2016-04-12 16:12:23 +08:00
|
|
|
// Package libcontainer provides a native Go implementation for creating containers
|
2015-02-12 09:12:03 +08:00
|
|
|
// with namespaces, cgroups, capabilities, and filesystem access controls.
|
|
|
|
|
// It allows you to manage the lifecycle of the container performing additional operations
|
|
|
|
|
// after the container is created.
|
2014-02-19 08:56:11 +08:00
|
|
|
package libcontainer
|
|
|
|
|
|
2014-12-17 17:12:23 +08:00
|
|
|
import (
|
2015-08-04 07:48:19 +08:00
|
|
|
"os"
|
2016-01-23 09:29:36 +08:00
|
|
|
"time"
|
2015-08-04 07:48:19 +08:00
|
|
|
|
2015-06-22 10:29:59 +08:00
|
|
|
"github.com/opencontainers/runc/libcontainer/configs"
|
libcontainer: Set 'status' in hook stdin
Finish off the work started in a344b2d6 (sync up `HookState` with OCI
spec `State`, 2016-12-19, #1201).
And drop HookState, since there's no need for a local alias for
specs.State.
Also set c.initProcess in newInitProcess to support OCIState calls
from within initProcess.start(). I think the cyclic references
between linuxContainer and initProcess are unfortunate, but didn't
want to address that here.
I've also left the timing of the Prestart hooks alone, although the
spec calls for them to happen before start (not as part of creation)
[1,2]. Once the timing gets fixed we can drop the
initProcessStartTime hacks which initProcess.start currently needs.
I'm not sure why we trigger the prestart hooks in response to both
procReady and procHooks. But we've had two prestart rounds in
initProcess.start since 2f276498 (Move pre-start hooks after container
mounts, 2016-02-17, #568). I've left that alone too.
I really think we should have len() guards to avoid computing the
state when .Hooks is non-nil but the particular phase we're looking at
is empty. Aleksa, however, is adamantly against them [3] citing a
risk of sloppy copy/pastes causing the hook slice being len-guarded to
diverge from the hook slice being iterated over within the guard. I
think that ort of thing is very lo-risk, because:
* We shouldn't be copy/pasting this, right? DRY for the win :).
* There's only ever a few lines between the guard and the guarded
loop. That makes broken copy/pastes easy to catch in review.
* We should have test coverage for these. Guarding with the wrong
slice is certainly not the only thing you can break with a sloppy
copy/paste.
But I'm not a maintainer ;).
[1]: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#prestart
[2]: https://github.com/opencontainers/runc/issues/1710
[3]: https://github.com/opencontainers/runc/pull/1741#discussion_r233331570
Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-26 06:47:41 +08:00
|
|
|
"github.com/opencontainers/runtime-spec/specs-go"
|
2014-12-17 17:12:23 +08:00
|
|
|
)
|
|
|
|
|
|
2016-04-12 16:12:23 +08:00
|
|
|
// Status is the status of a container.
|
2015-02-12 08:45:23 +08:00
|
|
|
type Status int
|
|
|
|
|
|
|
|
|
|
const (
|
2016-05-14 08:01:12 +08:00
|
|
|
// Created is the status that denotes the container exists but has not been run yet.
|
2016-01-25 12:52:52 +08:00
|
|
|
Created Status = iota
|
2016-05-20 04:30:29 +08:00
|
|
|
// Running is the status that denotes the container exists and is running.
|
2016-01-25 12:52:52 +08:00
|
|
|
Running
|
2016-04-12 16:12:23 +08:00
|
|
|
// Pausing is the status that denotes the container exists, it is in the process of being paused.
|
2015-02-12 08:45:23 +08:00
|
|
|
Pausing
|
2016-04-12 16:12:23 +08:00
|
|
|
// Paused is the status that denotes the container exists, but all its processes are paused.
|
2015-02-12 08:45:23 +08:00
|
|
|
Paused
|
2016-05-14 07:54:16 +08:00
|
|
|
// Stopped is the status that denotes the container does not have a created or running process.
