Commit Graph

2519 Commits

Author SHA1 Message Date
Mrunal Patel f0ec80b93c Merge pull request #821 from runcom/warnings
libcontainer: nsenter: nsexec.c: fix warnings
2016-05-16 09:38:45 -07:00
Aleksa Sarai f89dcc665b integration: remove pointless *_inroot invocations
--root invocations make tests harder to read, and they only serve a very
specific purpose. As such, remove them from the `runc update` tests
because they don't serve a purpose.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-17 01:48:29 +10:00
Aleksa Sarai c823933fe1 integration: fix cgroup parsing
On some systems, the cgroup hierarchies are grouped together
(cpu,cpuacct). In order to avoid fake failures, update the cgroup
parsing to just check whether or not the mountinfo options *contain* the
cgroup type.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-17 01:48:29 +10:00
Aleksa Sarai 39aa5d0b1a tests: remove trailing whitespace
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-17 01:48:29 +10:00
Qiang Huang a04c569b90 Add check_config.sh for runc
It copied from docker and removed unnecessary configs.

Closes: https://github.com/opencontainers/runc/issues/819

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-16 19:15:45 +08:00
Qiang Huang b6e23f8166 Add comments for error cases in status functions
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-16 18:24:07 +08:00
Peng Gao b7219cc2b3 Update nsenter README
Signed-off-by: Peng Gao <peng.gao.dut@gmail.com>
2016-05-14 22:38:43 +08:00
Antonio Murdaca 9d14efec4c libcontainer: nsenter: nsexec.c: fix warnings
Fix the following warnings when building runc with gcc 6+:

Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:
In function ‘nsexec’:
Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:322:6:
warning: ‘__s’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
      pr_perror("Failed to open %s", ns);
Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:273:30:
note: ‘__s’ was declared here
 static struct nsenter_config process_nl_attributes(int pipenum, char
*data, int data_size)
                              ^~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-05-14 11:19:44 +02:00
Kenfe-Mickael Laventure 10a3c26c9a Fix GetLongBit() returns value when _SC_LONG_BIT is not available
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-13 09:37:58 -07:00
rajasec ffd5002a18 Updating runc man page
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed the review comment

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-12 22:43:10 +05:30
Michael Crosby c6a791bef9 Merge pull request #816 from opencontainers/revert-796-relabeldev
Revert "Need to make sure labels applied to /dev"
2016-05-11 11:41:50 -07:00
Aleksa Sarai e991f041a1 Revert "Need to make sure labels applied to /dev"
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-11 23:28:01 +10:00
Aleksa Sarai 9bc97e2291 Merge pull request #813 from rajasec/update-kmem-tcp
Adding kernel mem tcp for update command
2016-05-11 08:31:47 +00:00
rajasec 8839f9f70b Adding kernel mem tcp for update command
Signed-off-by: rajasec <rajasec79@gmail.com>

Adding kernel mem tcp for update command

Signed-off-by: rajasec <rajasec79@gmail.com>

Fixing update.bats to reduce the TCP value

Signed-off-by: rajasec <rajasec79@gmail.com>

Updated the kernelTCP in bats as per json

Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed some minor issue in bats file

Signed-off-by: rajasec <rajasec79@gmail.com>

Rounded off to right bytes for kernel TCP

Signed-off-by: rajasec <rajasec79@gmail.com>

Updating man file for update command

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-10 14:11:36 +05:30
Qiang Huang 8477638aab Update cli package
The old one has bug when showing help message for IntFlags.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-10 13:58:09 +08:00
Mrunal Patel be46e644f6 Merge pull request #809 from hqhq/hq_add_update_man
Add man page and fix typo for update command
2016-05-09 19:17:10 -07:00
Qiang Huang e75465b1a3 Add man page and fix typo for update command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-09 19:04:25 +08:00
Qiang Huang d49ece5a83 Merge pull request #790 from mlaventure/runc-update-cgroup-kmem-limit
Runc update cgroup kmem limit
2016-05-09 14:01:18 +08:00
Kenfe-Mickael Laventure d78ae51a2d Add test for cgroup memory.kmem.limit_in_bytes handling
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Kenfe-Mickael Laventure 4190e5a920 Add new `update` command to runc.
This command allow users to update some of a container cgroups
parameters.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Kenfe-Mickael Laventure 27814ee120 Allow updating kmem.limit_in_bytes if initialized at cgroup creation
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Michael Crosby 4ad7bbc172 Merge pull request #783 from cyphar/test-all-the-things
Use full test suite on make test
2016-05-05 17:26:47 -07:00
Mrunal Patel ec77200ceb Merge pull request #804 from rajasec/apparmor-error
Updating error condition in applying apparmor profile
2016-05-05 15:28:24 -07:00
Michael Crosby 03ef0a2f89 Merge pull request #800 from mrunalp/ocf_oci
Change OCF to OCI in help string and man page.
2016-05-05 14:11:59 -07:00
rajasec cb04f48486 Updating error condition in applying apparmor profile
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-04 19:10:55 +05:30
Mrunal Patel 8075a9ee6f Change OCF to OCI in help string and man page.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-05-03 16:05:20 -07:00
Aleksa Sarai dd4a897f5d *: enable full test suite on make test
Enable the full test suite to run on `make test`. They also all run
inside a Docker container for maximum reproducibility.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-03 17:15:49 +10:00
Mrunal Patel 89c3c97a84 Merge pull request #796 from rhatdan/relabeldev
Need to make sure labels applied to /dev
2016-05-02 09:50:26 -07:00
Dan Walsh 77f312c51c Need to make sure labels applied to /dev
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-05-02 08:17:49 -04:00
Michael Crosby e87c59e2e4 Merge pull request #793 from bboreham/label-sep
Use '=' instead of ':' separator on labels
2016-04-29 15:19:28 -07:00
Mrunal Patel a36c2b373a Merge pull request #795 from jimberlage/794-update-documentation
Correct outdated URL
2016-04-29 09:08:51 -07:00
Jim Berlage c5b0caf76d Correct outdated URL
`libcontainer/cgroups/utils.go` uses an incorrect path to the
documentation for cgroups.  This updates the comment to use the correct
URL.  Fixes #794.

