Commit Graph

57 Commits

Author SHA1 Message Date
Michael Crosby b56aa0658a Don't open slave in parent
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-15 18:24:15 -07:00
Michael Crosby d661720fd7 Remove terminal handling in libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-15 16:55:11 -07:00
Michael Crosby e9ec77ab34 Migrate selinux system xattr calls and prctl calls
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-14 16:55:49 -07:00
Michael Crosby a2dc64cf30 Add initial system pkg to libcontainer
Port over console and ptmx code into console package
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-14 16:46:51 -07:00
Michael Crosby 0ebcbde911 Remove unsupported file
This is no longer needed and is not properly built with the cross
compile scripts anyways.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-14 12:50:51 -07:00
Paul Morie ea6e255f45 Remove unused arg from namespaces.NsEnter
Docker-DCO-1.1-Signed-off-by: Paul Morie <pmorie@gmail.com> (github: pmorie)
2014-07-13 17:48:27 -04:00
Michael Crosby 422824c9d8 Move syncpipe into separate package
This moves the sync pipe into a separate package to help the changes
when moving the API around.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-11 11:06:00 -07:00
Michael Crosby a980a961c1 Return error on shutdown call
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-26 14:18:39 -07:00
Michael Crosby bd7d1eb7b6 Fix parent type in sync pipe
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-26 14:08:49 -07:00
Michael Crosby e098c02ef7 Update tests for network state
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-26 14:06:26 -07:00
Michael Crosby 73ff1addf9 Fix cross compile with syscall
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-26 14:03:49 -07:00
Michael Crosby e7916505a3 Add unit test for sync pipe
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-26 14:03:49 -07:00
Michael Crosby eb9a561b18 Address review comments
Ensure that the command is killed if we receive an error from the child
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-26 14:02:43 -07:00
Alexander Larsson ca9544522e Report child error better (and later)
We use a unix domain socketpair instead of a pipe for the sync pipe,
which allows us to use two-way shutdown. After sending the
context we shut down the write side which lets the child know
it finished reading.

We then block on a read in the parent for the child closing the file
(ensuring we close our version of it too) to sync for when the child
is finished initializing. If the read is non-empty we assume this
is an error report and fail with an error. Otherwise we continue as
before.

This also means we're now calling back the start callback later,
meaning at that point its more likely to have succeeded, as well as
having consumed all the container resources (like volume mounts,
making it safe to e.g. unmount them when the start callback is
called).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-26 14:02:43 -07:00
Michael Crosby f975ff9159 Merge pull request #25 from vishh/network_stats
Adding per container network stats
2014-06-26 13:58:18 -07:00
Glyn Normington 29adc8c29f Improve nsinit usage instructions
nsinit must be run as root.

Tidy up the README somewhat to clarify the distinction between
libcontainer and the nsinit CLI.

Fix some typos in other files.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-26 11:57:09 +01:00
Vishnu Kannan 98c2593cdc Refactores network Interface a bit to use NetworkState struct instead of a map for passing runtime information around.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-25 22:51:28 +00:00
Vishnu Kannan edf1e856a0 RuntimeCkpt is now State and the checkpoint file is called state.json.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-25 21:29:04 +00:00
Vishnu Kannan 481552c02b Created a global runtime checkpoint for libcontainer. Got rid of the network specific runtime checkpoint.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-25 19:20:07 +00:00
Vishnu Kannan 9253412ee1 1. Added a basic version of network stats inside network package.
2. Introducing a new checkpoint file 'network.stats' which will contain the network runtime information (veth interface names for now).
3. Adding network stats to 'nsinit stats'.
4. Added a libcontainer Stats API to get both network and cgroup stats