|
|
|
|
|
Stopped
|
2015-02-12 08:45:23 +08:00
|
|
|
)
|
|
|
|
|
|
2015-10-03 02:16:50 +08:00
|
|
|
func (s Status) String() string {
|
|
|
|
|
switch s {
|
2016-01-25 12:52:52 +08:00
|
|
|
case Created:
|
|
|
|
|
return "created"
|
2015-10-03 02:16:50 +08:00
|
|
|
case Running:
|
|
|
|
|
return "running"
|
|
|
|
|
case Pausing:
|
|
|
|
|
return "pausing"
|
|
|
|
|
case Paused:
|
|
|
|
|
return "paused"
|
2016-05-14 07:54:16 +08:00
|
|
|
case Stopped:
|
|
|
|
|
return "stopped"
|
2015-10-03 02:16:50 +08:00
|
|
|
default:
|
2016-01-25 12:52:52 +08:00
|
|
|
return "unknown"
|
2015-10-03 02:16:50 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-24 00:22:48 +08:00
|
|
|
// BaseState represents the platform agnostic pieces relating to a
|
|
|
|
|
// running container's state
|
|
|
|
|
type BaseState struct {
|
2015-02-12 08:45:23 +08:00
|
|
|
// ID is the container ID.
|
|
|
|
|
ID string `json:"id"`
|
|
|
|
|
|
2015-02-12 06:45:07 +08:00
|
|
|
// InitProcessPid is the init process id in the parent namespace.
|
2015-02-12 08:45:23 +08:00
|
|
|
InitProcessPid int `json:"init_process_pid"`
|
2015-02-12 06:45:07 +08:00
|
|
|
|
2016-01-23 09:29:36 +08:00
|
|
|
// InitProcessStartTime is the init process start time in clock cycles since boot time.
|
2017-06-15 06:38:45 +08:00
|
|
|
InitProcessStartTime uint64 `json:"init_process_start"`
|
2015-02-12 06:45:07 +08:00
|
|
|
|
2016-01-29 05:32:24 +08:00
|
|
|
// Created is the unix timestamp for the creation time of the container in UTC
|
|
|
|
|
Created time.Time `json:"created"`
|
2016-01-23 09:29:36 +08:00
|
|
|
|
2015-02-12 08:45:23 +08:00
|
|
|
// Config is the container's configuration.
|
|
|
|
|
Config configs.Config `json:"config"`
|
2015-02-12 06:45:07 +08:00
|
|
|
}
|
|
|
|
|
|
2016-04-12 16:12:23 +08:00
|
|
|
// BaseContainer is a libcontainer container object.
|
2014-10-28 08:51:14 +08:00
|
|
|
//
|
|
|
|
|
// Each container is thread-safe within the same process. Since a container can
|
|
|
|
|
// be destroyed by a separate process, any function may return that the container
|
2015-10-24 00:30:32 +08:00
|
|
|
// was not found. BaseContainer includes methods that are platform agnostic.
|
|
|
|
|
type BaseContainer interface {
|
2014-08-26 23:18:13 +08:00
|
|
|
// Returns the ID of the container
|
|
|
|
|
ID() string
|
2014-07-09 01:17:05 +08:00
|
|
|
|
2015-02-04 02:50:18 +08:00
|
|
|
// Returns the current status of the container.
|
2014-07-09 01:17:05 +08:00
|
|
|
//
|
2014-10-23 07:27:06 +08:00
|
|
|
// errors:
|
2016-05-10 17:56:10 +08:00
|
|
|
// ContainerNotExists - Container no longer exists,
|
|
|
|
|
// Systemerror - System error.
|
2015-02-12 08:45:23 +08:00
|
|
|
Status() (Status, error)
|
2014-07-09 01:17:05 +08:00
|
|
|
|
2015-02-12 06:45:07 +08:00
|
|
|
// State returns the current container's state information.
|
|
|
|
|
//
|
|
|
|
|
// errors:
|
2016-05-26 02:24:26 +08:00
|
|
|
// SystemError - System error.
|
2015-02-12 06:45:07 +08:00
|
|
|
State() (*State, error)
|
|
|
|
|
|
libcontainer: Set 'status' in hook stdin
Finish off the work started in a344b2d6 (sync up `HookState` with OCI
spec `State`, 2016-12-19, #1201).
