Commit Graph

2288 Commits

Author SHA1 Message Date
Mrunal Patel 459efccb0a Merge pull request #576 from avagin/cr
Call Prestart hooks before restoring processes
2016-03-14 11:21:29 -07:00
Michael Crosby fa48b64e50 Remove logging from init
Because namespaces are being joined in the C init and because errors
reported during init are sent back to the parent process there is no
reason to do logging in the init as it cannot open the file on the host
side for `exec` anyways.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-14 11:19:16 -07:00
Michael Crosby 8f206929b2 Ensure logs are flushed
This ensures that anything written to the logs are synced as they
happen.

This also changes the error message of the libcontainer error.  The
original idea was to have this extra information in the message but it
makes it hard to parse and if the caller needed this information they
can just get it from the error type.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-14 11:06:16 -07:00
Mrunal Patel 5a91c338f5 Merge pull request #640 from cyphar/add-cgroup-pids-stats-limit
libcontainer: cgroups: add pids.max to PidsStats
2016-03-13 21:25:45 -07:00
Mrunal Patel b6be1e93fc Merge pull request #639 from rajasec/list-error
Changing from logrus to fatal in list
2016-03-13 21:24:45 -07:00
rajasec d4be3405c7 Fixing valid-id in regex
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-14 08:48:41 +05:30
Qiang Huang 7a4285484d Add make uninstall command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-14 09:59:36 +08:00
rajasec e7d1d78af2 Changing from interface type to process type
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-13 22:08:11 +05:30
Rajasekaran d1faa82a0a Adding spec validation for exec and start
Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

Rebased with latest spec version

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-13 21:58:00 +05:30
Aleksa Sarai 64286b443d libcontainer: cgroups: add tests for pids.max in PidsStats
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-13 14:16:38 +11:00
Aleksa Sarai 2b1e086f62 libcontainer: cgroups: add pids.max to PidsStats
In order to allow nice usage statistics (in terms of percentages and
other such data), add the value of pids.max to the PidsStats struct
returned from the pids cgroup controller.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-13 04:53:20 +11:00
Qiang Huang 2f2c83a2a0 Fix encoding gid mappings
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-12 13:18:42 +08:00
rajasec 11f024a85f Changing from logrus to fatal in list
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-12 08:46:30 +05:30
Qiang Huang bab300c28e Merge pull request #636 from crosbymichael/git-version
Add gitcommit to runc builds
2016-03-12 10:02:12 +08:00
Michael Crosby beb3e5e71a Add gitcommit to runc builds
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-11 15:20:00 -08:00
Mrunal Patel 2524befb52 Merge pull request #634 from tonistiigi/clear-groups
Clear groups after entering userns
2016-03-11 09:45:39 -08:00
Tonis Tiigi 04da969aa8 Clear groups after entering userns
Clears supplementary groups that have effect on the
mount permissions before joining the user specified
groups happens.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-10 22:23:38 -08:00
Mrunal Patel 1beb2410db Merge pull request #633 from crosbymichael/bump-spec-v4
Bump spec v0.4
2016-03-10 16:42:46 -08:00
Michael Crosby 4bef923fdb Merge pull request #630 from crosbymichael/revert-exit-status
Revert "Return proper exit code for exec errors"
2016-03-10 14:42:30 -08:00
Michael Crosby 94dc520a57 Bump runc to 0.0.9
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:35:57 -08:00
Michael Crosby 20422c9bd9 Update libcontainer to support rlimit per process
This updates runc and libcontainer to handle rlimits per process and set
them correctly for the container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:35:16 -08:00
Michael Crosby 47eaa08f5a Update runc usage for new specs changes
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:18:39 -08:00
Michael Crosby 9047912c35 Bump spec version to v0.4.0
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:14:57 -08:00
Michael Crosby 9ea3372d04 Merge pull request #632 from adfernandes/master
nsexec: don't use CLONE_PARENT and CLONE_NEWPID together
2016-03-10 13:14:50 -08:00
Andrey Vagin 080eac3d2a nsexec: don't use CLONE_PARENT and CLONE_NEWPID together
The rhel6 kernel returns EINVAL in this case

Known issue:
* CT with userns doesn't work

This is a copy of
d31e97fa28
to address https://github.com/opencontainers/runc/issues/613

Signed-off-by: Andrey Vagin <avagin@virtuozzo.com>
Signed-off-by: Andrew Fernandes <andrew@fernandes.org>
2016-03-10 14:28:10 -05:00
Michael Crosby 213c1a1a4a Revert "Return proper exit code for exec errors"
This reverts commit 6bb653a6e8.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 11:00:48 -08:00
Alexander Morozov fb79eacb64 Merge pull request #628 from crosbymichael/log-errors
Improve error handling in runc
2016-03-09 16:01:44 -08:00
Mrunal Patel c40bd432cd Merge pull request #597 from rajasec/pidfile
Create pid file when not exist
2016-03-09 15:18:49 -08:00
Michael Crosby 044e298507 Improve error handling in runc
The error handling on the runc cli is currenly pretty messy because
messages to the user are split between regular stderr format and logrus
message format.  This changes all the error reporting to the cli to only
output on stderr and exit(1) for consumers of the api.

