jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
539 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

84 Commits

Author SHA1 Message Date
Michael Crosby 6e979d36f4 Add stderr log ouput if in debug 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-14 09:55:05 -07:00
Michael Crosby 7698e6bbc8 Add initial logging to libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-14 09:55:05 -07:00
Alexander Larsson 9e71710125 Move all bind-mounts in the container inside the namespace 
This moves the bind mounts like /.dockerinit, /etc/hostname, volumes,
etc into the container namespace, by setting them up using lxc.

This is useful to avoid littering the global namespace with a lot of
mounts that are internal to each container and are not generally
needed on the outside. In particular, it seems that having a lot of
mounts is problematic wrt scaling to a lot of containers on systems
where the root filesystem is mounted --rshared.

Note that the "private" option is only supported by the native driver, as
lxc doesn't support setting this. This is not a huge problem, but it does
mean that some mounts are unnecessarily shared inside the container if you're
using the lxc driver.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-13 20:01:29 +01:00
Michael Crosby a5c632ddc8 Add env var to toggle pivot root or ms_move 
Use the  DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 19:30:52 -08:00
Michael Crosby d873da0f88 Ensure that native containers die with the parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:30:56 -08:00
Michael Crosby 52ce1be484 Remove the ghosts and kill everything 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 15:30:26 -08:00
Guillaume J. Charmes d5957adbc4 Use CGO for apparmor profile switch 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 11:10:58 -08:00
Michael Crosby 7c6c6a5a10 Some cleanup around logs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-05 13:50:49 -08:00
Guillaume J. Charmes c486dd90b5 Add AppArmor support to native driver + change pipe/dup logic 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 13:08:24 -08:00
Michael Crosby 8a606378da Factor out finalize namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 12:15:47 -08:00
Michael Crosby 43bff9344a Allow child process to live if daemon dies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-27 09:33:36 -08:00
Michael Crosby 595d116827 Make network a slice to support multiple types 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 14:20:41 -08:00
Michael Crosby 5828e8e171 Refactor and improve libcontainer and driver 
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 21:11:52 -08:00
Michael Crosby 3502e47953 Improve logging for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 18:38:36 -08:00
Michael Crosby 96f2efb04b Cgroups allow devices for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 15:47:23 -08:00
Michael Crosby 739da85557 Honor user passed on container in nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:52:56 -08:00
Michael Crosby 4d586e9b5a Add syncpipe for passing context 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:58:30 -08:00
Michael Crosby 07992e6521 Refactor network creation and initialization into strategies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:26:07 -08:00
Michael Crosby 782da799f8 Use lookup path for init 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:17:18 -08:00
Michael Crosby d8cbcf657f Add good logging support to both sides 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Michael Crosby cdd46116e7 Refactor the flag management for main 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Michael Crosby f3753e4bc0 Make nsinit a proper go pkg and add the main in another dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Guillaume J. Charmes d358a4498d Handle non-tty mode 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 25e0904677 Use a custom pipe instead of stdin for sync net namespace 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:16 -08:00
Michael Crosby 67cb164880 Change IP to address because it includes the subnet 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Alexander Larsson f65aba02b3 libcontainer: Initial version of cgroups support 
This is a minimal version of raw cgroup support for libcontainer.
It has only enough for what docker needs, and it has no support
for systemd yet.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-02-21 14:56:16 -08:00
Michael Crosby f57ec99edd Add comments to many functions 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby d236be61b0 Refactor to remove cmd from container 
Pass the container's command via args
Remove execin function and just look for an
existing nspid file to join the namespace
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby c0b6d4df15 Refactor large funcs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Guillaume J. Charmes 51b1a2c1c9 OSX compilation 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@dotcloud.com> (github: creack)
 2014-02-21 14:56:16 -08:00
Michael Crosby b992a5342f General cleanup of libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 0223967711 Add dynamic veth name 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby e2e4b2c007 Implement init veth creation 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby f8f0d4b68d Simplify namespaces with only nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00