Vincent Batts
c43dd7b50d
nsenter: fix setns() for rhel6 (glibc-2.12)
...
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-06-12 13:25:52 -04:00
Timothy Hobbs
eb396d3136
Grammar in README
2014-06-12 16:07:31 +00:00
LK4D4
0c2c75b12a
Fix vet errors
...
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
2014-06-12 09:52:31 +04:00
Michael Crosby
1a01d3be50
Add build flag for nsenter file
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-11 11:40:33 -07:00
Michael Crosby
8f74c29bc5
Merge pull request #3 from crosbymichael/update-maintainer-email
...
Update email address in maintainer file
2014-06-11 11:08:02 -07:00
Michael Crosby
588a4d31ab
Update email address in maintainer file
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-10 21:17:28 -07:00
Michael Crosby
bfcd86f32d
Remove todo in favor of github issues
2014-06-10 08:22:54 -07:00
Michael Crosby
10597cb9c5
Update maintainers file
2014-06-10 08:21:46 -07:00
Michael Crosby
6ab3ef56f4
Update imports for new repository path
2014-06-10 08:14:16 -07:00
Solomon Hykes
c1bcd3829b
Add licensing information
...
Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-06-09 16:16:58 -07:00
Michael Crosby
bd92fe8a70
Gofmt imports
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 16:01:57 -07:00
Michael Crosby
3b1acc34fb
Move libcontainer deps into libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 15:52:12 -07:00
Michael Crosby
2d538dc80d
Update for nsenter
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-05 14:31:16 -07:00
Michael Crosby
4e51c8b41f
Update nsinit to be nicer to work with and test
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-05 14:13:02 -07:00
Michael Crosby
2b0cb56eb9
Exclude the user namespace for setns
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 18:03:17 -07:00
Michael Crosby
3e6f4b3d0b
Move env load to nsenter
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 17:54:00 -07:00
Victor Marmol
944b4434a6
Adding initial version of C-based nsenter for allowing execin in
...
libcontainer.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-05 00:44:13 +00:00
Michael Crosby
ed7f4a0f6d
Rename nsinit package to namespaces in libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 15:47:57 -07:00
Michael Crosby
eec4c0b965
Merge pull request #6198 from vishh/stats2
...
Add more stats to libcontainer.
2014-06-04 15:28:19 -07:00
Vishnu Kannan
7b4689667b
Add stats for memory allocation failure count and instantaneous cpu usage in the usermode and kernelmode.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-04 21:20:21 +00:00
Victor Vieux
3e8849fa76
implement wait on freeze
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-06-04 02:21:10 +00:00
Michael Crosby
6d28b828ef
Don't rejoin the cgroup each time
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-03 15:24:30 -07:00
Michael Crosby
5d1ebaf4c3
Implement systemd support for freezer
...
These PR does a few things. It ensures that the freezer cgroup is
joined in the systemd driver. It also provides a public api for setting
the freezer state via the cgroups package.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-03 10:46:53 -07:00
Alexander Larsson
03044f6378
libcontainer/cgroup: Use raw access to set up and join the devices cgroup
...
The systemd support for the devices cgroup lacks two required features:
* Support for wildcards to allow mknod on any device
* Support for wildcards to allow /dev/pts support
The second is available in more recent systemd as "char-pts", but not in e.g. v208 which is in wide use.
Additionally, the current approach of letting systemd set up the devices cgroup and then adding
some devices to it doesn't work, because some times systemd (at least v208) re-initializes
the devices cgroup, overwriting our custom devices. See https://github.com/dotcloud/docker/issues/6009
for the details.
When wildcarded mknod support is available in systemd we should implement a pure systemd version,
but we need to keep the old one around for backwards compat.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-03 11:34:14 +02:00
Victor Marmol
564bd1ca35
Merge pull request #6153 from vishh/stats1
...
Add per cpu usage to libcontainer stats
2014-06-02 17:53:17 -07:00
Michael Crosby
90d09c83e2
Update cpu stat test for no error
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-02 11:54:23 -07:00
Vishnu Kannan
769a1380b7
Adding percpu usage to cgroup stats reported by libcontainer.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-02 06:56:15 +00:00
Vishnu Kannan
953f6da166
Adding "stats" and "spec" option to nsinit binary which will print the stats and spec respectively.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-02 06:37:22 +00:00
Michael Crosby
c2a80eb59f
Ensure all dev nodes are copied for privileged
...
