jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
421 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

50 Commits

Author SHA1 Message Date
Michael Crosby a980a961c1 Return error on shutdown call 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 14:18:39 -07:00
Michael Crosby bd7d1eb7b6 Fix parent type in sync pipe 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 14:08:49 -07:00
Michael Crosby e098c02ef7 Update tests for network state 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 14:06:26 -07:00
Michael Crosby 73ff1addf9 Fix cross compile with syscall 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 14:03:49 -07:00
Michael Crosby e7916505a3 Add unit test for sync pipe 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 14:03:49 -07:00
Michael Crosby eb9a561b18 Address review comments 
Ensure that the command is killed if we receive an error from the child
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 14:02:43 -07:00
Alexander Larsson ca9544522e Report child error better (and later) 
We use a unix domain socketpair instead of a pipe for the sync pipe,
which allows us to use two-way shutdown. After sending the
context we shut down the write side which lets the child know
it finished reading.

We then block on a read in the parent for the child closing the file
(ensuring we close our version of it too) to sync for when the child
is finished initializing. If the read is non-empty we assume this
is an error report and fail with an error. Otherwise we continue as
before.

This also means we're now calling back the start callback later,
meaning at that point its more likely to have succeeded, as well as
having consumed all the container resources (like volume mounts,
making it safe to e.g. unmount them when the start callback is
called).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-06-26 14:02:43 -07:00
Michael Crosby f975ff9159 Merge pull request #25 from vishh/network_stats 
Adding per container network stats
 2014-06-26 13:58:18 -07:00
Glyn Normington 29adc8c29f Improve nsinit usage instructions 
nsinit must be run as root.

Tidy up the README somewhat to clarify the distinction between
libcontainer and the nsinit CLI.

Fix some typos in other files.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-26 11:57:09 +01:00
Vishnu Kannan 98c2593cdc Refactores network Interface a bit to use NetworkState struct instead of a map for passing runtime information around. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 22:51:28 +00:00
Vishnu Kannan edf1e856a0 RuntimeCkpt is now State and the checkpoint file is called state.json. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 21:29:04 +00:00
Vishnu Kannan 481552c02b Created a global runtime checkpoint for libcontainer. Got rid of the network specific runtime checkpoint. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 19:20:07 +00:00
Vishnu Kannan 9253412ee1 1. Added a basic version of network stats inside network package. 
2. Introducing a new checkpoint file 'network.stats' which will contain the network runtime information (veth interface names for now).
3. Adding network stats to 'nsinit stats'.
4. Added a libcontainer Stats API to get both network and cgroup stats

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 19:19:10 +00:00
Michael Crosby 5bb250143e Rename to InitPid 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:42:08 -07:00
Michael Crosby 77dcaac129 Update code based on review comments 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:36:54 -07:00
Michael Crosby 81e5a3f7a7 Replace pid and started file with State type 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:36:54 -07:00
Michael Crosby 5c86dd962f Remove generic context and replace with fields 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-24 17:31:03 -07:00
Victor Marmol 60b381e600 Rename Container -> Config. 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-23 17:08:15 -07:00
Michael Crosby d2c7999a57 Fix cross compile for network and node pkgs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-23 16:23:51 -07:00
Michael Crosby 0023305afc Make MountConfig on container a pointer 
Also add unit test for container json files to ensure that the mount
config is read and device nodes are validated.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-23 15:33:30 -07:00
Vishnu Kannan 952b884882 Use internal types in the API instead of duplicating the types. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-23 21:11:01 +00:00
Vishnu Kannan ad5286acd9 Addressed more comments. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-23 20:40:37 +00:00
Vishnu Kannan ece2d83558 Added DropCapabilities() and DropBoundingSet() API to libcontainer. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-23 18:36:38 +00:00
Vishnu Kannan 4c55db7d58 Rename MountSpec to MountConfig. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-23 18:09:36 +00:00
Vishnu Kannan b50266335e Updated libcontainer subpackage dependencies. Most subpackages now do not depend on their parent ('libcontainer') package. 'namespaces' and 'nsinit' still do. 
'namespaces' need to refactored a bit more to move the API part of it to 'libcontainer' package and keep the namespace specific code inside that package.
This change is not expected to break docker.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-20 22:52:43 +00:00
Michael Crosby 2c29550226 Merge pull request #27 from mrunalp/dev/nsenter_flags 
Add option parsing to nsenter and enable specifying commands with arguments
 2014-06-18 14:05:44 -07:00
Mrunal Patel 88acda82d9 Add option parsing to nsenter and enable specifying commands with arguments. 
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2014-06-18 14:29:40 -04:00
Michael Crosby e00eadd77d Merge pull request #17 from alexlarsson/fix-close-race 
Fix invalid fd race
 2014-06-16 13:29:17 -07:00
Victor Marmol 4145356abe Merge pull request #21 from mrunalp/use_path_max 
Use PATH_MAX as buffer size for buffers containing paths.
 2014-06-16 11:06:28 -07:00
Mrunal Patel 014bb3f18f Use PATH_MAX as buffer size for buffers containing paths. 
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2014-06-16 10:48:25 -07:00
Alexander Larsson f6028219a5 Fix invalid fd race 
Sometimes I was getting:

2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor

This happens when applying the capabilities, and the code that
reads the current caps opens /proc/1/status and then reads some data from it.
But during this it gets a EBADFD error.

The problem is that FinalizeNamespace() closes all FDs before applying
the caps, and if a GC then happens after /proc/1/status is opened but
before reading from the fd, then an old os.File finalizer may close the
already closed-and-reused fd, wreaking havoc.

We fix this by instead of closing the FDs we mark them close-on-exec
which guarantees that they will be closed when we do the final
exec into the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-06-16 10:26:18 +02:00
Vincent Batts d7cbde80a1 nsenter: fixing the cpp order 
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
 2014-06-13 13:09:13 -04:00
Victor Marmol dae62af4d2 Merge pull request #12 from vbatts/vbatts-fix_setns_rhel6 
nsenter: fix setns() for rhel6 (glibc-2.12)
 2014-06-12 11:44:52 -07:00
Vincent Batts c43dd7b50d nsenter: fix setns() for rhel6 (glibc-2.12) 
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
 2014-06-12 13:25:52 -04:00
Michael Crosby 1a01d3be50 Add build flag for nsenter file 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-11 11:40:33 -07:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Michael Crosby bd92fe8a70 Gofmt imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-09 16:01:57 -07:00
Michael Crosby 3b1acc34fb Move libcontainer deps into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-09 15:52:12 -07:00
Michael Crosby 2b0cb56eb9 Exclude the user namespace for setns 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 18:03:17 -07:00
Michael Crosby 3e6f4b3d0b Move env load to nsenter 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 17:54:00 -07:00
Victor Marmol 944b4434a6 Adding initial version of C-based nsenter for allowing execin in 
libcontainer.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-05 00:44:13 +00:00
Michael Crosby ed7f4a0f6d Rename nsinit package to namespaces in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 15:47:57 -07:00
Michael Crosby f8f0d4b68d Simplify namespaces with only nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby 323939831f Use nsinit as app 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Guillaume J. Charmes 542982f993 Fix ptmx issue on libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:15 -08:00
Guillaume J. Charmes 7038f59689 Improve general quality of libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:15 -08:00
Michael Crosby 4c6b5ff1e0 Use nsinit for setting up namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby d2612d7018 WIP moving to nsini 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby c98df9e60a Make separate nsinit pkg for a dockerinit like init 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby 6415e8becc Initial commit of libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00