Commit Graph

70 Commits

Author SHA1 Message Date
Kir Kolyshkin 1b84a21c51 Don't print errors twice
Function fatal() and method (*FatalWriter).Write log the error to the
logger when prints it to stderr just be be sure. Since by default the
logger is configured to write to os.Stderr, we get something like this
as a result:

> # ./runc checkpoint xx5
> ERRO[0000] Container cannot be checkpointed in stopped state
> Container cannot be checkpointed in stopped state

or

> # ./runc sdf
> ERRO[0000] No help topic for 'sdf'
> No help topic for 'sdf'

This is very annoying.

To fix, check if logrus is logging into stderr, and if it is, skip
the second write.

After this commit:

> # ./runc sdf
> ERRO[0000] No help topic for 'sdf'

> [root@kir-rhat runc]# ./runc --log=out sdf
> No help topic for 'sdf'

Note that now the logrus prefix might be in or out, depending on whether
logrus is logging to stderr or not. This is not perfect, but better than
the old behavior.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-05-02 18:13:07 -07:00
lifubang 7d6e091fe0 fix error when there is --root and XDG_RUNTIME_DIR env
Signed-off-by: lifubang <lifubang@acmcoder.com>
Signed-off-by: Lifubang <lifubang@acmcoder.com>
Signed-off-by: lifubang <lifubang@acmcoder.com>
Signed-off-by: Lifubang <lifubang@acmcoder.com>
2020-03-12 10:16:53 +08:00
Giuseppe Scrivano 8383c724a4
main: not reopen /dev/stderr
commit a146081828 introduced a change to
write to /dev/stderr by default.  Do not reopen the file in this case,
but use directly the fd 2.

Closes: https://github.com/opencontainers/runc/issues/2056
Closes: https://github.com/kubernetes/kubernetes/issues/77615
Closes: https://github.com/cri-o/cri-o/issues/2368

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-05-14 21:56:41 +02:00
Georgi Sabev a146081828 Write logs to stderr by default
Minor refactoring to use the filePair struct for both init sock and log pipe

Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com>
Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>
2019-04-24 15:18:14 +03:00
Georgi Sabev ba3cabf932 Improve nsexec logging
* Simplify logging function
* Logs contain __FUNCTION__:__LINE__
* Bail uses write_log

Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com>
Co-authored-by: Danail Branekov <danailster@gmail.com>
Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>
2019-04-22 17:53:52 +03:00
Danail Branekov c486e3c406 Address comments in PR 1861
Refactor configuring logging into a reusable component
so that it can be nicely used in both main() and init process init()

Co-authored-by: Georgi Sabev <georgethebeatle@gmail.com>
Co-authored-by: Giuseppe Capizzi <gcapizzi@pivotal.io>
Co-authored-by: Claudia Beresford <cberesford@pivotal.io>
Signed-off-by: Danail Branekov <danailster@gmail.com>
2019-04-04 14:57:28 +03:00
Marco Vedovati 9a599f62fb Support for logging from children processes
Add support for children processes logging (including nsexec).
A pipe is used to send logs from children to parent in JSON.
The JSON format used is the same used by logrus JSON formatted,
i.e. children process can use standard logrus APIs.

Signed-off-by: Marco Vedovati <mvedovati@suse.com>
2019-04-04 14:53:23 +03:00
Akihiro Suda 06f789cf26 Disable rootless mode except RootlessCgMgr when executed as the root in userns
This PR decomposes `libcontainer/configs.Config.Rootless bool` into `RootlessEUID bool` and
`RootlessCgroups bool`, so as to make "runc-in-userns" to be more compatible with "rootful" runc.

`RootlessEUID` denotes that runc is being executed as a non-root user (euid != 0) in
the current user namespace. `RootlessEUID` is almost identical to the former `Rootless`
except cgroups stuff.

`RootlessCgroups` denotes that runc is unlikely to have the full access to cgroups.
`RootlessCgroups` is set to false if runc is executed as the root (euid == 0) in the initial namespace.
Otherwise `RootlessCgroups` is set to true.
(Hint: if `RootlessEUID` is true, `RootlessCgroups` becomes true as well)

When runc is executed as the root (euid == 0) in an user namespace (e.g. by Docker-in-LXD, Podman, Usernetes),
`RootlessEUID` is set to false but `RootlessCgroups` is set to true.
So, "runc-in-userns" behaves almost same as "rootful" runc except that cgroups errors are ignored.

This PR does not have any impact on CLI flags and `state.json`.

Note about CLI:
* Now `runc --rootless=(auto|true|false)` CLI flag is only used for setting `RootlessCgroups`.
* Now `runc spec --rootless` is only required when `RootlessEUID` is set to true.
  For runc-in-userns, `runc spec`  without `--rootless` should work, when sufficient numbers of
  UID/GID are mapped.

