jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,203 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

102 Commits

Author SHA1 Message Date
Michael Crosby 3977c892e7 Remove --create from nsinit and make it default 
More people are using this to test new features and this makes it very
simple to run a container with a simple command.

`nsinit exec --tty sh`

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-03-11 11:46:11 -07:00
Alexander Morozov 8d0b06257b Move tty configuration to Process 
Now you need to call Process.NewConsole to setup console for process

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-02-25 15:04:43 -08:00
Mrunal Patel f9590b0927 Adds missing exit to fatal function. 
Extracts ProcessState when we get ExitError.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-02-25 13:54:45 -05:00
Andrey Vagin 94fb37f557 process: add Wait(), Signal() and Pid() methods 
Currently we have a problem when buffers are used for std file
descriptors.  These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.

Signed-off-by: Andrew Vagin <avagin@openvz.org>
 2015-02-23 23:40:41 +03:00
Michael Crosby afa8443118 Remove userns sidecar process 
Move the network setup back into the standard init even for user
namespaces now that mounts are fully supported and working.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-18 15:47:26 -08:00
Michael Crosby 339edce03e Update console and mount handling for user namespaces 
This updates the console handling to chown the console on creation to
the root user within the container.

This also moves the setup mounts from the userns sidecar process into
the main init processes by trying to mknod devices, if it fails on an
EPERM then bind mount the device from the host into the container for
use.  This prevents access issues when the sidecar process mknods the
device for the usernamespace returning an EPERM when writting to
dev/null.

This also adds some error handling for init processes and nsinit updates
with added flags for testing and other functions.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-17 21:37:02 -08:00
Michael Crosby f4cf808a3d Merge branch 'master' into api 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	MAINTAINERS
	cgroups/cgroups.go
	cgroups/fs/apply_raw.go
	cgroups/fs/notify_linux.go
	cgroups/fs/notify_linux_test.go
	cgroups/systemd/apply_systemd.go
	config.go
	configs/config_test.go
	console/console.go
	integration/exec_test.go
	integration/init_test.go
	integration/template_test.go
	integration/utils_test.go
	linux_notify.go
	linux_notify_test.go
	mount/init.go
	mount/mount_config.go
	mount/pivotroot.go
	mount/ptmx.go
	namespaces/create.go
	namespaces/exec.go
	namespaces/execin.go
	namespaces/init.go
	namespaces/nsenter/nsenter.c
	namespaces/nsenter/nsenter.go
	namespaces/utils.go
	network/network.go
	network/types.go
	network/veth.go
	notify_linux.go
	notify_linux_test.go
	nsinit/exec.go
	nsinit/main.go
	nsinit/nsenter.go
	nsinit/oom.go
	sample_configs/host-pid.json
	sample_configs/userns.json
	security/capabilities/capabilities.go
	update-vendor.sh
 2015-02-16 15:09:42 -08:00
Michael Crosby 91a3f162af Implement nsinit state command 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 18:49:28 -08:00
Michael Crosby 2ec6b585ea Add new API examples to readme 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:27 -08:00
Michael Crosby b0e274c0d2 Remove console package and add Console type 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby ab76a88d6b Remove Wait() on container interface 
Since we return the pid for the started process we do not need this
method on the interface.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-03 10:50:18 -08:00
Michael Crosby bbeae7445a Remove namespaces package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-02 15:41:32 -08:00
Michael Crosby 8191d4d60f Refactory container interface 
This removes a new unused methods from the container interface and types
parameters such as os.Signal and WaitStatus

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-31 20:51:12 -08:00
Michael Crosby 935d81f23d Flatten configuration structs 
Change the various config structs into one package and have a flatter
structure for easier use.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-31 19:56:27 -08:00
Mrunal Patel b0eece8d7d Adds support for User Namespaces. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Adds sample configuration to test user namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Rebases to master.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Fixes integration tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Move selinux labeling, apparmor profile and restrict kernel files back to init.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Separate the code paths for userns and default cases.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

