Commit Graph

2806 Commits

Author SHA1 Message Date
Mrunal Patel 39aeb98025 Merge pull request #872 from rajasec/eventduration
runc events hang for zero duration
2016-06-03 12:02:26 -07:00
Michael Crosby 8c9db3a7a5 Add option to disable new session keys
This adds an `--no-new-keyring` flag to run and create so that a new
session keyring is not created for the container and the calling
processes keyring is inherited.

Fixes #818

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-06-03 11:53:07 -07:00
Michael Crosby c5060ff303 Merge pull request #827 from crosbymichael/create-start
Implement create and start
2016-06-03 10:38:03 -07:00
Joe Farrell f423296b02 Fixed typo in docstring
Signed-off-by: joe2far <joe2farrell@gmail.com>
2016-06-03 18:17:53 +01:00
Mrunal Patel 3211c9f721 Merge pull request #867 from rajasec/selinux-process
Removing the nil check for process label
2016-06-03 07:58:10 -07:00
Daniel, Dao Quang Minh d6189a05cf Merge pull request #869 from crosbymichael/anno
Add annotations to list and state output
2016-06-03 11:12:23 +01:00
Michael Crosby 5abffd3100 Add annotations to list and state output
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-06-02 12:44:43 -07:00
Michael Crosby 1d61abea46 Allow delete of created container
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-06-02 12:26:12 -07:00
rajasec fa1c2e8337 runc events hang for zero duration
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-06-02 16:46:36 +05:30
Michael Crosby 6c485e6902 Merge pull request #864 from michael-holzheu/seccomp_add_ppc_and_s390x
seccomp: Add ppc and s390x to seccomp/config.go
2016-06-01 14:34:08 -07:00
Mrunal Patel 71c6c3e41d Merge pull request #854 from rajasec/bash-completion-update
bash completion step for update command
2016-06-01 13:22:10 -07:00
Mrunal Patel 0c5e6e5b27 Merge pull request #851 from hqhq/sync_man_page
Update man pages to refect the latest cli change
2016-06-01 13:20:54 -07:00
Mrunal Patel e7b8d1903a Merge pull request #857 from hqhq/improve_update_memory
Improve update memory
2016-06-01 13:20:02 -07:00
Mrunal Patel 9e0c1e7bb9 Merge pull request #865 from dqminh/runc-systemd-version
systemd cgroup: check for Delegate property
2016-06-01 13:18:39 -07:00
rajasec 33f0ee9c95 Updating README with set interface
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-06-01 20:55:23 +05:30
rajasec 9742b02856 Removing the nil check for process label
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-06-01 20:29:44 +05:30
Daniel, Dao Quang Minh d5ecf5c67c systemd cgroup: check for Delegate property
Delegate is only available in systemd >218, applying it for older systemd will
result in an error. Therefore we should check for it when testing systemd
properties.

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2016-06-01 14:32:24 +00:00
Daniel, Dao Quang Minh 4450f7c8de Merge pull request #863 from hqhq/disallow_self_lgtm
Disallow self-LGTMs
2016-06-01 10:33:54 +01:00
Qiang Huang df1bd18506 Disallow self-LGTMs
As https://github.com/opencontainers/project-template/pull/13
is merged, change pullapprove accordingly.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-06-01 09:31:21 +08:00
Aleksa Sarai 9dcacfb835 Merge pull request #852 from hqhq/fix_libcontainer_readme
README: Destroy container before fatal
2016-06-01 08:10:05 +10:00
Michael Crosby 37f27d5d3b Merge pull request #856 from hqhq/add_VERSION_file
Add VERSION file to contain the version info
2016-05-31 11:15:50 -07:00
Michael Crosby 06fab0f860 Add integration tests for create/start
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:10:47 -07:00
Michael Crosby 6eba9b8ffb Fix SystemError and env lookup
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:10:47 -07:00
Michael Crosby b9bc020f0d Update Dockerfile to 1.6.2
With this change we need a fix in go 1.6 to allow us to receive SIGCONT
signals.

