Commit Graph

3870 Commits

Author SHA1 Message Date
Akihiro Suda dd5eb3b9e3 make: validate C format
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-01-24 10:49:50 +09:00
Michael Crosby 9f9c96235c
Merge pull request #1698 from cloudfoundry-incubator/exec-fifo-race
Avoid race when opening exec fifo
2018-01-23 09:57:53 -05:00
Ed King 5c0af14bf8 Return from goroutine when it should terminate
Signed-off-by: Craig Furman <cfurman@pivotal.io>
2018-01-23 10:46:31 +00:00
Will Martin 8d3e6c9826 Avoid race when opening exec fifo
When starting a container with `runc start` or `runc run`, the stub
process (runc[2:INIT]) opens a fifo for writing. Its parent runc process
will open the same fifo for reading. In this way, they synchronize.

If the stub process exits at the wrong time, the parent runc process
will block forever.

This can happen when racing 2 runc operations against each other: `runc
run/start`, and `runc delete`. It could also happen for other reasons,
e.g. the kernel's OOM killer may select the stub process.

This commit resolves this race by racing the opening of the exec fifo
from the runc parent process against the stub process exiting. If the
stub process exits before we open the fifo, we return an error.

Another solution is to wait on the stub process. However, it seems it
would require more refactoring to avoid calling wait multiple times on
the same process, which is an error.

Signed-off-by: Craig Furman <cfurman@pivotal.io>
2018-01-22 17:03:02 +00:00
Taeung Song 862e491163
man: Fix manpages related to console
The commit 244c9fc ("*: console rewrite")
removed the --console option and the commit 7df64f8
("runc: implement --console-socket") create new option
--console-socket. However, the old --console option
still exists so fix it.

In addtion, add missing --preserve-fds option to
create and run manpages.

Signed-off-by: Taeung Song <treeze.taeung@gmail.com>
Signed-off-by: charsyam <charsyam@naver.com>
2018-01-17 17:37:12 +09:00
Mrunal Patel ab4a819167
Merge pull request #1687 from runcom/annotations-hooks
libcontainer: expose annotations in hooks
2018-01-12 12:11:04 -08:00
Antonio Murdaca cd1e7abee2
libcontainer: expose annotations in hooks
Annotations weren't passed to hooks. This patch fixes that by passing
annotations to stdin for hooks.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-01-11 16:54:01 +01:00
Michael Crosby 0aa69f2d6c
Merge pull request #1682 from BooleanCat/master
Pin version of gojsonschema in tests
2018-01-11 10:46:33 -05:00
Qiang Huang 96086e56f5
Merge pull request #1683 from vikaschoudhary16/runc-systemd-race
Fix race against systemd
2018-01-09 09:30:58 +08:00
vikaschoudhary16 d5b4a3eddb Fix race against systemd
- T0: runc triggers a systemd unit creation asynchronously from [here](https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/systemd/apply_systemd.go#L298)
- T1: runc then moves ahead and starts creating cgroup paths(.scope directories), [here](https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/systemd/apply_systemd.go#L348). Kernel creates .scope directory and cgroup.procs file(along with other default files) in the directory automatically, in an atomic manner.
- T3: systemd execution thread which was invoked at time `T0`, is still in the process of unit creation. systemd also trying to create cgroup paths and deletes the `.scope` directory which is created at time `T1` by runc from [here](https://github.com/systemd/systemd/blob/v219/src/shared/cgroup-util.c#L1630) in the code

Signed-off-by: vikaschoudhary16 <choudharyvikas16@gmail.com>
2018-01-08 09:37:26 -05:00
Tom Godkin a1edc03c49 Pin version of gojsonschema in tests
Signed-off-by: Will Martin <wmartin@pivotal.io>
2018-01-04 15:11:45 +00:00
Mrunal Patel e6516b3d5d
Merge pull request #1678 from sboeuf/sboeuf/subreaper
libcontainer: Do not wait for signalled processes if subreaper is set
2017-12-15 08:47:07 -08:00
Michael Crosby 7f24b40cc5
Merge pull request #1675 from tklauser/apparmor-no-cgo
RFC: libcontainer: remove dependency on libapparmor
2017-12-15 11:23:35 -05:00
Tobias Klauser db093f621f libcontainer: remove dependency on libapparmor
libapparmor is integrated in libcontainer using cgo but is only used to
call a single function: aa_change_onexec. It turns out this function is
simple enough (writing a string to a file in /proc/<n>/attr/...) to be
re-implemented locally in libcontainer in plain Go.

