Commit Graph

356 Commits

Author SHA1 Message Date
Vish Kannan 0ebe104569 Merge pull request #2 from crosbymichael/fix-crosscompile
Fix cross compile for network and node pkgs
2014-06-23 16:27:14 -07:00
Michael Crosby d2c7999a57 Fix cross compile for network and node pkgs
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-23 16:23:51 -07:00
Vish Kannan 626420b6c4 Merge pull request #1 from crosbymichael/refactor-fixes
This fixes mount and networking
2014-06-23 15:55:08 -07:00
Michael Crosby 0023305afc Make MountConfig on container a pointer
Also add unit test for container json files to ensure that the mount
config is read and device nodes are validated.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-23 15:33:30 -07:00
Michael Crosby 1aff270a6c Fix veth json and tags
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-23 15:33:30 -07:00
Vishnu Kannan f216ad7b65 Use internal types in the API instead of duplicating the types.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 15:33:30 -07:00
Vishnu Kannan 952b884882 Use internal types in the API instead of duplicating the types.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 21:11:01 +00:00
Vishnu Kannan ad5286acd9 Addressed more comments.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 20:40:37 +00:00
Vishnu Kannan 561534244a Minor fixes.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 19:30:59 +00:00
Vishnu Kannan 0f14662b9c Remove 'Context' type from the libcontainer API. It will be a generic map with string key and value henceforth.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:54:26 +00:00
Vishnu Kannan c5f93a9a48 Reuse internal mount.Mount in the API.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:41:39 +00:00
Vishnu Kannan ece2d83558 Added DropCapabilities() and DropBoundingSet() API to libcontainer.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:36:38 +00:00
Vishnu Kannan 4c55db7d58 Rename MountSpec to MountConfig.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:09:36 +00:00
Vishnu Kannan b50266335e Updated libcontainer subpackage dependencies. Most subpackages now do not depend on their parent ('libcontainer') package. 'namespaces' and 'nsinit' still do.
'namespaces' need to refactored a bit more to move the API part of it to 'libcontainer' package and keep the namespace specific code inside that package.
This change is not expected to break docker.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-20 22:52:43 +00:00
Victor Marmol 902319a3b0 Merge pull request #40 from crosbymichael/api-readme
Update readme with API change explination
2014-06-20 14:50:23 -07:00
Michael Crosby 78a5a4285f Fix nit on wording
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 14:46:45 -07:00
Michael Crosby 3cea8e2be0 Fix typo in sample configs
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 14:42:19 -07:00
Michael Crosby e77dc4853a Update readme with API change explination
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 14:39:17 -07:00
Victor Marmol 2391c3dd8d Merge pull request #38 from crosbymichael/add-specs
Add sample config files
2014-06-20 11:31:57 -07:00
Michael Crosby 746bd3b8ab Fix unit test path
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 10:39:50 -07:00
Michael Crosby d28d8b67a9 Update main readme with new configs folder
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 10:01:25 -07:00
Michael Crosby 6bce7867b2 Add minimal sample configuration files for testing
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 10:00:17 -07:00
Victor Marmol 36663b1ee2 Merge pull request #37 from vmarmol/allow-not-found
Don't fail getting stats of unknown hierarchies.
2014-06-20 08:45:56 -07:00
Victor Marmol f9b158da02 Don't fail getting stats of unknown hierarchies.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-19 21:32:38 -07:00
Rohit Jnagal 17ce8d8519 Merge pull request #35 from vmarmol/fixes
Replacing docker-dev with libcontainer mailing list.
2014-06-19 10:04:47 -07:00
Victor Marmol 3acf21b60e Merge pull request #34 from bernerdschaefer/cgroup-stats-total-cpu-usage
CpuStats.CpuUsage includes TotalUsage
2014-06-19 09:25:19 -07:00
Victor Marmol 3505bd7d0e Replacing docker-dev with libcontainer mailing list.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-19 09:10:07 -07:00
Bernerd Schaefer cc266ed54c CpuStats.CpuUsage includes TotalUsage
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-06-19 15:43:12 +02:00
Michael Crosby 2c29550226 Merge pull request #27 from mrunalp/dev/nsenter_flags
Add option parsing to nsenter and enable specifying commands with arguments
2014-06-18 14:05:44 -07:00
Mrunal Patel 88acda82d9 Add option parsing to nsenter and enable specifying commands with arguments.
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-06-18 14:29:40 -04:00
Victor Marmol 87465294b6 Merge pull request #29 from vmarmol/fixes
Require two LGTMs for non-maintainer changes.
2014-06-18 10:55:28 -07:00
Victor Marmol fcce4884da Require two LGTMs for non-maintainer changes.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-18 10:22:33 -07:00
Victor Marmol da2edd6068 Merge pull request #32 from crosbymichael/update-travis
Update travis to run unit tests
2014-06-17 16:20:05 -07:00
Michael Crosby 619088c49f Update travis to run unit tests
Also fix container_tests.go
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-17 16:12:36 -07:00
Victor Marmol 077836d955 Merge pull request #31 from crosbymichael/update-sample-json
Update sample json file for quick testing
2014-06-17 16:02:49 -07:00
Michael Crosby 9da679b6bd Update sample json file for quick testing
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-17 15:49:40 -07:00
Michael Crosby 77ffd49dfe Merge pull request #30 from crosbymichael/revert-mount-cgroup
Revert "Mount cgroups in the container"
2014-06-17 12:00:07 -07:00
Michael Crosby c7d1cb2272 Revert "Mount cgroups in the container"
This reverts commit b441dfa729.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-17 11:41:40 -07:00
Victor Marmol 2a9ff02bee Merge pull request #24 from crosbymichael/is-not-exist-errors
Ignore isnotexist errors for restrict paths
2014-06-16 18:53:23 -07:00
Victor Marmol c4ec56a9ac Merge pull request #26 from crosbymichael/device-copy-links
Use lstat to check device symlinks
2014-06-16 17:42:34 -07:00
Michael Crosby bbb502c8db Use lstat to check device symlinks
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-16 14:51:02 -07:00
Michael Crosby e00eadd77d Merge pull request #17 from alexlarsson/fix-close-race
Fix invalid fd race
2014-06-16 13:29:17 -07:00
Michael Crosby 874953d781 Ignore isnotexist errors for restrict paths
Handle the error when remounting certain files and paths as readonly if
they do not exist.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-16 12:32:15 -07:00
Victor Marmol 4145356abe Merge pull request #21 from mrunalp/use_path_max
Use PATH_MAX as buffer size for buffers containing paths.
2014-06-16 11:06:28 -07:00
Mrunal Patel 014bb3f18f Use PATH_MAX as buffer size for buffers containing paths.
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-06-16 10:48:25 -07:00
Victor Marmol 3b5ae6c352 Merge pull request #15 from alexlarsson/mount-cgroup-in-container
Mount cgroup in container
2014-06-16 08:57:59 -07:00
Alexander Larsson b441dfa729 Mount cgroups in the container
We make a tmpfs on /sys/fs/cgroups, and here we mount read-only
versions of all the host cgroups. Additionally we make symlinks
for all merged subsystems.