And drop HookState, since there's no need for a local alias for
specs.State.
Also set c.initProcess in newInitProcess to support OCIState calls
from within initProcess.start(). I think the cyclic references
between linuxContainer and initProcess are unfortunate, but didn't
want to address that here.
I've also left the timing of the Prestart hooks alone, although the
spec calls for them to happen before start (not as part of creation)
[1,2]. Once the timing gets fixed we can drop the
initProcessStartTime hacks which initProcess.start currently needs.
I'm not sure why we trigger the prestart hooks in response to both
procReady and procHooks. But we've had two prestart rounds in
initProcess.start since 2f276498 (Move pre-start hooks after container
mounts, 2016-02-17, #568). I've left that alone too.
I really think we should have len() guards to avoid computing the
state when .Hooks is non-nil but the particular phase we're looking at
is empty. Aleksa, however, is adamantly against them [3] citing a
risk of sloppy copy/pastes causing the hook slice being len-guarded to
diverge from the hook slice being iterated over within the guard. I
think that ort of thing is very lo-risk, because:
* We shouldn't be copy/pasting this, right? DRY for the win :).
* There's only ever a few lines between the guard and the guarded
loop. That makes broken copy/pastes easy to catch in review.
* We should have test coverage for these. Guarding with the wrong
slice is certainly not the only thing you can break with a sloppy
copy/paste.
But I'm not a maintainer ;).
[1]: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#prestart
[2]: https://github.com/opencontainers/runc/issues/1710
[3]: https://github.com/opencontainers/runc/pull/1741#discussion_r233331570
Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-26 06:47:41 +08:00
|
|
|
// OCIState returns the current container's state information.
|
|
|
|
|
//
|
|
|
|
|
// errors:
|
|
|
|
|
// SystemError - System error.
|
|
|
|
|
OCIState() (*specs.State, error)
|
|
|
|
|
|
2014-07-09 01:17:05 +08:00
|
|
|
// Returns the current config of the container.
|
2015-02-01 13:21:06 +08:00
|
|
|
Config() configs.Config
|
2014-07-09 01:17:05 +08:00
|
|
|
|
2014-10-23 01:35:29 +08:00
|
|
|
// Returns the PIDs inside this container. The PIDs are in the namespace of the calling process.
|
2014-07-17 09:02:29 +08:00
|
|
|
//
|
2014-10-23 07:27:06 +08:00
|
|
|
// errors:
|
2016-05-10 17:56:10 +08:00
|
|
|
// ContainerNotExists - Container no longer exists,
|
|
|
|
|
// Systemerror - System error.
|
2014-07-09 01:17:05 +08:00
|
|
|
//
|
2014-10-23 01:35:29 +08:00
|
|
|
// Some of the returned PIDs may no longer refer to processes in the Container, unless
|
|
|
|
|
// the Container state is PAUSED in which case every PID in the slice is valid.
|
2014-10-23 07:27:06 +08:00
|
|
|
Processes() ([]int, error)
|
2014-10-23 01:35:29 +08:00
|
|
|
|
|
|
|
|
// Returns statistics for the container.
|
2014-07-09 01:17:05 +08:00
|
|
|
//
|
2014-10-23 07:27:06 +08:00
|
|
|
// errors:
|
2016-05-10 17:56:10 +08:00
|
|
|
// ContainerNotExists - Container no longer exists,
|
|
|
|
|
// Systemerror - System error.
|
2015-02-01 11:56:27 +08:00
|
|
|
Stats() (*Stats, error)
|
2014-10-23 01:35:29 +08:00
|
|
|
|
2015-10-24 00:30:32 +08:00
|
|
|
// Set resources of container as configured
|
2015-02-27 12:09:42 +08:00
|
|
|
//
|
|
|
|
|
// We can use this to change resources when containers are running.
|
|
|
|
|
//
|
|
|
|
|
// errors:
|
2016-05-26 02:24:26 +08:00
|
|
|
// SystemError - System error.
