jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
543 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

184 Commits

Author SHA1 Message Date
Michael Crosby ae9af437f0 After parsing flags check that the command is nsenter 
Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-07 10:48:29 -07:00
Michael Crosby a48b001013 Refactor execin code to be simpler 
Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-06 18:44:41 -07:00
Vishnu Kannan 74b99b8dd6 Check for "nsenter" in args before parsing flags. Addressed comments. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-08-05 22:13:23 +00:00
Vishnu Kannan e5e40b6ef0 Docker 'runin' demands passing flags before 'nsenter' cli option. 
Docker does not require RunIn API. Hence that API has been removed.
nsinit CLI has been modified to work around the nsenter changes.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-08-05 22:13:23 +00:00
Mrunal Patel 7f3bbbb47b Move locking to caller. 
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2014-08-01 19:06:56 -04:00
Michael Crosby 4568ca76c8 Update imports for new docker location 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-24 14:28:49 -07:00
Michael Crosby b2337e4860 Fix runin code for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-22 19:50:00 +00:00
Vishnu Kannan bb85e2b07a 'nsinit exec' now uses namespaces.RunIn instead of namespaces.ExecIn. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-22 19:50:00 +00:00
Vishnu Kannan 1f2828770d Updated RunIn API to match the new console handling behavior in HEAD. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-22 19:49:59 +00:00
Michael Crosby b56aa0658a Don't open slave in parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 18:24:15 -07:00
Michael Crosby 18e12838d6 Add resize of term in tty mode 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 17:44:18 -07:00
Michael Crosby 43b4258c46 Open with NOCTTY and set raw term 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 17:29:09 -07:00
Michael Crosby d661720fd7 Remove terminal handling in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 16:55:11 -07:00
Paul Morie ea6e255f45 Remove unused arg from namespaces.NsEnter 
Docker-DCO-1.1-Signed-off-by: Paul Morie <pmorie@gmail.com> (github: pmorie)
 2014-07-13 17:48:27 -04:00
Michael Crosby 422824c9d8 Move syncpipe into separate package 
This moves the sync pipe into a separate package to help the changes
when moving the API around.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-11 11:06:00 -07:00
Michael Crosby 704a90bec4 Rename package correctly so the binary is nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-08 16:36:59 -07:00
Vishnu Kannan 28dadc538c Separate nsinit main from implementation. This is done inorder to package nsinit as part of docker binary. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-01 22:00:15 +00:00
Michael Crosby 3f0764fa51 Add pause and unpause commands to nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 16:45:18 -07:00
Michael Crosby 361ac10612 Just output raw stats json 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 16:25:55 -07:00
Michael Crosby 21b71ef33d Rename spec to config 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 16:24:16 -07:00
Vishnu Kannan 813d247bc7 Fixing some nits. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-26 20:49:02 +00:00
Vishnu Kannan edf1e856a0 RuntimeCkpt is now State and the checkpoint file is called state.json. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 21:29:04 +00:00
Vishnu Kannan 481552c02b Created a global runtime checkpoint for libcontainer. Got rid of the network specific runtime checkpoint. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 19:20:07 +00:00
Vishnu Kannan 9253412ee1 1. Added a basic version of network stats inside network package. 
2. Introducing a new checkpoint file 'network.stats' which will contain the network runtime information (veth interface names for now).
3. Adding network stats to 'nsinit stats'.
4. Added a libcontainer Stats API to get both network and cgroup stats

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-25 19:19:10 +00:00
Michael Crosby 77dcaac129 Update code based on review comments 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:36:54 -07:00
Michael Crosby 81e5a3f7a7 Replace pid and started file with State type 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:36:54 -07:00
Victor Marmol 60b381e600 Rename Container -> Config. 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-23 17:08:15 -07:00
Mrunal Patel 88acda82d9 Add option parsing to nsenter and enable specifying commands with arguments. 
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2014-06-18 14:29:40 -04:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Michael Crosby 2d538dc80d Update for nsenter 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-05 14:31:16 -07:00
Michael Crosby 4e51c8b41f Update nsinit to be nicer to work with and test 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-05 14:13:02 -07:00
Victor Marmol 944b4434a6 Adding initial version of C-based nsenter for allowing execin in 
libcontainer.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-05 00:44:13 +00:00
Michael Crosby ed7f4a0f6d Rename nsinit package to namespaces in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 15:47:57 -07:00
Vishnu Kannan 953f6da166 Adding "stats" and "spec" option to nsinit binary which will print the stats and spec respectively. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-02 06:37:22 +00:00
Victor Vieux d660c31681 Merge pull request #6083 from bernerdschaefer/nsinit-drop-capabilities-after-changing-user 
SETUID/SETGID not required for changing user
 2014-05-28 17:29:17 -07:00
Victor Marmol 83710135b6 Merge pull request #5868 from jhspaybar/5749-libcontainerroutes 
libcontainer support for arbitrary route table entries
 2014-05-28 10:50:56 -07:00
William Thurston d931738466 Fixes #5749 
libcontainer support for arbitrary route table entries

Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
 2014-05-28 17:42:02 +00:00
Bernerd Schaefer 864d77dad0 SETUID/SETGID not required for changing user 
It is no longer necessary to pass "SETUID" or "SETGID" capabilities to
the container when a "user" is specified in the config.

Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-28 16:41:48 +02:00
Michael Crosby 5db18f2d5d Update wait calls to call Wait on Command 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-27 13:38:24 -07:00
Erik Hollensbe e0b1546d8b libcontainer/nsinit: remove Wait call from Exec and Kill from Attach in tty_term.go 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Erik Hollensbe 40b9c5564f Add Wait() calls in the appropriate spots 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Victor Marmol 8d83ef55af Merge pull request #5903 from alexlarsson/writable-proc 
Make /proc writable, but not /proc/sys and /proc/sysrq-trigger
 2014-05-19 12:21:15 -07:00
Alexander Larsson 73c607b7ad Make /proc writable, but not /proc/sys and /proc/sysrq-trigger 
Some applications want to write to /proc. For instance:

docker run -it centos groupadd foo

Gives: groupadd: failure while writing changes to /etc/group

And strace reveals why:

open("/proc/self/task/13/attr/fscreate", O_RDWR) = -1 EROFS (Read-only file system)

I've looked at what other systems do, and systemd-nspawn makes /proc read-write
and /proc/sys readonly, while lxc allows "proc:mixed" which does the same,
plus it makes /proc/sysrq-trigger also readonly.

The later seems like a prudent idea, so we follows lxc proc:mixed.
Additionally we make /proc/irq and /proc/bus, as these seem to let
you control various hardware things.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-19 20:46:05 +02:00
Victor Marmol 7c1f13e897 Merge pull request #5792 from bernerdschaefer/nsinit-supports-pdeathsig 
Add PDEATHSIG support to nsinit library
 2014-05-19 11:13:23 -07:00
Sridhar Ratnakumar d636e8aa0a fix panic when passing empty environment 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
 2014-05-16 11:55:34 -07:00
Bernerd Schaefer 98b3daa8dd nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-16 13:48:41 +02:00
Bernerd Schaefer 1c33652c66 nsinit.Init() restores parent death signal before exec 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-16 13:48:41 +02:00
Michael Crosby 3ce347c35f Move cgroups package into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-14 15:21:44 -07:00
Bernerd Schaefer edbe7cc547 "nsinit exec ..." forwards signals to container 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-14 11:01:02 +02:00
Michael Crosby 68de553fca Merge pull request #5630 from rjnagal/libcontainer-fixes 
Check supplied hostname before using it.
 2014-05-06 09:49:52 -07:00