This allows to drop the dependency on libapparmor and the corresponding
cgo integration.

Fixes #1674

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-12-15 09:59:58 +01:00
Sebastien Boeuf bb912eb00c libcontainer: Do not wait for signalled processes if subreaper is set
When a subreaper is enabled, it might expect to reap a process and
retrieve its exit code. That's the reason why this patch is giving
the possibility to define the usage of a subreaper as a consumer of
libcontainer. Relying on this information, libcontainer will not
wait for signalled processes in case a subreaper has been set.

Fixes #1677

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2017-12-14 10:37:38 -08:00
Mrunal Patel c6e4a1ebeb
Merge pull request #1665 from Mashimiao/gidmapping-valid-fix
specconv: avoid skipping gidmappings applied when uidmappings is empty
2017-12-11 09:50:54 -08:00
Mrunal Patel b028413c35
Merge pull request #1655 from Mashimiao/add-propagation-more
support unbindable,runbindable for rootfs propagation
2017-12-11 09:21:41 -08:00
Michael Crosby 0fdc908bf1
Merge pull request #1667 from allencloud/patch-2
Update criu_opts_linux.go
2017-12-11 09:37:01 -05:00
Michael Crosby bdee9adedc
Merge pull request #1669 from Mashimiao/stopped-checkpoint
stopped container can't be checkpoint
2017-12-10 21:39:13 -05:00
Ma Shimiao 5061fd3e6e stopped container can't be checkpoint
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-12-07 15:43:56 +08:00
Michael Crosby 1d3ab6d668
Merge pull request #1642 from lubinsz/master
enable integration test on arm64 platform
2017-12-05 09:26:41 -05:00
Allen Sun fec6b0fea5 Update criu_opts_linux.go
Signed-off-by: Allen Sun <shlallen1990@gmail.com>
2017-12-05 15:16:26 +08:00
Michael Crosby 91e9795013
Merge pull request #1654 from dqminh/only-linux
remove placeholder for non-linux platforms
2017-11-30 09:51:47 -05:00
Ma Shimiao 57edfbbaf2 specconv: avoid skipping gidmappings applied when uidmappings is empty
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-11-30 16:24:36 +08:00
Aleksa Sarai e8149af291
merge branch 'pr-1661'
Ensure container tests do not write on the host

LGTMs: @hqhq @cyphar
Closes #1661
2017-11-27 20:10:48 +11:00
Danail Branekov 0495fece57 Ensure container tests do not write on the host
TestGetContainerStateAfterUpdate creates its state.json file on the current
directory which turns out to be the host runc directory. Thus whenever
the test completes it leaves the state.json file behind thus
a) poluting the local git repository
b) changing the host file system violating the principle of doing
everything in an isolated container environment

This change would create a new temporary (in-container) directory and use it as
linuxContainer.root

Signed-off-by: Tom Godkin <tgodkin@pivotal.io>
2017-11-27 10:43:10 +02:00
Daniel Dao 93c5f70672 vendor: removed more build=ignore vendor
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-11-24 18:14:51 +00:00
Daniel Dao 8898b6b446 remove placeholder for non-linux platforms
runc currently only support Linux platform, and since we dont intend to expose
the support to other platform, removing all other platforms placeholder code.

`libcontainer/configs` still being used in
https://github.com/moby/moby/blob/master/daemon/daemon_windows.go so
keeping it for now.

After this, we probably should also rename files to drop linux suffices
if possible.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-11-24 18:14:51 +00:00
Daniel, Dao Quang Minh fb871d9cd0
Merge pull request #1664 from tklauser/drop-freebsd
libcontainer: drop FreeBSD support
2017-11-24 18:08:21 +00:00
Daniel, Dao Quang Minh 197a3f45d4
Merge pull request #1660 from masters-of-cats/remove-xattr-code
Delete xattr related code
2017-11-24 18:01:47 +00:00
Tobias Klauser 4d27f20db0 libcontainer: drop FreeBSD support
runc is not supported on FreeBSD, so remove all FreeBSD specific bits.

