jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
340 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

25 Commits

Author SHA1 Message Date
Michael Crosby 2c29550226 Merge pull request #27 from mrunalp/dev/nsenter_flags 
Add option parsing to nsenter and enable specifying commands with arguments
 2014-06-18 14:05:44 -07:00
Mrunal Patel 88acda82d9 Add option parsing to nsenter and enable specifying commands with arguments. 
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2014-06-18 14:29:40 -04:00
Michael Crosby e00eadd77d Merge pull request #17 from alexlarsson/fix-close-race 
Fix invalid fd race
 2014-06-16 13:29:17 -07:00
Victor Marmol 4145356abe Merge pull request #21 from mrunalp/use_path_max 
Use PATH_MAX as buffer size for buffers containing paths.
 2014-06-16 11:06:28 -07:00
Mrunal Patel 014bb3f18f Use PATH_MAX as buffer size for buffers containing paths. 
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2014-06-16 10:48:25 -07:00
Alexander Larsson f6028219a5 Fix invalid fd race 
Sometimes I was getting:

2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor

This happens when applying the capabilities, and the code that
reads the current caps opens /proc/1/status and then reads some data from it.
But during this it gets a EBADFD error.

The problem is that FinalizeNamespace() closes all FDs before applying
the caps, and if a GC then happens after /proc/1/status is opened but
before reading from the fd, then an old os.File finalizer may close the
already closed-and-reused fd, wreaking havoc.

We fix this by instead of closing the FDs we mark them close-on-exec
which guarantees that they will be closed when we do the final
exec into the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-06-16 10:26:18 +02:00
Vincent Batts d7cbde80a1 nsenter: fixing the cpp order 
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
 2014-06-13 13:09:13 -04:00
Victor Marmol dae62af4d2 Merge pull request #12 from vbatts/vbatts-fix_setns_rhel6 
nsenter: fix setns() for rhel6 (glibc-2.12)
 2014-06-12 11:44:52 -07:00
Vincent Batts c43dd7b50d nsenter: fix setns() for rhel6 (glibc-2.12) 
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
 2014-06-12 13:25:52 -04:00
Michael Crosby 1a01d3be50 Add build flag for nsenter file 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-11 11:40:33 -07:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Michael Crosby bd92fe8a70 Gofmt imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-09 16:01:57 -07:00
Michael Crosby 3b1acc34fb Move libcontainer deps into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-09 15:52:12 -07:00
Michael Crosby 2b0cb56eb9 Exclude the user namespace for setns 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 18:03:17 -07:00
Michael Crosby 3e6f4b3d0b Move env load to nsenter 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 17:54:00 -07:00
Victor Marmol 944b4434a6 Adding initial version of C-based nsenter for allowing execin in 
libcontainer.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-05 00:44:13 +00:00
Michael Crosby ed7f4a0f6d Rename nsinit package to namespaces in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 15:47:57 -07:00
Michael Crosby f8f0d4b68d Simplify namespaces with only nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby 323939831f Use nsinit as app 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Guillaume J. Charmes 542982f993 Fix ptmx issue on libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:15 -08:00
Guillaume J. Charmes 7038f59689 Improve general quality of libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:15 -08:00
Michael Crosby 4c6b5ff1e0 Use nsinit for setting up namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby d2612d7018 WIP moving to nsini 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby c98df9e60a Make separate nsinit pkg for a dockerinit like init 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby 6415e8becc Initial commit of libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00