Commit Graph

36 Commits

Author SHA1 Message Date
Qiang Huang 8477638aab Update cli package
The old one has bug when showing help message for IntFlags.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-10 13:58:09 +08:00
Michael Crosby f417e993d0 Update spec to v0.5.0
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-12 14:11:40 -07:00
Michael Crosby 12bd4cffd0 Add --no-pivot option for containers on ramdisk
This adds a `--no-pivot` cli flag to runc so that a container's rootfs
can be located ontop of ramdisk/tmpfs and not fail because you cannot
pivot root.

This should be a cli flag and not part of the spec because this is a
detail of the host/runtime environment and not an attribute of a
container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-30 12:02:17 -07:00
Michael Crosby 0698777a36 Move lockthread to package level
Move this to be one of the first things that is done in the main if we
are executing the init.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-25 11:15:09 -07:00
Qiang Huang 37ff49b9d1 Merge pull request #661 from mikebrow/spec-help
adds detail to runc start and spec help text
2016-03-21 09:16:13 +08:00
Mike Brown fdf9ef46b2 adds detail to runc start and spec help text
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-03-18 13:54:06 -05:00
Qiang Huang c82ec8e898 Fix help info of init command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-18 14:02:42 +08:00
Alexander Morozov bbde9c426f Merge pull request #646 from crosbymichael/pid-host-block
Destroy container along with processes before stdio
2016-03-17 09:51:59 -07:00
Michael Crosby fdb100d247 Destroy container along with processes before stdio
We need to make sure the container is destroyed before closing the stdio
for the container.  This becomes a big issues when running in the host's
pid namespace because the other processes could have inherited the stdio
of the initial process.  The call to close will just block as they still
have the io open.

Calling destroy before closing io, especially in the host pid namespace
will cause all additional processes to be killed in the container's
cgroup.  This will allow the io to be closed successfuly.

This change makes sure the order for destroy and close is correct as
well as ensuring that if any errors encoutered during start or exec will
be handled by terminating the process and destroying the container.  We
cannot use defers here because we need to enforce the correct ordering
on destroy.

This also sets the subreaper setting for runc so that when running in
pid host, runc can wait on the addiontal processes launched by the
container, useful on destroy, but also good for reaping the additional
processes that were launched.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-15 13:17:11 -07:00
Michael Crosby fa48b64e50 Remove logging from init
Because namespaces are being joined in the C init and because errors
reported during init are sent back to the parent process there is no
reason to do logging in the init as it cannot open the file on the host
side for `exec` anyways.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-14 11:19:16 -07:00
Mrunal Patel 1beb2410db Merge pull request #633 from crosbymichael/bump-spec-v4
Bump spec v0.4
2016-03-10 16:42:46 -08:00
Michael Crosby 47eaa08f5a Update runc usage for new specs changes
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:18:39 -08:00
Michael Crosby 213c1a1a4a Revert "Return proper exit code for exec errors"
This reverts commit 6bb653a6e8.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 11:00:48 -08:00
Michael Crosby 044e298507 Improve error handling in runc
The error handling on the runc cli is currenly pretty messy because
messages to the user are split between regular stderr format and logrus
message format.  This changes all the error reporting to the cli to only
output on stderr and exit(1) for consumers of the api.

By default logrus logs to /dev/null so that it is not seen by the user.
If the user wants extra and/or structured loggging/errors from runc they
can use the `--log` flag to provide a path to the file where they want
this information.  This allows a consistent behavior on the cli but
extra power and information when debugging with logs.

This also includes a change to enable the same logging information
inside the container's init by adding an init cli command that can share
the existing flags for all other runc commands.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-09 11:08:30 -08:00
Michael Crosby 6bb653a6e8 Return proper exit code for exec errors
Exec erros from the exec() syscall in the container's init should be
treated as if the container ran but couldn't execute the process for the
user instead of returning a libcontainer error as if it was an issue in
the library.

Before specifying different commands like `/etc`, `asldfkjasdlfj`, or
`/alsdjfkasdlfj` would always return 1 on the command line with a
libcontainer specific error message.  Now they return the correct
message and exit status defined for unix processes.

