A new constructor function (like nsenter) is added in this patch. This
function gets arguments from environment variables and its behaviour doesn't
depend on a command line arguments.
A program which calls factory.StartInitialization() must import the nsenter
package. It looks ugly, but I don't know another way how to enter into CT from
a go code.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Could someone explain why we should close this fds? Usually users
cares about closing them or not.
For example exec.Cmd declares them as io.Reader.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Use namespace.Exec() and namespace.Init() to execute processes in CT.
Now an init process is actually executed in a new container. This series
doesn't change code about creating containers, it only reworks code according
with new API.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Here is a first step to implement a new API. Currently the init
processes is executed without namespaces and cgroups.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
This modifies Load in the factory to return a ContainerInfo interface
that is the read only view of the container when it is loaded.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This removes the unsued namespace types from the namespace package
and simplifies getting the values for the namespaces.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This changes the namespace configuration on the config to include the
name of the namespace along with an optional path. This path is used to
point to a file of another namespace for the namespace so that it can be
joined in place of the empty, initialized namespace.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This document specifies the current container specification with all the
underlying setup and configuration that goes into making a container.
This is the v1 spec that is today but allows for flexability when we
introduce more features such as seccomp default profiles and more.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Adds a new item to the config struct []*Rlimit
Rlimit takes a type (ie, syscall.RLIMIT_NOFILE) and the hard/soft limit
(As max/cur)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
SELinux supports a call that tells the kernel, from this point onward
create content with this label. If you pass "", the kernel will
go back to the default.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Andrey Vagin
Victor Marmol
Mrunal Patel
Michael Crosby
Mrunal Patel
Michael Crosby
Rohit Jnagal
Brian Goff
Milos Gajdos
Yohei Ueda
unclejack
Dan Walsh