--page-server to specify the IP address of criu page server
--port to specify the port of the criu page server
Docker-DCO-1.1-Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
In order to do more complex things with checkpointing
and restoring of containers it's necessary to have
control over where the image files are being saved
and whether or not to kill the running process. It's
possible more flags will be wanted in the future.
Some things probably should always be auto-configured
by libcontainer though.
Docker-DCO-1.1-Signed-off-by: Ross Boucher <rboucher@gmail.com> (github: boucher)
This is work in progress, integrating C/R support from
https://github.com/SaiedKazemi/docker/tree/cr into the
new libcontainer and nsinit.
Signed-off-by: Saied Kazemi <saied@google.com>
Also use pipes for non tty so that the parent's tty of the nsinit
process does not leak into the conatiner.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This adds a new env var for identifying the internal sync pipe that
libcontainer uses to sync with the container and parent process. This
replaces #496 to allow the user to add additional files to the processes
and not take over fd 3 for all containers.
Closes#496
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
More people are using this to test new features and this makes it very
simple to run a container with a simple command.
`nsinit exec --tty sh`
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently we have a problem when buffers are used for std file
descriptors. These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Move the network setup back into the standard init even for user
namespaces now that mounts are fully supported and working.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This updates the console handling to chown the console on creation to
the root user within the container.
This also moves the setup mounts from the userns sidecar process into
the main init processes by trying to mknod devices, if it fails on an
EPERM then bind mount the device from the host into the container for
use. This prevents access issues when the sidecar process mknods the
device for the usernamespace returning an EPERM when writting to
dev/null.
This also adds some error handling for init processes and nsinit updates
with added flags for testing and other functions.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This allows you to set certian configuration options such as what cgroup
implementation to use on the factory at create time.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Hui Kang
root
boucher
Andrey Vagin
Saied Kazemi
Michael Crosby
Mrunal Patel
Qiang Huang
Mrunal Patel
wonderflow
Alexander Morozov
Victor Marmol