Update containerd to v1.2.7-k3s1

trash.lock

@@ -9,9 +9,9 @@ import:
 - package: github.com/MakeNowJust/heredoc
   version: bb23615498cded5e105af4ce27de75b089cbe851
 - package: github.com/Microsoft/go-winio
-  version: v0.4.11
+  version: v0.4.12
 - package: github.com/Microsoft/hcsshim
-  version: v0.8.3
+  version: v0.8.6
 - package: github.com/alexflint/go-filemutex
   version: 72bdc8eae2aef913234599b837f5dda445ca9bd9
 - package: github.com/armon/circbuf
@@ -33,8 +33,8 @@ import:
 - package: github.com/containerd/console
   version: c12b1e7919c14469339a5d38f2f8ed9b64a9de23
 - package: github.com/containerd/containerd
-  version: v1.2.6-k3s1
+  version: v1.2.7-k3s1
-  repo: https://github.com/ibuildthecloud/containerd
+  repo: https://github.com/rancher/containerd
 - package: github.com/containerd/continuity
   version: bd77b46c8352f74eb12c85bdc01f4b90f69d66b4
 - package: github.com/containerd/cri
@@ -47,7 +47,7 @@ import:
 - package: github.com/containerd/go-runc
   version: 5a6d9f37cfa36b15efba46dc7ea349fa9b7143c3
 - package: github.com/containerd/ttrpc
-  version: 2a805f71863501300ae1976d29f0454ae003e85a
+  version: f82148331ad2181edea8f3f649a1f7add6c3f9c2
 - package: github.com/containerd/typeurl
   version: a93fcdb778cd272c6e9b3028b2f42d813e785d40
 - package: github.com/containernetworking/cni
@@ -203,7 +203,7 @@ import:
 - package: github.com/opencontainers/image-spec
   version: v1.0.1
 - package: github.com/opencontainers/runc
-  version: 69ae5da6afdcaaf38285a10b36f362e41cb298d6
+  version: v1.0.0-rc8
 - package: github.com/opencontainers/runtime-spec
   version: 5684b8af48c1ac3b1451fa499724e30e3c20a294
 - package: github.com/opencontainers/runtime-tools
@@ -274,6 +274,8 @@ import:
   version: 1d523034197ff1f222f6429836dd36a2457a1874
 - package: go.etcd.io/bbolt
   version: v1.3.1-etcd.8
+- package: go.etcd.io/etcd
+  version: v3.3.11
 - package: golang.org/x/crypto
   version: a49355c7e3f8fe157a85be2f77e6e269a0f89602
 - package: golang.org/x/net

vendor.conf

@@ -22,8 +22,9 @@ github.com/natefinch/lumberjack     aee4629129445bbdfb69aa565537dcfa16544311
 github.com/gorilla/mux              v1.6.2
 github.com/gorilla/websocket        v1.2.0
 github.com/mattn/go-sqlite3         v1.9.0
-github.com/go-sql-driver/mysql	    v1.4.1
+github.com/go-sql-driver/mysql      v1.4.1
-github.com/lib/pq		    v1.1.1
+github.com/lib/pq                   v1.1.1
+go.etcd.io/etcd                     v3.3.11
 github.com/patrickmn/go-cache       v2.1.0
 golang.org/x/crypto                 a49355c7e3f8fe157a85be2f77e6e269a0f89602
 gopkg.in/freddierice/go-losetup.v1  fc9adea44124401d8bfef3a97eaf61b5d44cc2c6
@@ -43,7 +44,7 @@ github.com/alexflint/go-filemutex       72bdc8eae2aef913234599b837f5dda445ca9bd9
 github.com/opencontainers/runtime-spec 5684b8af48c1ac3b1451fa499724e30e3c20a294
 
 # containerd
-github.com/containerd/containerd v1.2.6-k3s1 https://github.com/ibuildthecloud/containerd
+github.com/containerd/containerd v1.2.7-k3s1 https://github.com/rancher/containerd
 github.com/containerd/go-runc 5a6d9f37cfa36b15efba46dc7ea349fa9b7143c3
 github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23
 github.com/containerd/cgroups 4994991857f9b0ae8dc439551e8bebdbb4bf66c1
@@ -66,7 +67,7 @@ github.com/gogo/protobuf v1.0.0
 github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef
 github.com/golang/protobuf v1.1.0
 #github.com/opencontainers/runtime-spec eba862dc2470385a233c7507392675cbeadf7353 # v1.0.1-45-geba862d
-github.com/opencontainers/runc 69ae5da6afdcaaf38285a10b36f362e41cb298d6
+github.com/opencontainers/runc v1.0.0-rc8
 github.com/sirupsen/logrus v1.0.3
 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
 golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac
@@ -78,16 +79,15 @@ github.com/opencontainers/image-spec v1.0.1
 golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
 github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
 github.com/grpc-ecosystem/go-grpc-prometheus 6b7015e65d366bf3f19b2b2a000a831940f0f7e0
-github.com/Microsoft/go-winio v0.4.11
+github.com/Microsoft/go-winio v0.4.12
-github.com/Microsoft/hcsshim v0.8.3
+github.com/Microsoft/hcsshim v0.8.6
 google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
-github.com/containerd/ttrpc 2a805f71863501300ae1976d29f0454ae003e85a
+github.com/containerd/ttrpc f82148331ad2181edea8f3f649a1f7add6c3f9c2
 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
 gotest.tools v2.1.0
 github.com/google/go-cmp v0.1.0
 go.etcd.io/bbolt v1.3.1-etcd.8
-go.etcd.io/etcd v3.3.11
 
 # crictl
 github.com/kubernetes-sigs/cri-tools c465773e3ad8c941d1756c0a467d550b04a8f65b https://github.com/ibuildthecloud/cri-tools.git

vendor/github.com/Microsoft/hcsshim/appveyor.yml

@@ -6,23 +6,24 @@ clone_folder: c:\gopath\src\github.com\Microsoft\hcsshim
 
 environment:
   GOPATH: c:\gopath
-  PATH: C:\mingw-w64\x86_64-7.2.0-posix-seh-rt_v5-rev1\mingw64\bin;%GOPATH%\bin;%PATH%
+  PATH: C:\mingw-w64\x86_64-7.2.0-posix-seh-rt_v5-rev1\mingw64\bin;%GOPATH%\bin;C:\gometalinter-2.0.12-windows-amd64;%PATH%
+
+stack: go 1.11
 
 build_script:
-  - go get -u github.com/alecthomas/gometalinter
+  - appveyor DownloadFile https://github.com/alecthomas/gometalinter/releases/download/v2.0.12/gometalinter-2.0.12-windows-amd64.zip
-  - gometalinter.exe --install
+  - 7z x gometalinter-2.0.12-windows-amd64.zip -y -oC:\ > NUL
   - gometalinter.exe --config .gometalinter.json ./...
-  - go get -v -d -t -tags "functional integration admin" ./...
   - go build ./cmd/wclayer
   - go build ./cmd/runhcs
-  - go test -c ./pkg/go-runhcs/ -tags integration
   - go build ./cmd/tar2ext4
   - go test -v ./... -tags admin
-  - go test -c ./functional/ -tags functional
+  - go test -c ./test/functional/ -tags functional
+  - go test -c ./test/runhcs/ -tags integration
 
 artifacts:
   - path: 'wclayer.exe'
   - path: 'runhcs.exe'
-  - path: 'go-runhcs.test.exe'
   - path: 'tar2ext4.exe'
-  - path: 'functional.test.exe'
+  - path: 'functional.test.exe'
+  - path: 'runhcs.test.exe'

vendor/github.com/Microsoft/hcsshim/hcn/hcn.go

@@ -134,6 +134,33 @@ func V2SchemaVersion() SchemaVersion {
 	}
 }
 
+// RemoteSubnetSupported returns an error if the HCN version does not support Remote Subnet policies.
+func RemoteSubnetSupported() error {
+	supported := GetSupportedFeatures()
+	if supported.RemoteSubnet {
+		return nil
+	}
+	return platformDoesNotSupportError("Remote Subnet")
+}
+
+// HostRouteSupported returns an error if the HCN version does not support Host Route policies.
+func HostRouteSupported() error {
+	supported := GetSupportedFeatures()
+	if supported.HostRoute {
+		return nil
+	}
+	return platformDoesNotSupportError("Host Route")
+}
+
+// DSRSupported returns an error if the HCN version does not support Direct Server Return.
+func DSRSupported() error {
+	supported := GetSupportedFeatures()
+	if supported.DSR {
+		return nil
+	}
+	return platformDoesNotSupportError("Direct Server Return (DSR)")
+}
+
 // RequestType are the different operations performed to settings.
 // Used to update the settings of Endpoint/Namespace objects.
 type RequestType string

vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go

@@ -313,13 +313,13 @@ func (endpoint *HostComputeEndpoint) Create() (*HostComputeEndpoint, error) {
 }
 
 // Delete Endpoint.
-func (endpoint *HostComputeEndpoint) Delete() (*HostComputeEndpoint, error) {
+func (endpoint *HostComputeEndpoint) Delete() error {
 	logrus.Debugf("hcn::HostComputeEndpoint::Delete id=%s", endpoint.Id)
 
 	if err := deleteEndpoint(endpoint.Id); err != nil {
-		return nil, err
+		return err
 	}
-	return nil, nil
+	return nil
 }
 
 // ModifyEndpointSettings updates the Port/Policy of an Endpoint.

vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go

@@ -25,6 +25,12 @@ var (
 	HNSVersion1803 = Version{Major: 7, Minor: 2}
 	// V2ApiSupport allows the use of V2 Api calls and V2 Schema.
 	V2ApiSupport = Version{Major: 9, Minor: 1}
+	// Remote Subnet allows for Remote Subnet policies on Overlay networks
+	RemoteSubnetVersion = Version{Major: 9, Minor: 2}
+	// A Host Route policy allows for local container to local host communication Overlay networks
+	HostRouteVersion = Version{Major: 9, Minor: 2}
+	// HNS 10.2 allows for Direct Server Return for loadbalancing
+	DSRVersion = Version{Major: 10, Minor: 2}
 )
 
 // GetGlobals returns the global properties of the HCN Service.

vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go

@@ -10,10 +10,10 @@ import (
 
 // LoadBalancerPortMapping is associated with HostComputeLoadBalancer
 type LoadBalancerPortMapping struct {
-	Protocol     uint32 `json:",omitempty"` // EX: TCP = 6, UDP = 17
+	Protocol     uint32                       `json:",omitempty"` // EX: TCP = 6, UDP = 17
-	InternalPort uint16 `json:",omitempty"`
+	InternalPort uint16                       `json:",omitempty"`
-	ExternalPort uint16 `json:",omitempty"`
+	ExternalPort uint16                       `json:",omitempty"`
-	Flags        uint32 `json:",omitempty"` // 0: None, 1: EnableILB, 2: LocalRoutedVip
+	Flags        LoadBalancerPortMappingFlags `json:",omitempty"`
 }
 
 // HostComputeLoadBalancer represents software load balancer.
@@ -24,9 +24,35 @@ type HostComputeLoadBalancer struct {
 	FrontendVIPs         []string                  `json:",omitempty"`
 	PortMappings         []LoadBalancerPortMapping `json:",omitempty"`
 	SchemaVersion        SchemaVersion             `json:",omitempty"`
-	Flags                uint32                    `json:",omitempty"` // 0: None, 1: EnableDirectServerReturn
+	Flags                LoadBalancerFlags         `json:",omitempty"` // 0: None, 1: EnableDirectServerReturn
 }
 
+//LoadBalancerFlags modify settings for a loadbalancer.
+type LoadBalancerFlags uint32
+
+var (
+	// LoadBalancerFlagsNone is the default.
+	LoadBalancerFlagsNone LoadBalancerFlags = 0
+	// LoadBalancerFlagsDSR enables Direct Server Return (DSR)
+	LoadBalancerFlagsDSR LoadBalancerFlags = 1
+)
+
+// LoadBalancerPortMappingFlags are special settings on a loadbalancer.
+type LoadBalancerPortMappingFlags uint32
+
+var (
+	// LoadBalancerPortMappingFlagsNone is the default.
+	LoadBalancerPortMappingFlagsNone LoadBalancerPortMappingFlags
+	// LoadBalancerPortMappingFlagsILB enables internal loadbalancing.
+	LoadBalancerPortMappingFlagsILB LoadBalancerPortMappingFlags = 1
+	// LoadBalancerPortMappingFlagsLocalRoutedVIP enables VIP access from the host.
+	LoadBalancerPortMappingFlagsLocalRoutedVIP LoadBalancerPortMappingFlags = 2
+	// LoadBalancerPortMappingFlagsUseMux enables DSR for NodePort access of VIP.
+	LoadBalancerPortMappingFlagsUseMux LoadBalancerPortMappingFlags = 4
+	// LoadBalancerPortMappingFlagsPreserveDIP delivers packets with destination IP as the VIP.
+	LoadBalancerPortMappingFlagsPreserveDIP LoadBalancerPortMappingFlags = 8
+)
+
 func getLoadBalancer(loadBalancerGuid guid.GUID, query string) (*HostComputeLoadBalancer, error) {
 	// Open loadBalancer.
 	var (
@@ -234,20 +260,20 @@ func (loadBalancer *HostComputeLoadBalancer) Create() (*HostComputeLoadBalancer,
 }
 
 // Delete LoadBalancer.
-func (loadBalancer *HostComputeLoadBalancer) Delete() (*HostComputeLoadBalancer, error) {
+func (loadBalancer *HostComputeLoadBalancer) Delete() error {
 	logrus.Debugf("hcn::HostComputeLoadBalancer::Delete id=%s", loadBalancer.Id)
 
 	if err := deleteLoadBalancer(loadBalancer.Id); err != nil {
-		return nil, err
+		return err
 	}
-	return nil, nil
+	return nil
 }
 
 // AddEndpoint add an endpoint to a LoadBalancer
 func (loadBalancer *HostComputeLoadBalancer) AddEndpoint(endpoint *HostComputeEndpoint) (*HostComputeLoadBalancer, error) {
 	logrus.Debugf("hcn::HostComputeLoadBalancer::AddEndpoint loadBalancer=%s endpoint=%s", loadBalancer.Id, endpoint.Id)
 
-	_, err := loadBalancer.Delete()
+	err := loadBalancer.Delete()
 	if err != nil {
 		return nil, err
 	}
@@ -262,7 +288,7 @@ func (loadBalancer *HostComputeLoadBalancer) AddEndpoint(endpoint *HostComputeEn
 func (loadBalancer *HostComputeLoadBalancer) RemoveEndpoint(endpoint *HostComputeEndpoint) (*HostComputeLoadBalancer, error) {
 	logrus.Debugf("hcn::HostComputeLoadBalancer::RemoveEndpoint loadBalancer=%s endpoint=%s", loadBalancer.Id, endpoint.Id)
 
-	_, err := loadBalancer.Delete()
+	err := loadBalancer.Delete()
 	if err != nil {
 		return nil, err
 	}
@@ -280,20 +306,8 @@ func (loadBalancer *HostComputeLoadBalancer) RemoveEndpoint(endpoint *HostComput
 }
 
 // AddLoadBalancer for the specified endpoints
-func AddLoadBalancer(endpoints []HostComputeEndpoint, isILB bool, isDSR bool, sourceVIP string, frontendVIPs []string, protocol uint16, internalPort uint16, externalPort uint16) (*HostComputeLoadBalancer, error) {
+func AddLoadBalancer(endpoints []HostComputeEndpoint, flags LoadBalancerFlags, portMappingFlags LoadBalancerPortMappingFlags, sourceVIP string, frontendVIPs []string, protocol uint16, internalPort uint16, externalPort uint16) (*HostComputeLoadBalancer, error) {
-	logrus.Debugf("hcn::HostComputeLoadBalancer::AddLoadBalancer endpointId=%v, isILB=%v, sourceVIP=%s, frontendVIPs=%v, protocol=%v, internalPort=%v, externalPort=%v", endpoints, isILB, sourceVIP, frontendVIPs, protocol, internalPort, externalPort)
+	logrus.Debugf("hcn::HostComputeLoadBalancer::AddLoadBalancer endpointId=%v, LoadBalancerFlags=%v, LoadBalancerPortMappingFlags=%v, sourceVIP=%s, frontendVIPs=%v, protocol=%v, internalPort=%v, externalPort=%v", endpoints, flags, portMappingFlags, sourceVIP, frontendVIPs, protocol, internalPort, externalPort)
-
-	var portMappingFlags uint32
-	portMappingFlags = 0
-	if isILB {
-		portMappingFlags = 1
-	}
-
-	var lbFlags uint32
-	lbFlags = 0
-	if isDSR {
-		lbFlags = 1 // EnableDirectServerReturn
-	}
 
 	loadBalancer := &HostComputeLoadBalancer{
 		SourceVIP: sourceVIP,
@@ -310,7 +324,7 @@ func AddLoadBalancer(endpoints []HostComputeEndpoint, isILB bool, isDSR bool, so
 			Major: 2,
 			Minor: 0,
 		},
-		Flags: lbFlags,
+		Flags: flags,
 	}
 
 	for _, endpoint := range endpoints {

vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go

@@ -308,13 +308,13 @@ func (namespace *HostComputeNamespace) Create() (*HostComputeNamespace, error) {
 }
 
 // Delete Namespace.
-func (namespace *HostComputeNamespace) Delete() (*HostComputeNamespace, error) {
+func (namespace *HostComputeNamespace) Delete() error {
 	logrus.Debugf("hcn::HostComputeNamespace::Delete id=%s", namespace.Id)
 
 	if err := deleteNamespace(namespace.Id); err != nil {
-		return nil, err
+		return err
 	}
-	return nil, nil
+	return nil
 }
 