Note about `$XDG_RUNTIME_DIR` (e.g. `/run/user/1000`):
* `$XDG_RUNTIME_DIR` is ignored if runc is being executed as the root (euid == 0) in the initial namespace, for backward compatibility.
  (`/run/runc` is used)
* If runc is executed as the root (euid == 0) in an user namespace, `$XDG_RUNTIME_DIR` is honored if `$USER != "" && $USER != "root"`.
  This allows unprivileged users to allow execute runc as the root in userns, without mounting writable `/run/runc`.

Note about `state.json`:
* `rootless` is set to true when `RootlessEUID == true && RootlessCgroups == true`.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-09-07 15:05:03 +09:00
Akihiro Suda f103de57ec main: support rootless mode in userns
Running rootless containers in userns is useful for mounting
filesystems (e.g. overlay) with mapped euid 0, but without actual root
privilege.

Usage: (Note that `unshare --mount` requires `--map-root-user`)

  user$ mkdir lower upper work rootfs
  user$ curl http://dl-cdn.alpinelinux.org/alpine/v3.7/releases/x86_64/alpine-minirootfs-3.7.0-x86_64.tar.gz | tar Cxz ./lower || ( true; echo "mknod errors were ignored" )
  user$ unshare --mount --map-root-user
  mappedroot# runc spec --rootless
  mappedroot# sed -i 's/"readonly": true/"readonly": false/g' config.json
  mappedroot# mount -t overlay -o lowerdir=./lower,upperdir=./upper,workdir=./work overlayfs ./rootfs
  mappedroot# runc run foo

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-05-10 12:16:43 +09:00
Aleksa Sarai 4f4af7bfde
rootless: set sticky bit if using XDG_RUNTIME_DIR
According to the XDG specification[1], in order to avoid the possibility of
our container states being auto-pruned every 6 hours we need to set the
sticky bit. Rather than handling all of the users of --root, we just
create the directory and set the sticky bit during detection, as it's
not expensive.

[1]: https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2018-03-19 11:02:31 +11:00
Giuseppe Scrivano fdf85e35b3
main: honor XDG_RUNTIME_DIR for rootless containers
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2017-09-09 12:44:34 +10:00
Steven Hartland ee4f68e302 Updated logrus to v1
Updated logrus to use v1 which includes a breaking name change Sirupsen -> sirupsen.

This includes a manual edit of the docker term package to also correct the name there too.

Signed-off-by: Steven Hartland <steven.hartland@multiplay.co.uk>
2017-07-19 15:20:56 +00:00
Kenfe-Mickael Laventure 294d24fb1a Ensure we log into logrus on command error
`urfave/cli` now takes upon itself to log the error returned by the
command action directly. This means that by default the `--log` option
was ignored upon error.

This commit ensure that `urfave/cli.ErrWriter` will use logrus

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-10-03 08:01:09 -07:00
Mrunal Patel a753b06645 Replace github.com/codegangsta/cli by github.com/urfave/cli
The package got moved to a different repository

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-06-06 11:47:20 -07:00
rajasec 0307c88ee9 Updating README for starting the container
Signed-off-by: rajasec <rajasec79@gmail.com>

Updating README for starting the container

Signed-off-by: rajasec <rajasec79@gmail.com>

Updating README files for container start

Signed-off-by: rajasec <rajasec79@gmail.com>

updating README files for container start

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-06-05 14:41:58 +05:30
Michael Crosby c5060ff303 Merge pull request #827 from crosbymichael/create-start
Implement create and start
2016-06-03 10:38:03 -07:00
Michael Crosby 3fe7d7f31e Add create and start command for container lifecycle
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Michael Crosby 75fb70be01 Rename start to run
`runc run` is the command that will create and start a container in one
single command.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Qiang Huang 152ee95380 Add VERSION file to contain the version info
We need this because we need to get version info out of
go code, eg. build rpm package.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-30 10:24:22 +08:00
Zhao Lei f79716d6cf Unify log setting's error output
When we set a wrong --log-format value, runc exit without any
message:
 # ./runc --log-format aaa list
 #
It is again "no news is good news" rule.

And it is not unified with the case when we set a wrong --log
value:
 # ./runc --log / list
 ERRO[0000] open /: is a directory
 open /: is a directory
 #

This patch unified action for above two error-setting.

