Commit Graph

3526 Commits

Author SHA1 Message Date
Daniel, Dao Quang Minh b313a75364 Merge pull request #1477 from yummypeng/save-own-ns-path
Always save own namespace paths
2017-08-02 11:24:30 +01:00
Aleksa Sarai 190d0ba2ea
VERSION: back to development
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-08-02 15:24:09 +10:00
Aleksa Sarai 2e7cfe036e
VERSION: release v1.0.0-rc4
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-08-02 15:24:06 +10:00
Tobias Klauser e4e56cb6d8 libcontainer: remove ineffective break statements
go's switch statement doesn't need an explicit break. Remove it where
that is the case and add a comment to indicate the purpose where the
removal would lead to an empty case.

Found with honnef.co/go/tools/cmd/staticcheck

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-28 15:13:39 +02:00
Tobias Klauser 24a4273cf9 libcontainer: handle error cases
Handle err return value of fmt.Scanf, os.Pipe and unix.ParseUnixRights.

Found with honnef.co/go/tools/cmd/staticcheck

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-28 15:13:11 +02:00
Daniel Dao 6cfb498d2c
tty: remove remaining usages of docker/pkg/term
This removes usages of docker/pkg/term to set raw terminal, handle interrupt
and restore the terminal, and instead use containerd/console and handle
interrupt ourselves.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:36:32 +01:00
Daniel Dao 1439022b60
bump vendor to have latest console with patches
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:35:03 +01:00
Daniel Dao 91eafcbc65
tty: move IO of master pty to be done with epoll
This moves all console code to use github.com/containerd/console library to
handle console I/O. Also move to use EpollConsole by default when user requests
a terminal so we can still cope when the other side temporarily goes away.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:35:02 +01:00
Michael Crosby e775f0fba3 Merge pull request #1526 from stevenh/logrus-v1
Updated logrus to v1
2017-07-27 13:28:55 -04:00
Michael Crosby 5951cf5f36 Merge pull request #1533 from keloyang/close-negative-descriptor
Remove the code that close negative descriptor
2017-07-25 09:47:54 -04:00
Daniel, Dao Quang Minh c5e4c3152d Merge pull request #1534 from tklauser/readme-capablities
README.md: adjust capabilities section in config.json example
2017-07-25 14:05:09 +01:00
Tobias Klauser 10dc96bb9e README.md: adjust capabilities section in config.json example
The format of the capabilities section in config.json was changed in the
runtime spec 1.0.0.rc5 (pulled in through PR #1370). Update the example
in README.md correspondingly.

Also fix a small typo (though -> through).

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-25 13:46:20 +02:00
yangshukui 5428532bdd remove the code that close negative descriptor
Signed-off-by: yangshukui <yangshukui@huawei.com>
2017-07-24 11:10:18 +08:00
Daniel, Dao Quang Minh 6ca8b741bb Merge pull request #1530 from tklauser/devices-syscall-to-unix
libcontainer: one more switch from syscall to x/sys/unix
2017-07-23 20:11:33 +01:00
Tobias Klauser b0d014d0e1 libcontainer: one more switch from syscall to x/sys/unix
Refactor DeviceFromPath in order to get rid of package syscall and
directly use the functions from x/sys/unix. This also allows to get rid
of the conversion from the OS-independent file mode values (from the os
package) to Linux specific values and instead let's us use the raw
file mode value directly.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-21 16:59:15 +02:00
leitwolf7 9c36ffbcb5 make localintegration fails on Ubuntu 17.04
Fix 2 string comparision issues in output validation.

Signed-off-by: leitwolf7 <leitwolf@wolke7.net>
2017-07-19 16:12:19 -04:00
Daniel, Dao Quang Minh c5ec254876 Merge pull request #1527 from mrunalp/spec_bump_v1
Bump the spec up to v1.0.0
2017-07-19 20:59:31 +01:00
Mrunal Patel 30669da201 Bump the spec up to v1.0.0
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-19 10:34:27 -07:00
Steven Hartland ee4f68e302 Updated logrus to v1
Updated logrus to use v1 which includes a breaking name change Sirupsen -> sirupsen.

