Commit Graph

2313 Commits

Author SHA1 Message Date
Mike Brown fdf9ef46b2 adds detail to runc start and spec help text
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-03-18 13:54:06 -05:00
Mrunal Patel 54a6e56004 Merge pull request #647 from rajasec/valid-id
Fixing valid-id in regex
2016-03-18 09:38:56 -07:00
Mrunal Patel b336a84aeb Merge pull request #658 from hqhq/hq_fix_init_help_info
Fix help info of init command
2016-03-18 09:38:17 -07:00
Qiang Huang c82ec8e898 Fix help info of init command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-18 14:02:42 +08:00
Mrunal Patel 62470e0bd8 Merge pull request #653 from jfrazelle/remove-deadcode
remove deadcode
2016-03-17 16:50:45 -07:00
Michael Crosby 541725b6ef Merge pull request #655 from mrunalp/sync_pid
Sync on the pid file to ensure the write is persisted
2016-03-17 16:15:30 -07:00
Mrunal Patel c85f24fda2 Sync on the pid file to ensure the write is persisted
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-17 15:12:35 -07:00
Aleksa Sarai a6d5179f60 libcontainer: cgroups: add tests for pids.max == "max"
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-18 08:46:24 +11:00
Aleksa Sarai 087b953dc5 libcontainer: cgroups: deal with unlimited case for pids.max
Make sure we don't error out collecting statistics for cases where
pids.max == "max". In that case, we can use a limit of 0 which means
"unlimited".

In addition, change the name of the stats attribute (Max) to mirror the
name of the resources attribute in the spec (Limit) so that it's
consistent internally.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-18 08:46:24 +11:00
Mrunal Patel d6c22f29e3 Merge pull request #652 from crosbymichael/atomic-pid
Create pid-file atomically
2016-03-17 14:44:30 -07:00
Michael Crosby d26cd4da40 Create pid-file atomically
For things that depend or watch for this pid file to know when the
container is started we need to create this file atomically.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-17 14:41:18 -07:00
Jessica Frazelle 2c5b10189c
remove deadcode
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-03-17 13:36:28 -07:00
Thomas LE ROUX 570deee7ac Export user and group lookup errors as variables.
Export errors as variables when no matching entries are found in passwd or group file.

Signed-off-by: Thomas LE ROUX <thomas@november-eleven.fr>
2016-03-17 21:03:27 +01:00
Alexander Morozov bbde9c426f Merge pull request #646 from crosbymichael/pid-host-block
Destroy container along with processes before stdio
2016-03-17 09:51:59 -07:00
Mrunal Patel 015fad9fa8 Merge pull request #604 from hqhq/hq_clean_force_remove
Don't link runc every time
2016-03-16 18:53:51 -07:00
Qiang Huang a719ea5c61 Don't link runc every time
So we won't see the link message every time we make
runc. Also it use force remove when make clean, so
we don't see annoying error when do extra make clean.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-17 08:24:24 +08:00
Mrunal Patel 53ca128353 Merge pull request #648 from mrunalp/cgroups_delegate
Set Delegate to true for cgroups transient units
2016-03-16 14:44:02 -07:00
Mrunal Patel 93d1a1a6ea Set Delegate to true for cgroups transient units
This is required because we manage some of the cgroups ourselves.
This recommendation came from talking with systemd devs about
some of the issues that we see when using the systemd cgroups driver.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-16 09:44:27 -07:00
Michael Crosby fdb100d247 Destroy container along with processes before stdio
We need to make sure the container is destroyed before closing the stdio
for the container.  This becomes a big issues when running in the host's
pid namespace because the other processes could have inherited the stdio
of the initial process.  The call to close will just block as they still
have the io open.

Calling destroy before closing io, especially in the host pid namespace
will cause all additional processes to be killed in the container's
cgroup.  This will allow the io to be closed successfuly.

This change makes sure the order for destroy and close is correct as
well as ensuring that if any errors encoutered during start or exec will
be handled by terminating the process and destroying the container.  We
cannot use defers here because we need to enforce the correct ordering
on destroy.

