jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,733 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

124 Commits

Author SHA1 Message Date
Mrunal Patel 859abee0c8 Add CAP prefix for capabilities 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-09-15 14:43:03 -04:00
Mrunal Patel 4d8e13fc3e Merge pull request #43 from LK4D4/new_netlink 
New netlink library
 2015-09-14 14:01:07 -07:00
Mrunal Patel 486ac97618 Merge pull request #236 from hqhq/hq_fix_cgroup_rw 
Always remount for bind mount
 2015-09-14 12:08:34 -07:00
Rajasekaran 2940f73a14 make localtest failure on removing seccomp flag 
Signed-off-by: Rajasekaran <rajasec79@gmail.com>
 2015-09-12 14:43:55 +05:30
Mrunal Patel ef9471fd5b Merge pull request #253 from avagin/cr-cgroups 
c/r: create cgroups to restore a container
 2015-09-11 18:03:40 -07:00
Alexander Morozov b0fd9fb75a Merge pull request #220 from crosbymichael/build-tags 
Add seccomp build tag
 2015-09-11 12:06:27 -07:00
Michael Crosby a8e0185d97 Add seccomp build tag 
Add a seccomp build tag and also support in the Makefile to add or
remove build tags.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-11 12:03:57 -07:00
David Calavera 0f28592b35 Turn hook pointers into values. 
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-11 11:34:34 -07:00
Michael Crosby dd969cbacd Add test for function based hooks 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-10 18:15:00 -07:00
Mrunal Patel 1dca365393 Add test for prestart hook 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Conflicts:
	libcontainer/integration/exec_test.go
 2015-09-10 17:59:36 -07:00
Michael Crosby 05567f2c94 Implement hooks in libcontainer 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-10 17:57:31 -07:00
Andrey Vagin df39686c93 c/r: create cgroups to restore a container 
Here are two reasons:
* If we use systemd, we need to ask it to create cgroups
* If a container is restored with another ID, we need to
  change paths to cgroups.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-09-10 21:00:27 +03:00
Andrey Vagin da2535f2d1 mount: don't read /proc/self/cgroup many times 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-09-10 21:00:22 +03:00
Andrey Vagin e49c1dc559 Rework ParseCgroupFile 
Currently we parse /proc/self/cgroup for each controller.
It's ineffective.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-09-10 20:59:27 +03:00
Alexander Morozov 24f4d5d1fd Remove old netlink library 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-09-09 19:38:02 -07:00
Alexander Morozov 916bd6bd68 Use github.com/vishvananda/netlink for networking 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-09-09 19:32:46 -07:00
Qiang Huang b94fe5b7f8 Fix bug in find cgroup mount point dir 
Bug was introduced in #250

According to: http://man7.org/linux/man-pages/man5/proc.5.html

36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
(1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
...
(7)  optional fields: zero or more fields of the form
       "tag[:value]".
The 7th field is optional. We should skip it when parsing mount info.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-09-10 08:29:12 +08:00
Qiang Huang f2ec7eff7e Rename FindCgroupMountpointAndSource 
Rename it to FindCgroupMountpointAndRoot.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-09-09 09:29:11 +08:00
Qiang Huang bc67941c72 Parse directly in FindCgroupMountpointDir 
Unify it with FindCgroupMountpoint, and add comments why
we should to do this.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-09-09 09:28:50 +08:00
Alexander Morozov 05b1cda5dd Merge pull request #235 from hqhq/hq_fix_cgroup_test 
Fix cgroup mount tests
 2015-09-01 14:57:44 -07:00
Vishnu Kannan cc232c4707 Adding oom_score_adj as a container config param. 
Signed-off-by: Vishnu Kannan <vishnuk@google.com>
 2015-08-31 14:02:59 -07:00
Qiang Huang 085f465c00 Fix cgroup mount tests 
I got:
```
exec_test.go:823: Mode expected to contain 'ro,nosuid,nodev,noexec': tmpfs on /sys/fs/cgroup type tmpfs (ro,seclabel,nosuid,nodev,noexec,relatime,mode=755
```wq