 // Sync Namespace endpoints with the appropriate sandbox container holding the

vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go

@@ -42,7 +42,7 @@ type MacPool struct {
 
 // Dns (Domain Name System is associated with a network.
 type Dns struct {
-	Suffix     string   `json:",omitempty"`
+	Domain     string   `json:",omitempty"`
 	Search     []string `json:",omitempty"`
 	ServerList []string `json:",omitempty"`
 	Options    []string `json:",omitempty"`
@@ -62,6 +62,15 @@ const (
 	Overlay     NetworkType = "Overlay"
 )
 
+// NetworkFlags are various network flags.
+type NetworkFlags uint32
+
+// NetworkFlags const
+const (
+	None                NetworkFlags = 0
+	EnableNonPersistent NetworkFlags = 8
+)
+
 // HostComputeNetwork represents a network
 type HostComputeNetwork struct {
 	Id            string          `json:"ID,omitempty"`
@@ -71,7 +80,7 @@ type HostComputeNetwork struct {
 	MacPool       MacPool         `json:",omitempty"`
 	Dns           Dns             `json:",omitempty"`
 	Ipams         []Ipam          `json:",omitempty"`
-	Flags         uint32          `json:",omitempty"` // 0: None
+	Flags         NetworkFlags    `json:",omitempty"` // 0: None
 	SchemaVersion SchemaVersion   `json:",omitempty"`
 }
 
@@ -326,13 +335,13 @@ func (network *HostComputeNetwork) Create() (*HostComputeNetwork, error) {
 }
 
 // Delete Network.
-func (network *HostComputeNetwork) Delete() (*HostComputeNetwork, error) {
+func (network *HostComputeNetwork) Delete() error {
 	logrus.Debugf("hcn::HostComputeNetwork::Delete id=%s", network.Id)
 
 	if err := deleteNetwork(network.Id); err != nil {
-		return nil, err
+		return err
 	}
-	return nil, nil
+	return nil
 }
 
 // ModifyNetworkSettings updates the Policy for a network.

vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go

@@ -40,6 +40,7 @@ const (
 	InterfaceConstraint NetworkPolicyType = "InterfaceConstraint"
 	ProviderAddress     NetworkPolicyType = "ProviderAddress"
 	RemoteSubnetRoute   NetworkPolicyType = "RemoteSubnetRoute"
+	HostRoute           NetworkPolicyType = "HostRoute"
 )
 
 // NetworkPolicy is a collection of Policy settings for a Network.

vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go

@@ -6,8 +6,11 @@ import (
 
 // SupportedFeatures are the features provided by the Service.
 type SupportedFeatures struct {
-	Acl AclFeatures `json:"ACL"`
+	Acl          AclFeatures `json:"ACL"`
-	Api ApiSupport  `json:"API"`
+	Api          ApiSupport  `json:"API"`
+	RemoteSubnet bool        `json:"RemoteSubnet"`
+	HostRoute    bool        `json:"HostRoute"`
+	DSR          bool        `json:"DSR"`
 }
 
 // AclFeatures are the supported ACL possibilities.
@@ -47,6 +50,10 @@ func GetSupportedFeatures() SupportedFeatures {
 		V1: true, // HNSCall is still available.
 	}
 
+	features.RemoteSubnet = isFeatureSupported(globals.Version, RemoteSubnetVersion)
+	features.HostRoute = isFeatureSupported(globals.Version, HostRouteVersion)
+	features.DSR = isFeatureSupported(globals.Version, DSRVersion)
+
 	return features
 }
 

vendor/github.com/Microsoft/hcsshim/hcn/zsyscall_windows.go

@@ -6,7 +6,6 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
 	"golang.org/x/sys/windows"
 )
 
@@ -81,7 +80,10 @@ var (
 func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
 	r0, _, _ := syscall.Syscall(procSetCurrentThreadCompartmentId.Addr(), 1, uintptr(compartmentId), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -111,7 +113,10 @@ func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16)
 	}
 	r0, _, _ := syscall.Syscall6(procHNSCall.Addr(), 4, uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -131,7 +136,10 @@ func _hcnEnumerateNetworks(query *uint16, networks **uint16, result **uint16) (h
 	}
 	r0, _, _ := syscall.Syscall(procHcnEnumerateNetworks.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(networks)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -151,7 +159,10 @@ func _hcnCreateNetwork(id *_guid, settings *uint16, network *hcnNetwork, result
 	}
 	r0, _, _ := syscall.Syscall6(procHcnCreateNetwork.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(network)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -162,7 +173,10 @@ func hcnOpenNetwork(id *_guid, network *hcnNetwork, result **uint16) (hr error)
 	}
 	r0, _, _ := syscall.Syscall(procHcnOpenNetwork.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(network)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -182,7 +196,10 @@ func _hcnModifyNetwork(network hcnNetwork, settings *uint16, result **uint16) (h
 	}
 	r0, _, _ := syscall.Syscall(procHcnModifyNetwork.Addr(), 3, uintptr(network), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -202,7 +219,10 @@ func _hcnQueryNetworkProperties(network hcnNetwork, query *uint16, properties **
 	}
 	r0, _, _ := syscall.Syscall6(procHcnQueryNetworkProperties.Addr(), 4, uintptr(network), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -213,7 +233,10 @@ func hcnDeleteNetwork(id *_guid, result **uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnDeleteNetwork.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -224,7 +247,10 @@ func hcnCloseNetwork(network hcnNetwork) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnCloseNetwork.Addr(), 1, uintptr(network), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -244,7 +270,10 @@ func _hcnEnumerateEndpoints(query *uint16, endpoints **uint16, result **uint16)
 	}
 	r0, _, _ := syscall.Syscall(procHcnEnumerateEndpoints.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(endpoints)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -264,7 +293,10 @@ func _hcnCreateEndpoint(network hcnNetwork, id *_guid, settings *uint16, endpoin
 	}
 	r0, _, _ := syscall.Syscall6(procHcnCreateEndpoint.Addr(), 5, uintptr(network), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(endpoint)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -275,7 +307,10 @@ func hcnOpenEndpoint(id *_guid, endpoint *hcnEndpoint, result **uint16) (hr erro
 	}
 	r0, _, _ := syscall.Syscall(procHcnOpenEndpoint.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(endpoint)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -295,7 +330,10 @@ func _hcnModifyEndpoint(endpoint hcnEndpoint, settings *uint16, result **uint16)
 	}
 	r0, _, _ := syscall.Syscall(procHcnModifyEndpoint.Addr(), 3, uintptr(endpoint), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -315,7 +353,10 @@ func _hcnQueryEndpointProperties(endpoint hcnEndpoint, query *uint16, properties
 	}
 	r0, _, _ := syscall.Syscall6(procHcnQueryEndpointProperties.Addr(), 4, uintptr(endpoint), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -326,7 +367,10 @@ func hcnDeleteEndpoint(id *_guid, result **uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnDeleteEndpoint.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -337,7 +381,10 @@ func hcnCloseEndpoint(endpoint hcnEndpoint) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnCloseEndpoint.Addr(), 1, uintptr(endpoint), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -357,7 +404,10 @@ func _hcnEnumerateNamespaces(query *uint16, namespaces **uint16, result **uint16
 	}
 	r0, _, _ := syscall.Syscall(procHcnEnumerateNamespaces.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(namespaces)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -377,7 +427,10 @@ func _hcnCreateNamespace(id *_guid, settings *uint16, namespace *hcnNamespace, r
 	}
 	r0, _, _ := syscall.Syscall6(procHcnCreateNamespace.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(namespace)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -388,7 +441,10 @@ func hcnOpenNamespace(id *_guid, namespace *hcnNamespace, result **uint16) (hr e
 	}
 	r0, _, _ := syscall.Syscall(procHcnOpenNamespace.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(namespace)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -408,7 +464,10 @@ func _hcnModifyNamespace(namespace hcnNamespace, settings *uint16, result **uint
 	}
 	r0, _, _ := syscall.Syscall(procHcnModifyNamespace.Addr(), 3, uintptr(namespace), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -428,7 +487,10 @@ func _hcnQueryNamespaceProperties(namespace hcnNamespace, query *uint16, propert
 	}
 	r0, _, _ := syscall.Syscall6(procHcnQueryNamespaceProperties.Addr(), 4, uintptr(namespace), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -439,7 +501,10 @@ func hcnDeleteNamespace(id *_guid, result **uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnDeleteNamespace.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -450,7 +515,10 @@ func hcnCloseNamespace(namespace hcnNamespace) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnCloseNamespace.Addr(), 1, uintptr(namespace), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -470,7 +538,10 @@ func _hcnEnumerateLoadBalancers(query *uint16, loadBalancers **uint16, result **
 	}
 	r0, _, _ := syscall.Syscall(procHcnEnumerateLoadBalancers.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(loadBalancers)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -490,7 +561,10 @@ func _hcnCreateLoadBalancer(id *_guid, settings *uint16, loadBalancer *hcnLoadBa
 	}
 	r0, _, _ := syscall.Syscall6(procHcnCreateLoadBalancer.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(loadBalancer)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -501,7 +575,10 @@ func hcnOpenLoadBalancer(id *_guid, loadBalancer *hcnLoadBalancer, result **uint
 	}
 	r0, _, _ := syscall.Syscall(procHcnOpenLoadBalancer.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(loadBalancer)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -521,7 +598,10 @@ func _hcnModifyLoadBalancer(loadBalancer hcnLoadBalancer, settings *uint16, resu
 	}
 	r0, _, _ := syscall.Syscall(procHcnModifyLoadBalancer.Addr(), 3, uintptr(loadBalancer), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -541,7 +621,10 @@ func _hcnQueryLoadBalancerProperties(loadBalancer hcnLoadBalancer, query *uint16
 	}
 	r0, _, _ := syscall.Syscall6(procHcnQueryLoadBalancerProperties.Addr(), 4, uintptr(loadBalancer), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -552,7 +635,10 @@ func hcnDeleteLoadBalancer(id *_guid, result **uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnDeleteLoadBalancer.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -563,7 +649,10 @@ func hcnCloseLoadBalancer(loadBalancer hcnLoadBalancer) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnCloseLoadBalancer.Addr(), 1, uintptr(loadBalancer), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -574,7 +663,10 @@ func hcnOpenService(service *hcnService, result **uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnOpenService.Addr(), 2, uintptr(unsafe.Pointer(service)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -585,7 +677,10 @@ func hcnRegisterServiceCallback(service hcnService, callback int32, context int3
 	}
 	r0, _, _ := syscall.Syscall6(procHcnRegisterServiceCallback.Addr(), 4, uintptr(service), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -596,7 +691,10 @@ func hcnUnregisterServiceCallback(callbackHandle hcnCallbackHandle) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnUnregisterServiceCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -607,7 +705,10 @@ func hcnCloseService(service hcnService) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcnCloseService.Addr(), 1, uintptr(service), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }

vendor/github.com/Microsoft/hcsshim/internal/guestrequest/types.go

@@ -1,6 +1,8 @@
 package guestrequest
 
-import "github.com/Microsoft/hcsshim/internal/schema2"
+import (
+	"github.com/Microsoft/hcsshim/internal/schema2"
+)
 
 // Arguably, many of these (at least CombinedLayers) should have been generated
 // by swagger.
@@ -47,6 +49,19 @@ type LCOWMappedVPMemDevice struct {
 	MountPath    string `json:"MountPath,omitempty"` // /tmp/pN
 }
 
+type LCOWNetworkAdapter struct {
+	NamespaceID     string `json:",omitempty"`
+	ID              string `json:",omitempty"`
+	MacAddress      string `json:",omitempty"`
+	IPAddress       string `json:",omitempty"`
+	PrefixLength    uint8  `json:",omitempty"`
+	GatewayAddress  string `json:",omitempty"`
+	DNSSuffix       string `json:",omitempty"`
+	DNSServerList   string `json:",omitempty"`
+	EnableLowMetric bool   `json:",omitempty"`
+	EncapOverhead   uint16 `json:",omitempty"`
+}
+
 type ResourceType string
 
 const (

vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go

@@ -16,11 +16,20 @@ var (
 	notificationWatcherCallback = syscall.NewCallback(notificationWatcher)
 
 	// Notifications for HCS_SYSTEM handles
-	hcsNotificationSystemExited          hcsNotification = 0x00000001
+	hcsNotificationSystemExited                      hcsNotification = 0x00000001
-	hcsNotificationSystemCreateCompleted hcsNotification = 0x00000002
+	hcsNotificationSystemCreateCompleted             hcsNotification = 0x00000002
-	hcsNotificationSystemStartCompleted  hcsNotification = 0x00000003
+	hcsNotificationSystemStartCompleted              hcsNotification = 0x00000003
-	hcsNotificationSystemPauseCompleted  hcsNotification = 0x00000004
+	hcsNotificationSystemPauseCompleted              hcsNotification = 0x00000004
-	hcsNotificationSystemResumeCompleted hcsNotification = 0x00000005
+	hcsNotificationSystemResumeCompleted             hcsNotification = 0x00000005
+	hcsNotificationSystemCrashReport                 hcsNotification = 0x00000006
+	hcsNotificationSystemSiloJobCreated              hcsNotification = 0x00000007
+	hcsNotificationSystemSaveCompleted               hcsNotification = 0x00000008
+	hcsNotificationSystemRdpEnhancedModeStateChanged hcsNotification = 0x00000009
+	hcsNotificationSystemShutdownFailed              hcsNotification = 0x0000000A
+	hcsNotificationSystemGetPropertiesCompleted      hcsNotification = 0x0000000B
+	hcsNotificationSystemModifyCompleted             hcsNotification = 0x0000000C
+	hcsNotificationSystemCrashInitiated              hcsNotification = 0x0000000D
+	hcsNotificationSystemGuestConnectionClosed       hcsNotification = 0x0000000E
 
 	// Notifications for HCS_PROCESS handles
 	hcsNotificationProcessExited hcsNotification = 0x00010000
@@ -50,16 +59,23 @@ func newChannels() notificationChannels {
 	channels[hcsNotificationSystemResumeCompleted] = make(notificationChannel, 1)
 	channels[hcsNotificationProcessExited] = make(notificationChannel, 1)
 	channels[hcsNotificationServiceDisconnect] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemCrashReport] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemSiloJobCreated] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemSaveCompleted] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemRdpEnhancedModeStateChanged] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemShutdownFailed] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemGetPropertiesCompleted] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemModifyCompleted] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemCrashInitiated] = make(notificationChannel, 1)
+	channels[hcsNotificationSystemGuestConnectionClosed] = make(notificationChannel, 1)
+
 	return channels
 }
+
 func closeChannels(channels notificationChannels) {
-	close(channels[hcsNotificationSystemExited])
+	for _, c := range channels {
-	close(channels[hcsNotificationSystemCreateCompleted])
+		close(c)
-	close(channels[hcsNotificationSystemStartCompleted])
+	}
-	close(channels[hcsNotificationSystemPauseCompleted])
-	close(channels[hcsNotificationSystemResumeCompleted])
-	close(channels[hcsNotificationProcessExited])
-	close(channels[hcsNotificationServiceDisconnect])
 }
 
 func notificationWatcher(notificationType hcsNotification, callbackNumber uintptr, notificationStatus uintptr, notificationData *uint16) uintptr {

vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go

@@ -73,6 +73,9 @@ var (
 	// ErrVmcomputeUnknownMessage is an error encountered guest compute system doesn't support the message
 	ErrVmcomputeUnknownMessage = syscall.Errno(0xc037010b)
 
+	// ErrVmcomputeUnexpectedExit is an error encountered when the compute system terminates unexpectedly
+	ErrVmcomputeUnexpectedExit = syscall.Errno(0xC0370106)
+
 	// ErrNotSupported is an error encountered when hcs doesn't support the request
 	ErrPlatformNotSupported = errors.New("unsupported platform request")
 )

vendor/github.com/Microsoft/hcsshim/internal/hcs/log.go

@@ -7,9 +7,14 @@ func logOperationBegin(ctx logrus.Fields, msg string) {
 }
 
 func logOperationEnd(ctx logrus.Fields, msg string, err error) {
+	// Copy the log and fields first.
+	log := logrus.WithFields(ctx)
 	if err == nil {
-		logrus.WithFields(ctx).Debug(msg)
+		log.Debug(msg)
 	} else {
-		logrus.WithFields(ctx).WithError(err).Error(msg)
+		// Edit only the copied field data to avoid race conditions on the
+		// write.
+		log.Data[logrus.ErrorKey] = err
+		log.Error(msg)
 	}
 }

vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go

@@ -31,9 +31,8 @@ func newProcess(process hcsProcess, processID int, computeSystem *System) *Proce
 		processID: processID,
 		system:    computeSystem,
 		logctx: logrus.Fields{
-			logfields.HCSOperation: "",
+			logfields.ContainerID: computeSystem.ID(),
-			logfields.ContainerID:  computeSystem.ID(),
+			logfields.ProcessID:   processID,
-			logfields.ProcessID:    processID,
 		},
 	}
 }
@@ -88,13 +87,12 @@ func (process *Process) SystemID() string {
 }
 
 func (process *Process) logOperationBegin(operation string) {
-	process.logctx[logfields.HCSOperation] = operation
 	logOperationBegin(
 		process.logctx,
-		"hcsshim::Process - Begin Operation")
+		operation+" - Begin Operation")
 }
 