As suggested by @crosbymichael in #1653

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-11-24 14:51:05 +01:00
Danail Branekov 38d1e6ec27 Delete xattr related code
Selinux related code has been moved to the selinux package
(https://github.com/opencontainers/selinux) and therefore xattr related
code can be deleted from libcontainer

Signed-off-by: Danail Branekov <danailster@gmail.com>
2017-11-21 12:49:28 +02:00
Ma Shimiao 17db6560be support unbindable,runbindable for rootfs propagation
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-11-17 16:14:15 +08:00
Mrunal Patel fb6ec65b36
Merge pull request #1651 from sjenning/adjust-systemd-cpuquota
systemd: adjust CPUQuotaPerSecUSec to compensate for systemd internal handling
2017-11-16 09:00:23 -10:00
Seth Jennings bca53e7b49 systemd: adjust CPUQuotaPerSecUSec to compensate for systemd internal handling
Signed-off-by: Seth Jennings <sjenning@redhat.com>
2017-11-15 20:20:06 -06:00
Bin Lu 604dbfbe12 enable integration test on arm64 platform
Currently, integration test can't be done on arm64 platform due to several issues.
 Fix points:
 1, add busybox.tar with arm64 format
 2, add hello-world.tar with arm64 format

Signed-off-by: Bin Lu <bin.lu@arm.com>
2017-11-12 22:43:13 -08:00
Daniel, Dao Quang Minh b2567b37d7
Merge pull request #1644 from vdemeester/import-pkg-mount
Import docker/docker/pkg/mount into runc
2017-11-08 15:48:27 +00:00
Vincent Demeester 03ca562be1
Remove github.com/docker/docker from vendor
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-11-08 16:27:06 +01:00
Vincent Demeester 3ca4c78b1a
Import docker/docker/pkg/mount into runc
This will help get rid of docker/docker dependency in runc 👼

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-11-08 16:25:58 +01:00
Michael Crosby ababa2d2ce
Merge pull request #1645 from vdemeester/build-1.9
Add build 1.9 to travis
2017-11-08 10:07:43 -05:00
Michael Crosby 2f010ecf19
Merge pull request #1622 from vdemeester/import-symlink-from-docker
Remove pkg/symlink from docker/docker and use cyphar/filepath-securejoin
2017-11-08 10:07:00 -05:00
Vincent Demeester ab0a6dd295
Add build 1.9 to travis
`tip` should point to 1.10 already ? (or soon-ish)

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-11-08 15:42:59 +01:00
Daniel, Dao Quang Minh c4f49e2499
Merge pull request #1640 from jongwu/jongwu-armEnable-patch
enable unit test on arm64 platform
2017-11-06 17:14:52 +00:00
Michael Crosby cc0cd1ae64
Merge pull request #1641 from AkihiroSuda/proc-scsi
specconv.Example(): add /proc/scsi to masked paths
2017-11-06 09:41:10 -05:00
Akihiro Suda 0aac2368e4 specconv.Example(): add /proc/scsi to masked paths
Port over https://github.com/moby/moby/pull/35399

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-11-04 17:38:14 +00:00
Jianyong Wu dc609cc5d1 enable unit test on arm64 platform
Currently, unit test can't be done on arm64 platform
due to multi-arch issue.

Fix points:
golang:1.8.0 doesn't support arm64.
We use golang:1.8 to replace it.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2017-11-03 16:45:52 +08:00
Michael Crosby 0232e38342
Merge pull request #1629 from masters-of-cats/busybox-inflation
Avoid disk usage explosion when copying busybox
2017-11-01 09:15:22 -04:00
Danail Branekov fdbb9e3e55 Avoid disk usage explosion when copying busybox
When running runc tests with temp directory with size 500M copying
busybox without preserving hardlinks causes the folder to inflate to
roughly 330M. Copying busybox twice in certain tests causes the /tmp
directory to overfill. Using `-a` preserves links which busybox uses to
implement its choice of binary to run.

Signed-off-by: Tom Godkin <tgodkin@pivotal.io>
2017-11-01 09:52:05 +00:00
Vincent Demeester 594501475e
Use cyphar/filepath-securejoin instead of docker pkg/symlink
runc shouldn't depend on docker and be more self-contained.
Removing github.com/pkg/symlink dep is the first step to not depend on docker anymore

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-10-31 16:53:45 +01:00
Michael Crosby 8211e8a266
Merge pull request #1626 from fntlnz/specconv-test-hooks-seccomp
Specconv: Test create command hooks and seccomp setup
2017-10-31 09:26:04 -04:00