Commit Graph

2826 Commits

Author SHA1 Message Date
Mrunal Patel 52454cf908 Merge pull request #1052 from hqhq/fix_update_cpuset
Fix update cpuset on single processor box
2016-09-19 11:55:40 -07:00
Mrunal Patel 092e9fd731 Merge pull request #1055 from hqhq/upgrade_golang
Update golang to 1.7.1
2016-09-19 11:53:54 -07:00
Michael Crosby 4350d90043 Use same state object for state and list
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-19 09:18:24 -07:00
Wang Long d852210a7e remove duplicate test command on integration
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-09-19 11:18:38 +00:00
Qiang Huang da32c187bf Update golang to 1.7.1
Fixes: #1021

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-09-19 17:45:33 +08:00
Wang Long d66ac3d9bd enhance runc delete command
This patch enhance the `runc delete` command as following

1) when `runc delete` without one container-id

```
$ runc delete
runc: "delete" requires a minimum of 1 argument
```

2) we can delete more containers at one command

for example:

```
$ runc list
ID          PID         STATUS      BUNDLE         CREATED
a           8490        created     /mycontainer   2016-09-18T03:49:32.259760434Z
b           8520        running     /mycontainer   2016-09-18T03:49:36.999299944Z
c           8535        created     /mycontainer   2016-09-18T03:49:40.975277538Z
d           8549        created     /mycontainer   2016-09-18T03:49:42.675282602Z
e           8562        running     /mycontainer   2016-09-18T03:49:44.175400931Z
$ runc delete a b cc
cannot delete container b that is not stopped: running
container cc is not exist
$ runc list
ID          PID         STATUS      BUNDLE         CREATED
b           8520        running     /mycontainer   2016-09-18T03:49:36.999299944Z
c           8535        created     /mycontainer   2016-09-18T03:49:40.975277538Z
d           8549        created     /mycontainer   2016-09-18T03:49:42.675282602Z
e           8562        running     /mycontainer   2016-09-18T03:49:44.175400931Z
$ runc delete -f b c d e
$ runc list
ID          PID         STATUS      BUNDLE      CREATED
```

Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-09-18 11:59:55 +08:00
Qiang Huang 38e0df9ec6 Merge pull request #1046 from rhatdan/relabel
Fix error messages to give information of relabeling failed
2016-09-18 11:18:07 +08:00
Qiang Huang c5d33b1ac7 Fix update cpuset on single processor box
Fixes: #1050

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-09-18 10:44:46 +08:00
Shukui Yang d5dd8931c5 fix ps/exec command parameter error
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
2016-09-18 09:34:06 +08:00
Shukui Yang 1db7315287 update github.com/urfave/cli lib
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
2016-09-18 09:22:46 +08:00
Mrunal Patel 7ec24c513f Merge pull request #1023 from zhaoleidd/fix_check_config
Fix check config
2016-09-16 14:15:26 -07:00
Michael Crosby 8b4850b8cd Merge pull request #1045 from hqhq/recursive_generic_error
Allow recrusive generic error
2016-09-16 10:36:57 -07:00
Mrunal Patel f557996401 Add flag to allow getting all mounts for cgroups subsystems
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-15 15:19:27 -04:00
Dan Walsh d37c5be9ff Fix error messages to give information of relabeling failed
Currently if a user does a command like

docker: Error response from daemon: operation not supported.

With this fix they should see a much more informative error message.

 docker run -ti -v /proc:/proc:Z fedora sh
docker: Error response from daemon: SELinux Relabeling of /proc is not allowed: operation not supported.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-09-15 04:38:16 -04:00
Mrunal Patel b1e602e8ba Merge pull request #1039 from crosbymichael/list
Continue for list on errors
2016-09-14 15:10:50 -07:00
Michael Crosby 3ada88c9e7 Continue for list on errors
This will print out the error on stderr when loading a container but
still list everything that was sucessful.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-14 14:26:03 -07:00
Mrunal Patel d9ed595245 Merge pull request #1043 from rajasec/events-error
Removing fatal error from events in stopped state
2016-09-14 11:39:53 -07:00
Mrunal Patel 51c11a89f7 Merge pull request #1042 from datawolf/out-of-loop
move m.GetPaths out of the loop
2016-09-14 11:38:50 -07:00
Qiang Huang b2e811183b Allow recrusive generic error
Error sent from child process is already genericError, if
we don't allow recrusive generic error, we won't get any
cause infomation from parent process.