This also sets the subreaper setting for runc so that when running in
pid host, runc can wait on the addiontal processes launched by the
container, useful on destroy, but also good for reaping the additional
processes that were launched.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-15 13:17:11 -07:00
Mrunal Patel 69fe79de10 Merge pull request #637 from crosbymichael/flush-logs
Ensure logs are flushed
2016-03-15 11:05:10 -07:00
Mrunal Patel 2faade9bc7 Merge pull request #503 from cyphar/maintainers-add-aleksa
MAINTAINERS: add Aleksa Sarai to maintainers
2016-03-15 07:56:16 -07:00
Aleksa Sarai ed10cf2804 MAINTAINERS: add Aleksa Sarai to maintainers
In light of my recent contributions, I believe myself to be technically
competent enough to be a maintainer of runC. I'm an active contributor,
authored the PIDs cgroup subsystem specfically for the runC and Docker
projects, and am already a maintainer of libcontainer/user.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-15 15:09:53 +11:00
Qiang Huang 3237cad790 Merge pull request #623 from rajasec/validate-spec
Adding spec validation for exec and start
2016-03-15 09:45:02 +08:00
Mrunal Patel be30e557bf Merge pull request #643 from hqhq/hq_add_uninstall
Add make uninstall command
2016-03-14 12:49:48 -07:00
Michael Crosby 732a0fb440 Merge pull request #638 from hqhq/hq_fix_bootstrapData
Fix encoding gid mappings
2016-03-14 11:55:12 -07:00
Mrunal Patel 459efccb0a Merge pull request #576 from avagin/cr
Call Prestart hooks before restoring processes
2016-03-14 11:21:29 -07:00
Michael Crosby fa48b64e50 Remove logging from init
Because namespaces are being joined in the C init and because errors
reported during init are sent back to the parent process there is no
reason to do logging in the init as it cannot open the file on the host
side for `exec` anyways.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-14 11:19:16 -07:00
Michael Crosby 8f206929b2 Ensure logs are flushed
This ensures that anything written to the logs are synced as they
happen.

This also changes the error message of the libcontainer error.  The
original idea was to have this extra information in the message but it
makes it hard to parse and if the caller needed this information they
can just get it from the error type.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-14 11:06:16 -07:00
Mrunal Patel 5a91c338f5 Merge pull request #640 from cyphar/add-cgroup-pids-stats-limit
libcontainer: cgroups: add pids.max to PidsStats
2016-03-13 21:25:45 -07:00
Mrunal Patel b6be1e93fc Merge pull request #639 from rajasec/list-error
Changing from logrus to fatal in list
2016-03-13 21:24:45 -07:00
rajasec d4be3405c7 Fixing valid-id in regex
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-14 08:48:41 +05:30
Qiang Huang 7a4285484d Add make uninstall command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-14 09:59:36 +08:00
rajasec e7d1d78af2 Changing from interface type to process type
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-13 22:08:11 +05:30
Rajasekaran d1faa82a0a Adding spec validation for exec and start
Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

Rebased with latest spec version

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-13 21:58:00 +05:30
Aleksa Sarai 64286b443d libcontainer: cgroups: add tests for pids.max in PidsStats
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-13 14:16:38 +11:00
Aleksa Sarai 2b1e086f62 libcontainer: cgroups: add pids.max to PidsStats
In order to allow nice usage statistics (in terms of percentages and
other such data), add the value of pids.max to the PidsStats struct
returned from the pids cgroup controller.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-13 04:53:20 +11:00
Qiang Huang 2f2c83a2a0 Fix encoding gid mappings
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-12 13:18:42 +08:00
rajasec 11f024a85f Changing from logrus to fatal in list
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-12 08:46:30 +05:30
Qiang Huang bab300c28e Merge pull request #636 from crosbymichael/git-version
Add gitcommit to runc builds
2016-03-12 10:02:12 +08:00
Michael Crosby beb3e5e71a Add gitcommit to runc builds
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-11 15:20:00 -08:00
Mrunal Patel 2524befb52 Merge pull request #634 from tonistiigi/clear-groups
Clear groups after entering userns
2016-03-11 09:45:39 -08:00
Tonis Tiigi 04da969aa8 Clear groups after entering userns
Clears supplementary groups that have effect on the
mount permissions before joining the user specified
groups happens.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-10 22:23:38 -08:00
Mrunal Patel 1beb2410db Merge pull request #633 from crosbymichael/bump-spec-v4
Bump spec v0.4
2016-03-10 16:42:46 -08:00
Michael Crosby 4bef923fdb Merge pull request #630 from crosbymichael/revert-exit-status
Revert "Return proper exit code for exec errors"
2016-03-10 14:42:30 -08:00
Michael Crosby 94dc520a57 Bump runc to 0.0.9
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:35:57 -08:00
Michael Crosby 20422c9bd9 Update libcontainer to support rlimit per process
This updates runc and libcontainer to handle rlimits per process and set
them correctly for the container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:35:16 -08:00
Michael Crosby 47eaa08f5a Update runc usage for new specs changes
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:18:39 -08:00
Michael Crosby 9047912c35 Bump spec version to v0.4.0
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:14:57 -08:00
Michael Crosby 9ea3372d04 Merge pull request #632 from adfernandes/master
nsexec: don't use CLONE_PARENT and CLONE_NEWPID together
2016-03-10 13:14:50 -08:00
Andrey Vagin 080eac3d2a nsexec: don't use CLONE_PARENT and CLONE_NEWPID together
The rhel6 kernel returns EINVAL in this case

Known issue:
* CT with userns doesn't work

This is a copy of
d31e97fa28
to address https://github.com/opencontainers/runc/issues/613

Signed-off-by: Andrey Vagin <avagin@virtuozzo.com>
Signed-off-by: Andrew Fernandes <andrew@fernandes.org>
2016-03-10 14:28:10 -05:00