-func (process *Process) logOperationEnd(err error) {
+func (process *Process) logOperationEnd(operation string, err error) {
 	var result string
 	if err == nil {
 		result = "Success"
@@ -104,9 +102,8 @@ func (process *Process) logOperationEnd(err error) {
 
 	logOperationEnd(
 		process.logctx,
-		"hcsshim::Process - End Operation - "+result,
+		operation+" - End Operation - "+result,
 		err)
-	process.logctx[logfields.HCSOperation] = ""
 }
 
 // Signal signals the process with `options`.
@@ -116,7 +113,7 @@ func (process *Process) Signal(options guestrequest.SignalProcessOptions) (err e
 
 	operation := "hcsshim::Process::Signal"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -130,10 +127,9 @@ func (process *Process) Signal(options guestrequest.SignalProcessOptions) (err e
 	optionsStr := string(optionsb)
 
 	var resultp *uint16
-	completed := false
+	syscallWatcher(process.logctx, func() {
-	go syscallWatcher(process.logctx, &completed)
+		err = hcsSignalProcess(process.handle, optionsStr, &resultp)
-	err = hcsSignalProcess(process.handle, optionsStr, &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
 	if err != nil {
 		return makeProcessError(process, operation, err, events)
@@ -149,17 +145,16 @@ func (process *Process) Kill() (err error) {
 
 	operation := "hcsshim::Process::Kill"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
 	var resultp *uint16
-	completed := false
+	syscallWatcher(process.logctx, func() {
-	go syscallWatcher(process.logctx, &completed)
+		err = hcsTerminateProcess(process.handle, &resultp)
-	err = hcsTerminateProcess(process.handle, &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
 	if err != nil {
 		return makeProcessError(process, operation, err, events)
@@ -172,7 +167,7 @@ func (process *Process) Kill() (err error) {
 func (process *Process) Wait() (err error) {
 	operation := "hcsshim::Process::Wait"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	err = waitForNotification(process.callbackNumber, hcsNotificationProcessExited, nil)
 	if err != nil {
@@ -187,7 +182,7 @@ func (process *Process) Wait() (err error) {
 func (process *Process) WaitTimeout(timeout time.Duration) (err error) {
 	operation := "hcssshim::Process::WaitTimeout"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	err = waitForNotification(process.callbackNumber, hcsNotificationProcessExited, &timeout)
 	if err != nil {
@@ -204,7 +199,7 @@ func (process *Process) ResizeConsole(width, height uint16) (err error) {
 
 	operation := "hcsshim::Process::ResizeConsole"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -241,7 +236,7 @@ func (process *Process) Properties() (_ *ProcessStatus, err error) {
 
 	operation := "hcsshim::Process::Properties"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
 		return nil, makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -251,10 +246,9 @@ func (process *Process) Properties() (_ *ProcessStatus, err error) {
 		resultp     *uint16
 		propertiesp *uint16
 	)
-	completed := false
+	syscallWatcher(process.logctx, func() {
-	go syscallWatcher(process.logctx, &completed)
+		err = hcsGetProcessProperties(process.handle, &propertiesp, &resultp)
-	err = hcsGetProcessProperties(process.handle, &propertiesp, &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
 	if err != nil {
 		return nil, makeProcessError(process, operation, err, events)
@@ -278,7 +272,7 @@ func (process *Process) Properties() (_ *ProcessStatus, err error) {
 func (process *Process) ExitCode() (_ int, err error) {
 	operation := "hcsshim::Process::ExitCode"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	properties, err := process.Properties()
 	if err != nil {
@@ -305,7 +299,7 @@ func (process *Process) Stdio() (_ io.WriteCloser, _ io.ReadCloser, _ io.ReadClo
 
 	operation := "hcsshim::Process::Stdio"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
 		return nil, nil, nil, makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -349,7 +343,7 @@ func (process *Process) CloseStdin() (err error) {
 
 	operation := "hcsshim::Process::CloseStdin"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
@@ -387,7 +381,7 @@ func (process *Process) Close() (err error) {
 
 	operation := "hcsshim::Process::Close"
 	process.logOperationBegin(operation)
-	defer process.logOperationEnd(err)
+	defer func() { process.logOperationEnd(operation, err) }()
 
 	// Don't double free this
 	if process.handle == 0 {

vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go

@@ -49,20 +49,18 @@ func newSystem(id string) *System {
 	return &System{
 		id: id,
 		logctx: logrus.Fields{
-			logfields.HCSOperation: "",
+			logfields.ContainerID: id,
-			logfields.ContainerID:  id,
 		},
 	}
 }
 
 func (computeSystem *System) logOperationBegin(operation string) {
-	computeSystem.logctx[logfields.HCSOperation] = operation
 	logOperationBegin(
 		computeSystem.logctx,
-		"hcsshim::ComputeSystem - Begin Operation")
+		operation+" - Begin Operation")
 }
 
-func (computeSystem *System) logOperationEnd(err error) {
+func (computeSystem *System) logOperationEnd(operation string, err error) {
 	var result string
 	if err == nil {
 		result = "Success"
@@ -72,9 +70,8 @@ func (computeSystem *System) logOperationEnd(err error) {
 
 	logOperationEnd(
 		computeSystem.logctx,
-		"hcsshim::ComputeSystem - End Operation - "+result,
+		operation+" - End Operation - "+result,
 		err)
-	computeSystem.logctx[logfields.HCSOperation] = ""
 }
 
 // CreateComputeSystem creates a new compute system with the given configuration but does not start it.
@@ -83,7 +80,7 @@ func CreateComputeSystem(id string, hcsDocumentInterface interface{}) (_ *System
 
 	computeSystem := newSystem(id)
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	hcsDocumentB, err := json.Marshal(hcsDocumentInterface)
 	if err != nil {
@@ -97,13 +94,13 @@ func CreateComputeSystem(id string, hcsDocumentInterface interface{}) (_ *System
 		Debug("HCS ComputeSystem Document")
 
 	var (
-		resultp  *uint16
+		resultp     *uint16
-		identity syscall.Handle
+		identity    syscall.Handle
+		createError error
 	)
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		createError = hcsCreateComputeSystem(id, hcsDocument, identity, &computeSystem.handle, &resultp)
-	createError := hcsCreateComputeSystem(id, hcsDocument, identity, &computeSystem.handle, &resultp)
+	})
-	completed = true
 
 	if createError == nil || IsPending(createError) {
 		if err = computeSystem.registerCallback(); err != nil {
@@ -133,7 +130,13 @@ func OpenComputeSystem(id string) (_ *System, err error) {
 
 	computeSystem := newSystem(id)
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() {
+		if IsNotExist(err) {
+			computeSystem.logOperationEnd(operation, nil)
+		} else {
+			computeSystem.logOperationEnd(operation, err)
+		}
+	}()
 
 	var (
 		handle  hcsSystem
@@ -157,12 +160,10 @@ func OpenComputeSystem(id string) (_ *System, err error) {
 // GetComputeSystems gets a list of the compute systems on the system that match the query
 func GetComputeSystems(q schema1.ComputeSystemQuery) (_ []schema1.ContainerProperties, err error) {
 	operation := "hcsshim::GetComputeSystems"
-	fields := logrus.Fields{
+	fields := logrus.Fields{}
-		logfields.HCSOperation: operation,
-	}
 	logOperationBegin(
 		fields,
-		"hcsshim::ComputeSystem - Begin Operation")
+		operation+" - Begin Operation")
 
 	defer func() {
 		var result string
@@ -174,7 +175,7 @@ func GetComputeSystems(q schema1.ComputeSystemQuery) (_ []schema1.ContainerPrope
 
 		logOperationEnd(
 			fields,
-			"hcsshim::ComputeSystem - End Operation - "+result,
+			operation+" - End Operation - "+result,
 			err)
 	}()
 
@@ -193,10 +194,10 @@ func GetComputeSystems(q schema1.ComputeSystemQuery) (_ []schema1.ContainerPrope
 		resultp         *uint16
 		computeSystemsp *uint16
 	)
-	completed := false
+
-	go syscallWatcher(fields, &completed)
+	syscallWatcher(fields, func() {
-	err = hcsEnumerateComputeSystems(query, &computeSystemsp, &resultp)
+		err = hcsEnumerateComputeSystems(query, &computeSystemsp, &resultp)
-	completed = true
+	})
 	events := processHcsResult(resultp)
 	if err != nil {
 		return nil, &HcsError{Op: operation, Err: err, Events: events}
@@ -221,7 +222,7 @@ func (computeSystem *System) Start() (err error) {
 
 	operation := "hcsshim::ComputeSystem::Start"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	if computeSystem.handle == 0 {
 		return makeSystemError(computeSystem, "Start", "", ErrAlreadyClosed, nil)
@@ -254,10 +255,9 @@ func (computeSystem *System) Start() (err error) {
 	}
 
 	var resultp *uint16
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsStartComputeSystem(computeSystem.handle, "", &resultp)
-	err = hcsStartComputeSystem(computeSystem.handle, "", &resultp)
+	})
-	completed = true
 	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemStartCompleted, &timeout.SystemStart)
 	if err != nil {
 		return makeSystemError(computeSystem, "Start", "", err, events)
@@ -279,17 +279,22 @@ func (computeSystem *System) Shutdown() (err error) {
 
 	operation := "hcsshim::ComputeSystem::Shutdown"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() {
+		if IsAlreadyStopped(err) {
+			computeSystem.logOperationEnd(operation, nil)
+		} else {
+			computeSystem.logOperationEnd(operation, err)
+		}
+	}()
 
 	if computeSystem.handle == 0 {
 		return makeSystemError(computeSystem, "Shutdown", "", ErrAlreadyClosed, nil)
 	}
 
 	var resultp *uint16
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsShutdownComputeSystem(computeSystem.handle, "", &resultp)
-	err = hcsShutdownComputeSystem(computeSystem.handle, "", &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
 	if err != nil {
 		return makeSystemError(computeSystem, "Shutdown", "", err, events)
@@ -306,19 +311,24 @@ func (computeSystem *System) Terminate() (err error) {
 
 	operation := "hcsshim::ComputeSystem::Terminate"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() {
+		if IsPending(err) {
+			computeSystem.logOperationEnd(operation, nil)
+		} else {
+			computeSystem.logOperationEnd(operation, err)
+		}
+	}()
 
 	if computeSystem.handle == 0 {
 		return makeSystemError(computeSystem, "Terminate", "", ErrAlreadyClosed, nil)
 	}
 
 	var resultp *uint16
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsTerminateComputeSystem(computeSystem.handle, "", &resultp)
-	err = hcsTerminateComputeSystem(computeSystem.handle, "", &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
-	if err != nil {
+	if err != nil && err != ErrVmcomputeAlreadyStopped {
 		return makeSystemError(computeSystem, "Terminate", "", err, events)
 	}
 
@@ -329,7 +339,7 @@ func (computeSystem *System) Terminate() (err error) {
 func (computeSystem *System) Wait() (err error) {
 	operation := "hcsshim::ComputeSystem::Wait"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	err = waitForNotification(computeSystem.callbackNumber, hcsNotificationSystemExited, nil)
 	if err != nil {
@@ -339,12 +349,27 @@ func (computeSystem *System) Wait() (err error) {
 	return nil
 }
 
+// WaitExpectedError synchronously waits for the compute system to shutdown or
+// terminate, and ignores the passed error if it occurs.
+func (computeSystem *System) WaitExpectedError(expected error) (err error) {
+	operation := "hcsshim::ComputeSystem::WaitExpectedError"
+	computeSystem.logOperationBegin(operation)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
+
+	err = waitForNotification(computeSystem.callbackNumber, hcsNotificationSystemExited, nil)
+	if err != nil && getInnerError(err) != expected {
+		return makeSystemError(computeSystem, "WaitExpectedError", "", err, nil)
+	}
+
+	return nil
+}
+
 // WaitTimeout synchronously waits for the compute system to terminate or the duration to elapse.
 // If the timeout expires, IsTimeout(err) == true
 func (computeSystem *System) WaitTimeout(timeout time.Duration) (err error) {
 	operation := "hcsshim::ComputeSystem::WaitTimeout"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	err = waitForNotification(computeSystem.callbackNumber, hcsNotificationSystemExited, &timeout)
 	if err != nil {
@@ -360,7 +385,7 @@ func (computeSystem *System) Properties(types ...schema1.PropertyType) (_ *schem
 
 	operation := "hcsshim::ComputeSystem::Properties"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	queryj, err := json.Marshal(schema1.PropertyQuery{types})
 	if err != nil {
@@ -372,10 +397,9 @@ func (computeSystem *System) Properties(types ...schema1.PropertyType) (_ *schem
 		Debug("HCS ComputeSystem Properties Query")
 
 	var resultp, propertiesp *uint16
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsGetComputeSystemProperties(computeSystem.handle, string(queryj), &propertiesp, &resultp)
-	err = hcsGetComputeSystemProperties(computeSystem.handle, string(queryj), &propertiesp, &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
 	if err != nil {
 		return nil, makeSystemError(computeSystem, "Properties", "", err, events)
@@ -400,17 +424,16 @@ func (computeSystem *System) Pause() (err error) {
 
 	operation := "hcsshim::ComputeSystem::Pause"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	if computeSystem.handle == 0 {
 		return makeSystemError(computeSystem, "Pause", "", ErrAlreadyClosed, nil)
 	}
 
 	var resultp *uint16
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsPauseComputeSystem(computeSystem.handle, "", &resultp)
-	err = hcsPauseComputeSystem(computeSystem.handle, "", &resultp)
+	})
-	completed = true
 	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
 	if err != nil {
 		return makeSystemError(computeSystem, "Pause", "", err, events)
@@ -426,17 +449,16 @@ func (computeSystem *System) Resume() (err error) {
 
 	operation := "hcsshim::ComputeSystem::Resume"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	if computeSystem.handle == 0 {
 		return makeSystemError(computeSystem, "Resume", "", ErrAlreadyClosed, nil)
 	}
 
 	var resultp *uint16
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsResumeComputeSystem(computeSystem.handle, "", &resultp)
-	err = hcsResumeComputeSystem(computeSystem.handle, "", &resultp)
+	})
-	completed = true
 	events, err := processAsyncHcsResult(err, resultp, computeSystem.callbackNumber, hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
 	if err != nil {
 		return makeSystemError(computeSystem, "Resume", "", err, events)
@@ -452,7 +474,7 @@ func (computeSystem *System) CreateProcess(c interface{}) (_ *Process, err error
 
 	operation := "hcsshim::ComputeSystem::CreateProcess"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	var (
 		processInfo   hcsProcessInformation
@@ -475,10 +497,9 @@ func (computeSystem *System) CreateProcess(c interface{}) (_ *Process, err error
 		WithField(logfields.JSON, configuration).
 		Debug("HCS ComputeSystem Process Document")
 
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsCreateProcess(computeSystem.handle, configuration, &processInfo, &processHandle, &resultp)
-	err = hcsCreateProcess(computeSystem.handle, configuration, &processInfo, &processHandle, &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
 	if err != nil {
 		return nil, makeSystemError(computeSystem, "CreateProcess", configuration, err, events)
@@ -513,7 +534,7 @@ func (computeSystem *System) OpenProcess(pid int) (_ *Process, err error) {
 
 	operation := "hcsshim::ComputeSystem::OpenProcess"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	var (
 		processHandle hcsProcess
@@ -524,10 +545,9 @@ func (computeSystem *System) OpenProcess(pid int) (_ *Process, err error) {
 		return nil, makeSystemError(computeSystem, "OpenProcess", "", ErrAlreadyClosed, nil)
 	}
 
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsOpenProcess(computeSystem.handle, uint32(pid), &processHandle, &resultp)
-	err = hcsOpenProcess(computeSystem.handle, uint32(pid), &processHandle, &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
 	if err != nil {
 		return nil, makeSystemError(computeSystem, "OpenProcess", "", err, events)
@@ -548,7 +568,7 @@ func (computeSystem *System) Close() (err error) {
 
 	operation := "hcsshim::ComputeSystem::Close"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	// Don't double free this
 	if computeSystem.handle == 0 {
@@ -559,10 +579,9 @@ func (computeSystem *System) Close() (err error) {
 		return makeSystemError(computeSystem, "Close", "", err, nil)
 	}
 
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsCloseComputeSystem(computeSystem.handle)
-	err = hcsCloseComputeSystem(computeSystem.handle)
+	})
-	completed = true
 	if err != nil {
 		return makeSystemError(computeSystem, "Close", "", err, nil)
 	}
@@ -636,7 +655,7 @@ func (computeSystem *System) Modify(config interface{}) (err error) {
 
 	operation := "hcsshim::ComputeSystem::Modify"
 	computeSystem.logOperationBegin(operation)
-	defer computeSystem.logOperationEnd(err)
+	defer func() { computeSystem.logOperationEnd(operation, err) }()
 
 	if computeSystem.handle == 0 {
 		return makeSystemError(computeSystem, "Modify", "", ErrAlreadyClosed, nil)
@@ -654,10 +673,9 @@ func (computeSystem *System) Modify(config interface{}) (err error) {
 		Debug("HCS ComputeSystem Modify Document")
 
 	var resultp *uint16
-	completed := false
+	syscallWatcher(computeSystem.logctx, func() {
-	go syscallWatcher(computeSystem.logctx, &completed)
+		err = hcsModifyComputeSystem(computeSystem.handle, requestString, &resultp)
-	err = hcsModifyComputeSystem(computeSystem.handle, requestString, &resultp)
+	})
-	completed = true
 	events := processHcsResult(resultp)
 	if err != nil {
 		return makeSystemError(computeSystem, "Modify", requestString, err, events)

vendor/github.com/Microsoft/hcsshim/internal/hcs/watcher.go

@@ -1,7 +1,7 @@
 package hcs
 
 import (
-	"time"
+	"context"
 