tty not required for setup

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Cleanup and address review comments.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Remove debug logs and other cleanup.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Use function paramaters for SetupContainer.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2015-01-19 14:50:21 -05:00
Andrey Vagin 46e62c9204 nsinit: return console 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-01-15 18:22:47 +03:00
Andrey Vagin 59e66b818d nsinit: add getContainer() 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-01-15 00:43:13 +03:00
Andrey Vagin 1a380ac436 nsinit: remove ticks around nsenter 
If we really need these command, we need to expand API.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2014-12-23 16:30:37 +03:00
Andrey Vagin c406a6b6e0 nsinit: clean up 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2014-12-19 12:32:34 +03:00
Andrey Vagin ce9d63376f libcontainer: move State in the configs package 
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2014-12-19 12:32:34 +03:00
Andrey Vagin 7038ddbc8c libcontainer: move Config in a separate package 
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2014-12-19 12:32:34 +03:00
Andrey Vagin 159db89c1f nsinit: use the new API for executing processes 
Signed-off-by: Andrew Vagin <avagin@openvz.org>
 2014-12-16 09:19:02 +03:00
Saied Kazemi ae81ea069f Add RootFs field to configuration options in libcontainer's Config 
Since currently the container.json file does not include the pathname
to a container's root filesystem, we need to parse /proc/mounts which
is slow and error-prone.  This patch addresses this issue by adding a
new RootFs field.

Signed-off-by: Saied Kazemi <saied@google.com>
 2014-09-23 16:16:13 -07:00
Michael Crosby bdafa085ae Reuse exec cli function and strip nsenter- from funcs 
Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-12 17:33:20 -07:00
Michael Crosby 7d1ba0698f Cleanup and rename loadContainer to loadConfig 
Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-12 12:03:53 -07:00
Michael Crosby 70367b2cf3 Improve execin to support registering funcs 
This also changes the functionality of the default exec in to just be an
existing func that is called than handles the implementation to exec a
user user's process inside the container.  This implements this
functionallity in nsinit but is a base for how we will be handling these
types of features inside docker.

Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-12 11:43:12 -07:00
Michael Crosby 51e6049226 Make nsinit package main only 
Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-12 10:48:12 -07:00
Michael Crosby ae9af437f0 After parsing flags check that the command is nsenter 
Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-07 10:48:29 -07:00
Michael Crosby a48b001013 Refactor execin code to be simpler 
Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-06 18:44:41 -07:00
Vishnu Kannan e5e40b6ef0 Docker 'runin' demands passing flags before 'nsenter' cli option. 
Docker does not require RunIn API. Hence that API has been removed.
nsinit CLI has been modified to work around the nsenter changes.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-08-05 22:13:23 +00:00
Michael Crosby 4568ca76c8 Update imports for new docker location 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-24 14:28:49 -07:00
Michael Crosby b2337e4860 Fix runin code for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-22 19:50:00 +00:00
Vishnu Kannan bb85e2b07a 'nsinit exec' now uses namespaces.RunIn instead of namespaces.ExecIn. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-22 19:50:00 +00:00
Michael Crosby b56aa0658a Don't open slave in parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 18:24:15 -07:00
Michael Crosby 18e12838d6 Add resize of term in tty mode 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 17:44:18 -07:00
Michael Crosby 43b4258c46 Open with NOCTTY and set raw term 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 17:29:09 -07:00
Michael Crosby d661720fd7 Remove terminal handling in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-15 16:55:11 -07:00
Vishnu Kannan 28dadc538c Separate nsinit main from implementation. This is done inorder to package nsinit as part of docker binary. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-01 22:00:15 +00:00
Michael Crosby 77dcaac129 Update code based on review comments 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:36:54 -07:00
Michael Crosby 81e5a3f7a7 Replace pid and started file with State type 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-25 11:36:54 -07:00
Victor Marmol 60b381e600 Rename Container -> Config. 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-23 17:08:15 -07:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Michael Crosby 2d538dc80d Update for nsenter 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-05 14:31:16 -07:00
Michael Crosby 4e51c8b41f Update nsinit to be nicer to work with and test 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-05 14:13:02 -07:00
Michael Crosby ed7f4a0f6d Rename nsinit package to namespaces in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 15:47:57 -07:00
Michael Crosby 5db18f2d5d Update wait calls to call Wait on Command 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-27 13:38:24 -07:00
Erik Hollensbe e0b1546d8b libcontainer/nsinit: remove Wait call from Exec and Kill from Attach in tty_term.go 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Erik Hollensbe 40b9c5564f Add Wait() calls in the appropriate spots 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Bernerd Schaefer 98b3daa8dd nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-16 13:48:41 +02:00
Michael Crosby 3ce347c35f Move cgroups package into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-14 15:21:44 -07:00