jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
481 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

178 Commits

Author SHA1 Message Date
Michael Crosby b2337e4860 Fix runin code for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-22 19:50:00 +00:00
Vishnu Kannan bb85e2b07a 'nsinit exec' now uses namespaces.RunIn instead of namespaces.ExecIn. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-22 19:50:00 +00:00
Vishnu Kannan 1f2828770d Updated RunIn API to match the new console handling behavior in HEAD. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-22 19:49:59 +00:00
Michael Crosby b56aa0658a Don't open slave in parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 18:24:15 -07:00
Michael Crosby 18e12838d6 Add resize of term in tty mode 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 17:44:18 -07:00
Michael Crosby 43b4258c46 Open with NOCTTY and set raw term 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 17:29:09 -07:00
Michael Crosby d661720fd7 Remove terminal handling in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 16:55:11 -07:00
Paul Morie ea6e255f45 Remove unused arg from namespaces.NsEnter 
Docker-DCO-1.1-Signed-off-by: Paul Morie <pmorie@gmail.com> (github: pmorie)
 2014-07-13 17:48:27 -04:00
Michael Crosby 422824c9d8 Move syncpipe into separate package 
This moves the sync pipe into a separate package to help the changes
when moving the API around.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-11 11:06:00 -07:00
Michael Crosby 704a90bec4 Rename package correctly so the binary is nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-08 16:36:59 -07:00
Vishnu Kannan 28dadc538c Separate nsinit main from implementation. This is done inorder to package nsinit as part of docker binary. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-01 22:00:15 +00:00
Michael Crosby 3f0764fa51 Add pause and unpause commands to nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 16:45:18 -07:00
Michael Crosby 361ac10612 Just output raw stats json 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 16:25:55 -07:00
Michael Crosby 21b71ef33d Rename spec to config 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 16:24:16 -07:00
Vishnu Kannan 813d247bc7 Fixing some nits. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-26 20:49:02 +00:00
Vishnu Kannan edf1e856a0 RuntimeCkpt is now State and the checkpoint file is called state.json. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 21:29:04 +00:00
Vishnu Kannan 481552c02b Created a global runtime checkpoint for libcontainer. Got rid of the network specific runtime checkpoint. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 19:20:07 +00:00
Vishnu Kannan 9253412ee1 1. Added a basic version of network stats inside network package. 
2. Introducing a new checkpoint file 'network.stats' which will contain the network runtime information (veth interface names for now).
3. Adding network stats to 'nsinit stats'.
4. Added a libcontainer Stats API to get both network and cgroup stats

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 19:19:10 +00:00
Michael Crosby 77dcaac129 Update code based on review comments 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:36:54 -07:00
Michael Crosby 81e5a3f7a7 Replace pid and started file with State type 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:36:54 -07:00
Victor Marmol 60b381e600 Rename Container -> Config. 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-23 17:08:15 -07:00
Mrunal Patel 88acda82d9 Add option parsing to nsenter and enable specifying commands with arguments. 
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2014-06-18 14:29:40 -04:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Michael Crosby 2d538dc80d Update for nsenter 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-05 14:31:16 -07:00
Michael Crosby 4e51c8b41f Update nsinit to be nicer to work with and test 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-05 14:13:02 -07:00
Victor Marmol 944b4434a6 Adding initial version of C-based nsenter for allowing execin in 
libcontainer.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-05 00:44:13 +00:00
Michael Crosby ed7f4a0f6d Rename nsinit package to namespaces in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 15:47:57 -07:00
Vishnu Kannan 953f6da166 Adding "stats" and "spec" option to nsinit binary which will print the stats and spec respectively. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-02 06:37:22 +00:00
Victor Vieux d660c31681 Merge pull request #6083 from bernerdschaefer/nsinit-drop-capabilities-after-changing-user 
SETUID/SETGID not required for changing user
 2014-05-28 17:29:17 -07:00
Victor Marmol 83710135b6 Merge pull request #5868 from jhspaybar/5749-libcontainerroutes 
libcontainer support for arbitrary route table entries
 2014-05-28 10:50:56 -07:00
William Thurston d931738466 Fixes #5749 
libcontainer support for arbitrary route table entries

Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
 2014-05-28 17:42:02 +00:00
Bernerd Schaefer 864d77dad0 SETUID/SETGID not required for changing user 
It is no longer necessary to pass "SETUID" or "SETGID" capabilities to
the container when a "user" is specified in the config.

Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-28 16:41:48 +02:00
Michael Crosby 5db18f2d5d Update wait calls to call Wait on Command 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-27 13:38:24 -07:00
Erik Hollensbe e0b1546d8b libcontainer/nsinit: remove Wait call from Exec and Kill from Attach in tty_term.go 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Erik Hollensbe 40b9c5564f Add Wait() calls in the appropriate spots 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Victor Marmol 8d83ef55af Merge pull request #5903 from alexlarsson/writable-proc 
Make /proc writable, but not /proc/sys and /proc/sysrq-trigger
 2014-05-19 12:21:15 -07:00
Alexander Larsson 73c607b7ad Make /proc writable, but not /proc/sys and /proc/sysrq-trigger 
Some applications want to write to /proc. For instance:

docker run -it centos groupadd foo

Gives: groupadd: failure while writing changes to /etc/group

And strace reveals why:

open("/proc/self/task/13/attr/fscreate", O_RDWR) = -1 EROFS (Read-only file system)

I've looked at what other systems do, and systemd-nspawn makes /proc read-write
and /proc/sys readonly, while lxc allows "proc:mixed" which does the same,
plus it makes /proc/sysrq-trigger also readonly.

The later seems like a prudent idea, so we follows lxc proc:mixed.
Additionally we make /proc/irq and /proc/bus, as these seem to let
you control various hardware things.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-19 20:46:05 +02:00
Victor Marmol 7c1f13e897 Merge pull request #5792 from bernerdschaefer/nsinit-supports-pdeathsig 
Add PDEATHSIG support to nsinit library
 2014-05-19 11:13:23 -07:00
Sridhar Ratnakumar d636e8aa0a fix panic when passing empty environment 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
 2014-05-16 11:55:34 -07:00
Bernerd Schaefer 98b3daa8dd nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-16 13:48:41 +02:00
Bernerd Schaefer 1c33652c66 nsinit.Init() restores parent death signal before exec 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-16 13:48:41 +02:00
Michael Crosby 3ce347c35f Move cgroups package into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-14 15:21:44 -07:00
Bernerd Schaefer edbe7cc547 "nsinit exec ..." forwards signals to container 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-14 11:01:02 +02:00
Michael Crosby 68de553fca Merge pull request #5630 from rjnagal/libcontainer-fixes 
Check supplied hostname before using it.
 2014-05-06 09:49:52 -07:00
Michael Crosby 6c1bf629ef Improve libcontainer namespace and cap format 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-05 12:34:21 -07:00
Rohit Jnagal 2499d43325 Check supplied hostname before using it. 
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
 2014-05-05 18:12:25 +00:00
Michael Crosby da71a207cb Don't restrict lxc because of apparmor 
We don't have the flexibility to do extra things with lxc because it is
a black box and most fo the magic happens before we get a chance to
interact with it in dockerinit.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-02 11:14:24 -07:00
Michael Crosby 08dbd53706 Apply apparmor before restrictions 
There is not need for the remount hack, we use aa_change_onexec so the
apparmor profile is not applied until we exec the users app.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-01 19:09:12 -07:00
Michael Crosby df78075a8e Update restrictions for better handling of mounts 
This also cleans up some of the left over restriction paths code from
before.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-01 15:26:58 -07:00
Michael Crosby dcc4061db3 Update to enable cross compile 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-01 15:26:58 -07:00