 	"github.com/Microsoft/hcsshim/internal/logfields"
 	"github.com/Microsoft/hcsshim/internal/timeout"
@@ -17,17 +17,25 @@ import (
 //
 // Usage is:
 //
-// completed := false
+// syscallWatcher(logContext, func() {
-// go syscallWatcher(context, &completed)
+//    err = <syscall>(args...)
-// <syscall>
+// })
-// completed = true
 //
-func syscallWatcher(context logrus.Fields, syscallCompleted *bool) {
+
-	time.Sleep(timeout.SyscallWatcher)
+func syscallWatcher(logContext logrus.Fields, syscallLambda func()) {
-	if *syscallCompleted {
+	ctx, cancel := context.WithTimeout(context.Background(), timeout.SyscallWatcher)
-		return
+	defer cancel()
-	}
+	go watchFunc(ctx, logContext)
-	logrus.WithFields(context).
+	syscallLambda()
-		WithField(logfields.Timeout, timeout.SyscallWatcher).
+}
-		Warning("Syscall did not complete within operation timeout. This may indicate a platform issue. If it appears to be making no forward progress, obtain the stacks and see if there is a syscall stuck in the platform API for a significant length of time.")
+
+func watchFunc(ctx context.Context, logContext logrus.Fields) {
+	select {
+	case <-ctx.Done():
+		if ctx.Err() != context.Canceled {
+			logrus.WithFields(logContext).
+				WithField(logfields.Timeout, timeout.SyscallWatcher).
+				Warning("Syscall did not complete within operation timeout. This may indicate a platform issue. If it appears to be making no forward progress, obtain the stacks and see if there is a syscall stuck in the platform API for a significant length of time.")
+		}
+	}
 }

vendor/github.com/Microsoft/hcsshim/internal/hcs/zsyscall_windows.go

@@ -6,7 +6,6 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
 	"golang.org/x/sys/windows"
 )
 
@@ -81,7 +80,10 @@ func _hcsEnumerateComputeSystems(query *uint16, computeSystems **uint16, result
 	}
 	r0, _, _ := syscall.Syscall(procHcsEnumerateComputeSystems.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(computeSystems)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -106,7 +108,10 @@ func _hcsCreateComputeSystem(id *uint16, configuration *uint16, identity syscall
 	}
 	r0, _, _ := syscall.Syscall6(procHcsCreateComputeSystem.Addr(), 5, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(configuration)), uintptr(identity), uintptr(unsafe.Pointer(computeSystem)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -126,7 +131,10 @@ func _hcsOpenComputeSystem(id *uint16, computeSystem *hcsSystem, result **uint16
 	}
 	r0, _, _ := syscall.Syscall(procHcsOpenComputeSystem.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(computeSystem)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -137,7 +145,10 @@ func hcsCloseComputeSystem(computeSystem hcsSystem) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcsCloseComputeSystem.Addr(), 1, uintptr(computeSystem), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -157,7 +168,10 @@ func _hcsStartComputeSystem(computeSystem hcsSystem, options *uint16, result **u
 	}
 	r0, _, _ := syscall.Syscall(procHcsStartComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -177,7 +191,10 @@ func _hcsShutdownComputeSystem(computeSystem hcsSystem, options *uint16, result
 	}
 	r0, _, _ := syscall.Syscall(procHcsShutdownComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -197,7 +214,10 @@ func _hcsTerminateComputeSystem(computeSystem hcsSystem, options *uint16, result
 	}
 	r0, _, _ := syscall.Syscall(procHcsTerminateComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -217,7 +237,10 @@ func _hcsPauseComputeSystem(computeSystem hcsSystem, options *uint16, result **u
 	}
 	r0, _, _ := syscall.Syscall(procHcsPauseComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -237,7 +260,10 @@ func _hcsResumeComputeSystem(computeSystem hcsSystem, options *uint16, result **
 	}
 	r0, _, _ := syscall.Syscall(procHcsResumeComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -257,7 +283,10 @@ func _hcsGetComputeSystemProperties(computeSystem hcsSystem, propertyQuery *uint
 	}
 	r0, _, _ := syscall.Syscall6(procHcsGetComputeSystemProperties.Addr(), 4, uintptr(computeSystem), uintptr(unsafe.Pointer(propertyQuery)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -277,7 +306,10 @@ func _hcsModifyComputeSystem(computeSystem hcsSystem, configuration *uint16, res
 	}
 	r0, _, _ := syscall.Syscall(procHcsModifyComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(configuration)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -288,7 +320,10 @@ func hcsRegisterComputeSystemCallback(computeSystem hcsSystem, callback uintptr,
 	}
 	r0, _, _ := syscall.Syscall6(procHcsRegisterComputeSystemCallback.Addr(), 4, uintptr(computeSystem), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -299,7 +334,10 @@ func hcsUnregisterComputeSystemCallback(callbackHandle hcsCallback) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcsUnregisterComputeSystemCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -319,7 +357,10 @@ func _hcsCreateProcess(computeSystem hcsSystem, processParameters *uint16, proce
 	}
 	r0, _, _ := syscall.Syscall6(procHcsCreateProcess.Addr(), 5, uintptr(computeSystem), uintptr(unsafe.Pointer(processParameters)), uintptr(unsafe.Pointer(processInformation)), uintptr(unsafe.Pointer(process)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -330,7 +371,10 @@ func hcsOpenProcess(computeSystem hcsSystem, pid uint32, process *hcsProcess, re
 	}
 	r0, _, _ := syscall.Syscall6(procHcsOpenProcess.Addr(), 4, uintptr(computeSystem), uintptr(pid), uintptr(unsafe.Pointer(process)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -341,7 +385,10 @@ func hcsCloseProcess(process hcsProcess) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcsCloseProcess.Addr(), 1, uintptr(process), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -352,7 +399,10 @@ func hcsTerminateProcess(process hcsProcess, result **uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcsTerminateProcess.Addr(), 2, uintptr(process), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -372,7 +422,10 @@ func _hcsSignalProcess(process hcsProcess, options *uint16, result **uint16) (hr
 	}
 	r0, _, _ := syscall.Syscall(procHcsTerminateProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -383,7 +436,10 @@ func hcsGetProcessInfo(process hcsProcess, processInformation *hcsProcessInforma
 	}
 	r0, _, _ := syscall.Syscall(procHcsGetProcessInfo.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(processInformation)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -394,7 +450,10 @@ func hcsGetProcessProperties(process hcsProcess, processProperties **uint16, res
 	}
 	r0, _, _ := syscall.Syscall(procHcsGetProcessProperties.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(processProperties)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -414,7 +473,10 @@ func _hcsModifyProcess(process hcsProcess, settings *uint16, result **uint16) (h
 	}
 	r0, _, _ := syscall.Syscall(procHcsModifyProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -434,7 +496,10 @@ func _hcsGetServiceProperties(propertyQuery *uint16, properties **uint16, result
 	}
 	r0, _, _ := syscall.Syscall(procHcsGetServiceProperties.Addr(), 3, uintptr(unsafe.Pointer(propertyQuery)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -445,7 +510,10 @@ func hcsRegisterProcessCallback(process hcsProcess, callback uintptr, context ui
 	}
 	r0, _, _ := syscall.Syscall6(procHcsRegisterProcessCallback.Addr(), 4, uintptr(process), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -456,7 +524,10 @@ func hcsUnregisterProcessCallback(callbackHandle hcsCallback) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procHcsUnregisterProcessCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }

vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go

@@ -36,10 +36,6 @@ func New(err error, title, rest string) error {
 	return &HcsError{title, rest, err}
 }
 
-func Errorf(err error, title, format string, a ...interface{}) error {
-	return New(err, title, fmt.Sprintf(format, a...))
-}
-
 func Win32FromError(err error) uint32 {
 	if herr, ok := err.(*HcsError); ok {
 		return Win32FromError(herr.Err)

vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go

@@ -23,7 +23,9 @@ type HNSEndpoint struct {
 	DisableICC         bool              `json:",omitempty"`
 	PrefixLength       uint8             `json:",omitempty"`
 	IsRemoteEndpoint   bool              `json:",omitempty"`
+	EnableLowMetric    bool              `json:",omitempty"`
 	Namespace          *Namespace        `json:",omitempty"`
+	EncapOverhead      uint16            `json:",omitempty"`
 }
 
 //SystemType represents the type of the system on which actions are done

vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go

@@ -6,7 +6,6 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
 	"golang.org/x/sys/windows"
 )
 
@@ -68,7 +67,10 @@ func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16)
 	}
 	r0, _, _ := syscall.Syscall6(procHNSCall.Addr(), 4, uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }

vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go

@@ -5,9 +5,9 @@ import (
 	"unsafe"
 )
 
-//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go interop.go
+//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go interop.go
 
-//sys coTaskMemFree(buffer unsafe.Pointer) = ole32.CoTaskMemFree
+//sys coTaskMemFree(buffer unsafe.Pointer) = api_ms_win_core_com_l1_1_0.CoTaskMemFree
 
 func ConvertAndFreeCoTaskMemString(buffer *uint16) string {
 	str := syscall.UTF16ToString((*[1 << 29]uint16)(unsafe.Pointer(buffer))[:])

vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go

@@ -1,4 +1,4 @@
-// Code generated by 'go generate'; DO NOT EDIT.
+// Code generated mksyscall_windows.exe DO NOT EDIT
 
 package interop
 
@@ -37,9 +37,9 @@ func errnoErr(e syscall.Errno) error {
 }
 
 var (
-	modole32 = windows.NewLazySystemDLL("ole32.dll")
+	modapi_ms_win_core_com_l1_1_0 = windows.NewLazySystemDLL("api-ms-win-core-com-l1-1-0.dll")
 
-	procCoTaskMemFree = modole32.NewProc("CoTaskMemFree")
+	procCoTaskMemFree = modapi_ms_win_core_com_l1_1_0.NewProc("CoTaskMemFree")
 )
 
 func coTaskMemFree(buffer unsafe.Pointer) {

vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go

@@ -26,11 +26,6 @@ const (
 	Uint32       = "uint32"
 	Uint64       = "uint64"
 
-	// HCS
-
-	HCSOperation       = "hcs-op"
-	HCSOperationResult = "hcs-op-result"
-
 	// runhcs
 
 	VMShimOperation = "vmshim-op"

vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go

@@ -87,7 +87,7 @@ func OpenRoot(path string) (*os.File, error) {
 
 func ntRelativePath(path string) ([]uint16, error) {
 	path = filepath.Clean(path)
-	if strings.Contains(":", path) {
+	if strings.Contains(path, ":") {
 		// Since alternate data streams must follow the file they
 		// are attached to, finding one here (out of order) is invalid.
 		return nil, errors.New("path contains invalid character `:`")

vendor/github.com/Microsoft/hcsshim/internal/schema2/plan9_share.go

@@ -20,6 +20,13 @@ type Plan9Share struct {
 
 	Port int32 `json:"Port,omitempty"`
 
+	// Flags are marked private. Until they are exported correctly
+	//
+	// ReadOnly      0x00000001
+	// LinuxMetadata 0x00000004
+	// CaseSensitive 0x00000008
+	Flags int32 `json:"Flags,omitempty"`
+
 	ReadOnly bool `json:"ReadOnly,omitempty"`
 
 	UseShareRootIdentity bool `json:"UseShareRootIdentity,omitempty"`

vendor/github.com/Microsoft/hcsshim/internal/schema2/virtual_machine.go

@@ -11,6 +11,9 @@ package hcsschema
 
 type VirtualMachine struct {
 
+	// StopOnReset is private in the schema. If regenerated need to put back.
+	StopOnReset bool `json:"StopOnReset,omitempty"`
+
 	Chipset *Chipset `json:"Chipset,omitempty"`
 
 	ComputeTopology *Topology `json:"ComputeTopology,omitempty"`

vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go

@@ -9,17 +9,24 @@ import (
 // For a read/write layer, the mounted filesystem will appear as a volume on the
 // host, while a read-only layer is generally expected to be a no-op.
 // An activated layer must later be deactivated via DeactivateLayer.
-func ActivateLayer(path string) error {
+func ActivateLayer(path string) (err error) {
-	title := "hcsshim::ActivateLayer "
+	title := "hcsshim::ActivateLayer"
-	logrus.Debugf(title+"path %s", path)
+	fields := logrus.Fields{
-
+		"path": path,
-	err := activateLayer(&stdDriverInfo, path)
-	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
 	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
-	logrus.Debugf(title+" - succeeded path=%s", path)
+	err = activateLayer(&stdDriverInfo, path)
+	if err != nil {
+		return hcserror.New(err, title+" - failed", "")
+	}
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go

@@ -7,17 +7,25 @@ import (
 
 // CreateLayer creates a new, empty, read-only layer on the filesystem based on
 // the parent layer provided.
-func CreateLayer(path, parent string) error {
+func CreateLayer(path, parent string) (err error) {
-	title := "hcsshim::CreateLayer "
+	title := "hcsshim::CreateLayer"
-	logrus.Debugf(title+"ID %s parent %s", path, parent)
+	fields := logrus.Fields{
-
+		"parent": parent,
-	err := createLayer(&stdDriverInfo, path, parent)
+		"path":   path,
-	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s parent=%s", path, parent)
-		logrus.Error(err)
-		return err
 	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
-	logrus.Debugf(title+"- succeeded path=%s parent=%s", path, parent)
+	err = createLayer(&stdDriverInfo, path, parent)
+	if err != nil {
+		return hcserror.New(err, title+" - failed", "")
+	}
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go

@@ -9,9 +9,20 @@ import (
 // This requires both the id of the direct parent layer, as well as the full list
 // of paths to all parent layers up to the base (and including the direct parent
 // whose id was provided).
-func CreateScratchLayer(path string, parentLayerPaths []string) error {
+func CreateScratchLayer(path string, parentLayerPaths []string) (err error) {
-	title := "hcsshim::CreateScratchLayer "
+	title := "hcsshim::CreateScratchLayer"
-	logrus.Debugf(title+"path %s", path)
+	fields := logrus.Fields{
+		"path": path,
+	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
 	// Generate layer descriptors
 	layers, err := layerPathsToDescriptors(parentLayerPaths)
@@ -21,11 +32,7 @@ func CreateScratchLayer(path string, parentLayerPaths []string) error {
 
 	err = createSandboxLayer(&stdDriverInfo, path, 0, layers)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
+		return hcserror.New(err, title+" - failed", "")
-		logrus.Error(err)
-		return err
 	}
-
-	logrus.Debugf(title+"- succeeded path=%s", path)
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go

@@ -6,17 +6,24 @@ import (
 )
 
 // DeactivateLayer will dismount a layer that was mounted via ActivateLayer.
-func DeactivateLayer(path string) error {
+func DeactivateLayer(path string) (err error) {
-	title := "hcsshim::DeactivateLayer "
+	title := "hcsshim::DeactivateLayer"
-	logrus.Debugf(title+"path %s", path)
+	fields := logrus.Fields{
-
+		"path": path,
-	err := deactivateLayer(&stdDriverInfo, path)
-	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
 	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
-	logrus.Debugf(title+"succeeded path=%s", path)
+	err = deactivateLayer(&stdDriverInfo, path)
+	if err != nil {
+		return hcserror.New(err, title+"- failed", "")
+	}
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go

@@ -7,17 +7,24 @@ import (
 
 // DestroyLayer will remove the on-disk files representing the layer with the given
 // path, including that layer's containing folder, if any.
-func DestroyLayer(path string) error {
+func DestroyLayer(path string) (err error) {
-	title := "hcsshim::DestroyLayer "
+	title := "hcsshim::DestroyLayer"
-	logrus.Debugf(title+"path %s", path)
+	fields := logrus.Fields{
-
+		"path": path,
-	err := destroyLayer(&stdDriverInfo, path)
-	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
 	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
-	logrus.Debugf(title+"succeeded path=%s", path)
+	err = destroyLayer(&stdDriverInfo, path)
+	if err != nil {
+		return hcserror.New(err, title+" - failed", "")
+	}
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go

@@ -6,17 +6,25 @@ import (
 )
 
 // ExpandScratchSize expands the size of a layer to at least size bytes.
-func ExpandScratchSize(path string, size uint64) error {
+func ExpandScratchSize(path string, size uint64) (err error) {
-	title := "hcsshim::ExpandScratchSize "
+	title := "hcsshim::ExpandScratchSize"
-	logrus.Debugf(title+"path=%s size=%d", path, size)
+	fields := logrus.Fields{
-
+		"path": path,
-	err := expandSandboxSize(&stdDriverInfo, path, size)
+		"size": size,
-	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s size=%d", path, size)
-		logrus.Error(err)
-		return err
 	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
-	logrus.Debugf(title+"- succeeded path=%s size=%d", path, size)
+	err = expandSandboxSize(&stdDriverInfo, path, size)
+	if err != nil {
+		return hcserror.New(err, title+" - failed", "")
+	}
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go

