This keeps the flag but makes it hidden so that existing clients do not
encounter an error if we were to have removed the flag.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This just moves everything to one function so we don't have to pass a
bunch of things to functions when there's no real benefit. It also makes
the API nicer.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The original SETUID takes a 16 bit UID. Linux 2.4 introduced a new
syscall, SETUID32, with support for 32 bit UIDs. The setgid wrapper
already uses SETGID32.
Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
TestCaptureTestFunc failed in localunittest:
# make localunittest
=== RUN TestCaptureTestFunc
--- FAIL: TestCaptureTestFunc (0.00s)
capture_test.go:26: expected package "github.com/opencontainers/runc/libcontainer/stacktrace" but received "_/root/runc/libcontainer/stacktrace"
#
Reason: the path for stacktrace is a fixed string which
only valid for container environment.
And we can switch to relative path to make both in-container
and out-of-container test works.
After patch:
# make localunittest
=== RUN TestCaptureTestFunc
--- PASS: TestCaptureTestFunc (0.00s)
#
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Removed a lot of clutter, improved the style of the code, removed
unnecessary complexity. In addition, made errors unique by making bail()
exit with a unique error code. Most of this code comes from the current
state of the rootless containers branch.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This device is not required by the OCI spec.
The rationale for this was linked to https://github.com/docker/docker/issues/2393
So a non functional /dev/fuse was created, and actual fuse use still is
required to add the device explicitly. However even old versions of the JVM
on Ubuntu 12.04 no longer require the fuse package, and this is all not
needed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
/proc/timer_list seems to leak information about the host. Here is
an example from a busybox container running on docker+kubernetes.
# cat /proc/timer_list | grep -i -e kube
<ffff8800b8cc3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2497
<ffff880129ac3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3478
<ffff8800b1b77db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3470
<ffff8800bb6abdb0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2499
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
On older kernels or kernels were CONFIG_MEMCG_KMEM is not set some cgroup tests
cannot be run. We simply test for the existence of the file
"${CGROUP_BASE_PATH}/memory/memory.kmem.limit_in_bytes" which should be
sufficient to conclude that CONFIG_MEMCG_KMEM is not set.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
It's possible that `cmd.Process` is still nil when we reach timeout.
Start creates `Process` field synchronously, and there is no way to such
race.
Signed-off-by: Alexander Morozov <lk4d4math@gmail.com>
This avoid the goimports tool from remove the libcontainer/keys import line due the package name is diferent from folder name
Signed-off-by: Guilherme Rezende <guilhermebr@gmail.com>
Alexander Morozov
rajasec
Aleksa Sarai
xiekeyang
Phil Estes
Daniel, Dao Quang Minh
Michael Crosby
Mrunal Patel
Mrunal Patel
Carl Henrik Lunde
Zhao Lei
Serge Hallyn
Justin Cormack
Aleksa Sarai
Davanum Srinivas
Christian Brauner
Haiyan Meng
Qiang Huang
Buddha Prakash
Seth Jennings
Johnny Bieren
Guilherme Rezende