This includes a manual edit of the docker term package to also correct the name there too.

Signed-off-by: Steven Hartland <steven.hartland@multiplay.co.uk>
2017-07-19 15:20:56 +00:00
Mrunal Patel 5b995d9570 Merge pull request #1524 from Mashimiao/update-gocapability
update gocapability
2017-07-17 14:48:32 -07:00
Daniel, Dao Quang Minh 7ab4f43a4b Merge pull request #1519 from tklauser/moar-unix
libcontainer: use additional functions and constants from x/sys/unix
2017-07-17 10:07:22 +01:00
Ma Shimiao f513ac19db update gocapability
gocapability has fixed can't get ambient cap problem
and some other fixes.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-07-17 10:30:17 +08:00
Qiang Huang 825b5c020a Merge pull request #1516 from cyphar/list-casting-unicode
list: fix various problems with owner field
2017-07-16 14:57:20 +08:00
Qiang Huang c4302dd641 Merge pull request #1245 from WeiZhang555/fix-tests
Fix integration when missing criu
2017-07-16 14:32:43 +08:00
Mrunal Patel 590503273a Merge pull request #1518 from crosbymichael/rc6
Update runtime-spec to rc6+
2017-07-14 14:41:09 -07:00
Zhang Wei 9192b052b2 Fix integration when missing criu
If criu isn't installed in the host, integration tests won't be able
to go on, it should skip checkpoint/restore tests instead of interrupt.

Output before:

```
$ make localintegration
bats -t tests/integration
/usr/lib/bats/bats-exec-suite: line 20: let: count+=: syntax error:
operand expected (error token is "+=")
Makefile:103: recipe for target 'localintegration' failed
```

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-07-14 20:15:20 +08:00
Tobias Klauser 4019833d46 libcontainer: use PR_SET_NO_NEW_PRIVS from x/sys/unix
Use PR_SET_NO_NEW_PRIVS defined in golang.org/x/sys/unix instead of
manually defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-13 15:31:33 +02:00
Tobias Klauser 54d27bed7f libcontainer: use ParseSocketControlMessage/ParseUnixRights from x/sys/unix
Use ParseSocketControlMessage and ParseUnixRights from
golang.org/x/sys/unix instead of their syscall equivalent.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-13 15:02:17 +02:00
Yuanhong Peng e939079acf Always save own namespace paths
fix #1476

If containerA shares namespace, say ipc namespace, with containerB, then
its ipc namespace path would be the same as containerB and be stored in
`state.json`. Exec into containerA will just read the namespace paths
stored in this file and join these namespaces. So, if containerB has
already been stopped, `docker exec containerA` will fail.

To address this issue, we should always save own namespace paths no
matter if we share namespaces with other containers.

Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
2017-07-13 16:13:05 +08:00
Michael Crosby eb70c213ba Update runtime-spec to rc6
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-07-12 16:24:04 -07:00
Aleksa Sarai 7cfb107f2c
factory: use e{u,g}id as the owner of /run/runc/$id
It appears as though these semantics were not fully thought out when
implementing them for rootless containers. It is not necessary (and
could be potentially dangerous) to set the owner of /run/ctr/$id to be
the root inside the container (if user namespaces are being used).

Instead, just use the e{g,u}id of runc to determine the owner.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-07-12 06:30:46 +10:00
Aleksa Sarai 21a005d074
list: stop casting unknown UIDs to their unicode values
If a container is owned by a UID that is not listed in /etc/passwd,
previously we would cast the UID to a string which contained a character
with the unicode value of the UID. This is clearly wrong, switch to
using fmt.Sprintf as intended.

In addition, notate unknown users with a leading '#' in the column. This
is necessary to ensure that a user is not under the impression that the
UID is the same as a numeric username.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-07-12 06:30:01 +10:00
Michael Crosby a0159fddcd Merge pull request #1504 from tklauser/more-unix-funcs
Use Prctl() and ioctl wrapper functions from x/sys/unix
2017-07-10 10:07:17 -07:00
Tobias Klauser 078e903296 libcontainer: use ioctl wrappers from x/sys/unix
Use IoctlGetInt and IoctlGetTermios/IoctlSetTermios instead of manually
reimplementing them.

