Commit Graph

2314 Commits

Author SHA1 Message Date
Aleksa Sarai 69af385de6 libcontainer: user: always treat numeric ids numerically
Most shadow-related tools don't treat numeric ids as potential
usernames, so change our behaviour to match that. Previously, using an
explicit specification like 111:222 could result in the UID and GID not
being 111 and 222 respectively (which is confusing).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-31 07:33:31 +11:00
Qiang Huang 8fa5343b00 Merge pull request #703 from crosbymichael/delete
Remove container root dir from an aborted start
2016-03-30 10:39:07 +08:00
Qiang Huang 2c303f3893 Merge pull request #706 from crosbymichael/spec-timeout
Bump spec and implement hook timeout
2016-03-30 10:33:05 +08:00
Michael Crosby 6f84d902ca Implement hook timeouts
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-29 11:14:59 -07:00
Michael Crosby 4d431183be Update spec to version cf8ebc9d6e
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-29 11:14:35 -07:00
Michael Crosby fb0dfe068c Remove container root dir from an aborted start
If runc was SIGKILL'd or something happened and the container was not
able to start and runc died as well then we could get into the state
where `$root/<containerid>` exists but `$root/<containerid>/state.json`
does not.  This will not allow libcontainer to load the container to
call the delete function as it has no data on the container other than
its id.  We should just remove it in runc so that that system matches
what runc sees for the container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-29 10:27:19 -07:00
Mrunal Patel e55fcbda8a Merge pull request #683 from thtanaka/mqueue-label
Only perform mount labelling when necessary
2016-03-29 09:30:43 -07:00
Michael Crosby ed03709656 Merge pull request #700 from marcosnils/tests_fix
Fix hanging tests when run without root
2016-03-28 16:47:26 -07:00
Mrunal Patel 851c050340 Merge pull request #686 from hqhq/hq_refactor_nsexec
Refactor nsexec.c and add some comments
2016-03-28 09:36:06 -07:00
Mrunal Patel 857d418b09 Merge pull request #698 from ggaaooppeenngg/gaopeng/format-errorf
Use %v for map structure format
2016-03-28 09:28:28 -07:00
Qiang Huang d9520aeba4 Close opened files before exit
Not to say it'll cause memory leak, it'll still be a
good practice.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-28 11:16:34 +08:00
Qiang Huang 3b7e10652b Refactor nsexec.c and add some comments
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-28 11:16:12 +08:00
Mrunal Patel f5ad78dc49 Merge pull request #699 from ggaaooppeenngg/gaopeng/fix-typo
Fix typo
2016-03-27 16:27:52 -07:00
Marcos Lilljedahl 61ffdc0661 Fix hanging tests when run without root
Fixes #692

Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
2016-03-27 01:53:01 -03:00
Peng Gao 3fa246609c Fix typo
Signed-off-by: Peng Gao <peng.gao.dut@gmail.com>
2016-03-27 12:44:16 +08:00
Peng Gao ffbc626e53 Use %v for map structure format
Based on Golang document, %s is for "the uninterpreted bytes of the
string or slice", so %v is more appropriate.

Signed-off-by: Peng Gao <peng.gao.dut@gmail.com>
2016-03-26 23:28:59 +08:00
Mrunal Patel 519529febe Merge pull request #696 from hartzler/fix-libcontainer-doc
Fix libcontainer README.md example config
2016-03-25 21:24:12 -07:00
Matt Hartzler 9428c58e85 Fix libcontainer README.md example config
Signed-off-by: Matt Hartzler <matt@cryptopanic.org>
2016-03-25 21:49:02 -05:00
Mrunal Patel 47499e0415 Merge pull request #687 from cloudfoundry-incubator/rlimit-with-prlimit
Set rlimits using prlimit in parent
2016-03-25 18:10:10 -07:00
Mrunal Patel 40f4e7873d Merge pull request #691 from crosbymichael/seccomp-log
Remove log from seccomp package
2016-03-25 17:45:26 -07:00
Mrunal Patel f3e5352c7f Merge pull request #688 from codido/specconv
Export CreateLibcontainerConfig
2016-03-25 17:44:58 -07:00
Mrunal Patel 9d2d88ca8a Merge pull request #690 from crosbymichael/lock-thread
Move lockthread to package level
2016-03-25 17:43:22 -07:00
Michael Crosby 8873ac26a5 Remove log from seccomp package
Logging in packages is bad, mkay.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-25 14:21:30 -07:00
Michael Crosby 0698777a36 Move lockthread to package level
Move this to be one of the first things that is done in the main if we
are executing the init.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-25 11:15:09 -07:00
Ido Yariv 28b21a5988 Export CreateLibcontainerConfig
Users of libcontainer other than runc may also require parsing and
converting specification configuration files.

