search

hashicorp / nomad-driver-podman

A nomad task driver plugin for sandboxing workloads in podman containers
https://developer.hashicorp.com/nomad/plugins/drivers/podman
Mozilla Public License 2.0
226 stars 63 forks source link

build(deps): bump github.com/opencontainers/runtime-spec from 1.1.0-rc.3 to 1.1.0 #276

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/opencontainers/runtime-spec from 1.1.0-rc.3 to 1.1.0.

Release notes

Sourced from github.com/opencontainers/runtime-spec's releases.

v1.1.0

Vote: opencontainers/runtime-spec#1213

Blog: https://opencontainers.org/posts/blog/2023-07-21-oci-runtime-spec-v1-1/

Breaking changes (but rather conforms to the existing runc implementation)

  • config: change prestart hook spec to match reality (#1169)

Deprecations

  • config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

  • cgroup: add cgroup v2 support (#1040)
  • seccomp: allow to override errno return code (#1041)
  • seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
  • Update seccomp architectures to support RISCV64 (#1059)
  • Add support for SCMP_ACT_KILL_THREAD (#1064)
  • Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
  • config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
  • seccomp: allow to override default errno return code (#1087)
  • Introduce zos as platform (#1095)
  • config-linux: add idle option for container cgroup (#1136)
  • config-linux: add CFS bandwidth burst (#1120)
  • IDMapping field for mount point (#1143)
  • schema: add cpu idle (#1145)
  • add domainname spec entity (#1156)
  • config-linux: add memory.checkBeforeUpdate (#1158)
  • seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)
  • config-linux: add support for rsvd hugetlb cgroup (#1116)
  • features: add features.md to formalize the runc features JSON (#1130)
  • config-linux: add support for time namespace (#1151)
  • config: add scheduler entity (#1188)
  • config: Add I/O Priority Configuration for process group in Linux Containers (#1191)

Minor fixes

  • seccomp: fix go-specs for errnoRet (#1042)
  • Define State for container and runtime namespace (#1045)
  • Add State status constants to spec-go (#1046)
  • config.go: make umask a pointer (#1058)
  • Update State structure to use the new ContainerState type (#1056)
  • Fix int64 and uint64 type value ranges (#1060)
  • Fix seccomp notify inconsistencies (#1096)
  • runtime should WARN / ignore capabilities that cannot be granted (#1094)
  • config-linux: clarify the handling of ClosID RDT parameter (#1104)
  • defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
  • fix the lifecycle reference in the states listing (#1118)
  • specify cgroup ownership semantics (#1123)
  • config-linux: MAY reject an unfit cgroup (#1125)
  • cgroup ownership: clarify that some files may not exist (#1137)
  • schema: update README.md (#1083)

... (truncated)

Changelog

Sourced from github.com/opencontainers/runtime-spec's changelog.

OpenContainers Specifications

Changes with v1.1.0:

Breaking changes (but rather conforms to the existing runc implementation):

  • config: change prestart hook spec to match reality (#1169)

Deprecations:

  • config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions:

  • cgroup: add cgroup v2 support (#1040)
  • seccomp: allow to override errno return code (#1041)
  • seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
  • Update seccomp architectures to support RISCV64 (#1059)
  • Add support for SCMP_ACT_KILL_THREAD (#1064)
  • Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
  • config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
  • seccomp: allow to override default errno return code (#1087)
  • Introduce zos as platform (#1095)
  • config-linux: add idle option for container cgroup (#1136)
  • config-linux: add CFS bandwidth burst (#1120)
  • IDMapping field for mount point (#1143)
  • schema: add cpu idle (#1145)
  • add domainname spec entity (#1156)
  • config-linux: add memory.checkBeforeUpdate (#1158)
  • seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)
  • config-linux: add support for rsvd hugetlb cgroup (#1116)
  • features: add features.md to formalize the runc features JSON (#1130)
  • config-linux: add support for time namespace (#1151)
  • config: add scheduler entity (#1188)
  • config: Add I/O Priority Configuration for process group in Linux Containers (#1191)

Minor fixes:

  • seccomp: fix go-specs for errnoRet (#1042)
  • Define State for container and runtime namespace (#1045)
  • Add State status constants to spec-go (#1046)
  • config.go: make umask a pointer (#1058)
  • Update State structure to use the new ContainerState type (#1056)
  • Fix int64 and uint64 type value ranges (#1060)
  • Fix seccomp notify inconsistencies (#1096)
  • runtime should WARN / ignore capabilities that cannot be granted (#1094)
  • config-linux: clarify the handling of ClosID RDT parameter (#1104)
  • defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
  • fix the lifecycle reference in the states listing (#1118)
  • specify cgroup ownership semantics (#1123)

... (truncated)

Commits
  • 0625254 version: release v1.1.0
  • d56ba70 ChangeLog: squash v1.1.0-rc.1...v1.1.0
  • 5430e36 ChangeLog: Document changes since v1.1.0-rc.3
  • 07dd1f4 Merge pull request #1210 from AkihiroSuda/update-readme-chat
  • db5c1c0 Merge pull request #1211 from AkihiroSuda/remove-meeting-ics
  • da13364 Merge pull request #1212 from AkihiroSuda/features-annotations-avoid-confusion
  • 2bd22fa features.md: add a note to avoid confusion about annotations
  • 5612d21 Remove outdated meeting.ics
  • 085728a README.md: update chat information
  • 48415de Merge pull request #1208 from AkihiroSuda/propose-v1.1.0-rc.3
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)