Because of unlockpt, the ioctl wrapper is still needed as it needs to
pass a pointer to a value, which is not supported by any ioctl function
in x/sys/unix yet.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-10 10:56:58 +02:00
Tobias Klauser a380fae959 libcontainer: use Prctl() from x/sys/unix
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-10 10:56:58 +02:00
Tobias Klauser 05ea5e47aa vendor: bump golang.org/x/sys to 0e0164865330
Update golang.org/x/sys to get newly added functions and constants which
will be used in successive commits.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-10 10:56:58 +02:00
Michael Crosby 5c73abbe75 Merge pull request #1450 from vrothberg/sgid-non-numeric
libcontainer/user: add supplementary groups only for non-numeric users
2017-07-07 09:43:30 -07:00
Daniel, Dao Quang Minh 51b501dab1 Merge pull request #1510 from crosbymichael/remove-shfmt
Remove shfmt
2017-07-07 00:13:19 +01:00
Michael Crosby 5930d5b427 Remove shfmt
We don't have that many scripts and for the amount of errors this is
causing on a weekly basis for contributors its not worth the overhead.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-07-06 11:08:44 -07:00
Daniel, Dao Quang Minh 3a5b963f2f Merge pull request #1505 from cyphar/shfmt-fix
*: fix shfmt
2017-07-03 17:39:37 +01:00
Aleksa Sarai 7b0c6e035a
*: fix shfmt
Recent changes in upstream shfmt have started causing our scripts to no
longer be "correctly formatted". Fix up with `shfmt -w`.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-07-04 01:44:16 +10:00
Daniel, Dao Quang Minh 7139b61f7f Merge pull request #1378 from derekwaynecarr/expose_use_hierarchy
Expose memory.use_hierarchy in MemoryStats
2017-06-30 16:08:21 +01:00
Michael Crosby fef3aced0e Merge pull request #1460 from wking/mount-option-lazytime
libcontainer/specconv/spec_linux: Add support for (no)lazytime
2017-06-29 10:06:23 -07:00
Michael Crosby 5cf468230c Merge pull request #1502 from justincormack/linux-only
runc only works on Linux so remove putative Solaris and unsupported main
2017-06-29 08:34:31 -07:00
Justin Cormack e469cf0be7 runc only works on Linux so remove putative Solaris and unsupported main
Solaris runc equivalent is not open source. The unsupported option does
not build as other code is Linux specific.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-29 16:00:26 +01:00
Aleksa Sarai 117c92745b
rootfs: switch ms_private remount of oldroot to ms_slave
Using MS_PRIVATE meant that there was a race between the mount(2) and
the umount2(2) calls where runc inadvertently has a live reference to a
mountpoint that existed on the host (which the host cannot kill
implicitly through an unmount and peer sharing).

In particular, this means that if we have a devicemapper mountpoint and
the host is trying to delete the underlying device, the delete will fail
because it is "in use" during the race. While the race is _very_ small
(and libdm actually retries to avoid these sorts of cases) this appears
to manifest in various cases.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-06-29 01:20:23 +10:00
Michael Crosby 429a538712 Merge pull request #1495 from justincormack/memory-int64
Update spec to master, switch to int64 for memory limits
2017-06-27 11:10:09 -07:00
Justin Cormack 3d9074ead3 Update memory specs to use int64 not uint64
replace #1492 #1494
fix #1422

Since https://github.com/opencontainers/runtime-spec/pull/876 the memory
specifications are now `int64`, as that better matches the visible interface where
`-1` is a valid value. Otherwise finding the correct value was difficult as it
was kernel dependent.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-27 12:16:07 +01:00
Justin Cormack e1146182a8 Remove Platform as no longer in OCI spec
This was never used, just validated, so was removed from spec.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-27 12:16:07 +01:00
Justin Cormack e8ef6025a4 Update to runtime spec 198f23f827
Updates memory limits to be int64, and removes Platform from spec.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-27 12:16:07 +01:00