Alexander Morozov
8d0b06257b
Move tty configuration to Process
...
Now you need to call Process.NewConsole to setup console for process
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-02-25 15:04:43 -08:00
Mrunal Patel
f9590b0927
Adds missing exit to fatal function.
...
Extracts ProcessState when we get ExitError.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-02-25 13:54:45 -05:00
Andrey Vagin
94fb37f557
process: add Wait(), Signal() and Pid() methods
...
Currently we have a problem when buffers are used for std file
descriptors. These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-02-23 23:40:41 +03:00
Michael Crosby
afa8443118
Remove userns sidecar process
...
Move the network setup back into the standard init even for user
namespaces now that mounts are fully supported and working.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-18 15:47:26 -08:00
Michael Crosby
339edce03e
Update console and mount handling for user namespaces
...
This updates the console handling to chown the console on creation to
the root user within the container.
This also moves the setup mounts from the userns sidecar process into
the main init processes by trying to mknod devices, if it fails on an
EPERM then bind mount the device from the host into the container for
use. This prevents access issues when the sidecar process mknods the
device for the usernamespace returning an EPERM when writting to
dev/null.
This also adds some error handling for init processes and nsinit updates
with added flags for testing and other functions.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-17 21:37:02 -08:00
Michael Crosby
f4cf808a3d
Merge branch 'master' into api
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Conflicts:
MAINTAINERS
cgroups/cgroups.go
cgroups/fs/apply_raw.go
cgroups/fs/notify_linux.go
cgroups/fs/notify_linux_test.go
cgroups/systemd/apply_systemd.go
config.go
configs/config_test.go
console/console.go
integration/exec_test.go
integration/init_test.go
integration/template_test.go
integration/utils_test.go
linux_notify.go
linux_notify_test.go
mount/init.go
mount/mount_config.go
mount/pivotroot.go
mount/ptmx.go
namespaces/create.go
namespaces/exec.go
namespaces/execin.go
namespaces/init.go
namespaces/nsenter/nsenter.c
namespaces/nsenter/nsenter.go
namespaces/utils.go
network/network.go
network/types.go
network/veth.go
notify_linux.go
notify_linux_test.go
nsinit/exec.go
nsinit/main.go
nsinit/nsenter.go
nsinit/oom.go
sample_configs/host-pid.json
sample_configs/userns.json
security/capabilities/capabilities.go
update-vendor.sh
2015-02-16 15:09:42 -08:00
Michael Crosby
91a3f162af
Implement nsinit state command
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 18:49:28 -08:00
Michael Crosby
2ec6b585ea
Add new API examples to readme
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:27 -08:00
Michael Crosby
b0e274c0d2
Remove console package and add Console type
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
ab76a88d6b
Remove Wait() on container interface
...
Since we return the pid for the started process we do not need this
method on the interface.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-03 10:50:18 -08:00
Michael Crosby
bbeae7445a
Remove namespaces package
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-02 15:41:32 -08:00
Michael Crosby
8191d4d60f
Refactory container interface
...
This removes a new unused methods from the container interface and types
parameters such as os.Signal and WaitStatus
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-31 20:51:12 -08:00
Michael Crosby
935d81f23d
Flatten configuration structs
...
Change the various config structs into one package and have a flatter
structure for easier use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-31 19:56:27 -08:00
Mrunal Patel
b0eece8d7d
Adds support for User Namespaces.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Adds sample configuration to test user namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Rebases to master.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Fixes integration tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Move selinux labeling, apparmor profile and restrict kernel files back to init.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Separate the code paths for userns and default cases.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
tty not required for setup
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Cleanup and address review comments.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Remove debug logs and other cleanup.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Use function paramaters for SetupContainer.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-19 14:50:21 -05:00
Andrey Vagin
46e62c9204
nsinit: return console
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 18:22:47 +03:00
Andrey Vagin
59e66b818d
nsinit: add getContainer()
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 00:43:13 +03:00
Andrey Vagin
1a380ac436
nsinit: remove ticks around nsenter
...
If we really need these command, we need to expand API.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2014-12-23 16:30:37 +03:00
Andrey Vagin
c406a6b6e0
nsinit: clean up
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2014-12-19 12:32:34 +03:00
Andrey Vagin
ce9d63376f
libcontainer: move State in the configs package
...
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2014-12-19 12:32:34 +03:00
Andrey Vagin
7038ddbc8c
libcontainer: move Config in a separate package
...
