Fixes: #1228
It can be reproduced by applying this patch:
```diff
@@ -45,6 +46,7 @@ func registerMemoryEvent(cgDir string, evName string, arg string) (<-chan struct
go func() {
defer func() {
close(ch)
+ <-time.After(1 * time.Second)
eventfd.Close()
evFile.Close()
}()
```
We can close channel after fds were closed.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Before this change, some file type would be treated as char devices
(e.g. symlinks).
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This allows the libcontainer to automatically clean up runc:[1:CHILD]
processes created as part of nsenter.
Signed-off-by: Alex Fang <littlelightlittlefire@gmail.com>
Unfortunately I don't have enough time to be a maintainer of runc.
I am not going to disappear from the community and as before
I always ready to help with anything.
Signed-off-by: Andrei Vagin <avagin@openvz.org>
With this runC also uses RPC to ask CRIU for its version. CRIU supports
a VERSION RPC since CRIU 3.0 and using the RPC interface does not
require parsing the console output of CRIU (which could change anytime).
For older CRIU versions which do not yet have the VERSION RPC runC falls
back to its old CRIU output parsing mode.
Once CRIU 3.0 is the minimum version required for runC the old code can
be removed.
v2:
* adapt to changes in the previous patches based on the review
Signed-off-by: Adrian Reber <areber@redhat.com>
Update criurpc.proto for the upcoming VERSION RPC.
This includes lazy_pages for the upcoming lazy migration support.
Signed-off-by: Adrian Reber <areber@redhat.com>
To use the CRIU VERSION RPC the criuSwrk function is adapted to work
with CriuOpts set to 'nil' as CriuOpts is not required for the VERSION
RPC.
Also do not print c.criuVersion if it is '0' as the first RPC call will
always be the VERSION call and only after that the version will be
known.
Signed-off-by: Adrian Reber <areber@redhat.com>
If the version of criu has already been determined there is no need to
ask criu for the version again. Use the value from c.criuVersion.
v2:
* reduce unnecessary code movement in the patch series
* factor out the criu version parsing into a separate function
Signed-off-by: Adrian Reber <areber@redhat.com>
The checkCriuVersion function used a string to specify the minimum
version required. This is more comfortable for an external interface
but for an internal function this added unnecessary complexity. This
changes to version string like '1.5.2' to an integer like 10502. This is
already the format used internally in the function.
Signed-off-by: Adrian Reber <areber@redhat.com>
go's switch statement doesn't need an explicit break. Remove it where
that is the case and add a comment to indicate the purpose where the
removal would lead to an empty case.
Found with honnef.co/go/tools/cmd/staticcheck
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Handle err return value of fmt.Scanf, os.Pipe and unix.ParseUnixRights.
Found with honnef.co/go/tools/cmd/staticcheck
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
The format of the capabilities section in config.json was changed in the
runtime spec 1.0.0.rc5 (pulled in through PR #1370). Update the example
in README.md correspondingly.
Also fix a small typo (though -> through).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Refactor DeviceFromPath in order to get rid of package syscall and
directly use the functions from x/sys/unix. This also allows to get rid
of the conversion from the OS-independent file mode values (from the os
package) to Linux specific values and instead let's us use the raw
file mode value directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Updated logrus to use v1 which includes a breaking name change Sirupsen -> sirupsen.
This includes a manual edit of the docker term package to also correct the name there too.
Signed-off-by: Steven Hartland <steven.hartland@multiplay.co.uk>
If criu isn't installed in the host, integration tests won't be able
to go on, it should skip checkpoint/restore tests instead of interrupt.
Output before:
```
$ make localintegration
bats -t tests/integration
/usr/lib/bats/bats-exec-suite: line 20: let: count+=: syntax error:
operand expected (error token is "+=")
Makefile:103: recipe for target 'localintegration' failed
```
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Use ParseSocketControlMessage and ParseUnixRights from
golang.org/x/sys/unix instead of their syscall equivalent.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
fix#1476
If containerA shares namespace, say ipc namespace, with containerB, then
its ipc namespace path would be the same as containerB and be stored in
`state.json`. Exec into containerA will just read the namespace paths
stored in this file and join these namespaces. So, if containerB has
already been stopped, `docker exec containerA` will fail.
To address this issue, we should always save own namespace paths no
matter if we share namespaces with other containers.
Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
It appears as though these semantics were not fully thought out when
implementing them for rootless containers. It is not necessary (and
could be potentially dangerous) to set the owner of /run/ctr/$id to be
the root inside the container (if user namespaces are being used).
Instead, just use the e{g,u}id of runc to determine the owner.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
If a container is owned by a UID that is not listed in /etc/passwd,
previously we would cast the UID to a string which contained a character
with the unicode value of the UID. This is clearly wrong, switch to
using fmt.Sprintf as intended.
In addition, notate unknown users with a leading '#' in the column. This
is necessary to ensure that a user is not under the impression that the
UID is the same as a numeric username.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Qiang Huang
Michael Crosby
Aleksa Sarai
Kenfe-Mickael Laventure
Alex Fang
Mrunal Patel
Daniel, Dao Quang Minh
Andrei Vagin
Adrian Reber
Tobias Klauser
yangshukui
Mrunal Patel
Steven Hartland
Ma Shimiao
Zhang Wei
Yuanhong Peng