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-25 19:19:10 +00:00
Michael Crosby 5bb250143e Rename to InitPid
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-25 11:42:08 -07:00
Michael Crosby 77dcaac129 Update code based on review comments
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-25 11:36:54 -07:00
Michael Crosby 81e5a3f7a7 Replace pid and started file with State type
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-25 11:36:54 -07:00
Michael Crosby 5c86dd962f Remove generic context and replace with fields
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-24 17:31:03 -07:00
Victor Marmol 60b381e600 Rename Container -> Config.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-23 17:08:15 -07:00
Michael Crosby d2c7999a57 Fix cross compile for network and node pkgs
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-23 16:23:51 -07:00
Michael Crosby 0023305afc Make MountConfig on container a pointer
Also add unit test for container json files to ensure that the mount
config is read and device nodes are validated.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-23 15:33:30 -07:00
Vishnu Kannan 952b884882 Use internal types in the API instead of duplicating the types.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 21:11:01 +00:00
Vishnu Kannan ad5286acd9 Addressed more comments.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 20:40:37 +00:00
Vishnu Kannan ece2d83558 Added DropCapabilities() and DropBoundingSet() API to libcontainer.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:36:38 +00:00
Vishnu Kannan 4c55db7d58 Rename MountSpec to MountConfig.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:09:36 +00:00
Vishnu Kannan b50266335e Updated libcontainer subpackage dependencies. Most subpackages now do not depend on their parent ('libcontainer') package. 'namespaces' and 'nsinit' still do.
'namespaces' need to refactored a bit more to move the API part of it to 'libcontainer' package and keep the namespace specific code inside that package.
This change is not expected to break docker.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-20 22:52:43 +00:00
Michael Crosby 2c29550226 Merge pull request #27 from mrunalp/dev/nsenter_flags
Add option parsing to nsenter and enable specifying commands with arguments
2014-06-18 14:05:44 -07:00
Mrunal Patel 88acda82d9 Add option parsing to nsenter and enable specifying commands with arguments.
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-06-18 14:29:40 -04:00
Michael Crosby e00eadd77d Merge pull request #17 from alexlarsson/fix-close-race
Fix invalid fd race
2014-06-16 13:29:17 -07:00
Victor Marmol 4145356abe Merge pull request #21 from mrunalp/use_path_max
Use PATH_MAX as buffer size for buffers containing paths.
2014-06-16 11:06:28 -07:00
Mrunal Patel 014bb3f18f Use PATH_MAX as buffer size for buffers containing paths.
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-06-16 10:48:25 -07:00
Alexander Larsson f6028219a5 Fix invalid fd race
Sometimes I was getting:

2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor

This happens when applying the capabilities, and the code that
reads the current caps opens /proc/1/status and then reads some data from it.
But during this it gets a EBADFD error.

The problem is that FinalizeNamespace() closes all FDs before applying
the caps, and if a GC then happens after /proc/1/status is opened but
before reading from the fd, then an old os.File finalizer may close the
already closed-and-reused fd, wreaking havoc.

We fix this by instead of closing the FDs we mark them close-on-exec
which guarantees that they will be closed when we do the final
exec into the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 10:26:18 +02:00
Vincent Batts d7cbde80a1 nsenter: fixing the cpp order
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-06-13 13:09:13 -04:00
Victor Marmol dae62af4d2 Merge pull request #12 from vbatts/vbatts-fix_setns_rhel6
nsenter: fix setns() for rhel6 (glibc-2.12)
2014-06-12 11:44:52 -07:00
Vincent Batts c43dd7b50d nsenter: fix setns() for rhel6 (glibc-2.12)
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-06-12 13:25:52 -04:00
Michael Crosby 1a01d3be50 Add build flag for nsenter file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-11 11:40:33 -07:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Michael Crosby bd92fe8a70 Gofmt imports
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 16:01:57 -07:00
Michael Crosby 3b1acc34fb Move libcontainer deps into libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 15:52:12 -07:00
Michael Crosby 2b0cb56eb9 Exclude the user namespace for setns
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 18:03:17 -07:00
Michael Crosby 3e6f4b3d0b Move env load to nsenter
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 17:54:00 -07:00
Victor Marmol 944b4434a6 Adding initial version of C-based nsenter for allowing execin in
libcontainer.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-05 00:44:13 +00:00
Michael Crosby ed7f4a0f6d Rename nsinit package to namespaces in libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 15:47:57 -07:00
Michael Crosby f8f0d4b68d Simplify namespaces with only nsinit
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00