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2014-12-19 12:32:34 +03:00
Andrey Vagin
159db89c1f
nsinit: use the new API for executing processes
...
Signed-off-by: Andrew Vagin <avagin@openvz.org>
2014-12-16 09:19:02 +03:00
Saied Kazemi
ae81ea069f
Add RootFs field to configuration options in libcontainer's Config
...
Since currently the container.json file does not include the pathname
to a container's root filesystem, we need to parse /proc/mounts which
is slow and error-prone. This patch addresses this issue by adding a
new RootFs field.
Signed-off-by: Saied Kazemi <saied@google.com>
2014-09-23 16:16:13 -07:00
Michael Crosby
bdafa085ae
Reuse exec cli function and strip nsenter- from funcs
...
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-12 17:33:20 -07:00
Michael Crosby
7d1ba0698f
Cleanup and rename loadContainer to loadConfig
...
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-12 12:03:53 -07:00
Michael Crosby
70367b2cf3
Improve execin to support registering funcs
...
This also changes the functionality of the default exec in to just be an
existing func that is called than handles the implementation to exec a
user user's process inside the container. This implements this
functionallity in nsinit but is a base for how we will be handling these
types of features inside docker.
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-12 11:43:12 -07:00
Michael Crosby
51e6049226
Make nsinit package main only
...
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-12 10:48:12 -07:00
Michael Crosby
ae9af437f0
After parsing flags check that the command is nsenter
...
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-07 10:48:29 -07:00
Michael Crosby
a48b001013
Refactor execin code to be simpler
...
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-06 18:44:41 -07:00
Vishnu Kannan
e5e40b6ef0
Docker 'runin' demands passing flags before 'nsenter' cli option.
...
Docker does not require RunIn API. Hence that API has been removed.
nsinit CLI has been modified to work around the nsenter changes.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-08-05 22:13:23 +00:00
Michael Crosby
4568ca76c8
Update imports for new docker location
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-24 14:28:49 -07:00
Michael Crosby
b2337e4860
Fix runin code for nsinit
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-22 19:50:00 +00:00
Vishnu Kannan
bb85e2b07a
'nsinit exec' now uses namespaces.RunIn instead of namespaces.ExecIn.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-07-22 19:50:00 +00:00
Michael Crosby
b56aa0658a
Don't open slave in parent
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-15 18:24:15 -07:00
Michael Crosby
18e12838d6
Add resize of term in tty mode
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-15 17:44:18 -07:00
Michael Crosby
43b4258c46
Open with NOCTTY and set raw term
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-15 17:29:09 -07:00
Michael Crosby
d661720fd7
Remove terminal handling in libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-15 16:55:11 -07:00
Vishnu Kannan
28dadc538c
Separate nsinit main from implementation. This is done inorder to package nsinit as part of docker binary.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-07-01 22:00:15 +00:00
Michael Crosby
77dcaac129
Update code based on review comments
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-25 11:36:54 -07:00
Michael Crosby
81e5a3f7a7
Replace pid and started file with State type
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-25 11:36:54 -07:00
Victor Marmol
60b381e600
Rename Container -> Config.
...
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-23 17:08:15 -07:00
Michael Crosby
6ab3ef56f4
Update imports for new repository path
2014-06-10 08:14:16 -07:00
Michael Crosby
2d538dc80d
Update for nsenter
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-05 14:31:16 -07:00
Michael Crosby
4e51c8b41f
Update nsinit to be nicer to work with and test
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-05 14:13:02 -07:00
Michael Crosby
ed7f4a0f6d
Rename nsinit package to namespaces in libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 15:47:57 -07:00
Michael Crosby
5db18f2d5d
Update wait calls to call Wait on Command
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-27 13:38:24 -07:00
Erik Hollensbe
e0b1546d8b
libcontainer/nsinit: remove Wait call from Exec and Kill from Attach in tty_term.go
...
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-05-27 12:26:56 -07:00
Erik Hollensbe
40b9c5564f
Add Wait() calls in the appropriate spots
...
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-05-27 12:26:56 -07:00
Bernerd Schaefer
98b3daa8dd
nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL
...
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-05-16 13:48:41 +02:00
Michael Crosby
3ce347c35f
Move cgroups package into libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-14 15:21:44 -07:00
Michael Crosby
6c1bf629ef
Improve libcontainer namespace and cap format
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-05 12:34:21 -07:00