Add support for runc container runtime
Adds the runc container runtime, its containerd shim, required Linux features and plumbs it into
Kubernetes using RuntimeClasses and containerd runtime selection. Also adds support for building C-based
targets as part of our initramfs.
The Bazel portion is a bit verbose but since label dicts cannot be reasonably concatenated and closures
are prohibited in Starlark I see no better way.
For this to be usable for most images new Linux binfmt options have been added. The hashbang binfmt
shouldn't have any negative impact, but binfmt_misc has a registry which is only namespaced if used
with user namespaces, which are currently not used and thus might represent an exploit vector. This
is tracked in T864.
Test Plan: New E2E tests covering this feature have been added.
X-Origin-Diff: phab/D625
GitOrigin-RevId: 1e7e27166135437b2965eca4dc238f3255c9b1ba
diff --git a/scripts/run_ci.sh b/scripts/run_ci.sh
index f8f1eab..999137a 100755
--- a/scripts/run_ci.sh
+++ b/scripts/run_ci.sh
@@ -87,7 +87,7 @@
--pod ${POD} \
--name=${POD}-bazel \
${TAG} \
- bazel test --features=race //...
+ bazel test //...
function conduit() {
# Get Phabricator host from Git origin