@@ -14,9 +14,21 @@ import (
 // format includes any metadata required for later importing the layer (using
 // ImportLayer), and requires the full list of parent layer paths in order to
 // perform the export.
-func ExportLayer(path string, exportFolderPath string, parentLayerPaths []string) error {
+func ExportLayer(path string, exportFolderPath string, parentLayerPaths []string) (err error) {
-	title := "hcsshim::ExportLayer "
+	title := "hcsshim::ExportLayer"
-	logrus.Debugf(title+"path %s folder %s", path, exportFolderPath)
+	fields := logrus.Fields{
+		"path":             path,
+		"exportFolderPath": exportFolderPath,
+	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
 	// Generate layer descriptors
 	layers, err := layerPathsToDescriptors(parentLayerPaths)
@@ -26,12 +38,8 @@ func ExportLayer(path string, exportFolderPath string, parentLayerPaths []string
 
 	err = exportLayer(&stdDriverInfo, path, exportFolderPath, layers)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s folder=%s", path, exportFolderPath)
+		return hcserror.New(err, title+" - failed", "")
-		logrus.Error(err)
-		return err
 	}
-
-	logrus.Debugf(title+"succeeded path=%s folder=%s", path, exportFolderPath)
 	return nil
 }
 

vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go

@@ -11,20 +11,29 @@ import (
 // the path at which that layer can be accessed.  This path may be a volume path
 // if the layer is a mounted read-write layer, otherwise it is expected to be the
 // folder path at which the layer is stored.
-func GetLayerMountPath(path string) (string, error) {
+func GetLayerMountPath(path string) (_ string, err error) {
-	title := "hcsshim::GetLayerMountPath "
+	title := "hcsshim::GetLayerMountPath"
-	logrus.Debugf(title+"path %s", path)
+	fields := logrus.Fields{
+		"path": path,
+	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
 	var mountPathLength uintptr
 	mountPathLength = 0
 
 	// Call the procedure itself.
-	logrus.Debugf("Calling proc (1)")
+	logrus.WithFields(fields).Debug("Calling proc (1)")
-	err := getLayerMountPath(&stdDriverInfo, path, &mountPathLength, nil)
+	err = getLayerMountPath(&stdDriverInfo, path, &mountPathLength, nil)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "(first call) path=%s", path)
+		return "", hcserror.New(err, title+" - failed", "(first call)")
-		logrus.Error(err)
-		return "", err
 	}
 
 	// Allocate a mount path of the returned length.
@@ -35,15 +44,13 @@ func GetLayerMountPath(path string) (string, error) {
 	mountPathp[0] = 0
 
 	// Call the procedure again
-	logrus.Debugf("Calling proc (2)")
+	logrus.WithFields(fields).Debug("Calling proc (2)")
 	err = getLayerMountPath(&stdDriverInfo, path, &mountPathLength, &mountPathp[0])
 	if err != nil {
-		err = hcserror.Errorf(err, title, "(second call) path=%s", path)
+		return "", hcserror.New(err, title+" - failed", "(second call)")
-		logrus.Error(err)
-		return "", err
 	}
 
 	mountPath := syscall.UTF16ToString(mountPathp[0:])
-	logrus.Debugf(title+"succeeded path=%s mountPath=%s", path, mountPath)
+	fields["mountPath"] = mountPath
 	return mountPath, nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go

@@ -10,17 +10,20 @@ import (
 // image store and return descriptive info about those images for the purpose
 // of registering them with the graphdriver, graph, and tagstore.
 func GetSharedBaseImages() (imageData string, err error) {
-	title := "hcsshim::GetSharedBaseImages "
+	title := "hcsshim::GetSharedBaseImages"
+	logrus.Debug(title)
+	defer func() {
+		if err != nil {
+			logrus.WithError(err).Error(err)
+		} else {
+			logrus.WithField("imageData", imageData).Debug(title + " - succeeded")
+		}
+	}()
 
-	logrus.Debugf("Calling proc")
 	var buffer *uint16
 	err = getBaseImages(&buffer)
 	if err != nil {
-		err = hcserror.New(err, title, "")
+		return "", hcserror.New(err, title+" - failed", "")
-		logrus.Error(err)
-		return
 	}
-	imageData = interop.ConvertAndFreeCoTaskMemString(buffer)
+	return interop.ConvertAndFreeCoTaskMemString(buffer), nil
-	logrus.Debugf(title+" - succeeded output=%s", imageData)
-	return
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go

@@ -1,24 +1,30 @@
 package wclayer
 
 import (
-	"fmt"
-
 	"github.com/Microsoft/hcsshim/internal/hcserror"
 	"github.com/sirupsen/logrus"
 )
 
 // GrantVmAccess adds access to a file for a given VM
-func GrantVmAccess(vmid string, filepath string) error {
+func GrantVmAccess(vmid string, filepath string) (err error) {
-	title := fmt.Sprintf("hcsshim::GrantVmAccess id:%s path:%s ", vmid, filepath)
+	title := "hcsshim::GrantVmAccess"
-	logrus.Debugf(title)
+	fields := logrus.Fields{
-
+		"vm-id": vmid,
-	err := grantVmAccess(vmid, filepath)
+		"path":  filepath,
-	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", filepath)
-		logrus.Error(err)
-		return err
 	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
-	logrus.Debugf(title + " - succeeded")
+	err = grantVmAccess(vmid, filepath)
+	if err != nil {
+		return hcserror.New(err, title+" - failed", "")
+	}
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go

@@ -15,9 +15,21 @@ import (
 // that into a layer with the id layerId.  Note that in order to correctly populate
 // the layer and interperet the transport format, all parent layers must already
 // be present on the system at the paths provided in parentLayerPaths.
-func ImportLayer(path string, importFolderPath string, parentLayerPaths []string) error {
+func ImportLayer(path string, importFolderPath string, parentLayerPaths []string) (err error) {
-	title := "hcsshim::ImportLayer "
+	title := "hcsshim::ImportLayer"
-	logrus.Debugf(title+"path %s folder %s", path, importFolderPath)
+	fields := logrus.Fields{
+		"path":             path,
+		"importFolderPath": importFolderPath,
+	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
 	// Generate layer descriptors
 	layers, err := layerPathsToDescriptors(parentLayerPaths)
@@ -27,12 +39,8 @@ func ImportLayer(path string, importFolderPath string, parentLayerPaths []string
 
 	err = importLayer(&stdDriverInfo, path, importFolderPath, layers)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s folder=%s", path, importFolderPath)
+		return hcserror.New(err, title+" - failed", "")
-		logrus.Error(err)
-		return err
 	}
-
-	logrus.Debugf(title+"succeeded path=%s folder=%s", path, importFolderPath)
 	return nil
 }
 

vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go

@@ -7,19 +7,27 @@ import (
 
 // LayerExists will return true if a layer with the given id exists and is known
 // to the system.
-func LayerExists(path string) (bool, error) {
+func LayerExists(path string) (_ bool, err error) {
-	title := "hcsshim::LayerExists "
+	title := "hcsshim::LayerExists"
-	logrus.Debugf(title+"path %s", path)
+	fields := logrus.Fields{
+		"path": path,
+	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
 	// Call the procedure itself.
 	var exists uint32
-	err := layerExists(&stdDriverInfo, path, &exists)
+	err = layerExists(&stdDriverInfo, path, &exists)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
+		return false, hcserror.New(err, title+" - failed", "")
-		logrus.Error(err)
-		return false, err
 	}
-
+	fields["layer-exists"] = exists != 0
-	logrus.Debugf(title+"succeeded path=%s exists=%d", path, exists)
 	return exists != 0, nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go

@@ -75,13 +75,13 @@ func layerPathsToDescriptors(parentLayerPaths []string) ([]WC_LAYER_DESCRIPTOR,
 	for i := 0; i < len(parentLayerPaths); i++ {
 		g, err := LayerID(parentLayerPaths[i])
 		if err != nil {
-			logrus.Debugf("Failed to convert name to guid %s", err)
+			logrus.WithError(err).Debug("Failed to convert name to guid")
 			return nil, err
 		}
 
 		p, err := syscall.UTF16PtrFromString(parentLayerPaths[i])
 		if err != nil {
-			logrus.Debugf("Failed conversion of parentLayerPath to pointer %s", err)
+			logrus.WithError(err).Debug("Failed conversion of parentLayerPath to pointer")
 			return nil, err
 		}
 

vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go

@@ -10,15 +10,25 @@ import (
 // Host Compute Service, ensuring GUIDs generated with the same string are common
 // across all clients.
 func NameToGuid(name string) (id guid.GUID, err error) {
-	title := "hcsshim::NameToGuid "
+	title := "hcsshim::NameToGuid"
+	fields := logrus.Fields{
+		"name": name,
+	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
 	err = nameToGuid(name, &id)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "name=%s", name)
+		err = hcserror.New(err, title+" - failed", "")
-		logrus.Error(err)
 		return
 	}
-
+	fields["guid"] = id.String()
-	logrus.Debugf(title+"name:%s guid:%s", name, id.String())
 	return
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go

@@ -14,9 +14,20 @@ var prepareLayerLock sync.Mutex
 // parent layers, and is necessary in order to view or interact with the layer
 // as an actual filesystem (reading and writing files, creating directories, etc).
 // Disabling the filter must be done via UnprepareLayer.
-func PrepareLayer(path string, parentLayerPaths []string) error {
+func PrepareLayer(path string, parentLayerPaths []string) (err error) {
-	title := "hcsshim::PrepareLayer "
+	title := "hcsshim::PrepareLayer"
-	logrus.Debugf(title+"path %s", path)
+	fields := logrus.Fields{
+		"path": path,
+	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
 	// Generate layer descriptors
 	layers, err := layerPathsToDescriptors(parentLayerPaths)
@@ -30,11 +41,7 @@ func PrepareLayer(path string, parentLayerPaths []string) error {
 	defer prepareLayerLock.Unlock()
 	err = prepareLayer(&stdDriverInfo, path, layers)
 	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
+		return hcserror.New(err, title+" - failed", "")
-		logrus.Error(err)
-		return err
 	}
-
-	logrus.Debugf(title+"succeeded path=%s", path)
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go

@@ -7,17 +7,24 @@ import (
 
 // UnprepareLayer disables the filesystem filter for the read-write layer with
 // the given id.
-func UnprepareLayer(path string) error {
+func UnprepareLayer(path string) (err error) {
-	title := "hcsshim::UnprepareLayer "
+	title := "hcsshim::UnprepareLayer"
-	logrus.Debugf(title+"path %s", path)
+	fields := logrus.Fields{
-
+		"path": path,
-	err := unprepareLayer(&stdDriverInfo, path)
-	if err != nil {
-		err = hcserror.Errorf(err, title, "path=%s", path)
-		logrus.Error(err)
-		return err
 	}
+	logrus.WithFields(fields).Debug(title)
+	defer func() {
+		if err != nil {
+			fields[logrus.ErrorKey] = err
+			logrus.WithFields(fields).Error(err)
+		} else {
+			logrus.WithFields(fields).Debug(title + " - succeeded")
+		}
+	}()
 
-	logrus.Debugf(title+"succeeded path=%s", path)
+	err = unprepareLayer(&stdDriverInfo, path)
+	if err != nil {
+		return hcserror.New(err, title+" - failed", "")
+	}
 	return nil
 }

vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go

@@ -6,7 +6,6 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
 	"golang.org/x/sys/windows"
 )
 
@@ -75,7 +74,10 @@ func _activateLayer(info *driverInfo, id *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procActivateLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -104,7 +106,10 @@ func _copyLayer(info *driverInfo, srcId *uint16, dstId *uint16, descriptors []WC
 	}
 	r0, _, _ := syscall.Syscall6(procCopyLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(srcId)), uintptr(unsafe.Pointer(dstId)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -129,7 +134,10 @@ func _createLayer(info *driverInfo, id *uint16, parent *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procCreateLayer.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(parent)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -153,7 +161,10 @@ func _createSandboxLayer(info *driverInfo, id *uint16, parent uintptr, descripto
 	}
 	r0, _, _ := syscall.Syscall6(procCreateSandboxLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(parent), uintptr(unsafe.Pointer(_p1)), uintptr(len(descriptors)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -173,7 +184,10 @@ func _expandSandboxSize(info *driverInfo, id *uint16, size uint64) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procExpandSandboxSize.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(size))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -193,7 +207,10 @@ func _deactivateLayer(info *driverInfo, id *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procDeactivateLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -213,7 +230,10 @@ func _destroyLayer(info *driverInfo, id *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procDestroyLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -242,7 +262,10 @@ func _exportLayer(info *driverInfo, id *uint16, path *uint16, descriptors []WC_L
 	}
 	r0, _, _ := syscall.Syscall6(procExportLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -262,7 +285,10 @@ func _getLayerMountPath(info *driverInfo, id *uint16, length *uintptr, buffer *u
 	}
 	r0, _, _ := syscall.Syscall6(procGetLayerMountPath.Addr(), 4, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(length)), uintptr(unsafe.Pointer(buffer)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -273,7 +299,10 @@ func getBaseImages(buffer **uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procGetBaseImages.Addr(), 1, uintptr(unsafe.Pointer(buffer)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -302,7 +331,10 @@ func _importLayer(info *driverInfo, id *uint16, path *uint16, descriptors []WC_L
 	}
 	r0, _, _ := syscall.Syscall6(procImportLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -322,7 +354,10 @@ func _layerExists(info *driverInfo, id *uint16, exists *uint32) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procLayerExists.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(exists)))
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -342,7 +377,10 @@ func _nameToGuid(name *uint16, guid *_guid) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procNameToGuid.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(guid)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -366,7 +404,10 @@ func _prepareLayer(info *driverInfo, id *uint16, descriptors []WC_LAYER_DESCRIPT
 	}
 	r0, _, _ := syscall.Syscall6(procPrepareLayer.Addr(), 4, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(_p1)), uintptr(len(descriptors)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -386,7 +427,10 @@ func _unprepareLayer(info *driverInfo, id *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procUnprepareLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -406,7 +450,10 @@ func _processBaseImage(path *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procProcessBaseImage.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -426,7 +473,10 @@ func _processUtilityImage(path *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procProcessUtilityImage.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }
@@ -451,7 +501,10 @@ func _grantVmAccess(vmid *uint16, filepath *uint16) (hr error) {
 	}
 	r0, _, _ := syscall.Syscall(procGrantVmAccess.Addr(), 2, uintptr(unsafe.Pointer(vmid)), uintptr(unsafe.Pointer(filepath)), 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }

vendor/github.com/Microsoft/hcsshim/mksyscall_windows.go

@@ -300,7 +300,10 @@ func (r *Rets) SetErrorCode() string {
 		%s = %sErrno(r0)
 	}`
 	const hrCode = `if int32(r0) < 0 {
-		%s = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		%s = %sErrno(r0)
 	}`
 	if r.Name == "" && !r.ReturnsError {
 		return ""
@@ -310,7 +313,7 @@ func (r *Rets) SetErrorCode() string {
 	}
 	if r.Type == "error" {
 		if r.Name == "hr" {
-			return fmt.Sprintf(hrCode, r.Name)
+			return fmt.Sprintf(hrCode, r.Name, syscalldot())
 		} else {
 			return fmt.Sprintf(code, r.Name, syscalldot())
 		}
@@ -773,7 +776,6 @@ func (src *Source) Generate(w io.Writer) error {
 			src.ExternalImport("golang.org/x/sys/windows")
 		}
 	}
-	src.ExternalImport("github.com/Microsoft/hcsshim/internal/interop")
 	if *winio {
 		src.ExternalImport("github.com/Microsoft/go-winio")
 	}
@@ -788,6 +790,9 @@ func (src *Source) Generate(w io.Writer) error {
 			if !*systemDLL {
 				return syscalldot() + "NewLazyDLL(" + arg + ")"
 			}
+			if strings.HasPrefix(dll, "api_") || strings.HasPrefix(dll, "ext_") {
+				arg = strings.Replace(arg, "_", "-", -1)
+			}
 			switch pkgtype {
 			case pkgStd:
 				return syscalldot() + "NewLazyDLL(sysdll.Add(" + arg + "))"

vendor/github.com/Microsoft/hcsshim/vendor.conf

@@ -0,0 +1,21 @@
+github.com/blang/semver v3.1.0
+github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23
+github.com/containerd/go-runc 5a6d9f37cfa36b15efba46dc7ea349fa9b7143c3
+github.com/hashicorp/errwrap 7554cd9344cec97297fa6649b055a8c98c2a1e55
+github.com/hashicorp/go-multierror ed905158d87462226a13fe39ddf685ea65f1c11f
+github.com/konsorten/go-windows-terminal-sequences v1.0.1
+github.com/linuxkit/virtsock 8e79449dea0735c1c056d814934dd035734cc97c
+github.com/Microsoft/go-winio 16cfc975803886a5e47c4257a24c8d8c52e178b2
+github.com/Microsoft/opengcs v0.3.9
+github.com/opencontainers/runtime-spec eba862dc2470385a233c7507392675cbeadf7353
+github.com/opencontainers/runtime-tools 1d69bd0f9c39677d0630e50664fbc3154ae61b88
+github.com/pkg/errors v0.8.1
+github.com/sirupsen/logrus v1.3.0
+github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
+github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
+github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6
+github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b
+github.com/xeipuuv/gojsonschema 1d523034197ff1f222f6429836dd36a2457a1874
+golang.org/x/crypto ff983b9c42bc9fbf91556e191cc8efb585c16908
+golang.org/x/sync 37e7f081c4d4c64e13b10787722085407fe5d15f
+golang.org/x/sys e5ecc2a6747ce8d4af18ed98b3de5ae30eb3a5bb

vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go

@@ -6,7 +6,6 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/Microsoft/hcsshim/internal/interop"
 	"golang.org/x/sys/windows"
 )
 