Before, we got:
WARN[0000] exit status 1
ERRO[0000] operation not permitted

After, we got:
WARN[0000] exit status 1
ERRO[0000] container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"operation not permitted\""

it's not pretty but useful for detecting root causes.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-09-14 15:55:46 +08:00
Mrunal Patel f516b5d082 Merge pull request #1022 from hqhq/add_privileged_for_dbuild
Add privileged to make dbuild
2016-09-13 10:07:10 -07:00
Wang Long fd92846686 move m.GetPaths out of the loop
only call m.GetPaths once is ok. os move it out of the loop.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-09-13 12:19:48 +00:00
Qiang Huang 710a660506 Merge pull request #1027 from rajasec/bash-completion-create
Adding bash completion for create and run
2016-09-13 16:27:00 +08:00
Qiang Huang 5be3ce2817 Merge pull request #1036 from athomason/1035-update-runtime-spec
Update runtime-spec to current upstream
2016-09-13 16:10:10 +08:00
Michael Crosby ce0553447b Merge pull request #1038 from keloyang/make-release-fix
Fix make release error
2016-09-12 14:04:51 -07:00
Michael Crosby 9a072b611e Merge pull request #1013 from hqhq/fix_ps_issue
Fix runc ps issue
2016-09-12 14:03:21 -07:00
Mrunal Patel 124187bea3 Merge pull request #1028 from YummyPeng/fix-typo
Fix typo.
2016-09-12 10:00:41 -07:00
Mrunal Patel 88c346e2bd Merge pull request #1033 from crosbymichael/classid
Change netclassid json tag
2016-09-12 10:00:19 -07:00
Michael Crosby ad400bb093 Change netclassid json tag
This allows older state files to be loaded without the unmarshal error
of the string to int conversion.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-12 09:31:58 -07:00
rajasec e56e7ce9ca Removing fatal error from events in stopped state
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-09-12 21:06:32 +05:30
Shukui Yang 8b151933ed Fix make release error:
/bin/sh: 1: Syntax error: "(" unexpected
make: *** [release] Error 2
-SHELL ?= $(shell command -v bash 2>/dev/null)
+SHELL := $(shell command -v bash 2>/dev/null)

Signed-off-by: Shukui Yang <yangshukui@huawei.com>
2016-09-12 18:52:24 +08:00
Qiang Huang b5b6989e9a Fix runc pause and runc update
Fixes: #1034
Fixes: #1031

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-09-12 16:02:56 +08:00
Qiang Huang da7bac1c90 Fix runc ps issue
After #1009, we don't always set `cgroup.Paths`, so
`getCgroupPath()` will return wrong cgroup path because
it'll take current process's cgroup as the parent, which
would be wrong when we try to find the cgroup path in
`runc ps` and `runc kill`.

Fix it by using `m.GetPath()` to get the true cgroup
paths.

Reported-by: Yang Shukui <yangshukui@huawei.com>
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-09-12 15:41:16 +08:00
Adam Thomason 98727fbb63 Update spec config path
Tracks schema/schema.json → schema/config-schema.json rename in
59ede1a6ac

Signed-off-by: Adam Thomason <ad@mthomason.net>
2016-09-11 16:48:12 -07:00
Adam Thomason 83cbdbd64c Add checks for nil spec.Linux
Signed-off-by: Adam Thomason <ad@mthomason.net>
2016-09-11 16:31:34 -07:00
Adam Thomason fcbde0ce9f Update runtime-spec to current upstream
runc currently fails to build against the upstream version of
runtime-spec/specs-go.

```
# github.com/opencontainers/runc
./spec.go:189: cannot use specs.Linux literal (type specs.Linux) as type *specs.Linux in field value
```

on account of 63231576ec (diff-7f24d60f0cbb9c433e165467e3d34838R25)

This commit updates the dependency to current runtime-spec master and
fixes the type mismatch.

Fixes #1035

Signed-off-by: Adam Thomason <ad@mthomason.net>
2016-09-11 15:17:14 -07:00
Aleksa Sarai 37f1747aec
Merge branch 'pr-914'
Closes #914
2016-09-10 17:24:16 +10:00
Yuanhong Peng a71a301a28 Fix typo.
Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
2016-09-09 16:18:54 +08:00
rajasec 04f1a4cc98 Adding bash completion for create and run
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-09-08 12:14:42 +05:30
Qiang Huang 99c683a84f Merge pull request #1026 from rajasec/runc-readme
Typo in README.md
2016-09-08 09:50:27 +08:00
Daniel, Dao Quang Minh da202fe232 Merge pull request #1019 from keloyang/remote-by
remove redundant by in annotation(nsexec.c)
2016-09-07 22:01:19 +01:00
Mrunal Patel c6b3e79d30 Merge pull request #1017 from WeiZhang555/version-dirty
Append string "-dirty" to version if git repo is unclean
2016-09-07 12:24:19 -07:00
Mrunal Patel 564866303f Merge pull request #1024 from WeiZhang555/tiny-refactor
Tiny refactor: remove unused local variables
2016-09-07 12:22:37 -07:00
Zhang Wei 7303a9a720 Tiny refactor: remove unused local variables
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-09-06 23:41:40 +08:00
rajasec c4ffabc033 Typo in README.md
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-09-06 20:24:25 +05:30
Zhao Lei a9ec7c631c [check-config] No warning in blank argument
If user run current script whthout argument, the script will search
config in default dir list, but output following message:
 | # script/check-config.sh
 | warning: /proc/config.gz seems not a kernel config, searching other paths for kernel config ...
            ^^^^^^^^^^^^^^^
 | info: reading kernel config from /boot/config-4.7.0_HEAD_523d939ef98fd712632d93a5a2b588e477a7565e_ ...
 | ...

