Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(20.04) add slice for crun and uidmap #223

Merged
merged 10 commits into from
Sep 27, 2024
Merged

feat(20.04) add slice for crun and uidmap #223

merged 10 commits into from
Sep 27, 2024

Conversation

endersonmaia
Copy link

@endersonmaia endersonmaia commented Apr 20, 2024
edited
Loading

Proposed changes

This PR will add crun and uidmap slices to Ubuntu 20.04 release

Forward porting

Testing

❯ chisel cut \
    --release ./ \
    --root rootfs/ \
    crun_bins uidmap_bins
2024/04/20 12:06:00 Processing ./ release...
2024/04/20 12:06:00 Selecting slices...
2024/04/20 12:06:00 Fetching ubuntu 20.04 focal suite details...
2024/04/20 12:06:02 Release date: Thu, 23 Apr 2020 17:33:17 UTC
2024/04/20 12:06:02 Fetching index for ubuntu 20.04 focal main component...
2024/04/20 12:06:02 Fetching index for ubuntu 20.04 focal universe component...
2024/04/20 12:06:02 Fetching ubuntu 20.04 focal-security suite details...
2024/04/20 12:06:02 Release date: Fri, 19 Apr 2024 13:05:25 UTC
2024/04/20 12:06:02 Fetching index for ubuntu 20.04 focal-security main component...
2024/04/20 12:06:02 Fetching index for ubuntu 20.04 focal-security universe component...
2024/04/20 12:06:02 Fetching ubuntu 20.04 focal-updates suite details...
2024/04/20 12:06:02 Release date: Sat, 20 Apr 2024 10:04:23 UTC
2024/04/20 12:06:02 Fetching index for ubuntu 20.04 focal-updates main component...
2024/04/20 12:06:02 Fetching index for ubuntu 20.04 focal-updates universe component...
2024/04/20 12:06:02 Fetching pool/main/g/glibc/libc6_2.31-0ubuntu9.15_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/libc/libcap2/libcap2_2.32-1ubuntu0.1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/libs/libseccomp/libseccomp2_2.5.1-1ubuntu1~20.04.2_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/libg/libgpg-error/libgpg-error0_1.37-1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/libg/libgcrypt20/libgcrypt20_1.8.5-5ubuntu1.1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/l/lz4/liblz4-1_1.9.2-2ubuntu0.20.04.1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/x/xz-utils/liblzma5_5.2.4-1ubuntu1.1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/s/systemd/libsystemd0_245.4-4ubuntu3.23_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/y/yajl/libyajl2_2.1.0-3ubuntu0.20.04.1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/universe/c/crun/crun_0.12.1+dfsg-1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/a/audit/libaudit-common_2.8.5-2ubuntu6_all.deb...
2024/04/20 12:06:02 Fetching pool/main/libc/libcap-ng/libcap-ng0_0.7.9-2.1build1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/a/audit/libaudit1_2.8.5-2ubuntu6_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/p/pcre2/libpcre2-8-0_10.34-7ubuntu0.1_amd64.deb...
2024/04/20 12:06:02 Fetching pool/main/libs/libselinux/libselinux1_3.0-1build2_amd64.deb...
2024/04/20 12:06:02 Fetching pool/universe/s/shadow/uidmap_4.8.1-1ubuntu5.20.04.5_amd64.deb...
2024/04/20 12:06:02 Extracting files from package "libc6"...
2024/04/20 12:06:04 Extracting files from package "libcap2"...
2024/04/20 12:06:04 Extracting files from package "libseccomp2"...
2024/04/20 12:06:04 Extracting files from package "libgpg-error0"...
2024/04/20 12:06:04 Extracting files from package "libgcrypt20"...
2024/04/20 12:06:04 Extracting files from package "liblz4-1"...
2024/04/20 12:06:04 Extracting files from package "liblzma5"...
2024/04/20 12:06:04 Extracting files from package "libsystemd0"...
2024/04/20 12:06:04 Extracting files from package "libyajl2"...
2024/04/20 12:06:04 Extracting files from package "crun"...
2024/04/20 12:06:04 Extracting files from package "libaudit-common"...
2024/04/20 12:06:04 Extracting files from package "libcap-ng0"...
2024/04/20 12:06:04 Extracting files from package "libaudit1"...
2024/04/20 12:06:05 Extracting files from package "libpcre2-8-0"...
2024/04/20 12:06:05 Extracting files from package "libselinux1"...
2024/04/20 12:06:05 Extracting files from package "uidmap"...
❯ sudo chroot ./rootfs /usr/bin/newuidmap
usage: newuidmap <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ...

Checklist

Additional Context

@github-actions GitHub Actions
Copy link

Diff of dependencies:
None found.

@endersonmaia endersonmaia marked this pull request as ready for review April 20, 2024 11:06
This was referenced Apr 20, 2024
Merged
Closed
Merged
@rebornplusplus rebornplusplus self-assigned this May 16, 2024
zhijie-yang
zhijie-yang suggested changes May 16, 2024
View reviewed changes
Copy link
Collaborator

@zhijie-yang zhijie-yang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. There are some issues regarding the linting (see workflow runs) to be fixed, and it is suggested to add the copyright files explicitly in the slice definitions.

@linostar linostar self-requested a review May 16, 2024 09:14
@endersonmaia endersonmaia force-pushed the crun-to-20.04 branch 2 times, most recently from e408b20 to d9b7d0f Compare May 16, 2024 09:23
@linostar
Copy link
Collaborator

@cjdcordeiro @rebornplusplus can you approve the workflow please?

zhijie-yang
zhijie-yang suggested changes May 20, 2024
View reviewed changes
Copy link
Collaborator

@zhijie-yang zhijie-yang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also add the copyright files for libcap2 and libzstd1.

slices/libcap2.yaml Show resolved Hide resolved
slices/libzstd1.yaml Show resolved Hide resolved
zhijie-yang
zhijie-yang approved these changes May 20, 2024
View reviewed changes
Copy link
Collaborator

@zhijie-yang zhijie-yang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thanks!

linostar
linostar approved these changes May 20, 2024
View reviewed changes
Copy link
Collaborator

@linostar linostar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

cjdcordeiro
cjdcordeiro approved these changes Sep 27, 2024
View reviewed changes
Copy link
Collaborator

@cjdcordeiro cjdcordeiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also added the crun test here. LGTM. Thanks @endersonmaia

@cjdcordeiro cjdcordeiro merged commit a1f36bd into canonical:ubuntu-20.04 Sep 27, 2024
14 checks passed
@cjdcordeiro
Copy link
Collaborator

P.S. couldn't find a proper case to test uidmap. I think other slices and utilities would be needed in order to create a testable user space for something like newuidmap.

@endersonmaia if you have a testable scenario I'd be take to take it in!

@endersonmaia
Copy link
Author

@cjdcordeiro by head, I think you could install crun and uidmap and create a container from a bundle (busybox?) and try to run with an unprivileged user.

AFAIK, when running a container with crun using an unprivileged user, it will require uidmap to work.

I may give it a try later, no promises 😅

@cjdcordeiro
Copy link
Collaborator

That would be really useful :) thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhijie-yang zhijie-yang zhijie-yang approved these changes

@cjdcordeiro cjdcordeiro cjdcordeiro approved these changes

@linostar linostar linostar approved these changes

Assignees

@rebornplusplus rebornplusplus

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@endersonmaia @linostar @cjdcordeiro @zhijie-yang @rebornplusplus