If I provide a path starting with `/` I expect that to be honored;
otherwise I have to explicitly `(cd /; /path/to/runc)`.
Signed-off-by: Colin Walters <walters@redhat.com>
1. Remove mention of nsinit (removed from the repo)
2. Make basic usage text a bit more informative; fix typo
3. Fix typo in panic() message (that should never be seen) :)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
A directory with a hyphen currently generates an InvalidId error because
of the regex in libcontainer. I don't believe there is any reason a
hyphen should be disallowed.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
A couple minor changes to error handling in startup:
1. Don't dump full help/usage text when the only problem is `runc` wasn't started under
root privileges
2. Check for rootfs and make error clear to user when it doesn't exist
3. Change fatal to logrus.Fatal to get nicer output with simple error
message
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Set up memory.swappiness in cgroup config so write is not attempted
unless specifically set. Fixes running runc on kernels which still have
the cgroup hierarchy write limitation.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
It can happen if newContainer is failed. Now test shows real error from
newContainer instead of trace.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Even if libcontainer does not create the directories for the cpuset
cgroup we should ensure that they are properly populated with the
parent's cpus and mems values. Some systems create the directory
structures but do not correctly populate the values and causes our
implementation to fail.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
As related to #639, this at least makes the "nsinit" consumer of
libcontainer initialize the value to "-1" and also allows the user to
specify a setting for the container.
This is an analog to Docker PR docker/docker#14030.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Even if cpu cgroup controller is enabled it's still possible that
cpu.shares doesn't exist.
This is the case when the kernel config has CONFIG_CGROUP_SCHED
enabled but CONFIG_FAIR_GROUP_SCHED disabled. Then docker fails to
start containers even --cpu-shares isn't specified.
$ sudo docker run -i -t ubuntu:14.04
Error response from daemon: Cannot start container 5600ae87eb9d0eca49f6bcee012247d6b4beb49c426d6cf17e2456279f9311f6: [8] System error: open /sys/fs/cgroup/cpu/docker/5600ae87eb9d0eca49f6bcee012247d6b4beb49c426d6cf17e2456279f9311f6/cpu.shares: no such file or directory
Signed-off-by: Zefan Li <lizefan@huawei.com>
Currently we can't start container with kmem limit, because we
set kmem limit after processes joined to cgroup, we'll get device
busy error in this case.
Fix it by moving set before join.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
It tests only changed files from commit.
We can't expect vet fixes from all projects from vendor directory.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>