Commit Graph

28 Commits

Author SHA1 Message Date
Daniel, Dao Quang Minh 7d423cb7a1 setns: replace env with netlink for bootstrap data
replace passing of pid and console path via environment variable with passing
them with netlink message via an established pipe.

this change requires us to set _LIBCONTAINER_INITTYPE and
_LIBCONTAINER_INITPIPE as the env environment of the bootstrap process as we
only send the bootstrap data for setns process right now. When init and setns
bootstrap process are unified (i.e., init use nsexec instead of Go to clone new
process), we can remove _LIBCONTAINER_INITTYPE.

Note:
- we read nlmsghdr first before reading the content so we can get the total
  length of the payload and allocate buffer properly instead of allocating
  one large buffer.

- check read bytes vs the wanted number. It's an error if we failed to read
  the desired number of bytes from the pipe into the buffer.

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-12-03 18:03:48 +00:00
Daniel, Dao Quang Minh d914bf7347 setns: add bootstrap data
add bootstrap data to setns process. If we have any bootstrap data then copy it
to the bootstrap process (i.e. nsexec) using the sync pipe. This will allow us
to eventually replace environment variable usage with more structured data
to setup namespaces, write pid/gid map, setgroup etc.

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-11-22 11:36:58 +00:00
Michael Crosby 2be14dc963 Merge pull request #392 from mrunalp/poststart
Add poststart hooks
2015-11-12 16:34:38 -08:00
Michael Crosby 879dfdd980 Fix race setting process opts
When starting and quering for pids a container can start and exit before
this is set.  So set the opts after the process is started and while
libcontainer still has the container's process blocking on the pipe.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-11-06 16:51:59 -08:00
Mrunal Patel 452e8a73c5 Integrate poststart hooks with spec
* Call poststart hooks after the container is started
* Tie in with spec configuration

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-11-06 18:03:32 -05:00
John Howard a919bd3f67 Windows: Refactor Container interface
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-11-02 15:12:16 -08:00
Mrunal Patel 7caef5626b Merge pull request #359 from jhowardmsft/jjh/state_struct
Windows: Refactor state struct
2015-11-02 15:04:12 -08:00
John Howard fe1cce69b3 Windows: Refactor state struct
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-26 14:45:20 -07:00
Adrian Reber c42ef59bf9 Add criu related debug output
While testing different versions of criu it helps to know which
criu binary with which options is currently used. Therefore additional
debug output to display these information is added.

v2: increase readability of printed out criu options

Signed-off-by: Adrian Reber <adrian@lisas.de>
2015-10-13 10:41:00 +02:00
Hui Kang 25da513c4b Add option to support criu manage cgroups mode for dump and restore
CRIU supports cgroup-manage mode from v1.7

Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
2015-10-11 04:42:54 +00:00
Mrunal Patel dcafe48737 Add version to HookState to make it json-compatible with spec State
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-09-23 17:13:00 -07:00
Mrunal Patel ef9471fd5b Merge pull request #253 from avagin/cr-cgroups
c/r: create cgroups to restore a container
2015-09-11 18:03:40 -07:00
David Calavera 0f28592b35 Turn hook pointers into values.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-09-11 11:34:34 -07:00
Michael Crosby dd969cbacd Add test for function based hooks
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-09-10 18:15:00 -07:00
Michael Crosby 05567f2c94 Implement hooks in libcontainer
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-09-10 17:57:31 -07:00
Andrey Vagin df39686c93 c/r: create cgroups to restore a container
Here are two reasons:
* If we use systemd, we need to ask it to create cgroups
* If a container is restored with another ID, we need to
  change paths to cgroups.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-09-10 21:00:27 +03:00
Mrunal Patel 2f4c229a8c Merge pull request #215 from boucher/huikang-patch
Add hooks for passing explicit veth pairs for forwarding to CRIU
2015-08-24 21:23:29 -07:00
Hui Kang 7f23085c82 Add hooks for passing explicit veth pairs for forwarding to CRIU.
Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
2015-08-24 09:26:39 -07:00
boucher 8c812d0f50 Add the criu log file path to the failure message.
Signed-off-by: Ross Boucher <rboucher@gmail.com>
2015-08-21 14:20:59 -07:00
Mrunal Patel f3a3025933 Fix minor stylistic issues
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-04 17:44:45 -04:00
Michael Crosby a5ef75b681 Add signal API to Container interface
This adds a `Signal()` method to the container interface so that the
initial process can be signaled after a Load or operation.  It also
implements signaling the init process from a nonChildProcess.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-03 17:07:29 -07:00
Ido Yariv 86a85582d2 Don't set /proc/<PID>/setgroups to deny in Go1.5
A boolean field named GidMappingsEnableSetgroups was added to
SysProcAttr in Go1.5. This field determines the value of the process's
setgroups proc entry.

Since the default is to set the entry to 'deny', calling setgroups will
fail on systems running kernels 3.19+.

Set GidMappingsEnableSetgroups to true so setgroups wont be set to
'deny'.

Signed-off-by: Ido Yariv <ido@wizery.com>
2015-08-03 14:59:15 -04:00
Hui Kang 0f66ff921a Add debug message when unable to execute criu
Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
2015-08-03 17:09:45 +00:00
Andrey Vagin af4a5e708a ct: give criu informations about cgroup mounts
Actually cgroup mounts are bind-mounts, so they should be
handled by the same way.

Reported-by: Ross Boucher <rboucher@gmail.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-07-20 22:56:07 +03:00
mapk0y 986dc0f730 checkpoint/restore commands support 'file-locks' option.
Signed-off-by: mapk0y <mapk0y@gmail.com>
2015-06-27 18:56:24 +09:00
unclejack 9408c09d50 libcontainer: gofmt pass 2015-06-24 01:57:42 +03:00
Michael Crosby 080df7ab88 Update import paths for new repository
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:59 -07:00
Michael Crosby 8f97d39dd2 Move libcontainer into subdirectory
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:15 -07:00