jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,222 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

1222 Commits

Author SHA1 Message Date
Ma Shimiao 689afbcf66 cgroups: add support for devices deny 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-04-16 08:30:22 +08:00
Alexander Morozov 84f43cdfac Merge pull request #500 from hqhq/hq_add_set_for_systemd 
add Set support for systemd based cgroup
 2015-04-15 12:23:39 -07:00
Michael Crosby 32b8465dde Merge pull request #533 from rhatdan/badrelabel 
We want to prevent users from accidently attempting to relabel /, /etc and /usr
 2015-04-14 13:47:34 -07:00
Mrunal Patel ed5803ec62 Merge pull request #532 from tifayuki/master 
check "/sbin/apparmor_parser" in apparmor.IsEnabled()
 2015-04-14 13:39:21 -07:00
Dan Walsh abd2a921d8 We want to prevent users from accidently attempting to relabel /, /etc and /usr 
While we know this is by no means complete it at least stops users from
doing a common ignorant action.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2015-04-14 15:25:43 -04:00
Michael Crosby ecb1df0a50 Merge pull request #531 from avagin/test 
integration: wait all test processes
 2015-04-14 10:42:09 -07:00
tifayuki 44c7afad64 also check if "/sbin/apparmor_parser" exists when deciding if apparmor is enabled 
Signed-off-by: Feng, Honglin <fenghonglin@gmail.com>
 2015-04-14 19:18:33 +02:00
Alexander Morozov fc470e199d Merge pull request #464 from shishir-a412ed/cpu_shares_issue 
Throw an error if cgroup tries to set cpu-shares more/less than the maximum/minimum permissible value.
 2015-04-14 09:04:31 -07:00
Mrunal Patel 2afcf7c77c Merge pull request #530 from hqhq/hq_add_nsexec_comment 
add comments for nsexec.c
 2015-04-14 08:17:54 -07:00
Andrey Vagin d13156f2c6 integration: wait all test processes 
Otherwise a container cannot be destroyed and we will get an error
in the next case:
go test -v .
=== RUN TestExecPS
--- FAIL: TestExecPS (0.02s)
        exec_test.go:43: <nil>: [0] Id already in use: Container with id exists: testCT

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-04-14 15:56:35 +03:00
Qiang Huang 9ce88b829f add comments for nsexec.c 
It would be easier for people to understand how nsexec really
works.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-04-14 13:55:04 +08:00
Alexander Morozov 1f91f6564d Merge pull request #525 from mrunalp/nsinit_systemd_cgroup 
nsinit: Add a flag to enable systemd support for cgroups
 2015-04-13 12:08:07 -07:00
Mrunal Patel ec4b6e0bc3 nsinit: Add a flag to enable system support for cgroups 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-04-13 15:01:48 -04:00
Michael Crosby b6d8227443 Merge pull request #519 from Mashimiao/add-cgroup-subsystem-hugetlb 
add cgroup subsystem hugetlb
 2015-04-13 10:37:48 -07:00
Mrunal Patel 7d3d32934d Merge pull request #527 from huikang/master 
Fix a typo in factory.go
 2015-04-12 16:19:54 -07:00
Hui Kang 428bd8d96f Fix a typo in factory.go 
Docker-DCO-1.1-Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
 2015-04-12 21:26:22 +00:00
Ma Shimiao dfbea73df4 add cgroup subsystem hugetlb 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-04-11 09:03:08 +08:00
Michael Crosby 883cbf7d28 Merge pull request #520 from rhatdan/slave 
Change mount point propogation to default to slave
 2015-04-10 16:55:41 -07:00
Mrunal Patel ae812bdca7 Merge pull request #524 from adconrad/master 
Add arch support for ARMv8 and PowerPC, and fix ARMv7
 2015-04-10 15:01:28 -07:00
Adam Conrad 34dba2f7e7
Add support for 32-bit big-endian PowerPC 
Signed-off-by: Adam Conrad <adconrad@0c3.net>
 2015-04-10 12:50:45 -06:00
Adam Conrad 0e3181a0b0
Fix setns syscall number for ARM, this has been wrong all along. 
See: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=571503e10045c89af951962ea0bb783482663aad

Signed-off-by: Adam Conrad <adconrad@0c3.net>
 2015-04-10 12:49:28 -06:00
Adam Conrad 38ef9ee346
Add support for ARMv8 (AKA: arm64 or Aarch64) 
Signed-off-by: Adam Conrad <adconrad@0c3.net>
 2015-04-10 12:48:48 -06:00
Michael Crosby 62e6ac900a Merge pull request #508 from Mic92/integration-cleanup 
integration: use test helper for error check
 2015-04-10 11:46:26 -07:00
Mrunal Patel c5fe4369ea Merge pull request #523 from LK4D4/extra_files_execin 
Read _LIBCONTAINER_INITPIPE in nsexec.c
 2015-04-10 11:41:57 -07:00
Alexander Morozov 8a67ff2b7c Read _LIBCONTAINER_INITPID in nsexec.c 
This fixes ExtraFiles for execin
Thanks @Mic95 for report

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-04-10 11:23:09 -07:00
Dan Walsh 907c7c17f0 Change mount point propogation to default to slave 
As an admin I would expect that if I volume mount a partition into a container, and then later add a mount point to the volume, it will show up in the container.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2015-04-10 10:49:28 -04:00
Michael Crosby cc555cce5f Merge pull request #518 from crosbymichael/memcache 
Add cache to MemoryStats
 2015-04-09 13:57:13 -07:00
jianbosun 2c3949a687 Change memory usage by minus cache memory 
Signed-off-by: Sun Jianbo <wonderflow@zju.edu.cn>

Add stats.cache into MemoryStats

add cache to the output then client can clarify the results.