Example:

```bash
root@deathstar:/containers/redis# runc start test
exec: "/asdlfkjasldkfj": file does not exist
root@deathstar:/containers/redis# echo $?
127
root@deathstar:/containers/redis# runc start test
exec: "asdlfkjasldkfj": executable file not found in $PATH
root@deathstar:/containers/redis# echo $?
127
root@deathstar:/containers/redis# runc start test
exec: "/etc": permission denied
root@deathstar:/containers/redis# echo $?
126
```

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-26 11:41:56 -08:00
Michael Crosby 4bc25aaea1 Make sure container is destroyed on error
Even in the detach usecase we need to make sure that the contianer is
destroyed if there is an error starting the container or anywhere in
that workflow.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-22 15:34:41 -08:00
Mike Brown f4e37ab63e updating usage for runc and runc commands
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-17 09:00:39 -06:00
Doug Davis ad26ef1afc Create some util funcs that are common between start and exec
and it'll really help my start/create PR when I need to rebase  :-)

Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-02-09 10:22:44 -08:00
Mrunal Patel bfd3345be9 Merge pull request #541 from crosbymichael/ids
Require container id as arg1
2016-02-10 08:14:36 +05:30
Antonio Murdaca 0dea09bce7 *: use coreos/go-systemd/activation for socket activation
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-02-09 23:44:09 +01:00
Michael Crosby a7278cad98 Require containerd id as arg 1
Closes #532

This requires the container id to always be passed to all runc commands
as arg one on the cli.  This was the result of the last OCI meeting and
how operations work with the spec.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-09 11:20:55 -08:00
Mike Brown c2c0458598 merges latest spec with runc
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-05 12:47:09 -08:00
Michael Crosby fbc74c0eba Add detach and pid-file to restore
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:56:21 -08:00
Michael Crosby 92ab7309d5 Add detach to exec
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:53:45 -08:00
Michael Crosby bb6a747825 Add detach to runc
By adding detach to runc the container process is the only thing running
on the system is the containers process.
This allows better usage of memeory and no runc process being long
lived.  With this addition you also need a delete command because the
detached container will not be able to remove state and the left over
cgroups directories.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-28 13:35:13 -08:00
Mrunal Patel 269a717555 Make cwd required
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-01-14 19:06:56 -05:00
Michael Crosby 4c4c9b85b7 Add --console to specify path to use from runc
This flag allows systems that are running runc to allocate tty's that
they own and provide to the container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-07 15:01:36 -08:00
Michael Crosby 4415446c32 Add state pattern for container state transition
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Add state status() method

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Allow multiple checkpoint on restore

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Handle leave-running state

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Fix state transitions for inprocess

Because the tests use libcontainer in process between the various states
we need to ensure that that usecase works as well as the out of process
one.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Remove isDestroyed method

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Handling Pausing from freezer state

Signed-off-by: Rajasekaran <rajasec79@gmail.com>

freezer status

Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Fixing review comments

Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Added comment when freezer not available

Signed-off-by: Rajasekaran <rajasec79@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	libcontainer/container_linux.go

Change checkFreezer logic to isPaused()

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Remove state base and factor out destroy func

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Add unit test for state transitions

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-12-17 13:55:38 -08:00
Michael Crosby 29b139f702 Move STDIO initialization to libcontainer.Process
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-12-10 16:11:49 -08:00
Mike Brown 8b19581694 adding support for --bundle -b to start, restore, and spec; fixes issue #310
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2015-11-13 09:13:57 -06:00
Lai Jiangshan 89aa41ee70 update the command usage for `runc start`
The patch mainly removes the wrong "for writing".
The config files are readonly when `runc start`.

Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-09-17 10:33:20 +08:00
Alexander Morozov ea5032bc5e Adjust runc to new opencontainers/specs version
I deleted possibility to specify config file from commands for now.
Until we decide how it'll be done. Also I changed runc spec interface to
write config files instead of output them.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-09-15 08:35:25 -07:00
Shishir Mahajan 0f3545e3d3 cleanup: outdated comment
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2015-08-29 11:50:39 -04:00
Shishir Mahajan 6b9d64eefe Systemd integration with runc, for on-demand socket activation
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2015-08-28 14:24:01 -04:00
Shishir Mahajan 432dcede36 Error should be checked after loadSpec
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2015-08-27 11:03:43 -04:00
Doug Davis 714ae2acc9 Add a 'start' command
When any non-global-flag parameter appears on the command line make sure
there's a "command" even in the 'start' (run) case to ensure its not
ambiguous as to what the arg is. For example, w/o this fix its not
clear if
   runc foo
means 'foo' is the name of a config file or an unknown command.  Or worse,
you can't name a config file the same a ANY command, even future (yet to
be created) commands.

We should fix this now before we ship 1.0 and are forced to support this
ambiguous case for a long time.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-08-21 15:26:34 -07:00