Signed-off-by: Jim Berlage <james.berlage@gmail.com>
2016-04-29 10:44:27 -05:00
Bryan Boreham 4a87beb661 Use '=' instead of ':' separator on labels, which is now deprecated by Docker
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2016-04-29 13:01:44 +01:00
Michael Crosby 7d23639138 Merge pull request #789 from justincormack/unprivseccomp
If possible, apply seccomp rules immediately before exec
2016-04-27 17:08:16 -07:00
Justin Cormack e18de63108 If possible, apply seccomp rules immediately before exec
See https://github.com/docker/docker/issues/22252

Previously we would apply seccomp rules before applying
capabilities, because it requires CAP_SYS_ADMIN. This
however means that a seccomp profile needs to allow
operations such as setcap() and setuid() which you
might reasonably want to disallow.

If prctl(PR_SET_NO_NEW_PRIVS) has been applied however
setting a seccomp filter is an unprivileged operation.
Therefore if this has been set, apply the seccomp
filter as late as possible, after capabilities have
been dropped and the uid set.

Note a small number of syscalls will take place
after the filter is applied, such as `futex`,
`stat` and `execve`, so these still need to be allowed
in addition to any the program itself needs.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-04-27 20:06:14 +01:00
Aleksa Sarai 07d062bb7b Merge pull request #782 from hqhq/hq_specs_name
Change specs to runtime-spec in integration test
2016-04-26 23:08:38 +00:00
Mrunal Patel 7605fce790 Merge pull request #786 from hqhq/hq_fix_event_test
Fix integration test for events
2016-04-26 12:07:53 -07:00
Mrunal Patel 9c89737e6e Merge pull request #785 from hqhq/hq_remove_sniffTest
Remove sniffTest
2016-04-26 09:31:15 -07:00
Qiang Huang fb7dcac662 Fix integration test for events
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 19:00:21 +08:00
Qiang Huang 5c1ea321df Merge pull request #780 from crosbymichael/stats-format
Improve stats output format for stability
2016-04-26 17:16:53 +08:00
Qiang Huang 18612e6c7f Remove sniffTest
We have integration test now, not ideal though, but it
surely can replace sniffTest.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 16:20:45 +08:00
Qiang Huang 38271a38be Change specs to runtime-spec in integration test
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 15:59:00 +08:00
Qiang Huang 6d1c115b10 Merge pull request #779 from crosbymichael/ps-json
Add json format to ps command
2016-04-26 09:34:27 +08:00
Michael Crosby a62dbf48b0 Improve stats output
This adds specific types and improves the json format for the marshaled
structure so that it is inline with the output that the spec produce,
camelCase not snake_case.

This should be the last change needed for people to really depend on the
output of this command and ensure that it does not change with any
internal changes instead of just marshaling the libcontainer structure.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 16:15:48 -07:00
Michael Crosby bb8591138b Add json format to ps command
For programatic parsing add a json format option to the new `runc ps`
command.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 15:21:07 -07:00
Michael Crosby e559f7aebb Merge pull request #767 from hqhq/hq_add_ps
Add ps command
2016-04-25 14:51:43 -07:00
Mrunal Patel 6b4da4fff1 Merge pull request #778 from opencontainers/mount-label-release
Bump to v0.1.1 for selinux mount label fix
2016-04-25 14:28:22 -07:00
Michael Crosby baf6536d62 Bump to 0.1.1
This includes a fix for selinux mount labels in the spec.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 14:18:35 -07:00
Mrunal Patel 9d16d9472e Bump up spec and add support for mount label
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-25 14:14:15 -07:00
Michael Crosby ee42f8bbb6 Merge pull request #768 from rajasec/events-destroy
Not showing up the events for destroyed container
2016-04-25 10:51:58 -07:00