containerd#10499))

* Move builds to Go 1.22 and add support for testing with 1.23 ([#10596](containerd/containerd#10596))

* Borrow latest wsstream from k8s v1.31.x to 1.7 ([#10575](containerd/containerd#10575))
* Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate ([#10571](containerd/containerd#10571))
* Make `StopContainer` idempotent ([#10528](containerd/containerd#10528))
* Make `StopPodSandbox` idempotent ([#10527](containerd/containerd#10527))

* Fix failed force deletion for tasks with PID 0 ([#10523](containerd/containerd#10523))

* Fix packaged runc reporting incorrect version ([#10559](containerd/containerd#10559))
* Ensure `/run/containerd` gets created with correct perms ([#10534](containerd/containerd#10534))

* Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate ([#10571](containerd/containerd#10571))
* Update warnings for deprecated CRI config fields ([#10512](containerd/containerd#10512))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

* Davanum Srinivas
* Samuel Karp
* Sebastiaan van Stijn
* Phil Estes
* Maksym Pavlenko
* Akhil Mohan
* Chris Henzie
* Derek McGowan
* Kazuyoshi Kato
* Sascha Grunert
* Akihiro Suda
* Erikson Tung
* Iceber Gu
* Mauri de Souza Meneguzzo
* Mike Brown
* Shengjing Zhu
* TinaMor
* rongfu.leng
<details><summary>45 commits</summary>
<p>

* Prepare release notes for v1.7.21 ([#10632](containerd/containerd#10632))
  * [`975f279ee`](containerd/containerd@975f279) Prepare release notes for v1.7.21
* go.mod: keep minimum go version at go1.21 ([#10633](containerd/containerd#10633))
  * [`d63bd8464`](containerd/containerd@d63bd84) go.mod: keep minimum go version at go1.21
* Move builds to Go 1.22 and add support for testing with 1.23 ([#10596](containerd/containerd#10596))
  * [`c76028088`](containerd/containerd@c760280) update golangci-lint to 1.60.1
  * [`3b263d082`](containerd/containerd@3b263d0) add go1.23.0, drop go1.21.x
* Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4 ([#10590](containerd/containerd#10590))
  * [`09ca004de`](containerd/containerd@09ca004) Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4
* Borrow latest wsstream from k8s v1.31.x to 1.7 ([#10575](containerd/containerd#10575))
  * [`9269d97b1`](containerd/containerd@9269d97) hide wsstream under internal/ to prevent external use
  * [`59815fa44`](containerd/containerd@59815fa) golangci-lint should only look for problems in new code
  * [`1c431dc6f`](containerd/containerd@1c431dc) Run go mod tidy
  * [`226f93d92`](containerd/containerd@226f93d) Add copyright headers
  * [`6f3252733`](containerd/containerd@6f32527) switch over references to the new package
  * [`0a85d476a`](containerd/containerd@0a85d47) Fix up some constant references
  * [`82bfa44d0`](containerd/containerd@82bfa44) Copy over wsstream from k8s v1.31.0-rc.1 release
* Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate ([#10571](containerd/containerd#10571))
  * [`52b79f337`](containerd/containerd@52b79f3) Update CRIAPIV1Alpha2 warning lastOccurrence every call
* pkg/userns: deprecate and migrate to github.com/moby/sys/userns ([#10564](containerd/containerd#10564))
  * [`dce0b5a6d`](containerd/containerd@dce0b5a) migrate to github.com/moby/sys/userns
  * [`65f7d0740`](containerd/containerd@65f7d07) pkg/userns: deprecate and migrate to github.com/moby/sys/user/userns
  * [`f21675c27`](containerd/containerd@f21675c) vendor: github.com/moby/sys/user v0.2.0
* update to go1.21.13 / go1.22.6 ([#10570](containerd/containerd#10570))
  * [`228914a5e`](containerd/containerd@228914a) update to go1.21.13 / go1.22.6
* Fix TestNewBinaryIOCleanup failing with gotip ([#10554](containerd/containerd#10554))
  * [`3ff82ba0f`](containerd/containerd@3ff82ba) Fix TestNewBinaryIOCleanup failing with gotip
* Fix packaged runc reporting incorrect version ([#10559](containerd/containerd#10559))
  * [`d51143f6f`](containerd/containerd@d51143f) script/setup/install-runc: fix runc using incorrect version
* update auths code comment ([#10536](containerd/containerd#10536))
  * [`7bb1455d8`](containerd/containerd@7bb1455) update auths code comment
* Ensure `/run/containerd` gets created with correct perms ([#10534](containerd/containerd#10534))
  * [`16c5fc768`](containerd/containerd@16c5fc7) Ensure /run/containerd is created with correct perms
* Make `StopContainer` idempotent ([#10528](containerd/containerd#10528))
  * [`6da4e40b2`](containerd/containerd@6da4e40) Make `StopContainer` RPC idempotent
* Make `StopPodSandbox` idempotent ([#10527](containerd/containerd#10527))
  * [`b3b6f1507`](containerd/containerd@b3b6f15) Make `StopPodSandbox` RPC idempotent
* Fix failed force deletion for tasks with PID 0 ([#10523](containerd/containerd#10523))
  * [`0db46f664`](containerd/containerd@0db46f6) client: fix tasks with PID 0 cannot be forced to delete
* Update warnings for deprecated CRI config fields ([#10512](containerd/containerd#10512))
  * [`9afb8dcdf`](containerd/containerd@9afb8dc) deprecation: update warnings for CRI config fields
* Regenerate introspection UUID if state is empty ([#10510](containerd/containerd#10510))
  * [`b140792e4`](containerd/containerd@b140792) introspection: regenerate UUID if state is empty
* Set stderr to empty string when using terminal on Windows ([#10499](containerd/containerd#10499))
  * [`f9beac3db`](containerd/containerd@f9beac3) Set stderr to empty string when using terminal on Windows.
</p>
</details>

* **github.com/moby/sys/userns**  v0.1.0 **_new_**

Previous release can be found at [v1.7.20](https://github.com/containerd/containerd/releases/tag/v1.7.20)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants