Commit Graph

1826 Commits

Author SHA1 Message Date
rajasec 24f7a10a93 Adding securityfs mount
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-05 16:50:08 +05:30
Michael Crosby bdd67b9029 Merge pull request #180 from LK4D4/rename_proc_ns
Rename process namespace to pid
2015-08-04 17:49:46 -04:00
Michael Crosby 765fa4a34e Merge pull request #181 from mrunalp/fixes
Fix minor stylistic issues
2015-08-04 17:49:33 -04:00
Mrunal Patel f3a3025933 Fix minor stylistic issues
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-04 17:44:45 -04:00
Alexander Morozov 6d1e6a17e1 Rename process namespace to pid
It's "pid" in opencontainers/specs

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-04 14:12:21 -07:00
Michael Crosby a28f627c39 Merge pull request #96 from mrunalp/dev_mount_fix
Don't make modifications to /dev when it is bind mounted
2015-08-04 17:07:03 -04:00
Mrunal Patel c9d5850629 Don't make modifications to /dev there are no devices in the configuration
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-04 16:57:29 -04:00
Mrunal Patel aa6aa41205 Merge pull request #178 from crosbymichael/runc-kill
Runc kill
2015-08-04 11:47:27 -07:00
Michael Crosby fbb8d3e8fe Add parse signal function for runc kill
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-04 11:35:13 -07:00
Alexander Morozov 53138e8289 Merge pull request #174 from crosbymichael/restore-signal-handler
Use signal handler for restore
2015-08-04 11:26:54 -07:00
Alexander Morozov 9c2d929bbe Add Andrey Vagin as maintainer
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-04 08:59:47 -07:00
Alexander Morozov 072fa6fdcc Merge pull request #175 from crosbymichael/container-signal
Add signal API to Container interface
2015-08-04 08:40:10 -07:00
Michael Crosby a5ef75b681 Add signal API to Container interface
This adds a `Signal()` method to the container interface so that the
initial process can be signaled after a Load or operation.  It also
implements signaling the init process from a nonChildProcess.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-03 17:07:29 -07:00
Michael Crosby 2a94a930e1 Use signal handler for restore
There was previously a memory issue in the signal handler that showed up
when using restore.  This has been fixed, therefore, restore can use the
signal handler.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-03 16:27:56 -07:00
Mrunal Patel ce0a339632 Merge pull request #166 from gitido/fixes
Go1.5 compatibility fix
2015-08-03 13:51:26 -07:00
Michael Crosby 76e706f856 Merge pull request #151 from LK4D4/use_proc_exe
Use /proc/self/exe as default for InitPath
2015-08-03 16:15:33 -04:00
Michael Crosby b1821a4edc Merge pull request #150 from runcom/update-go-systemd-dbus-v3
Update go systemd dbus v3
2015-08-03 16:11:52 -04:00
Alexander Morozov 44d8d2871a Merge pull request #173 from mrunalp/update_spec
Update spec
2015-08-03 12:45:29 -07:00
Mrunal Patel 5f65056c89 Update github.com/opecontainers/specs to 5b31bb2b77
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Make runc changes required to pull in the updated spec

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-03 15:33:48 -04:00
Ido Yariv 86a85582d2 Don't set /proc/<PID>/setgroups to deny in Go1.5
A boolean field named GidMappingsEnableSetgroups was added to
SysProcAttr in Go1.5. This field determines the value of the process's
setgroups proc entry.

Since the default is to set the entry to 'deny', calling setgroups will
fail on systems running kernels 3.19+.

Set GidMappingsEnableSetgroups to true so setgroups wont be set to
'deny'.

Signed-off-by: Ido Yariv <ido@wizery.com>
2015-08-03 14:59:15 -04:00
Mrunal Patel 2fbe13aac3 Merge pull request #172 from huikang/dmsg-invalid-criu-path
Add debug message when unable to execute criu
2015-08-03 10:57:12 -07:00
Hui Kang 0f66ff921a Add debug message when unable to execute criu
Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
2015-08-03 17:09:45 +00:00
rajasec 5a4e4dad79 container kill support
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-03 16:19:07 +05:30
rajasec 067890ce20 container kill support
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-03 16:12:20 +05:30
Alexander Morozov 0518d5aaf9 Merge pull request #168 from runcom/remove-ref-to-nsinit
Remove reference to nsinit
2015-08-02 10:17:59 -07:00
Antonio Murdaca 9caef6c8c4 Remove reference to nsinit
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-08-02 12:00:39 +02:00
David Calavera 4bd4d462af Make label.Relabel safer.
- Check if Selinux is enabled before relabeling. This is a bug.
- Make exclusion detection constant time. Kinda buggy too, imo.
- Do not depend on a magic string to create a new Selinux context.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-07-31 10:37:32 -07:00
Mrunal Patel 602e8331a0 Merge pull request #164 from LK4D4/remove_dind
Remove dind
2015-07-31 07:53:03 -07:00
Mrunal Patel 19df27d08c Merge pull request #163 from avagin/cr_cgroups
tests: dump/restore a container with cgroups
2015-07-30 13:50:09 -07:00
Alexander Morozov 1735ad788f Replace dind with smaller script
It just mounts /tmp into tmpfs. We need this because criu tests has
problems on overlayfs.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-30 13:23:26 -07:00
Andrey Vagin aa3c2dc621 integration: show criu logs in a error case
Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-07-30 21:01:09 +03:00
Andrew Vagin e2e6a73b62 tests: dump/restore a container with cgroups
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-07-30 08:39:02 +03:00
Alexander Morozov 45cbce3e45 Merge pull request #162 from kolyshkin/mkdirall
Simplify and fix os.MkdirAll() usage
2015-07-29 19:43:34 -07:00
Kir Kolyshkin 6f82d4b544 Simplify and fix os.MkdirAll() usage
TL;DR: check for IsExist(err) after a failed MkdirAll() is both
redundant and wrong -- so two reasons to remove it.

Quoting MkdirAll documentation:

> MkdirAll creates a directory named path, along with any necessary
> parents, and returns nil, or else returns an error. If path
> is already a directory, MkdirAll does nothing and returns nil.

This means two things:

1. If a directory to be created already exists, no error is
returned.

2. If the error returned is IsExist (EEXIST), it means there exists
a non-directory with the same name as MkdirAll need to use for
directory. Example: we want to MkdirAll("a/b"), but file "a"
(or "a/b") already exists, so MkdirAll fails.

The above is a theory, based on quoted documentation and my UNIX
knowledge.

3. In practice, though, current MkdirAll implementation [1] returns
ENOTDIR in most of cases described in #2, with the exception when
there is a race between MkdirAll and someone else creating the
last component of MkdirAll argument as a file. In this very case
MkdirAll() will indeed return EEXIST.

Because of #1, IsExist check after MkdirAll is not needed.

Because of #2 and #3, ignoring IsExist error is just plain wrong,
as directory we require is not created. It's cleaner to report
the error now.

Note this error is all over the tree, I guess due to copy-paste,
or trying to follow the same usage pattern as for Mkdir(),
or some not quite correct examples on the Internet.

[1] https://github.com/golang/go/blob/f9ed2f75/src/os/path.go

Signed-off-by: Kir Kolyshkin <kir@openvz.org>
2015-07-29 18:03:27 -07:00
Mrunal Patel b40c790184 Merge pull request #159 from LK4D4/change_state_dir
Change default state directory to /run/oci
2015-07-28 18:12:29 -07:00
Mrunal Patel 9dd338f57e Merge pull request #161 from marcosnils/test_args
Add test arguments to Makefile targets
2015-07-28 18:10:20 -07:00
Alexander Morozov 11ef5bfcd9 Change default state directory to /run/oci
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-28 17:02:56 -07:00
Marcos Lilljedahl 5bc1360d89 Add TESTFLAGS to Makefile targets
This commit allows to send `go test` arguments to current makefile
`test` and `localtest` targets.

A usage example would be `make test TESTFLAGS="-run=SomeTestFunction"`
to easily run a single test function.

Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
2015-07-28 19:55:44 -03:00
Mrunal Patel d6a23c7ee3 Merge pull request #158 from estesp/correct-readme
Update README.md to correct comment about spec and user
2015-07-28 08:18:35 -07:00
Phil Estes 7082ed370e Update README.md to correct comment about spec and user
Now that the generated spec (and the example above in the README) use
uid/gid and don't have the hardcoded `daemon` entry, the statement about
changing `daemon` to `root` no longer applies.  Also added a comment
about using the `runc spec` command to generate `config.json`.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-07-28 10:27:09 -04:00
Mrunal Patel 6de84a5afc Merge pull request #157 from crosbymichael/network-info
Only add network info if NEWNET is set
2015-07-27 16:50:29 -07:00
Michael Crosby 732c3e4b4a Merge pull request #156 from mrunalp/close_fix
Fix files not closed in mountinfo parsing function
2015-07-27 16:45:43 -07:00
Michael Crosby b14412ec36 Only add network info if NEWNET is set
Only add the localhost interface information to the config if the NEWNET
flag is passed on the namespaces.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-27 16:36:28 -07:00
Mrunal Patel 0e72bfb815 Fix files not closed in mountinfo parsing function
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-27 19:33:39 -04:00
Michael Crosby 6ee61aead2 Merge pull request #154 from mrunalp/signal_fix
signal: Fix leak
2015-07-27 10:35:00 -07:00
Mrunal Patel 9d281a503e signal: Fix leak
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-27 13:05:15 -04:00
Mrunal Patel 6c86daa6c9 Merge pull request #129 from shishir-a412ed/sd_notify
systemd integration with container runtime for supporting sd_notify protocol
2015-07-27 09:44:55 -07:00
Michael Crosby 4507c068ba Merge pull request #145 from LK4D4/sysfs_ro
Remount /sys/fs/cgroup as RO if MS_RDONLY was passed
2015-07-27 09:12:55 -07:00
Alexander Morozov 6485adffaa Merge pull request #152 from laijs/error-propagation
test: propagate the error to the caller
2015-07-25 10:15:16 -07:00
Lai Jiangshan f26935eb0c test: propagate the error to the caller
When the copyBusybox() fails, the error message should be
propagated to the caller of newRootfs().

Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-07-25 22:25:43 +08:00