jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,396 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

2396 Commits

Author SHA1 Message Date
Michael Crosby 2b0a53b9a4 Merge pull request #552 from cyphar/fix-cgroup-path 
libcontainer: cgroups: fs: fix innerPath
 2016-02-16 10:41:44 -08:00
Julian Friedman 5fbdf6c3fc Register signal handlers earlier to avoid zombies 
newSignalHandler needs to be called before the process is started, otherwise when
the process exits quickly the SIGCHLD is recieved (and ignored) before the
handler is set up. When this happens the reaper never runs, the
process becomes a zombie, and the exit code isn't returned to the user.

Signed-off-by: Julian Friedman <julz.friedman@uk.ibm.com>
 2016-02-16 18:38:54 +00:00
Alexander Morozov c6d18308b8 Merge pull request #526 from hqhq/hq_remove_procStart 
Remove procStart
 2016-02-16 09:12:04 -08:00
Mrunal Patel af400b90c3 Hook up the support to the OCI specification config 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2016-02-16 06:57:51 -08:00
Mrunal Patel 38b39645d9 Implement NoNewPrivileges support in libcontainer 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2016-02-16 06:57:50 -08:00
Mrunal Patel e898a30e34 Merge pull request #560 from chenchun/fix_valid_dest 
It's /proc/stat, not /proc/stats
 2016-02-16 17:44:14 +05:30
Mrunal Patel 61bfcfd82a Add libcontainer configuration for NoNewPrivileges 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2016-02-16 03:59:43 -08:00
Chun Chen 2ee9cbbd12 It's /proc/stat, not /proc/stats 
Also adds /proc/net/dev to the valid mount destination white list

Signed-off-by: Chun Chen <ramichen@tencent.com>
 2016-02-16 15:59:27 +08:00
rajasec b3661f4115 Removing tty0 tty1 from allowed devices 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-02-16 11:21:00 +05:30
rajasec 4cd31f63c5 Change softlink name to /dev/core 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-02-15 17:52:19 +05:30
Qiang Huang bda7742019 Cleanup systemd apply 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2016-02-15 15:56:59 +08:00
Qiang Huang 7b88f34d6e Remove unneeded cgroups path removal 
It's handled in `destroy()`, no need to do this in
`Apply()`. I found this because systemd cgroup didn't
do this removal and it works well.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2016-02-15 11:22:13 +08:00
rajasec 321b842404 panic during start of failed detached container 
Signed-off-by: rajasec <rajasec79@gmail.com>

Adding nil check before closing tty for restore operation

Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-02-14 19:11:09 +05:30
Aleksa Sarai 21dc85c4b8 libcontainer: cgroups: fs: add cgroup path safety unit tests 
In order to avoid problems with security regressions going unnoticed,
add some unit tests that should make sure security regressions in cgroup
path safety cause tests to fail in runC.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
 2016-02-14 00:37:21 +11:00
Aleksa Sarai b8dc5213e8 libcontainer: cgroups: fs: fix path safety 
Ensure that path safety is maintained, this essentially reapplies
c0cad6aa5e ("cgroups: fs: fix cgroup.Parent path sanitisation"), which
was accidentally removed in 256f3a8ebc ("Add support for CgroupsPath
field").

Signed-off-by: Aleksa Sarai <asarai@suse.com>
 2016-02-14 00:37:21 +11:00
Aleksa Sarai 90140a5688 libcontainer: cgroups: fs: fix innerPath 
Fix m.Path legacy code to actually work.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
 2016-02-14 00:37:21 +11:00
Michael Crosby 361f9b7921 Merge pull request #550 from rajasec/restoretty 
Adding tty closure for restore operation
 2016-02-11 10:27:58 -08:00
Aleksa Sarai 1f8711751e libcontainer: integration: fix flaky pids limit tests 
Because we are implemented in Go, the number of pids present in a
container is not very well-defined (other than it not being /much/
bigger than the limit you'd want to set). As a result, we need to make
the tests a bit less flaky in this regard.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
 2016-02-12 00:14:22 +11:00
Alexander Morozov 1a124e9c2d Merge pull request #549 from crosbymichael/tty-close 
Close tty on error before handler
 2016-02-10 14:11:47 -08:00
Michael Crosby 45675581c1 Close tty on error before handler 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-02-10 13:41:35 -08:00
Alexander Morozov 4678b01e64 Merge pull request #497 from mlaventure/cgroups-path 
Replace Cgroup Parent and Name fields by CgroupsPath
 2016-02-10 13:00:49 -08:00
Kenfe-Mickael Laventure 256f3a8ebc Add support for CgroupsPath field 
Fixes #396

