Ma Shimiao
3a788dd7f3
croup cpu: add support for realtime throttling
...
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-05-14 20:46:39 +08:00
Victor Marmol
a37b2a4f15
Merge pull request #476 from hqhq/hq_dont_fail_subsystem
...
don't fail when subsystem not mounted
2015-05-11 09:29:59 -07:00
Mrunal Patel
2a94c82423
Merge pull request #576 from crosbymichael/revert-sysmounts
...
Do not prevent mounts in /sys
2015-05-08 11:02:15 -07:00
Michael Crosby
02e6427ecf
Do not prevent mounts in /sys
...
Mounts in /sys like /sys/fs/cgroup are valid and should be allowed at
the libcontainer level.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-08 10:47:51 -07:00
Mrunal Patel
3c659cb2ea
Merge pull request #573 from LK4D4/update_gocap
...
Update github.com/syndtr/gocapability to 66ef2aa
2015-05-07 15:55:23 -07:00
Alexander Morozov
90f8aa670f
Merge pull request #574 from crosbymichael/symlink-dev-secfix
...
Security fixes for docker 1.6.1
2015-05-07 14:48:17 -07:00
Michael Crosby
8ef205cd1c
Update mnt command test path
...
You cannot use an abs path inside the conatiner's rootfs.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:46:19 -07:00
Eric Windisch
364d8e1505
Disable all mounts in AppArmor profile
...
Allowing mounts in containers is dangerous. Bugs in
mount namespaces or quirks of the container configuration
could allow for various breakouts.
By default, processes in containers will not be able to mount anyway,
rendering the allowances in the default AppArmor profile nearly
useless. Manually created sub-containers were able to mount, but
were yet restricted from performing most of the mounts flags indicated
in the profile.
Signed-off-by: Eric Windisch <eric@windisch.us>
2015-05-07 14:38:44 -07:00
Michael Crosby
2323c4c48d
Use filepath.Rel for subdirectory comparison
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:38:44 -07:00
Michael Crosby
c08e43409d
Move reopenDevNull until after rootfs jail
...
We need to do this incase /dev/null is a symlink pointing somewhere
outside the container's rootfs.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:38:44 -07:00
Michael Crosby
e3e7c47123
Prohibit bind mounts into /
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:38:44 -07:00
Michael Crosby
3c25c9b9cf
Eval mount destination after each mount
...
User specified mounts much be evaluated after each mount because
symlinks in nested mounts can invalidate the next mount.
Also check that any bind mounts are not inside /proc or /sys to ensure
that we are able to mask over certian paths inside.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:38:44 -07:00
Alexander Morozov
68edb28e5a
Update github.com/syndtr/gocapability to 66ef2aa
...
It adds List function which allows to get list of all supported caps
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-05-07 10:17:58 -07:00
Michael Crosby
08cf3beaf0
Merge pull request #572 from hqhq/hq_fix_spec
...
some fixes for SPEC
2015-05-06 11:00:51 -07:00
Mrunal Patel
654d44509d
Merge pull request #570 from hqhq/hq_add_gitignore
...
add vendor/pkg to gitignore
2015-05-06 10:20:23 -07:00
Qiang Huang
8377168545
some fixes for SPEC
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-06 22:47:50 +08:00
Alexander Morozov
f1d459dbbf
Merge pull request #569 from hqhq/hq_change_logrus
...
Replace aliased imports of logrus
2015-05-06 07:45:40 -07:00
Qiang Huang
280dd66d0c
add vendor/pkg to gitignore
...
It's auto generated by go install, we should ignore them.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-06 21:38:32 +08:00
Qiang Huang
e5a7aad7eb
Replace aliased imports of logrus
...
Docker already did this: https://github.com/docker/docker/issues/11762
libcontainer should also do it.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-06 21:14:04 +08:00
Mrunal Patel
a1fe3f1c7a
Merge pull request #560 from avagin/integration
...
integration: don't create a factory for each test case
2015-05-05 09:37:03 -07:00
Andrey Vagin
78f816d190
integration: don't create factories for each test case
...
We can do this only once.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-05-05 01:12:47 +03:00
Alexander Morozov
6607689b1d
Merge pull request #566 from tianon/logrus-0.7.3
...
Update logrus to 0.7.3
2015-05-03 10:30:06 -07:00
Tianon Gravi
d6a3a4e6c7
Update logrus to 0.7.3
...
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-03 00:24:36 -06:00
Alexander Morozov
83f0c1e580
Merge pull request #561 from avagin/logrus
...