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-30 18:39:11 -07:00
unclejack
ed29012159
Merge pull request #6097 from timthelion/consistentdevices
...
Refactor device handling code
2014-05-31 03:34:52 +03:00
Timothy Hobbs
18f6a5aaf4
Refactor device handling code
...
We now have one place that keeps track of (most) devices that are allowed and created within the container. That place is pkg/libcontainer/devices/devices.go
This fixes several inconsistencies between which devices were created in the lxc backend and the native backend. It also fixes inconsistencies between wich devices were created and which were allowed. For example, /dev/full was being created but it was not allowed within the cgroup. It also declares the file modes and permissions of the default devices, rather than copying them from the host. This is in line with docker's philosphy of not being host dependent.
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion )
2014-05-30 19:21:29 +00:00
Vishnu Kannan
a4b8bef91b
Added a new method cgroups.GetStats() which will return a cgroups.Stats object which will contain all the available cgroup Stats.
...
Remove old Stats interface in libcontainers cgroups package.
Changed Stats to use unit64 instead of int64 to prevent integer overflow issues.
Updated unit tests.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-05-29 20:16:49 +00:00
Michael Crosby
d5d4b2b141
Handle EBUSY on remount
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-28 18:10:50 -07:00
Victor Vieux
d660c31681
Merge pull request #6083 from bernerdschaefer/nsinit-drop-capabilities-after-changing-user
...
SETUID/SETGID not required for changing user
2014-05-28 17:29:17 -07:00
Alexander Larsson
84aec2254a
libcontainer: Don't create a device node on /dev/console to bind mount on
...
There is no need for this, the device node by itself doesn't work, since
its not on a devpts fs, and we can just a regular file to bind mount over.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-05-28 21:07:40 +02:00
Alexander Larsson
b9325ded2a
Revert "Remove the bind mount for dev/console which override the mknod/label"
...
This reverts commit ae85dd54582e94d36b146ab1688844ed58cc8df3.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-05-28 21:07:27 +02:00
Victor Marmol
83710135b6
Merge pull request #5868 from jhspaybar/5749-libcontainerroutes
...
libcontainer support for arbitrary route table entries
2014-05-28 10:50:56 -07:00
William Thurston
d931738466
Fixes #5749
...
libcontainer support for arbitrary route table entries
Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
2014-05-28 17:42:02 +00:00
Bernerd Schaefer
864d77dad0
SETUID/SETGID not required for changing user
...
It is no longer necessary to pass "SETUID" or "SETGID" capabilities to
the container when a "user" is specified in the config.
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-05-28 16:41:48 +02:00
Michael Crosby
5db18f2d5d
Update wait calls to call Wait on Command
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-27 13:38:24 -07:00
Erik Hollensbe
e0b1546d8b
libcontainer/nsinit: remove Wait call from Exec and Kill from Attach in tty_term.go
...
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-05-27 12:26:56 -07:00
Erik Hollensbe
40b9c5564f
Add Wait() calls in the appropriate spots
...
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-05-27 12:26:56 -07:00
Vishnu Kannan
0b580ff32d
Added stats.go which provides strong types for all stats that will be exported by libcontainer. This commit only introduces the strong type.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-05-23 20:42:43 +00:00
Michael Crosby
e0070c0ee1
Merge pull request #5995 from vieux/recur_nodes
...
Add device nodes recursively
2014-05-22 16:35:27 -07:00
Victor Vieux
3eab41b03c
update test
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-05-22 22:50:41 +00:00
Victor Vieux
8a05ba4c23
add recursive device nodes
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-05-22 22:29:13 +00:00
Victor Marmol
6521880a83
Make all cgroup stats output int64s instead of float64.
...
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-05-22 20:53:36 +00:00
Victor Vieux
ed1c71fa15
Merge pull request #5976 from crosbymichael/getpids
...
Move get pid into cgroup implementation
2014-05-21 19:09:50 -07:00
Victor Vieux
ae557c8d10
Merge pull request #5922 from crosbymichael/host-dev-priv
...
Mount /dev in tmpfs for privileged containers
2014-05-21 18:56:24 -07:00
Michael Crosby
fc6d231773
Move get pid into cgroup implementation
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-21 21:14:07 +00:00