@@ -46,7 +45,10 @@ var (
 func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
 	r0, _, _ := syscall.Syscall(procSetCurrentThreadCompartmentId.Addr(), 1, uintptr(compartmentId), 0, 0)
 	if int32(r0) < 0 {
-		hr = interop.Win32FromHresult(r0)
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
 	return
 }

vendor/github.com/containerd/containerd/api/next.pb.txt

@@ -1764,6 +1764,34 @@ file {
       type: TYPE_INT64
       json_name: "size"
     }
+    field {
+      name: "annotations"
+      number: 5
+      label: LABEL_REPEATED
+      type: TYPE_MESSAGE
+      type_name: ".containerd.types.Descriptor.AnnotationsEntry"
+      json_name: "annotations"
+    }
+    nested_type {
+      name: "AnnotationsEntry"
+      field {
+        name: "key"
+        number: 1
+        label: LABEL_OPTIONAL
+        type: TYPE_STRING
+        json_name: "key"
+      }
+      field {
+        name: "value"
+        number: 2
+        label: LABEL_OPTIONAL
+        type: TYPE_STRING
+        json_name: "value"
+      }
+      options {
+        map_entry: true
+      }
+    }
   }
   options {
     go_package: "github.com/containerd/containerd/api/types;types"

vendor/github.com/containerd/containerd/api/types/descriptor.pb.go

@@ -28,6 +28,7 @@ import github_com_opencontainers_go_digest "github.com/opencontainers/go-digest"
 
 import strings "strings"
 import reflect "reflect"
+import sortkeys "github.com/gogo/protobuf/sortkeys"
 
 import io "io"
 
@@ -48,9 +49,10 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 // oci descriptor found in a manifest.
 // See https://godoc.org/github.com/opencontainers/image-spec/specs-go/v1#Descriptor
 type Descriptor struct {
-	MediaType string                                     `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"`
+	MediaType   string                                     `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"`
-	Digest    github_com_opencontainers_go_digest.Digest `protobuf:"bytes,2,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
+	Digest      github_com_opencontainers_go_digest.Digest `protobuf:"bytes,2,opt,name=digest,proto3,customtype=github.com/opencontainers/go-digest.Digest" json:"digest"`
-	Size_     int64                                      `protobuf:"varint,3,opt,name=size,proto3" json:"size,omitempty"`
+	Size_       int64                                      `protobuf:"varint,3,opt,name=size,proto3" json:"size,omitempty"`
+	Annotations map[string]string                          `protobuf:"bytes,5,rep,name=annotations" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 }
 
 func (m *Descriptor) Reset()                    { *m = Descriptor{} }
@@ -92,6 +94,23 @@ func (m *Descriptor) MarshalTo(dAtA []byte) (int, error) {
 		i++
 		i = encodeVarintDescriptor(dAtA, i, uint64(m.Size_))
 	}
+	if len(m.Annotations) > 0 {
+		for k, _ := range m.Annotations {
+			dAtA[i] = 0x2a
+			i++
+			v := m.Annotations[k]
+			mapSize := 1 + len(k) + sovDescriptor(uint64(len(k))) + 1 + len(v) + sovDescriptor(uint64(len(v)))
+			i = encodeVarintDescriptor(dAtA, i, uint64(mapSize))
+			dAtA[i] = 0xa
+			i++
+			i = encodeVarintDescriptor(dAtA, i, uint64(len(k)))
+			i += copy(dAtA[i:], k)
+			dAtA[i] = 0x12
+			i++
+			i = encodeVarintDescriptor(dAtA, i, uint64(len(v)))
+			i += copy(dAtA[i:], v)
+		}
+	}
 	return i, nil
 }
 
@@ -118,6 +137,14 @@ func (m *Descriptor) Size() (n int) {
 	if m.Size_ != 0 {
 		n += 1 + sovDescriptor(uint64(m.Size_))
 	}
+	if len(m.Annotations) > 0 {
+		for k, v := range m.Annotations {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovDescriptor(uint64(len(k))) + 1 + len(v) + sovDescriptor(uint64(len(v)))
+			n += mapEntrySize + 1 + sovDescriptor(uint64(mapEntrySize))
+		}
+	}
 	return n
 }
 
@@ -138,10 +165,21 @@ func (this *Descriptor) String() string {
 	if this == nil {
 		return "nil"
 	}
+	keysForAnnotations := make([]string, 0, len(this.Annotations))
+	for k, _ := range this.Annotations {
+		keysForAnnotations = append(keysForAnnotations, k)
+	}
+	sortkeys.Strings(keysForAnnotations)
+	mapStringForAnnotations := "map[string]string{"
+	for _, k := range keysForAnnotations {
+		mapStringForAnnotations += fmt.Sprintf("%v: %v,", k, this.Annotations[k])
+	}
+	mapStringForAnnotations += "}"
 	s := strings.Join([]string{`&Descriptor{`,
 		`MediaType:` + fmt.Sprintf("%v", this.MediaType) + `,`,
 		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
 		`Size_:` + fmt.Sprintf("%v", this.Size_) + `,`,
+		`Annotations:` + mapStringForAnnotations + `,`,
 		`}`,
 	}, "")
 	return s
@@ -260,6 +298,124 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowDescriptor
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthDescriptor
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Annotations == nil {
+				m.Annotations = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowDescriptor
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowDescriptor
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= (uint64(b) & 0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthDescriptor
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowDescriptor
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= (uint64(b) & 0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthDescriptor
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipDescriptor(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if skippy < 0 {
+						return ErrInvalidLengthDescriptor
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.Annotations[mapkey] = mapvalue
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipDescriptor(dAtA[iNdEx:])
@@ -391,20 +547,25 @@ func init() {
 }
 
 var fileDescriptorDescriptor = []byte{
-	// 234 bytes of a gzipped FileDescriptorProto
+	// 311 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4e, 0xcf, 0x2c, 0xc9,
 	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0xcf, 0x2b, 0x49, 0xcc, 0xcc, 0x4b, 0x2d,
 	0x4a, 0x41, 0x66, 0x26, 0x16, 0x64, 0xea, 0x97, 0x54, 0x16, 0xa4, 0x16, 0xeb, 0xa7, 0xa4, 0x16,
 	0x27, 0x17, 0x65, 0x16, 0x94, 0xe4, 0x17, 0xe9, 0x15, 0x14, 0xe5, 0x97, 0xe4, 0x0b, 0x09, 0x20,
 	0x94, 0xe9, 0x81, 0x95, 0x48, 0x89, 0xa4, 0xe7, 0xa7, 0xe7, 0x83, 0x25, 0xf5, 0x41, 0x2c, 0x88,
-	0x3a, 0xa5, 0x6e, 0x46, 0x2e, 0x2e, 0x17, 0xb8, 0x66, 0x21, 0x59, 0x2e, 0xae, 0xdc, 0xd4, 0x94,
+	0x3a, 0xa5, 0x39, 0x4c, 0x5c, 0x5c, 0x2e, 0x70, 0xcd, 0x42, 0xb2, 0x5c, 0x5c, 0xb9, 0xa9, 0x29,
-	0xcc, 0xc4, 0x78, 0x90, 0x1e, 0x09, 0x46, 0x05, 0x46, 0x0d, 0xce, 0x20, 0x4e, 0xb0, 0x48, 0x48,
+	0x99, 0x89, 0xf1, 0x20, 0x3d, 0x12, 0x8c, 0x0a, 0x8c, 0x1a, 0x9c, 0x41, 0x9c, 0x60, 0x91, 0x90,
-	0x65, 0x41, 0xaa, 0x90, 0x17, 0x17, 0x5b, 0x4a, 0x66, 0x7a, 0x6a, 0x71, 0x89, 0x04, 0x13, 0x48,
+	0xca, 0x82, 0x54, 0x21, 0x2f, 0x2e, 0xb6, 0x94, 0xcc, 0xf4, 0xd4, 0xe2, 0x12, 0x09, 0x26, 0x90,
-	0xca, 0xc9, 0xe8, 0xc4, 0x3d, 0x79, 0x86, 0x5b, 0xf7, 0xe4, 0xb5, 0x90, 0x9c, 0x9a, 0x5f, 0x90,
+	0x94, 0x93, 0xd1, 0x89, 0x7b, 0xf2, 0x0c, 0xb7, 0xee, 0xc9, 0x6b, 0x21, 0x39, 0x35, 0xbf, 0x20,
-	0x9a, 0x07, 0xb7, 0xbc, 0x58, 0x3f, 0x3d, 0x5f, 0x17, 0xa2, 0x45, 0xcf, 0x05, 0x4c, 0x05, 0x41,
+	0x35, 0x0f, 0x6e, 0x79, 0xb1, 0x7e, 0x7a, 0xbe, 0x2e, 0x44, 0x8b, 0x9e, 0x0b, 0x98, 0x0a, 0x82,
-	0x4d, 0x10, 0x12, 0xe2, 0x62, 0x29, 0xce, 0xac, 0x4a, 0x95, 0x60, 0x56, 0x60, 0xd4, 0x60, 0x0e,
+	0x9a, 0x20, 0x24, 0xc4, 0xc5, 0x52, 0x9c, 0x59, 0x95, 0x2a, 0xc1, 0xac, 0xc0, 0xa8, 0xc1, 0x1c,
-	0x02, 0xb3, 0x9d, 0xbc, 0x4e, 0x3c, 0x94, 0x63, 0xb8, 0xf1, 0x50, 0x8e, 0xa1, 0xe1, 0x91, 0x1c,
+	0x04, 0x66, 0x0b, 0xf9, 0x73, 0x71, 0x27, 0xe6, 0xe5, 0xe5, 0x97, 0x24, 0x96, 0x64, 0xe6, 0xe7,
-	0xe3, 0x89, 0x47, 0x72, 0x8c, 0x17, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x18, 0x65, 0x40,
+	0x15, 0x4b, 0xb0, 0x2a, 0x30, 0x6b, 0x70, 0x1b, 0xe9, 0xea, 0xa1, 0xfb, 0x45, 0x0f, 0xe1, 0x62,
-	0x7c, 0x60, 0x58, 0x83, 0xc9, 0x08, 0x86, 0x24, 0x36, 0xb0, 0x17, 0x8d, 0x01, 0x01, 0x00, 0x00,
+	0x3d, 0x47, 0x84, 0x7a, 0xd7, 0xbc, 0x92, 0xa2, 0xca, 0x20, 0x64, 0x13, 0xa4, 0xec, 0xb8, 0x04,
-	0xff, 0xff, 0xea, 0xac, 0x78, 0x9a, 0x49, 0x01, 0x00, 0x00,
+	0xd0, 0x15, 0x08, 0x09, 0x70, 0x31, 0x67, 0xa7, 0x56, 0x42, 0x3d, 0x07, 0x62, 0x0a, 0x89, 0x70,
+	0xb1, 0x96, 0x25, 0xe6, 0x94, 0xa6, 0x42, 0x7c, 0x15, 0x04, 0xe1, 0x58, 0x31, 0x59, 0x30, 0x3a,
+	0x79, 0x9d, 0x78, 0x28, 0xc7, 0x70, 0xe3, 0xa1, 0x1c, 0x43, 0xc3, 0x23, 0x39, 0xc6, 0x13, 0x8f,
+	0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x31, 0xca, 0x80, 0xf8, 0xd8, 0xb1,
+	0x06, 0x93, 0x11, 0x0c, 0x49, 0x6c, 0xe0, 0x30, 0x37, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x22,
+	0x8a, 0x20, 0x4a, 0xda, 0x01, 0x00, 0x00,
 }

vendor/github.com/containerd/containerd/api/types/descriptor.proto

@@ -15,4 +15,5 @@ message Descriptor {
 	string media_type = 1;
 	string digest = 2 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
 	int64 size = 3;
+	map<string, string> annotations = 5;
 }

vendor/github.com/containerd/containerd/cmd/containerd-shim/main_unix.go

@@ -23,6 +23,7 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"io"
 	"net"
 	"os"
 	"os/exec"
@@ -36,6 +37,7 @@ import (
 
 	"github.com/containerd/containerd/events"
 	"github.com/containerd/containerd/namespaces"
+	shimlog "github.com/containerd/containerd/runtime/v1"
 	"github.com/containerd/containerd/runtime/v1/linux/proc"
 	"github.com/containerd/containerd/runtime/v1/shim"
 	shimapi "github.com/containerd/containerd/runtime/v1/shim/v1"
@@ -92,12 +94,42 @@ func main() {
 		runtime.GOMAXPROCS(2)
 	}
 
+	stdout, stderr, err := openStdioKeepAlivePipes(workdirFlag)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "containerd-shim: %s\n", err)
+		os.Exit(1)
+	}
+	defer func() {
+		stdout.Close()
+		stderr.Close()
+	}()
+
+	// redirect the following output into fifo to make sure that containerd
+	// still can read the log after restart
+	logrus.SetOutput(stdout)
+
 	if err := executeShim(); err != nil {
 		fmt.Fprintf(os.Stderr, "containerd-shim: %s\n", err)
 		os.Exit(1)
 	}
 }
 
+// If containerd server process dies, we need the shim to keep stdout/err reader
+// FDs so that Linux does not SIGPIPE the shim process if it tries to use its end of
+// these pipes.
+func openStdioKeepAlivePipes(dir string) (io.ReadWriteCloser, io.ReadWriteCloser, error) {
+	background := context.Background()
+	keepStdoutAlive, err := shimlog.OpenShimStdoutLog(background, dir)
+	if err != nil {
+		return nil, nil, err
+	}
+	keepStderrAlive, err := shimlog.OpenShimStderrLog(background, dir)
+	if err != nil {
+		return nil, nil, err
+	}
+	return keepStdoutAlive, keepStderrAlive, nil
+}
+
 func executeShim() error {
 	// start handling signals as soon as possible so that things are properly reaped
 	// or if runtime exits before we hit the handler

vendor/github.com/containerd/containerd/content/local/writer.go

@@ -74,6 +74,9 @@ func (w *writer) Write(p []byte) (n int, err error) {
 }
 
 func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error {
+	// Ensure even on error the writer is fully closed
+	defer unlock(w.ref)
+
 	var base content.Info
 	for _, opt := range opts {
 		if err := opt(&base); err != nil {
@@ -81,8 +84,6 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
 		}
 	}
 
-	// Ensure even on error the writer is fully closed
-	defer unlock(w.ref)
 	fp := w.fp
 	w.fp = nil
 

vendor/github.com/containerd/containerd/diff.go

@@ -80,17 +80,19 @@ func (r *diffRemote) Compare(ctx context.Context, a, b []mount.Mount, opts ...di
 
 func toDescriptor(d *types.Descriptor) ocispec.Descriptor {
 	return ocispec.Descriptor{
-		MediaType: d.MediaType,
+		MediaType:   d.MediaType,
-		Digest:    d.Digest,
+		Digest:      d.Digest,
-		Size:      d.Size_,
+		Size:        d.Size_,
+		Annotations: d.Annotations,
 	}
 }
 
 func fromDescriptor(d ocispec.Descriptor) *types.Descriptor {
 	return &types.Descriptor{
-		MediaType: d.MediaType,
+		MediaType:   d.MediaType,
-		Digest:    d.Digest,
+		Digest:      d.Digest,
-		Size_:     d.Size,
+		Size_:       d.Size,
+		Annotations: d.Annotations,
 	}
 }
 

vendor/github.com/containerd/containerd/diff/walking/differ.go

@@ -106,14 +106,15 @@ func (s *walkingDiff) Compare(ctx context.Context, lower, upper []mount.Mount, o
 				}
 			}()
 			if !newReference {
-				if err := cw.Truncate(0); err != nil {
+				if err = cw.Truncate(0); err != nil {
 					return err
 				}
 			}
 
 			if isCompressed {
 				dgstr := digest.SHA256.Digester()
-				compressed, err := compression.CompressStream(cw, compression.Gzip)
+				var compressed io.WriteCloser
+				compressed, err = compression.CompressStream(cw, compression.Gzip)
 				if err != nil {
 					return errors.Wrap(err, "failed to get compressed stream")
 				}

vendor/github.com/containerd/containerd/image_store.go

@@ -137,16 +137,18 @@ func imagesFromProto(imagespb []imagesapi.Image) []images.Image {
 
 func descFromProto(desc *types.Descriptor) ocispec.Descriptor {
 	return ocispec.Descriptor{
-		MediaType: desc.MediaType,
+		MediaType:   desc.MediaType,
-		Size:      desc.Size_,
+		Size:        desc.Size_,
-		Digest:    desc.Digest,
+		Digest:      desc.Digest,
+		Annotations: desc.Annotations,
 	}
 }
 
 func descToProto(desc *ocispec.Descriptor) types.Descriptor {
 	return types.Descriptor{
-		MediaType: desc.MediaType,
+		MediaType:   desc.MediaType,
-		Size_:     desc.Size,
+		Size_:       desc.Size,
-		Digest:    desc.Digest,
+		Digest:      desc.Digest,
+		Annotations: desc.Annotations,
 	}
 }

vendor/github.com/containerd/containerd/metadata/adaptors.go

@@ -51,6 +51,8 @@ func adaptImage(o interface{}) filters.Adaptor {
 			return checkMap(fieldpath[1:], obj.Labels)
 			// TODO(stevvooe): Greater/Less than filters would be awesome for
 			// size. Let's do it!
+		case "annotations":
+			return checkMap(fieldpath[1:], obj.Target.Annotations)
 		}
 
 		return "", false

vendor/github.com/containerd/containerd/metadata/boltutil/helpers.go

@@ -24,15 +24,26 @@ import (
 )
 
 var (
-	bucketKeyLabels    = []byte("labels")
+	bucketKeyAnnotations = []byte("annotations")
-	bucketKeyCreatedAt = []byte("createdat")
+	bucketKeyLabels      = []byte("labels")
-	bucketKeyUpdatedAt = []byte("updatedat")
+	bucketKeyCreatedAt   = []byte("createdat")
+	bucketKeyUpdatedAt   = []byte("updatedat")
 )
 