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-08-31 11:23:18 +08:00
Qiang Huang b7385e291c Always remount for bind mount 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-08-31 11:10:34 +08:00
Michael Crosby b1e7041957 Merge pull request #165 from calavera/context_labels 
Make label.Relabel safer.
 2015-08-28 14:20:00 -07:00
Matthew Heon 2ee6d1e8b6 Connect Seccomp configuration in Spec to configuration in Libcontainer 
Signed-off-by: Matthew Heon <mheon@redhat.com>
 2015-08-25 17:35:06 -04:00
Mrunal Patel 2f4c229a8c Merge pull request #215 from boucher/huikang-patch 
Add hooks for passing explicit veth pairs for forwarding to CRIU
 2015-08-24 21:23:29 -07:00
Hui Kang 7f23085c82 Add hooks for passing explicit veth pairs for forwarding to CRIU. 
Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
 2015-08-24 09:26:39 -07:00
boucher 8c812d0f50 Add the criu log file path to the failure message. 
Signed-off-by: Ross Boucher <rboucher@gmail.com>
 2015-08-21 14:20:59 -07:00
Mrunal Patel e7663a673e Merge pull request #70 from mheon/seccomp 
Convert Seccomp support to use Libseccomp
 2015-08-21 12:25:33 -07:00
Lai Jiangshan e48363d777 simplify a variable declaration 
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
 2015-08-20 08:21:44 +08:00
Mrunal Patel ca8831fa75 Merge pull request #183 from rajasec/securityfs 
Adding securityfs mount
 2015-08-18 14:24:38 -07:00
Mrunal Patel c20bda3f71 Merge pull request #206 from mountkin/ensure-cleanup 
Ensure the cleanup jobs in the deferrer are executed on error
 2015-08-18 14:16:31 -07:00
Michael Crosby b0ca535f75 Merge pull request #194 from LK4D4/fix_cgroups_again 
Fix cgroups again
 2015-08-18 13:49:31 -07:00
Michael Crosby c6b6be21c5 Merge pull request #199 from clnperez/ifrdatabyte-sign-pr 
Fixing netlink build error on ppc64le with gccgo
 2015-08-18 13:48:59 -07:00
rajasec 8cdc409715 Fixing tmpfs 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2015-08-17 06:22:48 +05:30
Shijiang Wei f0679089b9 Ensure the cleanup jobs in the deferrer are executed on error 
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
 2015-08-16 12:29:04 +08:00
Michael Chase-Salerno 9bc81d1699 Fixing netlink build error on ppc64le with gccgo 
Again. It looks like a build tag was somehow dropped between
the PR here: https://github.com/docker/libcontainer/pull/625
and the move to runc.

Signed-off-by: Christy Perez <clnperez@linux.vnet.ibm.com>
 2015-08-13 17:52:47 -05:00
Matthew Heon a6b73dbc73 Remove Seccomp build tag to fix godep 
Signed-off-by: Matthew Heon <mheon@redhat.com>
 2015-08-13 15:23:43 -04:00
Matthew Heon 59264040bd Update tests to not error on library v2.2.0 and lower 
As v2.1.0 is no longer required for successful testing, do not build it in the
Dockerfile - instead just use the version Ubuntu ships.

Signed-off-by: Matthew Heon <mheon@redhat.com>
 2015-08-13 09:36:21 -04:00
Matthew Heon 2ae581ae62 Convert Seccomp support to use Libseccomp 
This removes the existing, native Go seccomp filter generation and replaces it
with Libseccomp. Libseccomp is a C library which provides architecture
independent generation of Seccomp filters for the Linux kernel.

This adds a dependency on v2.2.1 or above of Libseccomp.

Signed-off-by: Matthew Heon <mheon@redhat.com>
 2015-08-13 07:56:27 -04:00
Lai Jiangshan e8817e1104 Simplify the return on process wait 
Simplify the code introduced by the commit d1f0d5705deb:
    Return actual ProcessState on Wait error

Cc: Alexander Morozov <lk4d4@docker.com>
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
 2015-08-12 22:37:34 +08:00
Alexander Morozov 2b28b3c276 Always use cgroup root of current process 
Because for host PID namespace /proc/1/cgroup can point to whole other
world of cgroups.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-08-11 18:04:59 -07:00
Alexander Morozov 5aa6005498 Revert "Fix cgroup parent searching" 
This reverts commit 2f9052ca29.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-08-11 18:04:55 -07:00
Alexander Morozov 2f9052ca29 Fix cgroup parent searching 
I had pretty convenient input data to miss this bug.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-08-10 14:30:05 -07:00
rajasec 24f7a10a93 Adding securityfs mount 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2015-08-05 16:50:08 +05:30
Mrunal Patel f3a3025933 Fix minor stylistic issues 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-08-04 17:44:45 -04:00
Mrunal Patel c9d5850629 Don't make modifications to /dev there are no devices in the configuration 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-08-04 16:57:29 -04:00
Michael Crosby a5ef75b681 Add signal API to Container interface 
This adds a `Signal()` method to the container interface so that the
initial process can be signaled after a Load or operation.  It also
implements signaling the init process from a nonChildProcess.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-08-03 17:07:29 -07:00
Mrunal Patel ce0a339632 Merge pull request #166 from gitido/fixes 
Go1.5 compatibility fix
 2015-08-03 13:51:26 -07:00
Michael Crosby 76e706f856 Merge pull request #151 from LK4D4/use_proc_exe 
Use /proc/self/exe as default for InitPath
 2015-08-03 16:15:33 -04:00