jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,832 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

1832 Commits

Author SHA1 Message Date
Ma Shimiao d095c66ba6 cgroup: add freeze Set When calls systemd to Apply 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-05-15 10:39:04 +08:00
Ma Shimiao b88944f9e0 cgroups: add support for net_cls 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-05-15 08:44:40 +08:00
Victor Marmol 64c5e5193f Merge pull request #584 from Mashimiao/add-cgroup-subsystem-net_prio 
cgroup: add support for net_prio
 2015-05-14 12:54:45 -07:00
Victor Marmol acd866fbf1 Merge pull request #587 from Mashimiao/cpu-add-rt-throtting 
croup cpu: add support for realtime throttling
 2015-05-14 10:34:03 -07:00
Ma Shimiao 3a788dd7f3 croup cpu: add support for realtime throttling 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-05-14 20:46:39 +08:00
Ma Shimiao 0810bc868c cgroup: add support for net_prio 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-05-14 14:47:07 +08:00
Victor Marmol a37b2a4f15 Merge pull request #476 from hqhq/hq_dont_fail_subsystem 
don't fail when subsystem not mounted
 2015-05-11 09:29:59 -07:00
Mrunal Patel 2a94c82423 Merge pull request #576 from crosbymichael/revert-sysmounts 
Do not prevent mounts in /sys
 2015-05-08 11:02:15 -07:00
Michael Crosby 02e6427ecf Do not prevent mounts in /sys 
Mounts in /sys like /sys/fs/cgroup are valid and should be allowed at
the libcontainer level.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-08 10:47:51 -07:00
Mrunal Patel 3c659cb2ea Merge pull request #573 from LK4D4/update_gocap 
Update github.com/syndtr/gocapability to 66ef2aa
 2015-05-07 15:55:23 -07:00
Alexander Morozov 90f8aa670f Merge pull request #574 from crosbymichael/symlink-dev-secfix 
Security fixes for docker 1.6.1
 2015-05-07 14:48:17 -07:00
Michael Crosby 8ef205cd1c Update mnt command test path 
You cannot use an abs path inside the conatiner's rootfs.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-07 14:46:19 -07:00
Eric Windisch 364d8e1505 Disable all mounts in AppArmor profile 
Allowing mounts in containers is dangerous. Bugs in
mount namespaces or quirks of the container configuration
could allow for various breakouts.

By default, processes in containers will not be able to mount anyway,
rendering the allowances in the default AppArmor profile nearly
useless. Manually created sub-containers were able to mount, but
were yet restricted from performing most of the mounts flags indicated
in the profile.

Signed-off-by: Eric Windisch <eric@windisch.us>
 2015-05-07 14:38:44 -07:00
Michael Crosby 2323c4c48d Use filepath.Rel for subdirectory comparison 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-07 14:38:44 -07:00
Michael Crosby c08e43409d Move reopenDevNull until after rootfs jail 
We need to do this incase /dev/null is a symlink pointing somewhere
outside the container's rootfs.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-07 14:38:44 -07:00
Michael Crosby e3e7c47123 Prohibit bind mounts into / 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-07 14:38:44 -07:00
Michael Crosby 3c25c9b9cf Eval mount destination after each mount 
User specified mounts much be evaluated after each mount because
symlinks in nested mounts can invalidate the next mount.

Also check that any bind mounts are not inside /proc or /sys to ensure
that we are able to mask over certian paths inside.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-07 14:38:44 -07:00
Alexander Morozov 68edb28e5a Update github.com/syndtr/gocapability to 66ef2aa 
It adds List function which allows to get list of all supported caps

