0023305afc
Make MountConfig on container a pointer
...
Also add unit test for container json files to ensure that the mount
config is read and device nodes are validated.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-23 15:33:30 -07:00
1aff270a6c
Fix veth json and tags
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-23 15:33:30 -07:00
f216ad7b65
Use internal types in the API instead of duplicating the types.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 15:33:30 -07:00
952b884882
Use internal types in the API instead of duplicating the types.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 21:11:01 +00:00
ad5286acd9
Addressed more comments.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 20:40:37 +00:00
561534244a
Minor fixes.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 19:30:59 +00:00
0f14662b9c
Remove 'Context' type from the libcontainer API. It will be a generic map with string key and value henceforth.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:54:26 +00:00
c5f93a9a48
Reuse internal mount.Mount in the API.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:41:39 +00:00
ece2d83558
Added DropCapabilities() and DropBoundingSet() API to libcontainer.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:36:38 +00:00
4c55db7d58
Rename MountSpec to MountConfig.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-23 18:09:36 +00:00
b50266335e
Updated libcontainer subpackage dependencies. Most subpackages now do not depend on their parent ('libcontainer') package. 'namespaces' and 'nsinit' still do.
...
'namespaces' need to refactored a bit more to move the API part of it to 'libcontainer' package and keep the namespace specific code inside that package.
This change is not expected to break docker.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-20 22:52:43 +00:00
902319a3b0
Merge pull request #40 from crosbymichael/api-readme
...
Update readme with API change explination
2014-06-20 14:50:23 -07:00
78a5a4285f
Fix nit on wording
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 14:46:45 -07:00
3cea8e2be0
Fix typo in sample configs
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 14:42:19 -07:00
e77dc4853a
Update readme with API change explination
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 14:39:17 -07:00
2391c3dd8d
Merge pull request #38 from crosbymichael/add-specs
...
Add sample config files
2014-06-20 11:31:57 -07:00
746bd3b8ab
Fix unit test path
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 10:39:50 -07:00
d28d8b67a9
Update main readme with new configs folder
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 10:01:25 -07:00
6bce7867b2
Add minimal sample configuration files for testing
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-20 10:00:17 -07:00
36663b1ee2
Merge pull request #37 from vmarmol/allow-not-found
...
Don't fail getting stats of unknown hierarchies.
2014-06-20 08:45:56 -07:00
f9b158da02
Don't fail getting stats of unknown hierarchies.
...
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-19 21:32:38 -07:00
17ce8d8519
Merge pull request #35 from vmarmol/fixes
...
Replacing docker-dev with libcontainer mailing list.
2014-06-19 10:04:47 -07:00
3acf21b60e
Merge pull request #34 from bernerdschaefer/cgroup-stats-total-cpu-usage
...
CpuStats.CpuUsage includes TotalUsage
2014-06-19 09:25:19 -07:00
3505bd7d0e
Replacing docker-dev with libcontainer mailing list.
...
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-19 09:10:07 -07:00
cc266ed54c
CpuStats.CpuUsage includes TotalUsage
...
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-06-19 15:43:12 +02:00
9fa6481d98
Add fs.NotifyOnOOM for out-of-memory notifications
...
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-06-19 12:27:34 +02:00
2c29550226
Merge pull request #27 from mrunalp/dev/nsenter_flags
...
Add option parsing to nsenter and enable specifying commands with arguments
2014-06-18 14:05:44 -07:00
88acda82d9
Add option parsing to nsenter and enable specifying commands with arguments.
...
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-06-18 14:29:40 -04:00
87465294b6
Merge pull request #29 from vmarmol/fixes
...
Require two LGTMs for non-maintainer changes.
2014-06-18 10:55:28 -07:00
fcce4884da
Require two LGTMs for non-maintainer changes.
...
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-18 10:22:33 -07:00
da2edd6068
Merge pull request #32 from crosbymichael/update-travis
...
Update travis to run unit tests
2014-06-17 16:20:05 -07:00
619088c49f
Update travis to run unit tests
...
