57ba666ef3
cgroup: systemd: further systemd slice validation
...
Add some further (not critical, since Docker does this already)
validation to systemd slice names, to make sure users don't get cryptic
errors.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-27 19:00:52 +11:00
7ca2aa4873
Merge pull request #512 from LK4D4/bump_version
...
Bump runc version to 0.0.7
2016-01-26 14:45:16 -08:00
7cd384c0e5
Merge pull request #515 from crosbymichael/readall
...
Do not use stream encoders for pipe communication
2016-01-26 14:37:54 -08:00
32ad3ba688
Merge pull request #514 from mrunalp/update_spec
...
Update github.com/opencontainers/specs to a7b50925d8
2016-01-26 14:36:43 -08:00
80c24730fa
Merge pull request #511 from cyphar/fix-systemd-slice-expansion
...
cgroup: systemd: properly expand systemd slice names
2016-01-26 14:34:29 -08:00
ddcee3cc2a
Do not use stream encoders
...
Marshall the raw objects for the sync pipes so that no new line chars
are left behind in the pipe causing errors.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-26 11:22:05 -08:00
ee0a019448
Merge pull request #513 from duglin/RemoveNullState
...
Remove the nullState
2016-01-26 11:03:32 -08:00
6bfdfce967
Merge pull request #504 from rajasec/readmeupdate
...
Adding user namespace in README
2016-01-25 18:10:50 -08:00
9cd641486a
Update github.com/opencontainers/specs to a7b50925d8
...
This leaves out the internal conversions as we may need to consider
docker backward compatibility for those changes.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-01-25 19:19:15 -05:00
fb2718f8d0
Bump runc version to 0.0.7
...
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-01-25 13:47:54 -08:00
3268a1ea00
Merge pull request #499 from crosbymichael/state-fixes
...
Fix various state bugs for pause and destroy
2016-01-25 11:33:59 -08:00
e1efaf6094
Merge pull request #510 from hqhq/revert-441-update-date
...
Revert "update date in README"
2016-01-25 09:28:20 -08:00
8b32914065
cgroup: systemd: properly expand systemd slice names
...
Rather than using '/' to denote hierarchy in slice names, systemd uses
'-' in an odd way. This results in runC incorrectly assuming that
certain kernel features are missing (and using inconsistent paths for
the cgroups not supported by systemd), because the "subsystem path" used
is not the one that systemd has created. Fix all of this by properly
expanding slice names.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-25 23:18:34 +11:00
ff034a5119
Remove the nullState
...
Add a "createdState" in its place since I think that better describes
what its used for.
Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-01-25 00:26:11 -08:00
045ada9be6
Revert "update date in README"
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-25 14:25:34 +08:00
94b206102f
Adding user namespace in README
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Added UID/GID mappings section as per review comments
Signed-off-by: rajasec <rajasec79@gmail.com>
Added UID/GID mappings section as per review comments
Signed-off-by: rajasec <rajasec79@gmail.com>
Change size to 65536 per comments
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-01-25 07:07:44 +05:30
690e5d3251
Merge pull request #441 from ZJU-SEL/update-date
...
update date in README
2016-01-25 09:22:55 +08:00
59f3066c39
Merge pull request #405 from marcosnils/spec_version
...
Add spec version to runC version cli
2016-01-22 13:55:28 -08:00
1fdcf95ab1
Merge pull request #505 from marcosnils/patch-1
...
Add build status badge
2016-01-22 13:10:11 -08:00
7871e987ca
Add build status badge
...
Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
2016-01-22 16:47:30 -03:00
4e6893b05a
Merge pull request #494 from crosbymichael/cwd
...
Only set cwd when not empty
2016-01-22 09:50:38 +08:00
20c678ef50
Merge pull request #495 from cyphar/fix-memcg-set
...
cgroups: set memory cgroups in Set
2016-01-22 09:22:39 +08:00
9c3fa7928e
Allow switch to anything from nullState
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-21 16:48:05 -08:00
556f798a19
Fix various state bugs for pause and destroy
...
There were issues where a process could die before pausing completed
leaving the container in an inconsistent state and unable to be
destoryed. This makes sure that if the container is paused and the
process is dead it will unfreeze the cgroup before removing them.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-21 16:43:33 -08:00
27132f2e51
Merge pull request #486 from duglin/removeHardCode
...
