Commit Graph

12 Commits

Author SHA1 Message Date
Ian Campbell f5adb05bce Add --preserve-fds=N to create and run
This preserves the given number of file descriptors on top of the 3 stdio and
the socket activation ($LISTEN_FDS=M) fds.

If LISTEN_FDS is not set then [3..3+N) would be preserved by --preserve-fds=N.

Given LISTEN_FDS=3 and --preserve-fds=5 then we would preserve fds [3, 11) (in
addition to stdio).  That's 3, 4 & 5 from LISTEN_FDS=3 and 6, 7, 8, 9 & 10 from
--preserve-fds=5.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2017-02-20 11:50:18 +00:00
Aleksa Sarai c6d8a2f26f
merge branch 'pr-1158'
Closes #1158
LGTMs: @hqhq @cyphar
2016-12-26 13:59:47 +11:00
Aleksa Sarai 7df64f8886
runc: implement --console-socket
This allows for higher-level orchestrators to be able to have access to
the master pty file descriptor without keeping the runC process running.
This is key to having (detach && createTTY) with a _real_ pty created
inside the container, which is then sent to a higher level orchestrator
over an AF_UNIX socket.

This patch is part of the console rewrite patchset.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-12-01 15:49:36 +11:00
Aleksa Sarai 244c9fc426
*: console rewrite
This implements {createTTY, detach} and all of the combinations and
negations of the two that were previously implemented. There are some
valid questions about out-of-OCI-scope topics like !createTTY and how
things should be handled (why do we dup the current stdio to the
process, and how is that not a security issue). However, these will be
dealt with in a separate patchset.

In order to allow for late console setup, split setupRootfs into the
"preparation" section where all of the mounts are created and the
"finalize" section where we pivot_root and set things as ro. In between
the two we can set up all of the console mountpoints and symlinks we
need.

We use two-stage synchronisation to ensures that when the syscalls are
reordered in a suboptimal way, an out-of-place read() on the parentPipe
will not gobble the ancilliary information.

This patch is part of the console rewrite patchset.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-12-01 15:49:36 +11:00
Zhang Wei b517076907 Check args numbers before application start
Add a general args number validator for all client commands.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-11-29 11:18:51 +08:00
Wang Long 8676c75442 Fix the pid-file option for runc run/exec/create command
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-11-02 14:08:32 +08:00
Wang Long ba1c0b4fa3 check the arguments for `runc create`
This patch checks the arguments for command  `runc create`.
the `create` command requires exactly one argument

eg:

root@ubuntu:~# runc create -b /mycontainer/ a
root@ubuntu:~# runc list
ID          PID         STATUS      BUNDLE         CREATED
a           61637       created     /mycontainer   2016-10-20T08:21:20.169810942Z
root@ubuntu:~# runc create -b /mycontainer/ a b
runc: "create" requires exactly one argument
root@ubuntu:~# runc create -b /mycontainer/
runc: "create" requires exactly one argument

Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-10-24 11:09:06 +08:00
Aleksa Sarai 0636bdd45b Merge pull request #874 from crosbymichael/keyring
Add option to disable new session keys
2016-06-12 21:44:45 +10:00
Mrunal Patel a753b06645 Replace github.com/codegangsta/cli by github.com/urfave/cli
The package got moved to a different repository

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-06-06 11:47:20 -07:00
Michael Crosby 8c9db3a7a5 Add option to disable new session keys
This adds an `--no-new-keyring` flag to run and create so that a new
session keyring is not created for the container and the calling
processes keyring is inherited.

Fixes #818

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-06-03 11:53:07 -07:00
Michael Crosby 6eba9b8ffb Fix SystemError and env lookup
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:10:47 -07:00
Michael Crosby 3fe7d7f31e Add create and start command for container lifecycle
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00