jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,922 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

241 Commits

Author SHA1 Message Date
Mrunal Patel 11f8fdca33 Merge pull request #430 from crosbymichael/pipes 
Move STDIO initialization to libcontainer.Process
 2015-12-11 14:30:42 -08:00
Alexander Morozov cb04f03854 Merge pull request #336 from hqhq/hq_parent_cgroup_systemd 
systemd: support cgroup parent with specified slice
 2015-12-11 10:13:47 -08:00
xlgao-zju ff29daafc0 fix minor typo 
Signed-off-by: xlgao-zju <xlgao@zju.edu.cn>
 2015-12-11 21:37:32 +08:00
Michael Crosby 29b139f702 Move STDIO initialization to libcontainer.Process 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-12-10 16:11:49 -08:00
Mrunal Patel 0267ad05b0 Merge pull request #340 from dqminh/replace-env-netlink 
nsexec: replace usage of environment variable with netlink message
 2015-12-09 14:21:45 -08:00
Michael Crosby 9c9aac5385 Export console New func 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-12-09 11:59:10 -08:00
Daniel, Dao Quang Minh 7d423cb7a1 setns: replace env with netlink for bootstrap data 
replace passing of pid and console path via environment variable with passing
them with netlink message via an established pipe.

this change requires us to set _LIBCONTAINER_INITTYPE and
_LIBCONTAINER_INITPIPE as the env environment of the bootstrap process as we
only send the bootstrap data for setns process right now. When init and setns
bootstrap process are unified (i.e., init use nsexec instead of Go to clone new
process), we can remove _LIBCONTAINER_INITTYPE.

Note:
- we read nlmsghdr first before reading the content so we can get the total
  length of the payload and allocate buffer properly instead of allocating
  one large buffer.

- check read bytes vs the wanted number. It's an error if we failed to read
  the desired number of bytes from the pipe into the buffer.

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
 2015-12-03 18:03:48 +00:00
Qiang Huang 7695a0ddb0 systemd: support cgroup parent with specified slice 
Pick up #119
Fixes: docker/docker#16681