For any "named" cgroup, such as "name=systemd" we also mount the
subset of the cgroup where the container lives as read-write. This
means that the container can create sub-cgroups inside the container
and move tasks into those, but it can never escape from its current
position in the cgroup hierarchy.

In particular, this allows systemd to mostly work in a non-privileged
container. The only problem currently is that PrivateTmp=true fails
because systemd is not allowed to mount a new /tmp.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 17:16:23 +02:00
Alexander Larsson e0e0da9e28 pkg/cgroups Add GetCgroupMounts() and GetAllSubsystems()
This lists all currently mounted cgroups and all supported cgroup
subsystems on the machine.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 17:16:10 +02:00
Alexander Larsson f6028219a5 Fix invalid fd race
Sometimes I was getting:

2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor

This happens when applying the capabilities, and the code that
reads the current caps opens /proc/1/status and then reads some data from it.
But during this it gets a EBADFD error.

The problem is that FinalizeNamespace() closes all FDs before applying
the caps, and if a GC then happens after /proc/1/status is opened but
before reading from the fd, then an old os.File finalizer may close the
already closed-and-reused fd, wreaking havoc.

We fix this by instead of closing the FDs we mark them close-on-exec
which guarantees that they will be closed when we do the final
exec into the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 10:26:18 +02:00
Victor Marmol 124aba2f15 Merge pull request #20 from vbatts/vbatts-cleanup_setns
nsenter: fixing the cpp order
2014-06-13 11:19:07 -07:00