Christian Weichel
|
11406fc397
|
[user namespace] Disable seccomp to make clone work
The default containerd seccomp profile seems to prevent the clone
syscall with `CLONE_NEWUSER` and/or `CLONE_NEWNS`.
|
2020-10-23 16:20:08 +02:00 |
|
Christian Weichel
|
438c234bb2
|
[ws-daemon] Rename InWorkspaceHelper to more apt InWorkspaceService
and introduce rate limiting on that service to mimic the behaviour of
the former canaries.
|
2020-10-23 16:20:08 +02:00 |
|
Christian Weichel
|
4444675ce0
|
[user namespaces] Start IDE and terminals as gitpod user again
|
2020-10-23 16:20:08 +02:00 |
|
Christian Weichel
|
4a9c8f910e
|
[ws-daemon] Provide IWH through unix socket rather than canaries
|
2020-10-23 16:20:08 +02:00 |
|
Christian Weichel
|
5a7903b089
|
[supervisor] Introduce user-namespace rings
|
2020-10-23 16:20:08 +02:00 |
|
Christian Weichel
|
a6a84d0c93
|
[supervisor] Use SIGTERM instead of PreStop hook
|
2020-10-23 16:20:08 +02:00 |
|
Christian Weichel
|
3a6587470a
|
[supervisor] Directly support newuid/newgidmap CLI
|
2020-10-13 11:10:53 +02:00 |
|
Christian Weichel
|
a494eb7cff
|
[ws-manager-node] Add uidmapper canary support
|
2020-10-13 11:10:53 +02:00 |
|
Christian Weichel
|
1a509f2f23
|
[supervisor] Add ws-manager-node IWH to support triggering uid mappings
|
2020-10-13 11:10:53 +02:00 |
|
Christian Weichel
|
f108fa72bf
|
[gitpod-protocol] Produce Go version of the JSON RPC API
|
2020-09-25 13:11:42 +02:00 |
|
Christian Weichel
|
0e0bd79918
|
[supervisor] Add missing license header
|
2020-09-18 12:32:09 +02:00 |
|
Christian Weichel
|
d44eea1029
|
[supervisor squash] Time out terminal listener
|
2020-09-14 11:33:06 +02:00 |
|
Christian Weichel
|
8478e61d24
|
[supervisor] Add terminal multiplexing
|
2020-09-14 11:33:06 +02:00 |
|
Christian Weichel
|
46b091d7ab
|
[supervisor] Future proof and harmonize the supervisor API
|
2020-09-07 09:50:32 +02:00 |
|