Since runc cannot be imported, move the relevant functions and
definitions to a separate package, libcontainer/specconv.

Signed-off-by: Ido Yariv <ido@wizery.com>
2016-03-25 12:19:18 -04:00
Julian Friedman e91b2b8aca Set rlimits using prlimit in parent
Fixes #680

This changes setupRlimit to use the Prlimit syscall (rather than
Setrlimit) and moves the call to the parent process. This is necessary
because Setrlimit would affect the libcontainer consumer if called in
the parent, and would fail if called from the child if the
child process is in a user namespace and the requested rlimit is higher
than that in the parent.

Signed-off-by: Julian Friedman <julz.friedman@uk.ibm.com>
2016-03-25 15:11:44 +00:00
Qiang Huang 344b0ccaa6 Merge pull request #685 from allencloud/fix-typos
fix typos
2016-03-25 18:18:29 +08:00
allencloud 10cc27888c fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-03-25 11:11:48 +08:00
Thomas Tanaka 55aabc142c Only perform mount labelling when necessary
Do label mqueue when mounting it with label failed/not supported.

Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>
2016-03-24 13:38:18 -07:00
Michael Crosby 5439bd2d95 Merge pull request #682 from anusha-ragunathan/dont-cleanpath
Dont cleanPath for systemd cgroup paths.
2016-03-24 11:18:51 -07:00
Anusha Ragunathan 89abd91694 Dont cleanPath for systemd cgroup paths.
systemd expects cgroupsPath to be of form "slice:prefix:name".
So dont call cleanPath on it anymore.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-03-24 10:52:41 -07:00
Michael Crosby 24950964ec Merge pull request #667 from mrunalp/systemd_cgroups
Add support for enabling systemd cgroups
2016-03-23 16:14:03 -07:00
Mrunal Patel d563bd1342 Merge pull request #677 from tonistiigi/pipe-crash-logging
Show proper error from init process panic
2016-03-23 09:52:57 -07:00
Mrunal Patel 0e4170849f Update man page for runc
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-22 17:09:51 -07:00
Mrunal Patel 7e91a96605 Add support for systemd cgroups in runc
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-22 17:08:07 -07:00
Mrunal Patel 24142a8514 Add a flag to enable systemd cgroups support in runc
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-22 17:07:57 -07:00
Tonis Tiigi 78ecdfe18e Show proper error from init process panic
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-22 15:57:15 -07:00
Mrunal Patel 5f182ce738 Merge pull request #673 from rajasec/error-typo
fixing typo in device access error
2016-03-22 14:16:33 -07:00
Mrunal Patel a35f907983 Merge pull request #668 from mrunalp/fix_exec_oom
Set oom_score_adj before we send the config to avoid race
2016-03-22 09:42:34 -07:00
Qiang Huang 69f8a50081 Merge pull request #669 from mrunalp/fix_test
Fix the kmem TCP test
2016-03-22 09:45:13 +08:00
Michael Crosby e80b6b67e6 Merge pull request #651 from mrunalp/quota_validation
Add more information in the error messages when writing to a file
2016-03-21 17:53:49 -07:00
Mrunal Patel 73e48633a3 Fix the kmem TCP test
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 15:51:42 -07:00
Mrunal Patel 69db69668e Set oom_score_adj before we send the config to avoid race
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 15:33:17 -07:00
Mrunal Patel 4d7929274d Merge pull request #644 from cyphar/fix-pids-max-unlimited
libcontainer: cgroups: deal with unlimited case for pids.max
2016-03-21 14:55:20 -07:00
Mrunal Patel 4856ed1d53 Merge pull request #665 from cyphar/cgroup-kmem-tcp-limit
libcontainer: cgroups: add support for kmem.tcp limits
2016-03-21 14:51:10 -07:00
rajasec 945ef1d51f fixing typo in device access error
Signed-off-by: rajasec <rajasec79@gmail.com>

fixing typo in device access error

Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-21 22:45:53 +05:30
Mrunal Patel 35541ebcd2 Add more information in the error messages when writing to a file
This is helpful to debug "invalid argument" errors when writing to cgroup files

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 09:27:24 -07:00
Qiang Huang e32651842a Merge pull request #650 from november-eleven/master
Export user and group lookup errors as variables.
2016-03-21 09:41:56 +08:00
Qiang Huang 37ff49b9d1 Merge pull request #661 from mikebrow/spec-help
adds detail to runc start and spec help text
2016-03-21 09:16:13 +08:00
Aleksa Sarai f5e60cf775 libcontainer: cgroups: add statistics for kmem.tcp
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-20 22:04:02 +11:00