Use logrus everywhere
2015-05-01 09:30:17 -07:00
Andrey Vagin
08af005e6b
Use logrus everywhere
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-05-01 18:41:28 +03:00
Michael Crosby
3e661186ba
Merge pull request #535 from mrunalp/sys_props
...
Adds support for setting system properties.
2015-04-30 11:46:33 -07:00
Michael Crosby
0654f88d03
Merge pull request #558 from hqhq/hq_remove_unused_func
...
remove unused functions
2015-04-28 10:21:29 -07:00
Qiang Huang
36633d3cb4
remove unused functions
...
Seems no one is using them.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-28 09:20:32 +08:00
Michael Crosby
d70569a238
Merge pull request #554 from estesp/namespace_linux_split
...
Split namespace syscall content for building on non-Linux
2015-04-27 17:47:19 -07:00
Michael Crosby
ee61c35f8f
Merge pull request #555 from avagin/cgroup
...
cgroups/systemd: remove useless code
2015-04-27 17:44:37 -07:00
Andrey Vagin
755bc77482
cgroups/systemd: remove useless code
...
I think the remove code and devices.Set do the same things.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-04-28 00:00:24 +03:00
Alexander Morozov
984ec36fa1
Merge pull request #539 from Mashimiao/cgroups-add-support-for-blkio-throttle
...
cgroups: add support blkio.throttle.read/write_*
2015-04-27 10:34:45 -07:00
Phil Estes
7f1bcd5ebf
Spit namespace syscall content for building on non-Linux
...
libcontainer/configs is used by the docker user namespace proposed
patchset to use IDMap for uid/gid maps across the codebase. Given the
client uses some of this code, it needs to build on non-Linux. This
separates out the Linux-only syscalls using build tags.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-04-24 18:09:56 -04:00
Daniel, Dao Quang Minh
1c43532155
Merge pull request #553 from crosbymichael/cgroup-mount
...
Add cgroup mount type for mounting container local cgroups
2015-04-23 15:59:09 -07:00
Mrunal Patel
30f055602b
Adds test for system properties.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-04-22 22:18:08 -04:00
Mrunal Patel
60d3a49f6e
Adds functionality to set system properties.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-04-22 22:17:30 -04:00
Michael Crosby
b806655f91
Merge pull request #492 from Mashimiao/cgroup-add-support-for-device-deny
...
cgroups: add support of devices deny for another use of cgroup devices
2015-04-22 18:43:22 -07:00
Mrunal Patel
c32142a807
Merge pull request #550 from LK4D4/fix_panic
...
Check for cmd.Process not-nilness in setnsProcess.terminate()
2015-04-22 11:40:34 -07:00
Alexander Morozov
d7aab179c1
Check for cmd.Process not-nilness in setnsProcess.terminate()
...
We already doing this in initProcess
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-04-22 11:30:42 -07:00
Qiang Huang
27d3dd3df3
don't fail when subsystem not mounted
...
We do this aim two goals:
- don't fail when some subsystems are not mounted (devices cgroup
is an exception because it will cause secirity issues).
- fail hard instead of ignoring the error when a user specifies
an option and we are unable to fulfill the request.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-22 10:18:22 +08:00
Michael Crosby
03bbb04f26
Implement mounting cgroups as readonly
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-04-20 12:21:11 -07:00
Mrunal Patel
bada39cf31
Merge pull request #495 from rhatdan/tmpfs
...
Add support for Premount and Postmount commands.
2015-04-20 09:20:52 -07:00
Mrunal Patel
d4cf37fee9
Merge pull request #546 from liubin/fixtypos
...
fix some typos in source code comments
2015-04-20 09:18:57 -07:00
bin liu
4a2ae107c8
fix some typos in source code comments
...
Signed-off-by: bin liu <liubin0329@gmail.com>
2015-04-20 02:35:51 +00:00
Michael Crosby
9dc17dc9b4
Merge pull request #537 from hqhq/hq_cleanup_cpushares_check
...
cleanup cpushares check
2015-04-17 14:32:07 -07:00
Michael Crosby
f2cf36412c
Merge pull request #538 from hqhq/hq_fix_freeze_test
...
fix freeze systemd test
2015-04-17 10:53:38 -07:00
Dan Walsh
dc480bc3ad
add integration test for premount/postmount hooks
...
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-04-17 08:28:17 -04:00
Ma Shimiao
59eb58b640
cgroups: add support blkio.throttle.read/write_*
...
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-04-17 16:03:42 +08:00
Qiang Huang
f010150f7d
fix freeze systemd test
...
Made a mistake before, freeze test doesn't use newContainer,
systemd test doesn't actually work.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-17 14:20:16 +08:00
Qiang Huang
62fccb3e1e
add test case for cpuShares check
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-17 13:51:37 +08:00