Windows: Block pulling uplevel images #36327
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
darstahl
approved these changes
Feb 15, 2018
distribution/pull_v2_windows.go
Outdated
There was a problem hiding this comment.
Might want to remove this TODO, as we don't want to filter greater versions here anymore as the returned error would be just that there is no matching image in the manifest, rather than an incompatible version.
4b9e0ed to
1d67540
Compare
|
Seems ok to do this, but I'm not familiar with this part of the codebase. |
cpuguy83
reviewed
Feb 16, 2018
distribution/config.go
Outdated
There was a problem hiding this comment.
DecodeConfig and return a struct with said config?
There was a problem hiding this comment.
Yes, was also not too happy with four separate values being returned
1d67540 to
8a9a94e
Compare
|
@thaJeztah @cpuguy83 Went back to the original implementation which was just RootFS and added a new method to get the platform pieces. |
|
@johnstep as discussed offline. PTAL |
Codecov Report
@@ Coverage Diff @@
## master #36327 +/- ##
=========================================
Coverage ? 34.63%
=========================================
Files ? 614
Lines ? 45526
Branches ? 0
=========================================
Hits ? 15767
Misses ? 27698
Partials ? 2061
Continue to review full report at Codecov.
|
johnstep
approved these changes
Feb 26, 2018
distribution/pull_v2_windows.go
Outdated
There was a problem hiding this comment.
I'm not sure I like this name; there could be an updated older version that is technically newer. :) Also, I usually think of "is" functions returning a bool, but not sure. What about checkImageCompatibility or something?
There was a problem hiding this comment.
Sure, checkImageCompatibility. Update pushed.
Signed-off-by: John Howard <jhoward@microsoft.com>
8a9a94e to
8390883
Compare
This was referenced Feb 27, 2018
|
@thaJeztah @cpuguy83 Will one of you take another look? It looks good to me. |
thaJeztah
reviewed
Feb 27, 2018
| if imageOSBuild, err := strconv.Atoi(splitImageOSVersion[2]); err == nil { | ||
| if imageOSBuild > int(hostOSV.Build) { | ||
| errMsg := fmt.Sprintf("a Windows version %s.%s.%s-based image is incompatible with a %s host", splitImageOSVersion[0], splitImageOSVersion[1], splitImageOSVersion[2], hostOSV.ToString()) | ||
| logrus.Debugf(errMsg) |
There was a problem hiding this comment.
Isn't this already logged somewhere (as it's also returned as an error?)
aznashwan
added a commit
to aznashwan/moby
that referenced
this pull request
Nov 17, 2022
Following the addition of Hyper-V isolation, it should be possible for Windows hosts to run container images with older/newer OS versions given a Windows host with the RS5 updates and above. This patch includes the following changes: - [distribution/pull_v2] enable pulling images newer than the host on RS5+ - [daemon/create] add version checks which prevent running newer/older unless using Hyper-V isolation Previously, pulling a Windows image with a newer OS version than the host was prevented by moby#36327, whose behavior is preserved on pre-RS5 hosts. Compatibility requirements were [refernced from Microsoft](https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility?tabs=windows-server-2022%2Cwindows-10#windows-server-host-os-compatibility). Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
aznashwan
added a commit
to aznashwan/moby
that referenced
this pull request
Nov 17, 2022
Following the addition of Hyper-V isolation, it should be possible for Windows hosts to run container images with older/newer OS versions given a Windows host with the RS5 updates and above. This patch includes the following changes: - [distribution/pull_v2] enable pulling images newer than the host on RS5+ - [daemon/create] add version checks which prevent running newer/older unless using Hyper-V isolation Previously, pulling a Windows image with a newer OS version than the host was prevented by moby#36327, whose behavior is preserved on pre-RS5 hosts. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
aznashwan
added a commit
to aznashwan/moby
that referenced
this pull request
Nov 17, 2022
Following the addition of Hyper-V isolation, it should be possible for Windows hosts to run container images with older/newer OS versions given a Windows host with the RS5 updates and above. This patch includes the following changes: - [distribution/pull_v2] enable pulling images newer than the host on RS5+ - [daemon/create] add version checks which prevent running newer/older images unless using Hyper-V isolation Previously, pulling a Windows image with a newer OS version than the host was prevented by moby#36327, whose behavior is preserved on pre-RS5 hosts. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
aznashwan
added a commit
to aznashwan/moby
that referenced
this pull request
Nov 17, 2022
Following the addition of Hyper-V isolation, it should be possible for Windows hosts to run container images with older/newer OS versions given a Windows host with the RS5 updates and above. This patch includes the following changes: - [distribution/pull_v2] enable pulling images newer than the host on RS5+ - [daemon/create] add version checks which prevent running newer/older images unless using Hyper-V isolation Previously, pulling a Windows image with a newer OS version than the host was prevented by moby#36327, whose behavior is preserved on pre-RS5 hosts. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
aznashwan
added a commit
to aznashwan/moby
that referenced
this pull request
Nov 17, 2022
Following the addition of Hyper-V isolation, it should be possible for Windows hosts to run container images with older/newer OS versions given a Windows host with the RS5 updates and above. This patch includes the following changes: - [distribution/pull_v2] enable pulling images newer than the host on RS5+ - [daemon/create] add version checks which prevent running newer/older images unless using Hyper-V isolation Previously, pulling a Windows image with a newer OS version than the host was prevented by moby#36327, whose behavior is preserved on pre-RS5 hosts. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
aznashwan
added a commit
to aznashwan/moby
that referenced
this pull request
Nov 22, 2022
Following the addition of Hyper-V isolation, it should be possible for Windows hosts to run container images with older/newer OS versions given a Windows host with the RS5 updates and above. This patch includes the following changes: - [distribution/pull_v2] enable pulling images newer than the host on RS5+ - [daemon/create] add version checks which prevent running newer/older images unless using Hyper-V isolation Previously, pulling a Windows image with a newer OS version than the host was prevented by moby#36327, whose behavior is preserved on pre-RS5 hosts. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
aznashwan
added a commit
to aznashwan/moby
that referenced
this pull request
Nov 23, 2022
Following the addition of Hyper-V isolation, it should be possible for Windows hosts to run container images with older/newer OS versions given a Windows host with the RS5 updates and above. This patch includes the following changes: - [distribution/pull_v2] enable pulling images newer than the host on RS5+ - [daemon/create] add version checks which prevent running newer/older images unless using Hyper-V isolation Previously, pulling a Windows image with a newer OS version than the host was prevented by moby#36327, whose behavior is preserved on pre-RS5 hosts. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
aznashwan
added a commit
to aznashwan/moby
that referenced
this pull request
Mar 28, 2023
Following the addition of Hyper-V isolation, it should be possible for Windows hosts to run container images with older/newer OS versions given a Windows host with the RS5 updates and above. This patch includes the following changes: - [distribution/pull_v2] enable pulling images newer than the host on RS5+ - [daemon/create] add version checks which prevent running newer/older images unless using Hyper-V isolation Previously, pulling a Windows image with a newer OS version than the host was prevented by moby#36327, whose behavior is preserved on pre-RS5 hosts. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: John Howard jhoward@microsoft.com
Fixes #36184. This change gives a decent error message about image incompatibility early, rather than blindly continuing to download the image, try to extract it, and then fail with an extremely misleading error:
Before this change, on an RS1 host, pulling a 1709/RS3 image:
After this change:
@johnstep @darrenstahlmsft @thaJeztah PTAL