 // ReadLabels reads the labels key from the bucket
 // Uses the key "labels"
 func ReadLabels(bkt *bolt.Bucket) (map[string]string, error) {
-	lbkt := bkt.Bucket(bucketKeyLabels)
+	return readMap(bkt, bucketKeyLabels)
+}
+
+// ReadAnnotations reads the OCI Descriptor Annotations key from the bucket
+// Uses the key "annotations"
+func ReadAnnotations(bkt *bolt.Bucket) (map[string]string, error) {
+	return readMap(bkt, bucketKeyAnnotations)
+}
+
+func readMap(bkt *bolt.Bucket, bucketName []byte) (map[string]string, error) {
+	lbkt := bkt.Bucket(bucketName)
 	if lbkt == nil {
 		return nil, nil
 	}
@@ -53,9 +64,18 @@ func ReadLabels(bkt *bolt.Bucket) (map[string]string, error) {
 // bucket. Typically, this removes zero-value entries.
 // Uses the key "labels"
 func WriteLabels(bkt *bolt.Bucket, labels map[string]string) error {
+	return writeMap(bkt, bucketKeyLabels, labels)
+}
+
+// WriteAnnotations writes the OCI Descriptor Annotations
+func WriteAnnotations(bkt *bolt.Bucket, labels map[string]string) error {
+	return writeMap(bkt, bucketKeyAnnotations, labels)
+}
+
+func writeMap(bkt *bolt.Bucket, bucketName []byte, labels map[string]string) error {
 	// Remove existing labels to keep from merging
-	if lbkt := bkt.Bucket(bucketKeyLabels); lbkt != nil {
+	if lbkt := bkt.Bucket(bucketName); lbkt != nil {
-		if err := bkt.DeleteBucket(bucketKeyLabels); err != nil {
+		if err := bkt.DeleteBucket(bucketName); err != nil {
 			return err
 		}
 	}
@@ -64,7 +84,7 @@ func WriteLabels(bkt *bolt.Bucket, labels map[string]string) error {
 		return nil
 	}
 
-	lbkt, err := bkt.CreateBucket(bucketKeyLabels)
+	lbkt, err := bkt.CreateBucket(bucketName)
 	if err != nil {
 		return err
 	}

vendor/github.com/containerd/containerd/metadata/images.go

@@ -192,6 +192,14 @@ func (s *imageStore) Update(ctx context.Context, image images.Image, fieldpaths
 					key := strings.TrimPrefix(path, "labels.")
 					updated.Labels[key] = image.Labels[key]
 					continue
+				} else if strings.HasPrefix(path, "annotations.") {
+					if updated.Target.Annotations == nil {
+						updated.Target.Annotations = map[string]string{}
+					}
+
+					key := strings.TrimPrefix(path, "annotations.")
+					updated.Target.Annotations[key] = image.Target.Annotations[key]
+					continue
 				}
 
 				switch path {
@@ -204,6 +212,8 @@ func (s *imageStore) Update(ctx context.Context, image images.Image, fieldpaths
 					// make sense to modify the size or digest without touching the
 					// mediatype, as well, for example.
 					updated.Target = image.Target
+				case "annotations":
+					updated.Target.Annotations = image.Target.Annotations
 				default:
 					return errors.Wrapf(errdefs.ErrInvalidArgument, "cannot update %q field on image %q", path, image.Name)
 				}
@@ -298,6 +308,11 @@ func readImage(image *images.Image, bkt *bolt.Bucket) error {
 	}
 	image.Labels = labels
 
+	image.Target.Annotations, err = boltutil.ReadAnnotations(bkt)
+	if err != nil {
+		return err
+	}
+
 	tbkt := bkt.Bucket(bucketKeyTarget)
 	if tbkt == nil {
 		return errors.New("unable to read target bucket")
@@ -331,6 +346,10 @@ func writeImage(bkt *bolt.Bucket, image *images.Image) error {
 		return errors.Wrapf(err, "writing labels for image %v", image.Name)
 	}
 
+	if err := boltutil.WriteAnnotations(bkt, image.Target.Annotations); err != nil {
+		return errors.Wrapf(err, "writing Annotations for image %v", image.Name)
+	}
+
 	// write the target bucket
 	tbkt, err := bkt.CreateBucketIfNotExists(bucketKeyTarget)
 	if err != nil {

vendor/github.com/containerd/containerd/platforms/compare.go

@@ -29,11 +29,48 @@ type MatchComparer interface {
 // Only returns a match comparer for a single platform
 // using default resolution logic for the platform.
 //
+// For ARMv8, will also match ARMv7, ARMv6 and ARMv5 (for 32bit runtimes)
 // For ARMv7, will also match ARMv6 and ARMv5
 // For ARMv6, will also match ARMv5
 func Only(platform specs.Platform) MatchComparer {
 	platform = Normalize(platform)
 	if platform.Architecture == "arm" {
+		if platform.Variant == "v8" {
+			return orderedPlatformComparer{
+				matchers: []Matcher{
+					&matcher{
+						Platform: platform,
+					},
+					&matcher{
+						Platform: specs.Platform{
+							Architecture: platform.Architecture,
+							OS:           platform.OS,
+							OSVersion:    platform.OSVersion,
+							OSFeatures:   platform.OSFeatures,
+							Variant:      "v7",
+						},
+					},
+					&matcher{
+						Platform: specs.Platform{
+							Architecture: platform.Architecture,
+							OS:           platform.OS,
+							OSVersion:    platform.OSVersion,
+							OSFeatures:   platform.OSFeatures,
+							Variant:      "v6",
+						},
+					},
+					&matcher{
+						Platform: specs.Platform{
+							Architecture: platform.Architecture,
+							OS:           platform.OS,
+							OSVersion:    platform.OSVersion,
+							OSFeatures:   platform.OSFeatures,
+							Variant:      "v5",
+						},
+					},
+				},
+			}
+		}
 		if platform.Variant == "v7" {
 			return orderedPlatformComparer{
 				matchers: []Matcher{

vendor/github.com/containerd/containerd/platforms/cpuinfo.go

@@ -97,7 +97,7 @@ func getCPUVariant() string {
 	}
 
 	switch variant {
-	case "8":
+	case "8", "AArch64":
 		variant = "v8"
 	case "7", "7M", "?(12)", "?(13)", "?(14)", "?(15)", "?(16)", "?(17)":
 		variant = "v7"

vendor/github.com/containerd/containerd/remotes/docker/authorizer.go

@@ -31,6 +31,7 @@ import (
 
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/version"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context/ctxhttp"
@@ -40,6 +41,7 @@ type dockerAuthorizer struct {
 	credentials func(string) (string, string, error)
 
 	client *http.Client
+	ua     string
 	mu     sync.Mutex
 
 	auth map[string]string
@@ -54,6 +56,7 @@ func NewAuthorizer(client *http.Client, f func(string) (string, string, error))
 	return &dockerAuthorizer{
 		credentials: f,
 		client:      client,
+		ua:          "containerd/" + version.Version,
 		auth:        map[string]string{},
 	}
 }
@@ -194,7 +197,16 @@ func (a *dockerAuthorizer) fetchTokenWithOAuth(ctx context.Context, to tokenOpti
 		form.Set("password", to.secret)
 	}
 
-	resp, err := ctxhttp.PostForm(ctx, a.client, to.realm, form)
+	req, err := http.NewRequest("POST", to.realm, strings.NewReader(form.Encode()))
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
+	if a.ua != "" {
+		req.Header.Set("User-Agent", a.ua)
+	}
+
+	resp, err := ctxhttp.Do(ctx, a.client, req)
 	if err != nil {
 		return "", err
 	}
@@ -240,6 +252,10 @@ func (a *dockerAuthorizer) fetchToken(ctx context.Context, to tokenOptions) (str
 		return "", err
 	}
 
+	if a.ua != "" {
+		req.Header.Set("User-Agent", a.ua)
+	}
+
 	reqParams := req.URL.Query()
 
 	if to.service != "" {

vendor/github.com/containerd/containerd/remotes/docker/resolver.go

@@ -29,6 +29,7 @@ import (
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/reference"
 	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/version"
 	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -105,6 +106,7 @@ func DefaultHost(ns string) (string, error) {
 type dockerResolver struct {
 	auth      Authorizer
 	host      func(string) (string, error)
+	uagent    string
 	plainHTTP bool
 	client    *http.Client
 	tracker   StatusTracker
@@ -118,12 +120,15 @@ func NewResolver(options ResolverOptions) remotes.Resolver {
 	if options.Host == nil {
 		options.Host = DefaultHost
 	}
+	ua := "containerd/" + version.Version
 	if options.Authorizer == nil {
 		options.Authorizer = NewAuthorizer(options.Client, options.Credentials)
+		options.Authorizer.(*dockerAuthorizer).ua = ua
 	}
 	return &dockerResolver{
 		auth:      options.Authorizer,
 		host:      options.Host,
+		uagent:    ua,
 		plainHTTP: options.PlainHTTP,
 		client:    options.Client,
 		tracker:   options.Tracker,
@@ -293,6 +298,7 @@ func (r *dockerResolver) Pusher(ctx context.Context, ref string) (remotes.Pusher
 type dockerBase struct {
 	refspec reference.Spec
 	base    url.URL
+	uagent  string
 
 	client *http.Client
 	auth   Authorizer
@@ -324,6 +330,7 @@ func (r *dockerResolver) base(refspec reference.Spec) (*dockerBase, error) {
 	return &dockerBase{
 		refspec: refspec,
 		base:    base,
+		uagent:  r.uagent,
 		client:  r.client,
 		auth:    r.auth,
 	}, nil
@@ -349,6 +356,7 @@ func (r *dockerBase) authorize(ctx context.Context, req *http.Request) error {
 func (r *dockerBase) doRequest(ctx context.Context, req *http.Request) (*http.Response, error) {
 	ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", req.URL.String()))
 	log.G(ctx).WithField("request.headers", req.Header).WithField("request.method", req.Method).Debug("do request")
+	req.Header.Set("User-Agent", r.uagent)
 	if err := r.authorize(ctx, req); err != nil {
 		return nil, errors.Wrap(err, "failed to authorize")
 	}

vendor/github.com/containerd/containerd/remotes/resolver.go

@@ -72,9 +72,9 @@ func (fn FetcherFunc) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.Re
 
 // PusherFunc allows package users to implement a Pusher with just a
 // function.
-type PusherFunc func(ctx context.Context, desc ocispec.Descriptor, r io.Reader) error
+type PusherFunc func(ctx context.Context, desc ocispec.Descriptor) (content.Writer, error)
 
 // Push content
-func (fn PusherFunc) Push(ctx context.Context, desc ocispec.Descriptor, r io.Reader) error {
+func (fn PusherFunc) Push(ctx context.Context, desc ocispec.Descriptor) (content.Writer, error) {
-	return fn(ctx, desc, r)
+	return fn(ctx, desc)
 }

vendor/github.com/containerd/containerd/runtime/v1/linux/proc/deleted_state.go

@@ -22,6 +22,7 @@ import (
 	"context"
 
 	"github.com/containerd/console"
+	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/runtime/proc"
 	google_protobuf "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
@@ -55,11 +56,11 @@ func (s *deletedState) Start(ctx context.Context) error {
 }
 
 func (s *deletedState) Delete(ctx context.Context) error {
-	return errors.Errorf("cannot delete a deleted process")
+	return errors.Wrap(errdefs.ErrNotFound, "cannot delete a deleted process")
 }
 
 func (s *deletedState) Kill(ctx context.Context, sig uint32, all bool) error {
-	return errors.Errorf("cannot kill a deleted process")
+	return errors.Wrap(errdefs.ErrNotFound, "cannot kill a deleted process")
 }
 
 func (s *deletedState) SetExited(status int) {

vendor/github.com/containerd/containerd/runtime/v1/linux/runtime.go

@@ -21,6 +21,7 @@ package linux
 import (
 	"context"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -40,6 +41,7 @@ import (
 	"github.com/containerd/containerd/plugin"
 	"github.com/containerd/containerd/runtime"
 	"github.com/containerd/containerd/runtime/linux/runctypes"
+	"github.com/containerd/containerd/runtime/v1"
 	"github.com/containerd/containerd/runtime/v1/linux/proc"
 	shim "github.com/containerd/containerd/runtime/v1/shim/v1"
 	runc "github.com/containerd/go-runc"
@@ -351,6 +353,38 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) {
 			continue
 		}
 
+		logDirPath := filepath.Join(r.root, ns, id)
+
+		shimStdoutLog, err := v1.OpenShimStdoutLog(ctx, logDirPath)
+		if err != nil {
+			log.G(ctx).WithError(err).WithFields(logrus.Fields{
+				"id":         id,
+				"namespace":  ns,
+				"logDirPath": logDirPath,
+			}).Error("opening shim stdout log pipe")
+			continue
+		}
+		if r.config.ShimDebug {
+			go io.Copy(os.Stdout, shimStdoutLog)
+		} else {
+			go io.Copy(ioutil.Discard, shimStdoutLog)
+		}
+
+		shimStderrLog, err := v1.OpenShimStderrLog(ctx, logDirPath)
+		if err != nil {
+			log.G(ctx).WithError(err).WithFields(logrus.Fields{
+				"id":         id,
+				"namespace":  ns,
+				"logDirPath": logDirPath,
+			}).Error("opening shim stderr log pipe")
+			continue
+		}
+		if r.config.ShimDebug {
+			go io.Copy(os.Stderr, shimStderrLog)
+		} else {
+			go io.Copy(ioutil.Discard, shimStderrLog)
+		}
+
 		t, err := newTask(id, ns, pid, s, r.events, r.tasks, bundle)
 		if err != nil {
 			log.G(ctx).WithError(err).Error("loading task type")

vendor/github.com/containerd/containerd/runtime/v1/linux/task.go

@@ -87,7 +87,7 @@ func (t *Task) Namespace() string {
 // Delete the task and return the exit status
 func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) {
 	rsp, err := t.shim.Delete(ctx, empty)
-	if err != nil {
+	if err != nil && !errdefs.IsNotFound(err) {
 		return nil, errdefs.FromGRPC(err)
 	}
 	t.tasks.Delete(ctx, t.id)

vendor/github.com/containerd/containerd/runtime/v1/shim.go

@@ -0,0 +1,38 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package v1
+
+import (
+	"context"
+	"io"
+	"path/filepath"
+
+	"github.com/containerd/fifo"
+	"golang.org/x/sys/unix"
+)
+
+// OpenShimStdoutLog opens the shim log for reading
+func OpenShimStdoutLog(ctx context.Context, logDirPath string) (io.ReadWriteCloser, error) {
+	return fifo.OpenFifo(ctx, filepath.Join(logDirPath, "shim.stdout.log"), unix.O_RDWR|unix.O_CREAT|unix.O_NONBLOCK, 0700)
+}
+
+// OpenShimStderrLog opens the shim log
+func OpenShimStderrLog(ctx context.Context, logDirPath string) (io.ReadWriteCloser, error) {
+	return fifo.OpenFifo(ctx, filepath.Join(logDirPath, "shim.stderr.log"), unix.O_RDWR|unix.O_CREAT|unix.O_NONBLOCK, 0700)
+}

vendor/github.com/containerd/containerd/runtime/v1/shim/client/client.go

@@ -37,6 +37,7 @@ import (
 
 	"github.com/containerd/containerd/events"
 	"github.com/containerd/containerd/log"
+	v1 "github.com/containerd/containerd/runtime/v1"
 	"github.com/containerd/containerd/runtime/v1/shim"
 	shimapi "github.com/containerd/containerd/runtime/v1/shim/v1"
 	"github.com/containerd/containerd/sys"
@@ -62,7 +63,24 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa
 		}
 		defer f.Close()
 
-		cmd, err := newCommand(binary, daemonAddress, debug, config, f)
+		var stdoutLog io.ReadWriteCloser
+		var stderrLog io.ReadWriteCloser
+		if debug {
+			stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir)
+			if err != nil {
+				return nil, nil, errors.Wrapf(err, "failed to create stdout log")
+			}
+
+			stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir)
+			if err != nil {
+				return nil, nil, errors.Wrapf(err, "failed to create stderr log")
+			}
+
+			go io.Copy(os.Stdout, stdoutLog)
+			go io.Copy(os.Stderr, stderrLog)
+		}
+
+		cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -77,6 +95,12 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa
 		go func() {
 			cmd.Wait()
 			exitHandler()
+			if stdoutLog != nil {
+				stdoutLog.Close()
+			}
+			if stderrLog != nil {
+				stderrLog.Close()
+			}
 		}()
 		log.G(ctx).WithFields(logrus.Fields{
 			"pid":     cmd.Process.Pid,
@@ -104,7 +128,7 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa
 	}
 }
 
-func newCommand(binary, daemonAddress string, debug bool, config shim.Config, socket *os.File) (*exec.Cmd, error) {
+func newCommand(binary, daemonAddress string, debug bool, config shim.Config, socket *os.File, stdout, stderr io.Writer) (*exec.Cmd, error) {
 	selfExe, err := os.Executable()
 	if err != nil {
 		return nil, err
@@ -137,10 +161,8 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so
 	cmd.SysProcAttr = getSysProcAttr()
 	cmd.ExtraFiles = append(cmd.ExtraFiles, socket)
 	cmd.Env = append(os.Environ(), "GOMAXPROCS=2")
-	if debug {
+	cmd.Stdout = stdout
-		cmd.Stdout = os.Stdout
+	cmd.Stderr = stderr
-		cmd.Stderr = os.Stderr
-	}
 	return cmd, nil
 }
 