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-05-07 10:17:58 -07:00
Michael Crosby 08cf3beaf0 Merge pull request #572 from hqhq/hq_fix_spec 
some fixes for SPEC
 2015-05-06 11:00:51 -07:00
Mrunal Patel 654d44509d Merge pull request #570 from hqhq/hq_add_gitignore 
add vendor/pkg to gitignore
 2015-05-06 10:20:23 -07:00
Qiang Huang 8377168545 some fixes for SPEC 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-05-06 22:47:50 +08:00
Alexander Morozov f1d459dbbf Merge pull request #569 from hqhq/hq_change_logrus 
Replace aliased imports of logrus
 2015-05-06 07:45:40 -07:00
Qiang Huang 280dd66d0c add vendor/pkg to gitignore 
It's auto generated by go install, we should ignore them.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-05-06 21:38:32 +08:00
Qiang Huang e5a7aad7eb Replace aliased imports of logrus 
Docker already did this: https://github.com/docker/docker/issues/11762
libcontainer should also do it.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-05-06 21:14:04 +08:00
Mrunal Patel a1fe3f1c7a Merge pull request #560 from avagin/integration 
integration: don't create a factory for each test case
 2015-05-05 09:37:03 -07:00
Andrey Vagin 78f816d190 integration: don't create factories for each test case 
We can do this only once.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-05-05 01:12:47 +03:00
Alexander Morozov 6607689b1d Merge pull request #566 from tianon/logrus-0.7.3 
Update logrus to 0.7.3
 2015-05-03 10:30:06 -07:00
Tianon Gravi d6a3a4e6c7 Update logrus to 0.7.3 
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
 2015-05-03 00:24:36 -06:00
Alexander Morozov 83f0c1e580 Merge pull request #561 from avagin/logrus 
Use logrus everywhere
 2015-05-01 09:30:17 -07:00
Andrey Vagin 08af005e6b Use logrus everywhere 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-05-01 18:41:28 +03:00
Michael Crosby 3e661186ba Merge pull request #535 from mrunalp/sys_props 
Adds support for setting system properties.
 2015-04-30 11:46:33 -07:00
Michael Crosby 0654f88d03 Merge pull request #558 from hqhq/hq_remove_unused_func 
remove unused functions
 2015-04-28 10:21:29 -07:00
sayuan 5fd23bc59e Set the seed when randMacAddr 
If the seed was not seted, all machines get the same MAC address.
Then technique like Open vSwitch won't work due to the same MAC address
of all machines.

Signed-off-by: Shiao-An Yuan <shiao.an.yuan@gmail.com>
 2015-04-28 10:58:38 +08:00
Qiang Huang 36633d3cb4 remove unused functions 
Seems no one is using them.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-04-28 09:20:32 +08:00
Michael Crosby d70569a238 Merge pull request #554 from estesp/namespace_linux_split 
Split namespace syscall content for building on non-Linux
 2015-04-27 17:47:19 -07:00
Michael Crosby ee61c35f8f Merge pull request #555 from avagin/cgroup 
cgroups/systemd: remove useless code
 2015-04-27 17:44:37 -07:00
Andrey Vagin 755bc77482 cgroups/systemd: remove useless code 
I think the remove code and devices.Set do the same things.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-04-28 00:00:24 +03:00
Alexander Morozov 984ec36fa1 Merge pull request #539 from Mashimiao/cgroups-add-support-for-blkio-throttle 
cgroups: add support blkio.throttle.read/write_*
 2015-04-27 10:34:45 -07:00
Phil Estes 7f1bcd5ebf Spit namespace syscall content for building on non-Linux 
libcontainer/configs is used by the docker user namespace proposed
patchset to use IDMap for uid/gid maps across the codebase.  Given the
client uses some of this code, it needs to build on non-Linux.  This
separates out the Linux-only syscalls using build tags.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
 2015-04-24 18:09:56 -04:00
Daniel, Dao Quang Minh 1c43532155 Merge pull request #553 from crosbymichael/cgroup-mount 
Add cgroup mount type for mounting container local cgroups
 2015-04-23 15:59:09 -07:00
Mrunal Patel 30f055602b Adds test for system properties. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-04-22 22:18:08 -04:00
Mrunal Patel 60d3a49f6e Adds functionality to set system properties. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-04-22 22:17:30 -04:00
Michael Crosby b806655f91 Merge pull request #492 from Mashimiao/cgroup-add-support-for-device-deny 
cgroups: add support of devices deny for another use of cgroup devices
 2015-04-22 18:43:22 -07:00
Mrunal Patel c32142a807 Merge pull request #550 from LK4D4/fix_panic 
Check for cmd.Process not-nilness in setnsProcess.terminate()
 2015-04-22 11:40:34 -07:00
Alexander Morozov d7aab179c1 Check for cmd.Process not-nilness in setnsProcess.terminate() 
We already doing this in initProcess

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-04-22 11:30:42 -07:00
Qiang Huang 27d3dd3df3 don't fail when subsystem not mounted 
We do this aim two goals:
 - don't fail when some subsystems are not mounted (devices cgroup
   is an exception because it will cause secirity issues).
 - fail hard instead of ignoring the error when a user specifies
   an option and we are unable to fulfill the request.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-04-22 10:18:22 +08:00
Michael Crosby 03bbb04f26 Implement mounting cgroups as readonly 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-20 12:21:11 -07:00
Mrunal Patel bada39cf31 Merge pull request #495 from rhatdan/tmpfs 
Add support for Premount and Postmount commands.
 2015-04-20 09:20:52 -07:00
Mrunal Patel d4cf37fee9 Merge pull request #546 from liubin/fixtypos 
fix some typos in source code comments
 2015-04-20 09:18:57 -07:00
bin liu 4a2ae107c8 fix some typos in source code comments 
Signed-off-by: bin liu <liubin0329@gmail.com>
 2015-04-20 02:35:51 +00:00