Commit Graph

52 Commits

Author SHA1 Message Date
Andrey Vagin d13156f2c6 integration: wait all test processes
Otherwise a container cannot be destroyed and we will get an error
in the next case:
go test -v .
=== RUN TestExecPS
--- FAIL: TestExecPS (0.02s)
        exec_test.go:43: <nil>: [0] Id already in use: Container with id exists: testCT

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-04-14 15:56:35 +03:00
Michael Crosby 62e6ac900a Merge pull request #508 from Mic92/integration-cleanup
integration: use test helper for error check
2015-04-10 11:46:26 -07:00
Alexander Morozov 8a67ff2b7c Read _LIBCONTAINER_INITPID in nsexec.c
This fixes ExtraFiles for execin
Thanks @Mic95 for report

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-04-10 11:23:09 -07:00
Michael Crosby 570eed473b Move childPipe to the end of FD set
This adds a new env var for identifying the internal sync pipe that
libcontainer uses to sync with the container and parent process.  This
replaces #496 to allow the user to add additional files to the processes
and not take over fd 3 for all containers.

Closes #496

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-04-08 14:14:51 -07:00
Jörg Thalheim 708b25e61e add option to pass additional fds to container process
This can be usefull to implement socket activated containers for example.

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-04-08 13:56:03 -07:00
Alexander Morozov cbc8dee085 Ensure that state always contains pathes to all namespaces
Thanks coolljit0725 for initial fix.

Closes #512

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-04-07 14:50:08 -07:00
Jörg Thalheim 7d49705871 integration: use test helper for error check
- improves readability
- less typing

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-04-06 15:54:02 +02:00
Qiang Huang c502c7322a add systemd integration test
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-03 13:17:22 +08:00
Mrunal Patel 3cd416efe1 Add a test for Process Capabilities.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-03-25 15:41:09 -04:00
Mrunal Patel bc1d229dbe Update test.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-03-17 14:09:33 -04:00
Alexander Morozov 9744d72c74 Pass os.Environ() as environment to process from init.
Replacement of #418

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-03-05 14:44:40 -08:00
Mrunal Patel 88989e66d3 Merge pull request #427 from avagin/fixes
A few minor fixes
2015-03-04 21:36:46 -08:00
Alexander Morozov a9644c209f Add tty support for setnsProcess
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-03-04 17:30:37 -08:00
Andrey Vagin f78bf211f0 integration: don't use default values to test smth
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-03-04 23:31:54 +03:00
Alexander Morozov 1c9de5b4d2 Merge pull request #423 from mrunalp/test_env
Adds an integration test for checking process env.
2015-03-04 11:13:48 -08:00
Mrunal Patel 0e3b1262a1 Adds an integration test for checking process env.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-03-04 13:58:42 -05:00
Alexandr Morozov 152107f44a Return init errors from setnsProcess
Before it produced panic or hanging

Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2015-02-27 15:55:53 -08:00
Alexander Morozov 8600e6f315 Add default InitArgs for factory
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-02-25 09:11:39 -08:00
Andrey Vagin 94fb37f557 process: add Wait(), Signal() and Pid() methods
Currently we have a problem when buffers are used for std file
descriptors.  These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.

Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-02-23 23:40:41 +03:00
Michael Crosby f4cf808a3d Merge branch 'master' into api
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	MAINTAINERS
	cgroups/cgroups.go
	cgroups/fs/apply_raw.go
	cgroups/fs/notify_linux.go
	cgroups/fs/notify_linux_test.go
	cgroups/systemd/apply_systemd.go
	config.go
	configs/config_test.go
	console/console.go
	integration/exec_test.go
	integration/init_test.go
	integration/template_test.go
	integration/utils_test.go
	linux_notify.go
	linux_notify_test.go
	mount/init.go
	mount/mount_config.go
	mount/pivotroot.go
	mount/ptmx.go
	namespaces/create.go
	namespaces/exec.go
	namespaces/execin.go
	namespaces/init.go
	namespaces/nsenter/nsenter.c
	namespaces/nsenter/nsenter.go
	namespaces/utils.go
	network/network.go
	network/types.go
	network/veth.go
	notify_linux.go
	notify_linux_test.go
	nsinit/exec.go
	nsinit/main.go
	nsinit/nsenter.go
	nsinit/oom.go
	sample_configs/host-pid.json
	sample_configs/userns.json
	security/capabilities/capabilities.go
	update-vendor.sh
2015-02-16 15:09:42 -08:00
Michael Crosby b21b19e060 Add factory configuration via functional api
This allows you to set certian configuration options such as what cgroup
implementation to use on the factory at create time.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-16 11:26:13 -08:00
Michael Crosby 1a37242fa2 Refactor system mounts to be placed on the config
Also remove the RestrictSys bool replaced by configurable paths that the
user can specify.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-12 16:58:38 -08:00
Michael Crosby 5c246d038f Persist container state to disk
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 16:52:28 -08:00
Michael Crosby fde0b7aa0d Refactor network and veth creation
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 13:33:58 -08:00
Michael Crosby 0c1919c427 Refactor parent processes into types
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 21bb5ccc4f Move environment configuration to Process
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 5fc19e8db5 Rename Fs fields to fs
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:08 -08:00
Andrey Vagin c6f5420bed integration: check a container with userns
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-02-04 14:21:05 +03:00
Andrey Vagin bcd0222be5 api: fix config tests
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-02-03 10:00:21 -08:00
Andrey Vagin daca745c4c api: fix integration tests
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-02-03 09:59:58 -08:00
Andrey Vagin ca633b2f29 Merge remote-tracking branch 'origin/master' into api
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-28 14:37:40 +03:00
Andrew Vagin 61fef16f4a new-api: implement Wait, WaitProcess
Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-01-21 18:46:01 +03:00
Andrey Vagin 6fc1dd5f25 integration: check a container state after resumning the CT
Otherwise CT will be left in a frozen state in a fail case