Also fix container_tests.go
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-17 16:12:36 -07:00
077836d955
Merge pull request #31 from crosbymichael/update-sample-json
...
Update sample json file for quick testing
2014-06-17 16:02:49 -07:00
9da679b6bd
Update sample json file for quick testing
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-17 15:49:40 -07:00
77ffd49dfe
Merge pull request #30 from crosbymichael/revert-mount-cgroup
...
Revert "Mount cgroups in the container"
2014-06-17 12:00:07 -07:00
c7d1cb2272
Revert "Mount cgroups in the container"
...
This reverts commit b441dfa729
2014-06-17 11:41:40 -07:00
2a9ff02bee
Merge pull request #24 from crosbymichael/is-not-exist-errors
...
Ignore isnotexist errors for restrict paths
2014-06-16 18:53:23 -07:00
c4ec56a9ac
Merge pull request #26 from crosbymichael/device-copy-links
...
Use lstat to check device symlinks
2014-06-16 17:42:34 -07:00
bbb502c8db
Use lstat to check device symlinks
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-16 14:51:02 -07:00
e00eadd77d
Merge pull request #17 from alexlarsson/fix-close-race
...
Fix invalid fd race
2014-06-16 13:29:17 -07:00
874953d781
Ignore isnotexist errors for restrict paths
...
Handle the error when remounting certain files and paths as readonly if
they do not exist.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-16 12:32:15 -07:00
4145356abe
Merge pull request #21 from mrunalp/use_path_max
...
Use PATH_MAX as buffer size for buffers containing paths.
2014-06-16 11:06:28 -07:00
014bb3f18f
Use PATH_MAX as buffer size for buffers containing paths.
...
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-06-16 10:48:25 -07:00
3b5ae6c352
Merge pull request #15 from alexlarsson/mount-cgroup-in-container
...
Mount cgroup in container
2014-06-16 08:57:59 -07:00
b441dfa729
Mount cgroups in the container
...
We make a tmpfs on /sys/fs/cgroups, and here we mount read-only
versions of all the host cgroups. Additionally we make symlinks
for all merged subsystems.
For any "named" cgroup, such as "name=systemd" we also mount the
subset of the cgroup where the container lives as read-write. This
means that the container can create sub-cgroups inside the container
and move tasks into those, but it can never escape from its current
position in the cgroup hierarchy.
In particular, this allows systemd to mostly work in a non-privileged
container. The only problem currently is that PrivateTmp=true fails
because systemd is not allowed to mount a new /tmp.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 17:16:23 +02:00
e0e0da9e28
pkg/cgroups Add GetCgroupMounts() and GetAllSubsystems()
...
This lists all currently mounted cgroups and all supported cgroup
subsystems on the machine.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 17:16:10 +02:00
f6028219a5
Fix invalid fd race
...
Sometimes I was getting:
2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor
This happens when applying the capabilities, and the code that
reads the current caps opens /proc/1/status and then reads some data from it.
But during this it gets a EBADFD error.
The problem is that FinalizeNamespace() closes all FDs before applying
the caps, and if a GC then happens after /proc/1/status is opened but
before reading from the fd, then an old os.File finalizer may close the
already closed-and-reused fd, wreaking havoc.
We fix this by instead of closing the FDs we mark them close-on-exec
which guarantees that they will be closed when we do the final
exec into the container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 10:26:18 +02:00
124aba2f15
Merge pull request #20 from vbatts/vbatts-cleanup_setns
...
nsenter: fixing the cpp order
2014-06-13 11:19:07 -07:00
d7cbde80a1
nsenter: fixing the cpp order
...
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-06-13 13:09:13 -04:00
82a1592e88
Merge pull request #10 from glyn/hack
...
Initial hacker documentation
2014-06-13 09:49:15 -07:00
Michael Crosby
Vishnu Kannan
Victor Marmol
Rohit Jnagal
Bernerd Schaefer
Mrunal Patel
Alexander Larsson
Vincent Batts