Commit Graph

3474 Commits

Author SHA1 Message Date
Daniel Dao 900f6f46e1
print out errors in checkpoint/restore log
print out errors in checkpoint/restore log when it failed similar to how we did i
in `checkpoint --pre-dump` tests

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-06-25 16:01:36 +01:00
Michael Crosby 53ab4f8717
Update criu to 3.1
This updates criu to the latest release to help resolve some of the
issues we are seeing on the CI.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-24 15:18:18 +01:00
Michael Crosby d337d807fc Merge pull request #1482 from tklauser/x-sys-unix-keyctl
Use keyctl wrappers from x/sys/unix
2017-06-23 11:07:55 -07:00
Mrunal Patel 8e1896b3bd Merge pull request #1491 from tklauser/unix-eventfd
Use Eventfd() from golang.org/x/sys/unix
2017-06-22 19:02:44 -07:00
Michael Crosby bd65ef625d Merge pull request #1489 from wking/process-status
libcontainer/container_linux: Consider process state (running, zombie, etc.) in runType
2017-06-21 10:24:04 -07:00
Tobias Klauser da4cebcfe2 libcontainer: use Eventfd() from x/sys/unix
Use unix.Eventfd() instead of calling manually reimplementing it using
the raw syscall. Also use the correct corresponding unix.EFD_CLOEXEC
flag instead of unix.FD_CLOEXEC (which can have a different value on
some architectures and thus might lead to unexpected behavior).

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-21 10:02:00 +02:00
Tobias Klauser 472ec6df72 vendor: bump golang.org/x/sys to fb4cac33e319
Update golang.org/x/sys to get the Eventfd syscall wrapper and the
corresponding EFD_* flags. These will be used in a successive commit to
simplify code in libcontainer/notify_linux.go.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-21 09:49:17 +02:00
W. Trevor King 2bea4c897e libcontainer/system/proc: Add Stat_t.State
And Stat_t.PID and Stat_t.Name while we're at it.  Then use the new
.State property in runType to distinguish between running and
zombie/dead processes, since kill(2) does not [1].  With this change
we no longer claim Running status for zombie/dead processes.

I've also removed the kill(2) call from runType.  It was originally
added in 13841ef3 (new-api: return the Running state only if the init
process is alive, 2014-12-23), but we've been accessing
/proc/[pid]/stat since 14e95b2a (Make state detection precise,
2016-07-05, #930), and with the /stat access the kill(2) check is
redundant.

I also don't see much point to the previously-separate
doesInitProcessExist, so I've inlined that logic in runType.

It would be nice to distinguish between "/proc/[pid]/stat doesn't
exist" and errors parsing its contents, but I've skipped that for the
moment.

The Running -> Stopped change in checkpoint_test.go is because the
post-checkpoint process is a zombie, and with this commit zombie
processes are Stopped (and no longer Running).

[1]: https://github.com/opencontainers/runc/pull/1483#issuecomment-307527789

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-06-20 16:26:55 -07:00
W. Trevor King 75d98b26b7 libcontainer: Replace GetProcessStartTime with Stat_t.StartTime
And convert the various start-time properties from strings to uint64s.
This removes all internal consumers of the deprecated
GetProcessStartTime function.

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-06-20 16:26:55 -07:00
Michael Crosby 6e57120d9f Merge pull request #1481 from elianka/dev
update READ.me for new struct configs.Config.Capabilities
2017-06-20 13:15:04 -07:00
Mrunal Patel 17f3e2a074 Merge pull request #1484 from avagin/test
tests: redirect runc log messages to stderr
2017-06-20 11:58:23 -07:00
Mrunal Patel 035b57895d Merge pull request #1479 from wking/sane-terminal-for-forwarding-only
libcontainer/console_linux.go: Make SaneTerminal public
2017-06-20 11:34:33 -07:00
W. Trevor King 439eaa3584 libcontainer/system/proc: Add Stat and Stat_t
So we can extract more than the start time with a single read.

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-06-14 15:28:03 -07:00
Michael Crosby c995ee407b Merge pull request #1388 from avagin/travis
travis: set go_import_path to github.com/opencontainers/runc
2017-06-12 09:11:33 -07:00
Andrei Vagin 76d87976d9 tests: remove wait_for_container from checkpoint.bats
It isn't required there, all operations what are called are synchronous.

Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-06-10 02:50:45 +03:00
Andrei Vagin a541df7cb7 tests: redirect runc log message to stderr
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-06-10 02:50:45 +03:00
Andrei Vagin ff0521f8e8 travis: set go_import_path to github.com/opencontainers/runc
If someone forks runc and wants to check changes in travis, he will find
that the command 'make BUILDTAGS="${BUILDTAGS}"' fails, because
github.com/opencontainers/runc/ is used in many places to import
packages (e.g. libcontainer).

Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-06-10 01:15:51 +03:00
Tobias Klauser cfe87fe3e2 Use keyctl wrappers from x/sys/unix
Use KeyctlJoinSessionKeyring, KeyctlString and KeyctlSetperm from
golang.org/x/sys/unix instead of manually reimplementing them.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-09 15:55:18 +02:00
Kang Liang a341724c95 update READ.me for new struct configs.Config.Capabilities
Signed-off-by: Kang Liang <kangliang424@gmail.com>
2017-06-09 18:47:05 +08:00
W. Trevor King 830c0d70df libcontainer/console_linux.go: Make SaneTerminal public
And use it only in local tooling that is forwarding the pseudoterminal
master.  That way runC no longer has an opinion on the onlcr setting
for folks who are creating a terminal and detaching.  They'll use
--console-socket and can setup the pseudoterminal however they like
without runC having an opinion.  With this commit, the only cases
where runC still has applies SaneTerminal is when *it* is the process
consuming the master descriptor.

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-06-07 21:32:41 -07:00
Aleksa Sarai ea35825a63
merge branch 'pr-1478'
LGTMs: @cyphar @crosbymichael
Closes #1478
2017-06-08 03:26:25 +10:00
Tobias Klauser 553016d7da Use Prctl() from x/sys/unix instead of own wrapper
Use unix.Prctl() instead of reimplemnting it as system.Prctl().

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-07 15:03:15 +02:00
Mrunal Patel 9d6821d1b5 Merge pull request #1473 from crosbymichael/update-spec
Update spec to 239c4e44f2
2017-06-06 10:26:07 -07:00
Aleksa Sarai 3723495972
merge branch 'pr-1474'
LGTMs: @cyphar @crosbymichael
Closes #1474
2017-06-04 04:30:37 +10:00
Vladimir Stefanovic d01050e6d4 Add support for mips/mips64
Signed-off-by: Vladimir Stefanovic <vladimir.stefanovic@imgtec.com>
2017-06-02 22:30:00 +02:00
Vladimir Stefanovic 9916b7918d Put signalMap in a separate file, so it may be arch-specific
Some architectures don't have all the signals listed.
(Those architectures are mips and mips64, which don't have SIGSTKFLT
and SIGUNUSED. The next commit defines the map for mips and mips64.)

Signed-off-by: Vladimir Stefanovic <vladimir.stefanovic@imgtec.com>
2017-06-02 22:29:24 +02:00
Tobias Klauser 306b4980f7 Use NLA_* constants from x/sys/unix instead of syscall
Use the NLA_ALIGNTO and NLA_HDRLEN constants from x/sys/unix instead of
syscall, as the syscall package shouldn't be used anymore (except for a
few exceptions).

This also makes the syscall_NLA_HDRLEN workaround for gccgo unnecessary.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02 10:42:11 +02:00
W. Trevor King 4f81337e95 libcontainer/specconv/spec_linux: Add support for (no)lazytime
And also silent, loud, (no)iversion, and (no)acl.  This is part of
catching runC up with the spec, which punts valid options to mount(8)
[1,2].

(no)acl is a filesystem-specific entry in mount(8), but it's
represented by a MS_* flag in mount(2) so we need an entry in the
translation table.

[1]: https://github.com/opencontainers/runtime-spec/blame/v1.0.0-rc5/config.md#L68
[2]: https://github.com/opencontainers/runtime-spec/pull/771

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-06-01 20:43:35 -07:00
Michael Crosby 18f336d23b Merge pull request #1470 from tklauser/x-sys-unix-symlink-xattrs
Use symlink xattr functions from x/sys/unix
2017-06-01 18:14:19 -07:00
Michael Crosby 854b41d81e Update spec to 239c4e44f2
This provides updates to runc for the spec changes with *Process and
OOMScoreAdj