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Andrey Vagin 5162e5a81c integration: check container.Processes()
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Mrunal Patel b0eece8d7d Adds support for User Namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Adds sample configuration to test user namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Rebases to master.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Fixes integration tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Move selinux labeling, apparmor profile and restrict kernel files back to init.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Separate the code paths for userns and default cases.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

tty not required for setup

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Cleanup and address review comments.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Remove debug logs and other cleanup.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Use function paramaters for SetupContainer.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-19 14:50:21 -05:00
Andrey Vagin 5138417f80 integration: add test to check Pause and Resume operations
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 22:25:52 +03:00
Andrew Vagin 7b33e53e4a integration: check that a process can be executed in an existing CT
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 23:48:28 +03:00
Dan Walsh 1bd146ed82 This patch adds a test for the shared HOST Pid namespace
It also kills all processes in a cgroup if you are not using the pid namespace

If we stop using the PID namespace, and more then one process is running
when the pid 1 exits, docker will hang since the cgroups do not disappear.

This code will kill all remaining processes

Add Tests for handing of Pid Namespaces

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-01-09 13:43:47 -05:00
Alexander Morozov c34b3d5ce9 Fix vet errors
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-29 10:57:01 -08:00
Andrey Vagin 86653c66a3 libcontinaer: use new API in integration tests
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2014-12-19 14:48:16 +03:00
Andrey Vagin 7038ddbc8c libcontainer: move Config in a separate package
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2014-12-19 12:32:34 +03:00
Michael Crosby 2329014b6d Implement types for namespaces
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-16 16:34:46 -08:00
Michael Crosby 4661c239dc Add type for namespaces for better UI
This adds `type Namespaces []Namespace` so that methods can be added to
this slice so that it is easier for consumers to work with the values.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-16 16:15:35 -08:00
Daniel, Dao Quang Minh 6a76ecb1ce refactor common container setup out of execin tests
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2014-12-10 04:18:43 -05:00
Daniel, Dao Quang Minh 0195469398 execin should honour rlimit of the container
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2014-12-10 04:13:31 -05:00
Daniel, Dao Quang Minh 2f1b2ce204 add support for testing execin
when the test binary starts, it detects whether it should run the container
initialization code or the execin initialization code based on the suppplied
arguments. The execin initialization code is taken from docker.

also added a sample test for execin process.

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2014-12-10 03:39:00 -05:00
Michael Crosby 549f508d5b Change namespaces config to include path for setns
This changes the namespace configuration on the config to include the
name of the namespace along with an optional path.  This path is used to
point to a file of another namespace for the namespace so that it can be
joined in place of the empty, initialized namespace.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-03 12:00:43 -08:00
Brian Goff e6cc8fc713 Add support for setting rlimit for contianer
Adds a new item to the config struct []*Rlimit
Rlimit takes a type (ie, syscall.RLIMIT_NOFILE) and the hard/soft limit
(As max/cur)

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2014-11-26 14:10:01 -05:00
Michael Crosby 2be676643e Remove syncpipe pkg
This removes the entire syncpipe package and replaces it with standard
operations on the pipes.  The syncpipe type just never felt right and
probably should not have been there.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-11-06 00:08:10 +00:00
Michael Crosby ad9b433e6c Add test for ipc private and shared path
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-28 22:13:05 +00:00