|
2015-03-11 16:46:54 +08:00
|
|
|
Set(config configs.Config) error
|
2015-02-27 12:09:42 +08:00
|
|
|
|
2015-02-25 07:09:43 +08:00
|
|
|
// Start a process inside the container. Returns error if process fails to
|
|
|
|
|
// start. You can track process lifecycle with passed Process structure.
|
2014-07-09 01:17:05 +08:00
|
|
|
//
|
2014-10-23 07:27:06 +08:00
|
|
|
// errors:
|
2016-05-10 17:56:10 +08:00
|
|
|
// ContainerNotExists - Container no longer exists,
|
2014-10-23 01:35:29 +08:00
|
|
|
// ConfigInvalid - config is invalid,
|
|
|
|
|
// ContainerPaused - Container is paused,
|
2016-05-26 02:24:26 +08:00
|
|
|
// SystemError - System error.
|
2015-02-23 17:26:43 +08:00
|
|
|
Start(process *Process) (err error)
|
2014-07-09 01:17:05 +08:00
|
|
|
|
2016-10-29 14:14:42 +08:00
|
|
|
// Run immediately starts the process inside the container. Returns error if process
|
2016-06-07 04:15:18 +08:00
|
|
|
// fails to start. It does not block waiting for the exec fifo after start returns but
|
|
|
|
|
// opens the fifo after start returns.
|
2016-05-20 08:28:58 +08:00
|
|
|
//
|
|
|
|
|
// errors:
|
2016-05-10 17:56:10 +08:00
|
|
|
// ContainerNotExists - Container no longer exists,
|
2016-05-20 08:28:58 +08:00
|
|
|
// ConfigInvalid - config is invalid,
|
|
|
|
|
// ContainerPaused - Container is paused,
|
2016-05-26 02:24:26 +08:00
|
|
|
// SystemError - System error.
|
2016-05-28 04:13:11 +08:00
|
|
|
Run(process *Process) (err error)
|
2016-05-20 08:28:58 +08:00
|
|
|
|
2017-02-04 00:03:43 +08:00
|
|
|
// Destroys the container, if its in a valid state, after killing any
|
|
|
|
|
// remaining running processes.
|
2014-10-23 01:35:29 +08:00
|
|
|
//
|
|
|
|
|
// Any event registrations are removed before the container is destroyed.
|
|
|
|
|
// No error is returned if the container is already destroyed.
|
2014-07-09 01:17:05 +08:00
|
|
|
//
|
2017-02-04 00:03:43 +08:00
|
|
|
// Running containers must first be stopped using Signal(..).
|
|
|
|
|
// Paused containers must first be resumed using Resume(..).
|
|
|
|
|
//
|
2014-10-23 07:27:06 +08:00
|
|
|
// errors:
|
2017-02-04 00:03:43 +08:00
|
|
|
// ContainerNotStopped - Container is still running,
|
|
|
|
|
// ContainerPaused - Container is paused,
|
2016-05-26 02:24:26 +08:00
|
|
|
// SystemError - System error.
|
2014-10-23 07:27:06 +08:00
|
|
|
Destroy() error
|
2014-07-09 01:17:05 +08:00
|
|
|
|
2015-08-04 07:48:19 +08:00
|
|
|
// Signal sends the provided signal code to the container's initial process.
|
|
|
|
|
//
|
2016-11-08 07:22:27 +08:00
|
|
|
// If all is specified the signal is sent to all processes in the container
|
|
|
|
|
// including the initial process.
|
|
|
|
|
//
|
2015-08-04 07:48:19 +08:00
|
|
|
// errors:
|
2016-05-26 02:24:26 +08:00
|
|
|
// SystemError - System error.
|
2016-11-08 07:22:27 +08:00
|
|
|
Signal(s os.Signal, all bool) error
|
2016-06-07 04:15:18 +08:00
|
|
|
|
|
|
|
|
// Exec signals the container to exec the users process at the end of the init.
|
|
|
|
|
//
|
|
|
|
|
// errors:
|
|
|
|
|
// SystemError - System error.
|
|
|
|
|
Exec() error
|
2014-05-17 15:06:29 +08:00
|
|
|
}
|