Ref: https://github.com/golang/go/issues/8953

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:10:47 -07:00
Michael Crosby efcd73fb5b Fix signal handling for unit tests
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:10:47 -07:00
Michael Crosby 60f5df6e09 Check container status for start call
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Michael Crosby 88dcf1d686 Kill container on delete
If the container's state is `created` when runc delete is called make
sure that the init is killed before deleting the on system state.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Michael Crosby 3fc929f350 Only create a buffered channel of one
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Michael Crosby 30f1006b33 Fix libcontainer states
Move initialized to created and destoryed to stopped.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Michael Crosby 3fe7d7f31e Add create and start command for container lifecycle
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Michael Crosby 75fb70be01 Rename start to run
`runc run` is the command that will create and start a container in one
single command.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Mrunal Patel 88bb59e35f Merge pull request #853 from hqhq/fix_set_kernel_memory
Remove use_hierarchy check when set kernel memory
2016-05-31 08:31:42 -07:00
Mrunal Patel 1df636ae24 Merge pull request #855 from rajasec/readme-oci
Changing OCF to OCI in README
2016-05-31 08:30:00 -07:00
Michael Holzheu bae23b67f8 seccomp: Add ppc and s390x to seccomp/config.go
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
2016-05-31 08:56:07 -04:00
Qiang Huang 71511dc155 Improve update memory
Support update memory with:
runc update --memory 50M container-id

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-30 18:56:10 +08:00
Qiang Huang 152ee95380 Add VERSION file to contain the version info
We need this because we need to get version info out of
go code, eg. build rpm package.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-30 10:24:22 +08:00
rajasec b3503c3516 Changing OCF to OCI in README
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-28 14:28:17 +05:30
rajasec e31a1ae0f1 bash completion step for update command
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-28 13:22:28 +05:30
Qiang Huang 6fa490c664 Remove use_hierarchy check when set kernel memory
Kernel memory cannot be set in these circumstances (before kernel 4.6):
1. kernel memory is not initialized, and there are tasks in cgroup
2. kernel memory is not initialized, and use_hierarchy is enabled,
   and there are sub-cgroups

While we don't need to cover case 2 because when we set kernel
memory in runC, it's either:
- in Apply phase when we create the container, and in this case,
  set kernel memory would definitely be valid;
- or in update operation, and in this case, there would be tasks
  in cgroup, we only need to check if kernel memory is initialized
  or not.

Even if we want to check use_hierarchy, we need to check sub-cgroups
as well, but for here, we can just leave it aside.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-28 15:22:58 +08:00
Qiang Huang 468428fe3d README: Destroy container before fatal
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-28 14:41:06 +08:00
Qiang Huang 392a659733 Merge pull request #843 from zhaoleidd/update_manuals
Update manuals
2016-05-28 14:10:43 +08:00
Qiang Huang b63321be6a Merge pull request #837 from cyphar/cleanup-integration
Integration framework cleanup
2016-05-28 14:07:41 +08:00
Qiang Huang 3b447f8da5 Merge pull request #849 from avagin/emptyns
checkpoint: add the empty-ns option
2016-05-28 14:01:15 +08:00
Qiang Huang 2503fca35d Update man pages to refect the latest cli change
The major change is the description of options, change
it as the latest cli help message shows, which specify
a "value" after an option if it takes value, and add
(default: xxx) if the option has a default value.

This also includes some other minor consistency fixes.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-28 13:33:57 +08:00
Andrew Vagin 22d60d9874 checkpoint: add the empty-ns option
For example:
./runc checkpoint --empty-ns network CTID

In this case criu creates a network namespace, but doesn't restore it.

We are going to use this option to restore docker containers and
Docker sets a hook to restore a network namespace.

https://github.com/xemul/criu/issues/165
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
2016-05-28 06:21:17 +03:00
Andrew Vagin c161e65ac6 cr: don't fill veth devices if netns is in EmptyNs
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
2016-05-28 01:19:54 +03:00
Daniel, Dao Quang Minh 1ce23a5bb1 Merge pull request #848 from cyphar/fix-pullapprove
pullapprove: use the right team
2016-05-27 11:24:09 +01:00
Aleksa Sarai cb35e42dad pullapprove: use the right team
On GitHub the maintainers of runC are *not* the same as the maintainers
of runtime-spec. Fix this, and use the right team.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-27 13:18:42 +10:00
Michael Crosby 807d11d0fa Merge pull request #847 from caniszczyk/add-pull-approve
Add PullApprove support
2016-05-26 18:00:32 -07:00
Chris Aniszczyk e2fd7c1184 Add PullApprove support
Enforce 2 LGTMs for pull requests.

Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
2016-05-26 17:35:02 -05:00