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-12-02 23:57:02 -05:00
Mrunal Patel 3317785f56 Merge pull request #420 from runcom/cgroups-unsupported 
libcontainer: configs: create cgroup_unsupported.go in order to build on darwin as well
 2015-11-30 09:20:23 -08:00
Alexander Morozov decba54d78 Merge pull request #424 from runcom/fix-go-vet 
libcontainer: network_linux.go: fix go vet
 2015-11-30 09:06:41 -08:00
Antonio Murdaca 3029587085 libcontainer: network_linux.go: fix go vet 
This patch fixes the following go vet warnings:
```
libcontainer/network_linux.go:96: github.com/vishvananda/netlink.Device
composite literal uses unkeyed fields
libcontainer/network_linux.go:114: github.com/vishvananda/netlink.Device
composite literal uses unkeyed fields
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2015-11-30 12:31:18 +01:00
Rajasekaran 49ff2711e1 Fixing xattr test step issue 
Signed-off-by: Rajasekaran <rajasec79@gmail.com>
 2015-11-29 09:24:42 +05:30
Antonio Murdaca 112493115f libcontainer: configs: create cgroup_unsupported.go in order to build on darwin as well 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2015-11-27 10:28:29 +01:00
Daniel, Dao Quang Minh d914bf7347 setns: add bootstrap data 
add bootstrap data to setns process. If we have any bootstrap data then copy it
to the bootstrap process (i.e. nsexec) using the sync pipe. This will allow us
to eventually replace environment variable usage with more structured data
to setup namespaces, write pid/gid map, setgroup etc.

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
 2015-11-22 11:36:58 +00:00
rajasec 949d822675 Adding error conditions when apparmor disabled 
Signed-off-by: rajasec <rajasec79@gmail.com>

Add the changes to errors in lower case

Signed-off-by: rajasec <rajasec79@gmail.com>
 2015-11-22 13:14:18 +05:30
Antonio Murdaca 400e05fe5b libcontainer: configs: extend unsupported os 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2015-11-19 18:24:34 +01:00
Alexander Morozov 776791463d Merge pull request #357 from ashahab-altiscale/350-container-in-container 
Bind mount device nodes on EPERM
 2015-11-16 14:54:02 -08:00
Qiang Huang 96f0eefa1a Fix comment to be consistent with the code 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-11-16 19:16:27 +08:00
Abin Shahab 28c9d0252c Userns container in containers 
Enables launching userns containers by catching EPERM errors for writing
to devices cgroups, and for mknod invocations.

Signed-off-by: Abin Shahab <ashahab@altiscale.com>
 2015-11-15 14:42:35 -08:00
Alexander Morozov 48fdc50d09 Merge pull request #398 from crosbymichael/seccomp-trace 
Add seccomp trace support
 2015-11-13 10:54:18 -08:00
Alexander Morozov bda4ca2f8f Merge pull request #388 from hqhq/hq_cgroup_cleanups 
Some cgroup cleanups
 2015-11-13 09:06:18 -08:00
Michael Crosby caca840972 Add seccomp trace support 
Closes #347

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-11-12 17:03:53 -08:00
Michael Crosby 2be14dc963 Merge pull request #392 from mrunalp/poststart 
Add poststart hooks
 2015-11-12 16:34:38 -08:00
Michael Crosby 879dfdd980 Fix race setting process opts 
When starting and quering for pids a container can start and exit before
this is set.  So set the opts after the process is started and while
libcontainer still has the container's process blocking on the pipe.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-11-06 16:51:59 -08:00
Mrunal Patel 452e8a73c5 Integrate poststart hooks with spec 
* Call poststart hooks after the container is started
* Tie in with spec configuration

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-11-06 18:03:32 -05:00
Mrunal Patel bb2d3cd1be Add Poststart hook to libcontainer config 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-11-06 18:02:50 -05:00
Qiang Huang 209c8d9979 Add some comments about cgroup 
We fixed some bugs and introduced some code hard to be
understood, add some comments for them.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-11-05 19:12:53 +08:00
Qiang Huang 8c98ae27ac Refactor cgroupData 
The former cgroup entry is confusing, separate it to parent
and name.
Rename entry `c` to `config`.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-11-05 19:12:53 +08:00
Qiang Huang a263afaf6c Rename parent and data 
'parent' function is confusing with parent cgroup, it's actually
parent path, so rename it to parentPath.

The name 'data' is too common to be identified, rename it to cgroupData
which is exactly what it is.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-11-05 19:12:53 +08:00
John Howard a919bd3f67 Windows: Refactor Container interface 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-11-02 15:12:16 -08:00
Mrunal Patel c42a2952c4 Merge pull request #361 from jhowardmsft/jjh/criu_opts 
Windows: Factor down criu_opts
 2015-11-02 15:05:27 -08:00
Mrunal Patel 7caef5626b Merge pull request #359 from jhowardmsft/jjh/state_struct 
Windows: Refactor state struct
 2015-11-02 15:04:12 -08:00
Mrunal Patel cf73b32eeb Merge pull request #343 from hqhq/hq_unify_behavior_for_memory 
Unify behavior for memory cgroup
 2015-11-02 14:58:31 -08:00
Michael Crosby 26eb6a1bcd Merge pull request #377 from rhatdan/label 
Docker needs to know whether the user requested a relabel
 2015-11-02 14:55:27 -08:00
Doug Davis e5dc12a0c9 Add more context around some error cases 
Signed-off-by: Doug Davis <dug@us.ibm.com>
 2015-10-30 10:55:48 -07:00
Dan Walsh 69c3ea4e17 Docker needs to know whether the user requested a relabel 
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
 2015-10-28 15:44:38 -04:00
John Howard fe1cce69b3 Windows: Refactor state struct 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-10-26 14:45:20 -07:00
Mrunal Patel 6c36d666a1 Merge pull request #365 from jhowardmsft/jjh/devices 
Windows: Tidy libcontainer\devices
 2015-10-24 19:36:26 -07:00
Mrunal Patel 0d155ba0fb Merge pull request #362 from jhowardmsft/jjh/configs-cgroup 
Windows: Refactor configs/cgroup.go
 2015-10-24 19:34:54 -07:00
Mrunal Patel 6d85c27599 Merge pull request #364 from jhowardmsft/jjh/fs-build-tags 
Fixes build tags on cgroups\fs\*.go
 2015-10-24 19:33:52 -07:00
John Howard 37675129ba Windows: Tidy libcontainer\devices 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-10-23 13:50:24 -07:00
Alexander Morozov 34fe03fa8a Merge pull request #238 from adrianreber/master 
Add criu related debug output
 2015-10-23 13:44:03 -07:00
John Howard fb5a8febce Fixes build tags on cgroups\fs\*.go 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-10-23 13:41:10 -07:00
Mrunal Patel b741e3dc9d Merge pull request #337 from alban/alban/stdio 
libcontainer/SPEC.md: fix /dev/stdio symlinks
 2015-10-23 13:40:56 -07:00
John Howard 8690e9cc8c Windows: Refactor configs/cgroup.go 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-10-23 13:08:18 -07:00
John Howard 78351a8e3d Windows: Factor down criu_opts 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-10-23 12:58:59 -07:00
Mrunal Patel bed70ca579 Merge pull request #358 from rajasec/exit-typo 
Fixing typo in the comment for exit
 2015-10-23 11:12:17 -07:00
Alexander Morozov 97929bd6dd Merge pull request #335 from crosbymichael/cgroup-order 
Add name to cgroup subsystem and set order
 2015-10-23 10:38:29 -07:00
yangshukui e5ef8d239a Add the conversion of architectures for seccomp config 
Signed-off-by: yangshukui <yangshukui@huawei.com>
 2015-10-23 10:17:39 +08:00
rajasec 58e3cde8f3 Fixing typo in the comment for exit 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2015-10-22 19:08:03 +05:30