Signed-off-by: Sun Jianbo <wonderflow@zju.edu.cn>

Do not subtract cache from usage

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-09 13:18:46 -07:00
Mrunal Patel b0fbd0591a Merge pull request #509 from rhatdan/selinux 
Add value checking on relabel command for selinux
 2015-04-08 23:34:31 -07:00
Alexander Morozov b271fcfec6 Merge pull request #516 from crosbymichael/additional-fds 
Append childpipe for adding addtional Fds to container
 2015-04-08 15:42:34 -07:00
Michael Crosby 570eed473b Move childPipe to the end of FD set 
This adds a new env var for identifying the internal sync pipe that
libcontainer uses to sync with the container and parent process.  This
replaces #496 to allow the user to add additional files to the processes
and not take over fd 3 for all containers.

Closes #496

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-08 14:14:51 -07:00
Jörg Thalheim 708b25e61e add option to pass additional fds to container process 
This can be usefull to implement socket activated containers for example.

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
 2015-04-08 13:56:03 -07:00
Rohit Jnagal b120ecf74d Merge pull request #354 from hqhq/hq_add_blkio_weight_device 
cgroups: add support for blkio.weight_device
 2015-04-08 11:49:05 -07:00
Mrunal Patel 7eaf08c896 Merge pull request #515 from rhatdan/mqueue 
/dev/mqueue has to be labeled correctly
 2015-04-08 11:25:25 -07:00
Mrunal Patel 87ef802709 Merge pull request #501 from ZJU-SEL/nsinit_readme_add 
Add documentation for nsinit
 2015-04-08 11:24:36 -07:00
Dan Walsh f7f332bb2c /dev/mqueue has to be labeled correctly 
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2015-04-08 07:59:40 -04:00
Dan Walsh 4518bce5bb Add value checking on relabel command for selinux 
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2015-04-08 07:58:00 -04:00
Qiang Huang 054d8e02bf cgroups: add support for blkio.weight_device 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-04-08 14:11:29 +08:00
wonderflow 521cc35a48 Add documentation for nsinit 
About how to use and explaination of available options.

Signed-off-by: Sun Jianbo <wonderflow@zju.edu.cn>
 2015-04-08 09:27:26 +08:00
Mrunal Patel bd8ec36106 Merge pull request #514 from LK4D4/fix_state_ns 
Ensure that state always contains pathes to all namespaces
 2015-04-07 15:01:09 -07:00
Alexander Morozov cbc8dee085 Ensure that state always contains pathes to all namespaces 
Thanks coolljit0725 for initial fix.

Closes #512

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-04-07 14:50:08 -07:00
Alexander Morozov 6012d1056d Merge pull request #502 from hqhq/hq_fix_systemd_freeze 
bugfix and cleanup for systemd cgroup
 2015-04-06 09:22:41 -07:00
Jörg Thalheim 7d49705871 integration: use test helper for error check 
- improves readability
- less typing

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
 2015-04-06 15:54:02 +02:00
Mrunal Patel 9a25d3000c Merge pull request #505 from hqhq/hq_add_systemd_test 
add systemd integration test
 2015-04-03 12:58:43 -07:00
Michael Crosby 346236be68 Merge pull request #507 from crosbymichael/nsinit-root 
Change nsinit root to /var/run/nsinit
 2015-04-03 10:50:32 -07:00
Michael Crosby bce9e0f63c Merge pull request #490 from dqminh/make-binary 
add binary target to direct install in a container
 2015-04-03 10:50:10 -07:00
Michael Crosby fa9efe82f9 Change nsinit root to /var/run/nsinit 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-03 10:45:01 -07:00
Qiang Huang c502c7322a add systemd integration test 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-04-03 13:17:22 +08:00
Alexander Morozov d00b836985 Merge pull request #504 from crosbymichael/pid1-fixes 
Fix pdeathsig and ppid for supervisor running as pid1
 2015-04-02 14:09:47 -07:00
Michael Crosby 46132cebcf Fix pdeathsig and ppid for supervisor running as pid1 
For some reason when the supervisor of a container is PID1 the parent
death signal was being delivered to the container's init process even if
it did not die.  Also the ppid() will return 1 for a container running
in the pid namespace of it's parent and the parent is pid1.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-02 13:55:55 -07:00