go.mod | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 add go.mod file

Fix build issue with
+ github.com/godbus/dbus/v5
+ github.com/coreos/go-systemd/v22

vendor/github.com/containerd/cri/pkg/server/helpers.go | 6 0 + 6 - 0 !
1 file changed, 6 deletions(-)

 disable runhcs option in cri config

cmd/ctr/commands/tasks/metrics.go | 55 0 + 55 - 0 !
1 file changed, 55 deletions(-)

 disable windows support in ctr metric

cmd/containerd/builtins_btrfs_linux.go | 2 1 + 1 - 0 !
snapshots/btrfs/btrfs.go | 2 1 + 1 - 0 !
snapshots/btrfs/btrfs_test.go | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 add cgo tag to btrfs plugin

remotes/docker/auth.go | 198 0 + 198 - 0 !
remotes/docker/auth/fetch.go | 202 202 + 0 - 0 !
remotes/docker/auth/parse.go | 203 203 + 0 - 0 !
remotes/docker/authorizer.go | 285 68 + 217 - 0 !
remotes/docker/errcode.go | 2 1 + 1 - 0 !
remotes/docker/fetcher.go | 2 1 + 1 - 0 !
remotes/docker/httpreadseeker.go | 2 1 + 1 - 0 !
remotes/docker/pusher.go | 36 23 + 13 - 0 !
remotes/docker/resolver.go | 47 19 + 28 - 0 !
remotes/docker/scope.go | 14 7 + 7 - 0 !
remotes/docker/scope_test.go | 4 2 + 2 - 0 !
remotes/errors/errors.go | 46 46 + 0 - 0 !
12 files changed, 573 insertions(+), 468 deletions(-)

 backport_github=2ecom/containerd/containerd/remotes

For building docker.io 20.10

This whole directory is replaced by commit

02334356d0774a5b194e67b5f1383fd2485ea67a v1.5.0-beta.3

contrib/apparmor/template.go | 46 42 + 4 - 0 !
contrib/apparmor/template_test.go | 18 18 + 0 - 0 !
2 files changed, 60 insertions(+), 4 deletions(-)

 apparmor: handle signal mediation

On newer kernels and systems, AppArmor will block sending signals in
many scenarios by default resulting in strange behaviours (container
programs cannot signal each other, or host processes like containerd
cannot signal containers).

The reason this happens only on some distributions (and is not a kernel
regression) is that the kernel doesn't enforce signal mediation unless
the profile contains signal rules. However because our profies #include
the distribution-managed <abstractions/base>, some distributions added
signal rules -- which results in AppArmor enforcing signal mediation and
thus a regression. On these systems, containers cannot send and receive
signals at all -- meaning they cannot signal each other and the
container runtime cannot kill them either.

This issue was fixed in Docker in 2018[1] but this code was copied
before then and thus the patches weren't carried. It also contains a new
fix for a more esoteric case[2]. Ideally this code should live in a
project like "containerd/apparmor" so that Docker, libpod, and
containerd can share it, but that's probably something to do separately.

In addition, the copyright header is updated to reference that the code
is copied from Docker (and thus was not written entirely by the
containerd authors).

[1]: https://github.com/docker/docker/pull/37831
[2]: https://github.com/docker/docker/pull/41337

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

runtime/v2/shim_unix.go | 7 3 + 4 - 0 !
runtime/v2/shim_unix_test.go | 4 4 + 0 - 0 !
2 files changed, 7 insertions(+), 4 deletions(-)

 runtime: ignore file-already-closed error if dead shim

fix: #5130

Signed-off-by: Wei Fu <fuweid89@gmail.com>

archive/tar_test.go | 35 35 + 0 - 0 !
archive/tar_unix.go | 2 1 + 1 - 0 !
2 files changed, 36 insertions(+), 1 deletion(-)

 [patch 1/2] use chmod path for checking symlink

Signed-off-by: Derek McGowan <derek@mcg.dev>
(cherry picked from commit 27597ccfd30d8aa06b448062896bccfb33ad8f22)
Signed-off-by: Derek McGowan <derek@mcg.dev>