@@ -172,8 +194,7 @@ func WithConnect(address string, onClose func()) Opt {
 		if err != nil {
 			return nil, nil, err
 		}
-		client := ttrpc.NewClient(conn)
+		client := ttrpc.NewClient(conn, ttrpc.WithOnClose(onClose))
-		client.OnClose(onClose)
 		return shimapi.NewShimClient(client), conn, nil
 	}
 }

vendor/github.com/containerd/containerd/runtime/v1/shim/service.go

@@ -545,7 +545,7 @@ func shouldKillAllOnExit(bundlePath string) (bool, error) {
 
 	if bundleSpec.Linux != nil {
 		for _, ns := range bundleSpec.Linux.Namespaces {
-			if ns.Type == specs.PIDNamespace {
+			if ns.Type == specs.PIDNamespace && ns.Path == "" {
 				return false, nil
 			}
 		}

vendor/github.com/containerd/containerd/runtime/v2/binary.go

@@ -97,8 +97,7 @@ func (b *binary) Start(ctx context.Context) (_ *shim, err error) {
 	if err != nil {
 		return nil, err
 	}
-	client := ttrpc.NewClient(conn)
+	client := ttrpc.NewClient(conn, ttrpc.WithOnClose(func() { _ = conn.Close() }))
-	client.OnClose(func() { conn.Close() })
 	return &shim{
 		bundle:  b.bundle,
 		client:  client,

vendor/github.com/containerd/containerd/runtime/v2/shim.go

@@ -75,8 +75,7 @@ func loadShim(ctx context.Context, bundle *Bundle, events *exchange.Exchange, rt
 		}
 	}()
 
-	client := ttrpc.NewClient(conn)
+	client := ttrpc.NewClient(conn, ttrpc.WithOnClose(func() { _ = conn.Close() }))
-	client.OnClose(func() { conn.Close() })
 	s := &shim{
 		client:  client,
 		task:    task.NewTaskClient(client),
@@ -151,7 +150,7 @@ func (s *shim) Delete(ctx context.Context) (*runtime.Exit, error) {
 	response, err := s.task.Delete(ctx, &task.DeleteRequest{
 		ID: s.ID(),
 	})
-	if err != nil {
+	if err != nil && !errdefs.IsNotFound(err) {
 		return nil, errdefs.FromGRPC(err)
 	}
 	if err := s.waitShutdown(ctx); err != nil {

vendor/github.com/containerd/containerd/runtime/v2/shim_unix.go

@@ -28,5 +28,5 @@ import (
 )
 
 func openShimLog(ctx context.Context, bundle *Bundle) (io.ReadCloser, error) {
-	return fifo.OpenFifo(ctx, filepath.Join(bundle.Path, "log"), unix.O_RDWR|unix.O_CREAT, 0700)
+	return fifo.OpenFifo(ctx, filepath.Join(bundle.Path, "log"), unix.O_RDONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700)
 }

vendor/github.com/containerd/containerd/services/diff/local.go

@@ -164,16 +164,18 @@ func toMounts(apim []*types.Mount) []mount.Mount {
 
 func toDescriptor(d *types.Descriptor) ocispec.Descriptor {
 	return ocispec.Descriptor{
-		MediaType: d.MediaType,
+		MediaType:   d.MediaType,
-		Digest:    d.Digest,
+		Digest:      d.Digest,
-		Size:      d.Size_,
+		Size:        d.Size_,
+		Annotations: d.Annotations,
 	}
 }
 
 func fromDescriptor(d ocispec.Descriptor) *types.Descriptor {
 	return &types.Descriptor{
-		MediaType: d.MediaType,
+		MediaType:   d.MediaType,
-		Digest:    d.Digest,
+		Digest:      d.Digest,
-		Size_:     d.Size,
+		Size_:       d.Size,
+		Annotations: d.Annotations,
 	}
 }

vendor/github.com/containerd/containerd/services/images/helpers.go

@@ -55,16 +55,18 @@ func imageFromProto(imagepb *imagesapi.Image) images.Image {
 
 func descFromProto(desc *types.Descriptor) ocispec.Descriptor {
 	return ocispec.Descriptor{
-		MediaType: desc.MediaType,
+		MediaType:   desc.MediaType,
-		Size:      desc.Size_,
+		Size:        desc.Size_,
-		Digest:    desc.Digest,
+		Digest:      desc.Digest,
+		Annotations: desc.Annotations,
 	}
 }
 
 func descToProto(desc *ocispec.Descriptor) types.Descriptor {
 	return types.Descriptor{
-		MediaType: desc.MediaType,
+		MediaType:   desc.MediaType,
-		Size_:     desc.Size,
+		Size_:       desc.Size,
-		Digest:    desc.Digest,
+		Digest:      desc.Digest,
+		Annotations: desc.Annotations,
 	}
 }

vendor/github.com/containerd/containerd/services/server/server_solaris.go

@@ -19,7 +19,7 @@ package server
 import (
 	"context"
 
-	srvconfig "github.com/containerd/containerd/server/config"
+	srvconfig "github.com/containerd/containerd/services/server/config"
 )
 
 func apply(_ context.Context, _ *srvconfig.Config) error {

vendor/github.com/containerd/containerd/services/tasks/local.go

@@ -136,9 +136,10 @@ func (l *local) Create(ctx context.Context, r *api.CreateTaskRequest, _ ...grpc.
 			return nil, fmt.Errorf("unsupported checkpoint type %q", r.Checkpoint.MediaType)
 		}
 		reader, err := l.store.ReaderAt(ctx, ocispec.Descriptor{
-			MediaType: r.Checkpoint.MediaType,
+			MediaType:   r.Checkpoint.MediaType,
-			Digest:    r.Checkpoint.Digest,
+			Digest:      r.Checkpoint.Digest,
-			Size:      r.Checkpoint.Size_,
+			Size:        r.Checkpoint.Size_,
+			Annotations: r.Checkpoint.Annotations,
 		})
 		if err != nil {
 			return nil, err
@@ -605,9 +606,10 @@ func (l *local) writeContent(ctx context.Context, mediaType, ref string, r io.Re
 		return nil, err
 	}
 	return &types.Descriptor{
-		MediaType: mediaType,
+		MediaType:   mediaType,
-		Digest:    writer.Digest(),
+		Digest:      writer.Digest(),
-		Size_:     size,
+		Size_:       size,
+		Annotations: make(map[string]string),
 	}, nil
 }
 

vendor/github.com/containerd/containerd/task.go

@@ -554,6 +554,7 @@ func (t *task) checkpointTask(ctx context.Context, index *v1.Index, request *tas
 				OS:           goruntime.GOOS,
 				Architecture: goruntime.GOARCH,
 			},
+			Annotations: d.Annotations,
 		})
 	}
 	return nil

vendor/github.com/containerd/containerd/task_opts.go

@@ -57,9 +57,10 @@ func WithTaskCheckpoint(im Image) NewTaskOpts {
 		for _, m := range index.Manifests {
 			if m.MediaType == images.MediaTypeContainerd1Checkpoint {
 				info.Checkpoint = &types.Descriptor{
-					MediaType: m.MediaType,
+					MediaType:   m.MediaType,
-					Size_:     m.Size,
+					Size_:       m.Size,
-					Digest:    m.Digest,
+					Digest:      m.Digest,
+					Annotations: m.Annotations,
 				}
 				return nil
 			}

vendor/github.com/containerd/containerd/vendor.conf

@@ -20,7 +20,7 @@ github.com/gogo/protobuf v1.0.0
 github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef
 github.com/golang/protobuf v1.1.0
 github.com/opencontainers/runtime-spec eba862dc2470385a233c7507392675cbeadf7353 # v1.0.1-45-geba862d
-github.com/opencontainers/runc 029124da7af7360afa781a0234d1b083550f797c # v1.0.0-rc7-6-g029124da
+github.com/opencontainers/runc v1.0.0-rc8
 github.com/sirupsen/logrus v1.0.0
 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
 golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac
@@ -36,14 +36,14 @@ github.com/Microsoft/go-winio v0.4.11
 github.com/Microsoft/hcsshim v0.8.1
 google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
-github.com/containerd/ttrpc 2a805f71863501300ae1976d29f0454ae003e85a
+github.com/containerd/ttrpc f82148331ad2181edea8f3f649a1f7add6c3f9c2
 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
 gotest.tools v2.1.0
 github.com/google/go-cmp v0.1.0
 go.etcd.io/bbolt v1.3.1-etcd.8
 
 # cri dependencies
-github.com/containerd/cri eb926cd79d3bac188dcc4ed7694fc9298f8831be # release/1.2 branch
+github.com/containerd/cri 49ca74043390bc2eeea7a45a46005fbec58a3f88 # release/1.2 branch
 github.com/containerd/go-cni 40bcf8ec8acd7372be1d77031d585d5d8e561c90
 github.com/blang/semver v3.1.0
 github.com/containernetworking/cni v0.6.0
@@ -62,7 +62,7 @@ github.com/json-iterator/go 1.1.5
 github.com/modern-go/reflect2 1.0.1
 github.com/modern-go/concurrent 1.0.3
 github.com/opencontainers/runtime-tools v0.6.0
-github.com/opencontainers/selinux v1.2.1
+github.com/opencontainers/selinux v1.2.2
 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
 github.com/tchap/go-patricia v2.2.6
 github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6

vendor/github.com/containerd/containerd/version/version.go

@@ -21,7 +21,7 @@ var (
 	Package = "github.com/containerd/containerd"
 
 	// Version holds the complete version number. Filled in at linking time.
-	Version = "1.2.5+unknown"
+	Version = "1.2.7+unknown"
 
 	// Revision is filled with the VCS (e.g. git) revision being used to build
 	// the program at linking time.

vendor/github.com/containerd/ttrpc/.travis.yml

@@ -3,4 +3,15 @@ language: go
 go:
   - "1.10.x"
 
-script: go test -race -v ./...
+install:
+  - go get -u github.com/vbatts/git-validation
+  - go get -u github.com/kunalkushwaha/ltag
+  - go get -t ./...
+
+before_script:
+  - pushd ..; git clone https://github.com/containerd/project; popd
+
+script:
+  - DCO_VERBOSITY=-q ../project/script/validate/dco
+  - ../project/script/validate/fileheader ../project/
+  - go test -race -v ./...

vendor/github.com/containerd/ttrpc/README.md

@@ -50,3 +50,13 @@ TODO:
 - [ ] Document protocol layout
 - [ ] Add testing under concurrent load to ensure
 - [ ] Verify connection error handling
+
+# Project details
+
+ttrpc is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
+As a containerd sub-project, you will find the:
+ * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+
+information in our [`containerd/project`](https://github.com/containerd/project) repository.

vendor/github.com/containerd/ttrpc/client.go

@@ -24,6 +24,7 @@ import (
 	"strings"
 	"sync"
 	"syscall"
+	"time"
 
 	"github.com/gogo/protobuf/proto"
 	"github.com/pkg/errors"
@@ -48,7 +49,15 @@ type Client struct {
 	err       error
 }
 
-func NewClient(conn net.Conn) *Client {
+type ClientOpts func(c *Client)
+
+func WithOnClose(onClose func()) ClientOpts {
+	return func(c *Client) {
+		c.closeFunc = onClose
+	}
+}
+
+func NewClient(conn net.Conn, opts ...ClientOpts) *Client {
 	c := &Client{
 		codec:     codec{},
 		conn:      conn,
@@ -59,6 +68,10 @@ func NewClient(conn net.Conn) *Client {
 		closeFunc: func() {},
 	}
 
+	for _, o := range opts {
+		o(c)
+	}
+
 	go c.run()
 	return c
 }
@@ -86,6 +99,10 @@ func (c *Client) Call(ctx context.Context, service, method string, req, resp int
 		cresp = &Response{}
 	)
 
+	if dl, ok := ctx.Deadline(); ok {
+		creq.TimeoutNano = dl.Sub(time.Now()).Nanoseconds()
+	}
+
 	if err := c.dispatch(ctx, creq, cresp); err != nil {
 		return err
 	}
@@ -104,6 +121,7 @@ func (c *Client) Call(ctx context.Context, service, method string, req, resp int
 func (c *Client) dispatch(ctx context.Context, req *Request, resp *Response) error {
 	errs := make(chan error, 1)
 	call := &callRequest{
+		ctx:  ctx,
 		req:  req,
 		resp: resp,
 		errs: errs,
@@ -135,11 +153,6 @@ func (c *Client) Close() error {
 	return nil
 }
 
-// OnClose allows a close func to be called when the server is closed
-func (c *Client) OnClose(closer func()) {
-	c.closeFunc = closer
-}
-
 type message struct {
 	messageHeader
 	p   []byte
@@ -249,7 +262,7 @@ func (c *Client) recv(resp *Response, msg *message) error {
 	}
 
 	if msg.Type != messageTypeResponse {
-		return errors.New("unkown message type received")
+		return errors.New("unknown message type received")
 	}
 
 	defer c.channel.putmbuf(msg.p)

vendor/github.com/containerd/ttrpc/server.go

@@ -414,6 +414,9 @@ func (c *serverConn) run(sctx context.Context) {
 		case request := <-requests:
 			active++
 			go func(id uint32) {
+				ctx, cancel := getRequestContext(ctx, request.req)
+				defer cancel()
+
 				p, status := c.server.services.call(ctx, request.req.Service, request.req.Method, request.req.Payload)
 				resp := &Response{
 					Status:  status.Proto(),
@@ -446,7 +449,12 @@ func (c *serverConn) run(sctx context.Context) {
 			// branch. Basically, it means that we are no longer receiving
 			// requests due to a terminal error.
 			recvErr = nil // connection is now "closing"
-			if err != nil && err != io.EOF {
+			if err == io.EOF || err == io.ErrUnexpectedEOF {
+				// The client went away and we should stop processing
+				// requests, so that the client connection is closed
+				return
+			}
+			if err != nil {
 				logrus.WithError(err).Error("error receiving message")
 			}
 		case <-shutdown:
@@ -454,3 +462,15 @@ func (c *serverConn) run(sctx context.Context) {
 		}
 	}
 }
+
+var noopFunc = func() {}
+
+func getRequestContext(ctx context.Context, req *Request) (retCtx context.Context, cancel func()) {
+	cancel = noopFunc
+	if req.TimeoutNano == 0 {
+		return ctx, cancel
+	}
+
+	ctx, cancel = context.WithTimeout(ctx, time.Duration(req.TimeoutNano))
+	return ctx, cancel
+}

vendor/github.com/containerd/ttrpc/services.go

@@ -76,7 +76,7 @@ func (s *serviceSet) dispatch(ctx context.Context, serviceName, methodName strin
 		switch v := obj.(type) {
 		case proto.Message:
 			if err := proto.Unmarshal(p, v); err != nil {
-				return status.Errorf(codes.Internal, "ttrpc: error unmarshaling payload: %v", err.Error())
+				return status.Errorf(codes.Internal, "ttrpc: error unmarshalling payload: %v", err.Error())
 			}
 		default:
 			return status.Errorf(codes.Internal, "ttrpc: error unsupported request type: %T", v)

vendor/github.com/containerd/ttrpc/types.go

@@ -23,9 +23,10 @@ import (
 )
 
 type Request struct {
-	Service string `protobuf:"bytes,1,opt,name=service,proto3"`
+	Service     string `protobuf:"bytes,1,opt,name=service,proto3"`
-	Method  string `protobuf:"bytes,2,opt,name=method,proto3"`
+	Method      string `protobuf:"bytes,2,opt,name=method,proto3"`
-	Payload []byte `protobuf:"bytes,3,opt,name=payload,proto3"`
+	Payload     []byte `protobuf:"bytes,3,opt,name=payload,proto3"`
+	TimeoutNano int64  `protobuf:"varint,4,opt,name=timeout_nano,proto3"`
 }
 
 func (r *Request) Reset()         { *r = Request{} }

vendor/github.com/opencontainers/runc/VERSION

@@ -1 +1 @@
-1.0.0-rc7
+1.0.0-rc8

vendor/github.com/opencontainers/runc/exec.go

@@ -224,5 +224,5 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) {
 		}
 		p.User.AdditionalGids = append(p.User.AdditionalGids, uint32(gid))
 	}
-	return p, nil
+	return p, validateProcessSpec(p)
 }

vendor/github.com/opencontainers/runc/utils_linux.go

@@ -17,6 +17,7 @@ import (
 	"github.com/opencontainers/runc/libcontainer/specconv"
 	"github.com/opencontainers/runc/libcontainer/utils"
 	"github.com/opencontainers/runtime-spec/specs-go"
+	selinux "github.com/opencontainers/selinux/go-selinux"
 
 	"github.com/coreos/go-systemd/activation"
 	"github.com/pkg/errors"
@@ -387,6 +388,9 @@ func validateProcessSpec(spec *specs.Process) error {
 	if len(spec.Args) == 0 {
 		return fmt.Errorf("args must not be empty")
 	}
+	if spec.SelinuxLabel != "" && !selinux.GetEnabled() {
+		return fmt.Errorf("selinux label is specified in config, but selinux is disabled or not supported")
+	}
 	return nil
 }
 

vendor/github.com/opencontainers/runc/vendor.conf

@@ -5,7 +5,7 @@ github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4
 # Core libcontainer functionality.
 github.com/checkpoint-restore/go-criu v3.11
 github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
-github.com/opencontainers/selinux v1.2
+github.com/opencontainers/selinux v1.2.2
 github.com/seccomp/libseccomp-golang 84e90a91acea0f4e51e62bc1a75de18b1fc0790f
 github.com/sirupsen/logrus a3f95b5c423586578a4e099b11a46c2479628cac
 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16