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-01 16:29:47 -07:00
Tobias Klauser d8b5c1c810 Use symlink xattr functions from x/sys/unix
Use the symlink xattr syscall wrappers Lgetxattr, Llistxattr and
Lsetxattr from x/sys/unix (introduced in
golang/sys@b90f89a1e7) instead of
providing own wrappers. Leave the functionality of system.Lgetxattr
intact with respect to the retry with a larger buffer, but switch it to
use unix.Lgetxattr.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-31 13:50:34 +02:00
Daniel, Dao Quang Minh a6906d5a53 Merge pull request #1467 from tklauser/readme-syscall-to-unix
Switch examples in README.md from syscall to x/sys/unix
2017-05-30 17:19:07 +01:00
Tobias Klauser b5768387c6 Switch examples in README.md from syscall to x/sys/unix
Follow commit 3d7cb4293c ("Move libcontainer to x/sys/unix") and also
move the examples in README.md from syscall to x/sys/unix.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-30 14:50:59 +02:00
Tobias Klauser f0ae35b9e7 vendor: bump golang.org/x/sys to b90f89a1e7a9c1f6b918820b3daa7f08488c8594
Update golang.org/x/sys to get the Lgetxattr, Llistxattr, Lremovexattr
and Lsetxattr syscall wrappers. These will be used in a successive
commit to replace the wrappers in libcontainer/system/xattr_linux.go.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-30 09:23:16 +02:00
Michael Crosby cf630c6ae8 Merge pull request #1464 from wking/bump-sys-unix
vendor.conf: Bump golang.org/x/sys to a55a76086885b80f79961eacb876ebd8caf3868d
2017-05-29 18:53:53 -07:00
Michael Crosby 1b8e6ecefc Merge pull request #1452 from justincormack/make-flags
Allow specification of general Go build flags and ldflags
2017-05-26 16:37:29 -07:00
W. Trevor King 75ed93de16 vendor.conf: Bump golang.org/x/sys to a55a76086885b80f79961eacb876ebd8caf3868d
With:

  $ go get -u github.com/LK4D4/vndr
  $ sed -i 's/9a7256cb28ed514b4e1e5f68959914c4c28a92e0/a55a76086885b80f79961eacb876ebd8caf3868d/' vendor.conf
  $ vndr

I'm not sure why vndr is messing with github.com/golang/protobuf, but
I assume it knows what it's doing.

The x/sys bumps to master, but I need it for MS_LAZYTIME (added in
github.com/golang/sys@ea9bcade75, unix: generate all Linux go files
from source, 2017-03-08).

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-05-26 10:03:08 -07:00
Daniel, Dao Quang Minh 67bd2ab554 Merge pull request #1442 from clnperez/libcontainer-sys-unix
Move libcontainer to x/sys/unix
2017-05-26 12:18:33 +01:00
Qiang Huang d7c264aaf1 Merge pull request #1239 from moypray/cgroup
Fix setup cgroup before prestart hook
2017-05-26 09:22:49 +08:00
Michael Crosby 18cd7e06f7 Merge pull request #1372 from cloudfoundry-incubator/cpuset-mount-root
Handle container creation when cgroups have already been mounted in another location
2017-05-25 09:53:57 -07:00
Christy Perez 9ed7e9b176 shfmt'ing files
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
2017-05-24 16:43:08 -05:00
Christy Perez 187d2d85be Moving the rest of runc to x/sys/unix
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
2017-05-22 17:36:02 -05:00
Christy Perez 3d7cb4293c Move libcontainer to x/sys/unix
Since syscall is outdated and broken for some architectures,
use x/sys/unix instead.

There are still some dependencies on the syscall package that will
remain in syscall for the forseeable future:

Errno
Signal
SysProcAttr

Additionally:
- os still uses syscall, so it needs to be kept for anything
returning *os.ProcessState, such as process.Wait.

Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
2017-05-22 17:35:20 -05:00
Justin Cormack 7e3934a339 Allow specification of general Go build flags and ldflags
This is needed if you need to customise the build config for a given platform.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-05-19 11:24:03 +01:00
Wentao Zhang 09c1f5c055 Fix setup cgroup before prestart hook
* User Case:
User could use prestart hook to add block devices to container. so the
hook should have a way to set the permissions of the devices.

Just move cgroup config operation before prestart hook will work.

Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
2017-05-19 17:53:43 +08:00
Mrunal Patel 639454475c Merge pull request #1355 from avagin/cr-console
Dump and restore containers with external terminals
2017-05-18 11:22:52 -07:00
Michael Crosby 9a827e90d2 Merge pull request #1451 from runcom/force-delete-not-exists
Ignore error when force deleting a non-existing container
2017-05-18 09:44:26 -07:00
Antonio Murdaca d1a743674a
Ignore error when force deleting a non-existing container
This patch mimics the behavior of "rm -rf" so that if a container
doesn't exist and you force delete it, it won't error out.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-16 22:23:00 +02:00
Valentin Rothberg 77421139ab libcontainer/user: add supplementary groups only for non-numeric users
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
2017-05-16 13:54:27 +02:00
Michael Crosby c1287819af Merge pull request #1447 from justincormack/unix-linux
Clean up unix vs linux usage
2017-05-12 10:25:45 -07:00