Remove some hard coded strings
2016-01-21 14:53:17 -08:00
3cae88cc55
Merge pull request #490 from hqhq/hq_fix_comment_swap
...
Fix comment of swap limit
2016-01-21 14:49:37 -08:00
75e38f94a0
cgroups: set memory cgroups in Set
...
Modify the memory cgroup code such that kmem is not managed by Set(), in
order to allow updating of memory constraints for containers by Docker.
This also removes the need to make memory a special case cgroup.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-22 07:46:43 +11:00
ed7be1d082
Only set cwd when not empty
...
For existing consumers of libconatiner to not require cwd inside the
libcontainer code. This can be done at the runc level and is already
evaluated there.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-21 11:08:32 -08:00
8bbe901045
Fix comment of swap limit
...
Set `-1` doesn't mean disable swap, disable swap means you
can't use swap memory, set `-1` really means you can use
unlimited swap memory.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-21 14:02:03 +08:00
986637c97a
Merge pull request #466 from mrunalp/cgroup_apply_paths
...
Add support for just joining in apply using cgroup paths
2016-01-21 08:51:33 +08:00
41d9d26513
Add support for just joining in apply using cgroup paths
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-01-20 14:23:05 -05:00
49dfa1b62d
Remove some hard coded strings
...
Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-01-19 19:02:31 -08:00
e91b055623
Merge pull request #476 from hqhq/hq_embed_resource
...
Embed Resources for backward compatibility
2016-01-19 14:59:39 -08:00
5637f38b8a
Merge pull request #471 from jfrazelle/add-seccomp-enabled-check
...
add seccomp.IsEnabled() function
2016-01-19 14:52:51 -08:00
9c41e8388c
Handle seccomp proc parsing errors
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-19 11:43:49 -08:00
f048eaf87a
Embed Resources for backward compatibility
...
Fixes : docker/docker#19329
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-19 19:08:14 +08:00
41edbeb25e
add seccomp.IsEnabled() function
...
This is much like apparmor.IsEnabled() function and a nice helper.
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-18 10:44:31 -08:00
96530dbe27
Merge pull request #481 from jfrazelle/cleanup-old-hack-dir
...
cleanup old hack dir
2016-01-18 08:40:17 -08:00
809235019f
Merge pull request #480 from mrunalp/cwd_abs
...
Check that cwd is absolute
2016-01-18 10:09:02 +08:00
ecf03fafa5
cleanup old hack dir
...
looks like this was left around from the libcontainer days ;)
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-15 16:39:38 -08:00
c323574797
Check that cwd is absolute
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-01-15 19:06:27 -05:00
54b07da69e
Merge pull request #475 from mrunalp/set_cwd
...
Make cwd required
2016-01-15 13:54:35 -08:00
6c9532f063
Merge pull request #461 from ahmetalpbalkan/selinux-setenforce
...
selinux: add SelinuxSetEnforceMode implementation
2016-01-15 13:01:27 -08:00
f2f8f0e4e6
Merge pull request #462 from hqhq/hq_fix_libcontainer_readme
...
Update README of libcontainer
2016-01-15 13:00:44 -08:00
96982e3fc9
Merge pull request #478 from jfrazelle/update-go-version
...
update go version to 1.5.3 in dockerfile and cleanup
2016-01-15 12:59:04 -08:00
5f89a91559
update go version to 1.5.3 in dockerfile and cleanup
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-15 10:56:34 -08:00
6259f09e97
Merge pull request #426 from gitido/pressure_level
...
libcontainer: Add support for memcg pressure notifications
2016-01-14 16:23:07 -08:00
269a717555
Make cwd required
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-01-14 19:06:56 -05:00
8962f371d6
Merge pull request #472 from dadgar/b-find-cgroup-mount
...
Only validate post-hyphen field length on cgroup mounts
2016-01-14 15:08:11 -08:00
3b42992948
Merge pull request #455 from hallyn/tty01
...
Do not allow access to /dev/tty{0,1}
2016-01-14 14:35:46 -08:00
Aleksa Sarai
Michael Crosby
Alexander Morozov
Mrunal Patel
Mrunal Patel
Alexander Morozov
Doug Davis
Qiang Huang
rajasec
Marcos Nils
Jessica Frazelle