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2016-02-10 11:26:51 -08:00
Michael Crosby 71db82baef Merge pull request #545 from rajasec/specupdateforpids 
Adding pids subsystem in SPEC.md
 2016-02-10 11:17:15 -08:00
Mrunal Patel 4d9d4866b5 Merge pull request #537 from duglin/ReorgContainer 
Create some util funcs that are common between start and exec
 2016-02-10 23:00:20 +05:30
rajasec a7ee55b716 Adding tty closure for restore operation 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-02-10 09:48:12 +05:30
Mrunal Patel bfd3345be9 Merge pull request #541 from crosbymichael/ids 
Require container id as arg1
 2016-02-10 08:14:36 +05:30
Mrunal Patel 025a84a2fb Merge pull request #542 from runcom/use-coreos-systemd 
*: use coreos/go-systemd/activation for socket activation
 2016-02-10 08:07:21 +05:30
Kenfe-Mickael Laventure dceeb0d0df Move pathClean to libcontainer/utils.CleanPath 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2016-02-09 16:21:58 -08:00
Antonio Murdaca 0dea09bce7 *: use coreos/go-systemd/activation for socket activation 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-02-09 23:44:09 +01:00
Michael Crosby 8eb1dcb916 Bump to version 0.0.8 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-02-09 11:35:55 -08:00
Michael Crosby a7278cad98 Require containerd id as arg 1 
Closes #532

This requires the container id to always be passed to all runc commands
as arg one on the cli.  This was the result of the last OCI meeting and
how operations work with the spec.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-02-09 11:20:55 -08:00
Alexander Morozov 8e8d01d38d Merge pull request #536 from crosbymichael/update-spec 
Update spec to v0.3.0
 2016-02-09 10:53:46 -08:00
Doug Davis ad26ef1afc Create some util funcs that are common between start and exec 
and it'll really help my start/create PR when I need to rebase  :-)

Signed-off-by: Doug Davis <dug@us.ibm.com>
 2016-02-09 10:22:44 -08:00
rajasec 241e66dbe7 Adding pids subsystem in SPEC.md 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-02-09 20:42:11 +05:30
Michael Crosby ee1aac06a0 Merge pull request #540 from rajasec/specupdate 
Fixing capabilities name in SPEC.md
 2016-02-08 13:15:46 -08:00
Michael Crosby 3baae2d525 Update runc for devices changes 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-02-08 13:15:12 -08:00
Michael Crosby fb3f69e097 Merge pull request #539 from rajasec/resume-usage 
Fixing usage in resume command
 2016-02-08 13:13:08 -08:00
rajasec f1cde33ed7 Fixing capabilities name in SPEC.md 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-02-07 21:57:28 +05:30
rajasec 7b24b9a826 Fixing usage in resume command 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-02-07 19:27:58 +05:30
Mike Brown c2c0458598 merges latest spec with runc 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2016-02-05 12:47:09 -08:00
Alexander Morozov 4f601205d4 Merge pull request #525 from crosbymichael/exec 
Load process.json for exec and add detach
 2016-02-05 12:37:56 -08:00
Michael Crosby fbc74c0eba Add detach and pid-file to restore 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-02-05 11:56:21 -08:00
Michael Crosby 92ab7309d5 Add detach to exec 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-02-05 11:53:45 -08:00
Michael Crosby e838be38d2 Add load process.json for exec command 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-02-05 11:53:45 -08:00
Michael Crosby 9c9f8eeb4b Merge pull request #488 from stefanberger/new_session_keyring 
Create a new session key for every container
 2016-02-05 10:48:26 -08:00
Michael Crosby 106e4777f7 Merge pull request #493 from rajasec/processops 
Added error string for process operations
 2016-02-05 10:44:33 -08:00
Stefan Berger ad22e23aee Create a new session key for every container 
Create a new session key ring '_ses' for every container. This avoids sharing
the key structure with the process that created the container and the
container inherits from.

This patch fixes it init and exec.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2016-02-04 22:05:50 -05:00
Michael Crosby 5fe15a53b6 Merge pull request #496 from LK4D4/remove_sscanf 
Remove usage of GetMounts from GetCgroupMounts
 2016-02-04 14:55:41 -08:00
Michael Crosby 67cca27798 Merge pull request #529 from mlaventure/memory-limit-stat 
Add limit value to memory stats
 2016-02-04 11:21:35 -08:00
rajasec 298cd1b285 Added error string for process operations 
Signed-off-by: rajasec <rajasec79@gmail.com>

Changing the error code string name as per review comments

Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-02-04 11:54:50 +05:30