We can make output better by restruct the code struct:
1: Specify nothing
   Show info, and search default dir
2: Specify a config file
   Use it directly
3: Specify a wrong config file
   Show warning, and search default dir
4: Specify a dir
   Info, and search specified dir

Test:
 | # script/check-config.sh
 | info: no config specified, searching for kernel config ...
 | info: reading kernel config from /boot/config-4.7.0_HEAD_523d939ef98fd712632d93a5a2b588e477a7565e_ ...
 |
 | # script/check-config.sh /linux/.config
 | info: reading kernel config from /linux/.config ...
 |
 | # script/check-config.sh /linux/.configgg
 | warning: /linux/.configgg seems not a kernel config, searching other paths for kernel config ...
 | info: reading kernel config from /boot/config-4.7.0_HEAD_523d939ef98fd712632d93a5a2b588e477a7565e_ ...
 |
 | # script/check-config.sh /linux
 | info: input is a directory, searching for kernel config in this directory...
 | info: reading kernel config from /linux/.config ...
 |

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
2016-09-06 16:29:43 +08:00
Zhao Lei 6683e16c03 [check-config] Search possible files in dir
If we give a dir as argument for check-config, it will treat the
dir as a config file, and grep config contents from the dir,
and get wrong result, as:
 | # script/check-config.sh /linux
 | info: reading kernel config from /linux ...
 |
 | Generally Necessary:
 | - cgroup hierarchy: properly mounted [/sys/fs/cgroup]
 | - CONFIG_NAMESPACES: missing
 | - CONFIG_NET_NS: missing
 | - CONFIG_PID_NS: missing
 | - CONFIG_IPC_NS: missing
 | - CONFIG_UTS_NS: missing
 | - CONFIG_CGROUPS: missing
 | - CONFIG_CGROUP_CPUACCT: missing
 | - CONFIG_CGROUP_DEVICE: missing
 | - CONFIG_CGROUP_FREEZER: missing
 | - CONFIG_CGROUP_SCHED: missing
 | ...

We can search possible config files in the dir,
after patch:
 | # script/check-config.sh /linux
 | warning: /linux seems not a kernel config, searching other paths for kernel config ...
 | info: reading kernel config from /linux/.config ...
 |
 | Generally Necessary:
 | - cgroup hierarchy: properly mounted [/sys/fs/cgroup]
 | - CONFIG_NAMESPACES: enabled
 | - CONFIG_NET_NS: enabled
 | - CONFIG_PID_NS: enabled
 | - CONFIG_IPC_NS: enabled
 | - CONFIG_UTS_NS: enabled
 | - CONFIG_CGROUPS: enabled
 | - CONFIG_CGROUP_CPUACCT: enabled
 | - CONFIG_CGROUP_DEVICE: enabled
 | - CONFIG_CGROUP_FREEZER: enabled
 | - CONFIG_CGROUP_SCHED: enabled
 | ...

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
2016-09-06 15:54:45 +08:00
Qiang Huang aeba315e44 Add privileged to make dbuild
So we don't get `mount: permission denied` when make dbuild.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-09-06 14:53:46 +08:00
Zhao Lei 54390f89a7 Introduce make release
So we can make all types of release binary with combination
of following flags:
 seccomp
 selinux
 apparmor
 static

All binary files are put in release/ dir, like:
 [root@zlosvm1 runc]# ls -l release
 total 53556
 -rwxr-xr-x 1 root root 9517965 Aug 24 16:59 runc
 -rwxr-xr-x 1 root root 9673533 Aug 24 17:00 runc.seccomp
 -rwxr-xr-x 1 root root 9705839 Aug 24 17:00 runc.seccomp.selinux
 -rwxr-xr-x 1 root root 9546175 Aug 24 16:59 runc.selinux
 -rwxr-xr-x 1 root root 8205015 Aug 24 16:59 runc.selinux.static
 -rwxr-xr-x 1 root root 8181789 Aug 24 16:59 runc.static
 ...
Closes #899

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
2016-09-06 11:22:34 +08:00
Qiang Huang 7b0b628a9b Merge pull request #1020 from forever043/fix-makefile-integration
Makefile: Fix wrong dependency of "integration" target
2016-09-06 09:05:28 +08:00
Jiuyue Ma 4bc8637393 Makefile: Fix wrong dependency of "integration" target
Change dependency of integration to runcimage.

Signed-off-by: Jiuyue Ma <majiuyue@huawei.com>
2016-09-06 08:38:32 +08:00