By default logrus logs to /dev/null so that it is not seen by the user.
If the user wants extra and/or structured loggging/errors from runc they
can use the `--log` flag to provide a path to the file where they want
this information.  This allows a consistent behavior on the cli but
extra power and information when debugging with logs.

This also includes a change to enable the same logging information
inside the container's init by adding an init cli command that can share
the existing flags for all other runc commands.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-09 11:08:30 -08:00
Mrunal Patel 4155b68a24 Merge pull request #622 from rajasec/loadspec-return
Handling error condition in loadspec
2016-03-08 11:00:25 -08:00
Michael Crosby 54ff58036d Merge pull request #614 from mrunalp/man-pages
Add man pages
2016-03-08 10:55:03 -08:00
Michael Crosby 3af08519d0 Merge pull request #616 from hqhq/hq_remove_dup_headfile
Remove duplicated included head file
2016-03-08 10:54:31 -08:00
Michael Crosby 8cc43a6c69 Merge pull request #618 from cloudfoundry-incubator/serialize-hooks
Serialize CommandHooks to state so that PostStop hooks execute during 'runc delete'
2016-03-08 10:51:54 -08:00
Michael Crosby 5baaa7653b Merge pull request #554 from duglin/AddTest
Add the most basic sniff tests of runc
2016-03-08 10:29:25 -08:00
Mrunal Patel 5b439d8c48 Merge pull request #491 from hqhq/hq_cleanup_systemd_apply
Cleanup systemd apply
2016-03-08 08:32:02 -08:00
Doug Davis 595f593c24 Add the most basic sniff tests of runc
just so that we're not merging code into master w/o any tests at all.
I expect this to be removed once we have a real testing infrastructure.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-03-07 11:01:31 -08:00
Rajasekaran 335f63a282 Handling error condition in loadspec
Signed-off-by: Rajasekaran <rajasec79@gmail.com>
2016-03-06 09:22:26 +05:30
Mrunal Patel 208870ce18 Add README.md for generating man pages
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-04 11:14:12 -08:00
Mrunal Patel b41affd7b4 Update .gitignore for generate man pages
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-04 11:14:12 -08:00
Mrunal Patel d8482f3577 Add script to generate man pages from markdown
This is copied from docker

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-04 11:14:12 -08:00
Mrunal Patel dffb1d232b Add man pages in markdown format
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-04 11:14:02 -08:00
Mrunal Patel 7b6c4c418d Merge pull request #621 from estesp/remove-dead-code
Remove no longer used uid/gid mapping functions
2016-03-04 08:53:41 -08:00
Alexander Morozov ad2c520c6e Merge pull request #606 from estesp/mount-perm-userns
Properly setuid/setgid after entering userns
2016-03-04 08:39:43 -08:00
Phil Estes 3cd0987dca Remove no longer used uid/gid mapping functions
Now that all the user namespace code is moved into C, these routines are
no longer used.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2016-03-04 11:21:34 -05:00
Phil Estes 178bad5e71 Properly setuid/setgid after entering userns
The re-work of namespace entering lost the setuid/setgid that was part
of the Go-routine based process exec in the prior code. A side issue was
found with setting oom_score_adj before execve() in a userns that is
also solved here.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2016-03-04 11:12:26 -05:00
Mrunal Patel a55b03e85a Merge pull request #620 from estesp/runinuserns-nonlinux
Stub RunningInUserNS for non-Linux
2016-03-04 07:17:38 -08:00
Qiang Huang bb61de2734 Merge pull request #619 from crosbymichael/update-specs
Update specs dep and runc functionality
2016-03-04 20:25:43 +08:00
Phil Estes 009d2835cf Stub RunningInUserNS for non-Linux
Add a stub for non-Linux that always returns false

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2016-03-03 16:33:43 -05:00
Michael Crosby 3cc90bd2d8 Add support for process overrides of settings
This commit adds support to libcontainer to allow caps, no new privs,
apparmor, and selinux process label to the process struct so that it can
be used together of override the base settings on the container config
per individual process.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-03 11:41:33 -08:00
Michael Crosby aa9660027b Update spec version
This bump of the spec includes a change to the deivce type to be a
string so that it is more readable in the json serialization.

It also includes the change were caps, no new privs, and process
labeling features are moved from the container config onto the process.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-03 10:26:38 -08:00