After patch:
 # ./runc --log-format aaa list
 unknown log-format: "aaa"
 #

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
2016-05-25 16:10:30 +08:00
Kenfe-Mickael Laventure 4190e5a920 Add new `update` command to runc.
This command allow users to update some of a container cgroups
parameters.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Mrunal Patel 8075a9ee6f Change OCF to OCI in help string and man page.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-05-03 16:05:20 -07:00
Michael Crosby e559f7aebb Merge pull request #767 from hqhq/hq_add_ps
Add ps command
2016-04-25 14:51:43 -07:00
Michael Crosby baf6536d62 Bump to 0.1.1
This includes a fix for selinux mount labels in the spec.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 14:18:35 -07:00
Qiang Huang 8cf9ca4bcf Add ps command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-22 08:06:35 +08:00
Michael Crosby 8e129e0972 Update runc to 0.1.0
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-12 14:12:08 -07:00
Michael Crosby f417e993d0 Update spec to v0.5.0
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-12 14:11:40 -07:00
Mrunal Patel 24142a8514 Add a flag to enable systemd cgroups support in runc
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-22 17:07:57 -07:00
Michael Crosby 8f206929b2 Ensure logs are flushed
This ensures that anything written to the logs are synced as they
happen.

This also changes the error message of the libcontainer error.  The
original idea was to have this extra information in the message but it
makes it hard to parse and if the caller needed this information they
can just get it from the error type.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-14 11:06:16 -07:00
Michael Crosby beb3e5e71a Add gitcommit to runc builds
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-11 15:20:00 -08:00
Michael Crosby 94dc520a57 Bump runc to 0.0.9
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:35:57 -08:00
Michael Crosby 47eaa08f5a Update runc usage for new specs changes
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:18:39 -08:00
Michael Crosby 044e298507 Improve error handling in runc
The error handling on the runc cli is currenly pretty messy because
messages to the user are split between regular stderr format and logrus
message format.  This changes all the error reporting to the cli to only
output on stderr and exit(1) for consumers of the api.

By default logrus logs to /dev/null so that it is not seen by the user.
If the user wants extra and/or structured loggging/errors from runc they
can use the `--log` flag to provide a path to the file where they want
this information.  This allows a consistent behavior on the cli but
extra power and information when debugging with logs.

This also includes a change to enable the same logging information
inside the container's init by adding an init cli command that can share
the existing flags for all other runc commands.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-09 11:08:30 -08:00
Mike Brown 171e8f4818 adds the spec required state command
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-03-01 14:11:46 -06:00
Mike Brown f4e37ab63e updating usage for runc and runc commands
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-17 09:00:39 -06:00
Michael Crosby 8eb1dcb916 Bump to version 0.0.8
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-09 11:35:55 -08:00
Michael Crosby a7278cad98 Require containerd id as arg 1
Closes #532

This requires the container id to always be passed to all runc commands
as arg one on the cli.  This was the result of the last OCI meeting and
how operations work with the spec.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-09 11:20:55 -08:00
Mike Brown c2c0458598 merges latest spec with runc
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-05 12:47:09 -08:00
Michael Crosby 8dfa57234c Remove double exec from command list
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-28 14:16:19 -08:00
Michael Crosby bb6a747825 Add detach to runc
By adding detach to runc the container process is the only thing running
on the system is the containers process.
This allows better usage of memeory and no runc process being long
lived.  With this addition you also need a delete command because the
detached container will not be able to remove state and the left over
cgroups directories.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-28 13:35:13 -08:00
Michael Crosby 480e5f4416 Merge pull request #507 from mikebrow/runc-ls-command
adds list command
2016-01-28 13:20:07 -08:00
Mike Brown 4c871267db adds list command, and a timestamp in the container state
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-01-28 14:21:06 -06:00
Alexander Morozov fb2718f8d0 Bump runc version to 0.0.7
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-01-25 13:47:54 -08:00
Michael Crosby 59f3066c39 Merge pull request #405 from marcosnils/spec_version
Add spec version to runC version cli
2016-01-22 13:55:28 -08:00
xlgao-zju 3ff8e80662 update version for release 0.0.6
Signed-off-by: xlgao-zju <xlgao@zju.edu.cn>
2015-12-16 23:25:19 +08:00
Tianon Gravi e001f947d7 Bump version constant to 0.0.5 in preparation for a new release
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-11-20 13:42:42 -08:00
Marcos Lilljedahl c38fee100d Add spec version to runC version cli
Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
2015-11-17 19:14:02 -03:00
Mike Brown 8b19581694 adding support for --bundle -b to start, restore, and spec; fixes issue #310
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2015-11-13 09:13:57 -06:00
Eric Myhre 2add2bc41a Add ability to use json structured logging format.
Signed-off-by: Eric Myhre <hash@exultant.us>
2015-10-13 22:57:07 -05:00
Lai Jiangshan ac56948250 update the command usage of `runc`
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-09-16 09:49:06 +08:00