Commit Graph

359 Commits

Author SHA1 Message Date
Alexander Larsson e0e0da9e28 pkg/cgroups Add GetCgroupMounts() and GetAllSubsystems()
This lists all currently mounted cgroups and all supported cgroup
subsystems on the machine.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 17:16:10 +02:00
Alexander Larsson f6028219a5 Fix invalid fd race
Sometimes I was getting:

2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor

This happens when applying the capabilities, and the code that
reads the current caps opens /proc/1/status and then reads some data from it.
But during this it gets a EBADFD error.

The problem is that FinalizeNamespace() closes all FDs before applying
the caps, and if a GC then happens after /proc/1/status is opened but
before reading from the fd, then an old os.File finalizer may close the
already closed-and-reused fd, wreaking havoc.

We fix this by instead of closing the FDs we mark them close-on-exec
which guarantees that they will be closed when we do the final
exec into the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 10:26:18 +02:00
Victor Marmol 124aba2f15 Merge pull request #20 from vbatts/vbatts-cleanup_setns
nsenter: fixing the cpp order
2014-06-13 11:19:07 -07:00
Vincent Batts d7cbde80a1 nsenter: fixing the cpp order
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-06-13 13:09:13 -04:00
Victor Marmol 82a1592e88 Merge pull request #10 from glyn/hack
Initial hacker documentation
2014-06-13 09:49:15 -07:00
Victor Marmol c59b670720 Merge pull request #14 from tianon/travis
Add Travis
2014-06-13 08:59:16 -07:00
Glyn Normington e3a8e4e73e Change how to become a maintainer
These changes were suggested by @vmarmol.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington 988950a4dc Add placeholder for dev env setup
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington e39a0f1eac Correct links to libcontainer issues
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington f363dd3830 Clarify roadmap
Remove lxc and aufs dependencies and priority of running on older kernels.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington 976a57b02e Add section on testing
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington 74409a5de5 Merge approval criteria
This is based on feedback from @rjnagal.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:05:59 +01:00
Glyn Normington f589d42e81 Remove reference to non-existent script
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:25:57 +01:00
Glyn Normington 97a3a7109a Avoid implying Michael wrote the Maintainers' Guide
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:25:57 +01:00
Glyn Normington 1c81b532f2 Aspiring maintainers must be aware of the election process
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:25:57 +01:00
Glyn Normington 6087476b48 Grammatical improvements
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:14:29 +01:00
Glyn Normington 3ce18ef0b3 Move hack directory contents to top level
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:14:29 +01:00
Glyn Normington 5e3312f358 Remove reference to AUTHORS file
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:14:29 +01:00
Glyn Normington b49464f6c6 Initial hacker documentation
This was such a good resource in Docker that it would be a shame to
lose it. Unfortunately, we can't just link to the corresponding
information in the Docker project as a number of aspects are bound to
be different here.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:14:28 +01:00
Tianon Gravi 6980a6e2fd Add Tianon as the .travis.yml maintainer
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-06-12 13:01:30 -06:00
Tianon Gravi 91b5dbe867 Update .travis.yml to invoke Docker's scripts directly
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-06-12 13:00:04 -06:00
Victor Marmol dae62af4d2 Merge pull request #12 from vbatts/vbatts-fix_setns_rhel6
nsenter: fix setns() for rhel6 (glibc-2.12)
2014-06-12 11:44:52 -07:00
Victor Marmol a30b789e07 Merge pull request #11 from timthelion/patch-1
Grammar in README
2014-06-12 11:44:03 -07:00
Victor Marmol 4fe4e5c298 Merge pull request #8 from LK4D4/fix_vet_errors
Fix vet errors
2014-06-12 11:43:39 -07:00
Victor Marmol 7fffa34066 Merge pull request #5 from crosbymichael/build-flag
Add build flag for nsenter file
2014-06-12 11:42:59 -07:00
Michael Crosby f00e7f96db Add travis.yml file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-12 10:42:31 -07:00
Vincent Batts c43dd7b50d nsenter: fix setns() for rhel6 (glibc-2.12)
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-06-12 13:25:52 -04:00
Timothy Hobbs eb396d3136 Grammar in README 2014-06-12 16:07:31 +00:00
LK4D4 0c2c75b12a Fix vet errors
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
2014-06-12 09:52:31 +04:00
Michael Crosby 1a01d3be50 Add build flag for nsenter file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-11 11:40:33 -07:00
Michael Crosby 8f74c29bc5 Merge pull request #3 from crosbymichael/update-maintainer-email
Update email address in maintainer file
2014-06-11 11:08:02 -07:00
Michael Crosby 588a4d31ab Update email address in maintainer file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-10 21:17:28 -07:00
Michael Crosby bfcd86f32d Remove todo in favor of github issues 2014-06-10 08:22:54 -07:00
Michael Crosby 10597cb9c5 Update maintainers file 2014-06-10 08:21:46 -07:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Solomon Hykes c1bcd3829b Add licensing information
Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-06-09 16:16:58 -07:00
Michael Crosby bd92fe8a70 Gofmt imports
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 16:01:57 -07:00
Michael Crosby 3b1acc34fb Move libcontainer deps into libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 15:52:12 -07:00
Michael Crosby 2d538dc80d Update for nsenter
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-05 14:31:16 -07:00
Michael Crosby 4e51c8b41f Update nsinit to be nicer to work with and test
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-05 14:13:02 -07:00
Michael Crosby 2b0cb56eb9 Exclude the user namespace for setns
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 18:03:17 -07:00
Michael Crosby 3e6f4b3d0b Move env load to nsenter
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 17:54:00 -07:00
Victor Marmol 944b4434a6 Adding initial version of C-based nsenter for allowing execin in
libcontainer.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-05 00:44:13 +00:00
Michael Crosby ed7f4a0f6d Rename nsinit package to namespaces in libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 15:47:57 -07:00
Michael Crosby eec4c0b965 Merge pull request #6198 from vishh/stats2
Add more stats to libcontainer.
2014-06-04 15:28:19 -07:00
Vishnu Kannan 7b4689667b Add stats for memory allocation failure count and instantaneous cpu usage in the usermode and kernelmode.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-04 21:20:21 +00:00
Victor Vieux 3e8849fa76 implement wait on freeze
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-06-04 02:21:10 +00:00
Michael Crosby 6d28b828ef Don't rejoin the cgroup each time
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-03 15:24:30 -07:00
Michael Crosby 5d1ebaf4c3 Implement systemd support for freezer
These PR does a few things.  It ensures that the freezer cgroup is
joined in the systemd driver.  It also provides a public api for setting
the freezer state via the cgroups package.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-03 10:46:53 -07:00
Alexander Larsson 03044f6378 libcontainer/cgroup: Use raw access to set up and join the devices cgroup
The systemd support for the devices cgroup lacks two required features:
 * Support for wildcards to allow mknod on any device
 * Support for wildcards to allow /dev/pts support

The second is available in more recent systemd as "char-pts", but not in e.g. v208 which is in wide use.

Additionally, the current approach of letting systemd set up the devices cgroup and then adding
some devices to it doesn't work, because some times systemd (at least v208) re-initializes
the devices cgroup, overwriting our custom devices. See https://github.com/dotcloud/docker/issues/6009
for the details.

When wildcarded mknod support is available in systemd we should implement a pure systemd version,
but we need to keep the old one around for backwards compat.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-03 11:34:14 +02:00