Chun Chen
2ee9cbbd12
It's /proc/stat, not /proc/stats
...
Also adds /proc/net/dev to the valid mount destination white list
Signed-off-by: Chun Chen <ramichen@tencent.com>
2016-02-16 15:59:27 +08:00
rajasec
b3661f4115
Removing tty0 tty1 from allowed devices
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-16 11:21:00 +05:30
rajasec
4cd31f63c5
Change softlink name to /dev/core
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-15 17:52:19 +05:30
Qiang Huang
bda7742019
Cleanup systemd apply
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-02-15 15:56:59 +08:00
Qiang Huang
7b88f34d6e
Remove unneeded cgroups path removal
...
It's handled in `destroy()`, no need to do this in
`Apply()`. I found this because systemd cgroup didn't
do this removal and it works well.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-02-15 11:22:13 +08:00
rajasec
321b842404
panic during start of failed detached container
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Adding nil check before closing tty for restore operation
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-14 19:11:09 +05:30
Aleksa Sarai
21dc85c4b8
libcontainer: cgroups: fs: add cgroup path safety unit tests
...
In order to avoid problems with security regressions going unnoticed,
add some unit tests that should make sure security regressions in cgroup
path safety cause tests to fail in runC.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-02-14 00:37:21 +11:00
Aleksa Sarai
b8dc5213e8
libcontainer: cgroups: fs: fix path safety
...
Ensure that path safety is maintained, this essentially reapplies
c0cad6aa5e
("cgroups: fs: fix cgroup.Parent path sanitisation"), which
was accidentally removed in 256f3a8ebc
("Add support for CgroupsPath
field").
Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-02-14 00:37:21 +11:00
Aleksa Sarai
90140a5688
libcontainer: cgroups: fs: fix innerPath
...
Fix m.Path legacy code to actually work.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-02-14 00:37:21 +11:00
Michael Crosby
361f9b7921
Merge pull request #550 from rajasec/restoretty
...
Adding tty closure for restore operation
2016-02-11 10:27:58 -08:00
Aleksa Sarai
1f8711751e
libcontainer: integration: fix flaky pids limit tests
...
Because we are implemented in Go, the number of pids present in a
container is not very well-defined (other than it not being /much/
bigger than the limit you'd want to set). As a result, we need to make
the tests a bit less flaky in this regard.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-02-12 00:14:22 +11:00
Alexander Morozov
1a124e9c2d
Merge pull request #549 from crosbymichael/tty-close
...
Close tty on error before handler
2016-02-10 14:11:47 -08:00
Michael Crosby
45675581c1
Close tty on error before handler
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-10 13:41:35 -08:00
Alexander Morozov
4678b01e64
Merge pull request #497 from mlaventure/cgroups-path
...
Replace Cgroup Parent and Name fields by CgroupsPath
2016-02-10 13:00:49 -08:00
Kenfe-Mickael Laventure
256f3a8ebc
Add support for CgroupsPath field
...
Fixes #396
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-02-10 11:26:51 -08:00
Michael Crosby
71db82baef
Merge pull request #545 from rajasec/specupdateforpids
...
Adding pids subsystem in SPEC.md
2016-02-10 11:17:15 -08:00
Mrunal Patel
4d9d4866b5
Merge pull request #537 from duglin/ReorgContainer
...
Create some util funcs that are common between start and exec
2016-02-10 23:00:20 +05:30
rajasec
a7ee55b716
Adding tty closure for restore operation
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-10 09:48:12 +05:30
Mrunal Patel
bfd3345be9
Merge pull request #541 from crosbymichael/ids
...
Require container id as arg1
2016-02-10 08:14:36 +05:30
Mrunal Patel
025a84a2fb
Merge pull request #542 from runcom/use-coreos-systemd
...
*: use coreos/go-systemd/activation for socket activation
2016-02-10 08:07:21 +05:30
Kenfe-Mickael Laventure
dceeb0d0df
Move pathClean to libcontainer/utils.CleanPath
...
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-02-09 16:21:58 -08:00
Antonio Murdaca
0dea09bce7
*: use coreos/go-systemd/activation for socket activation
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-02-09 23:44:09 +01:00
Michael Crosby
8eb1dcb916
Bump to version 0.0.8
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-09 11:35:55 -08:00
Michael Crosby
a7278cad98
Require containerd id as arg 1
...
Closes #532
This requires the container id to always be passed to all runc commands
as arg one on the cli. This was the result of the last OCI meeting and
how operations work with the spec.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-09 11:20:55 -08:00
Alexander Morozov
8e8d01d38d
Merge pull request #536 from crosbymichael/update-spec
...
Update spec to v0.3.0
2016-02-09 10:53:46 -08:00
Doug Davis
ad26ef1afc
Create some util funcs that are common between start and exec
...
and it'll really help my start/create PR when I need to rebase :-)
Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-02-09 10:22:44 -08:00
rajasec
241e66dbe7
Adding pids subsystem in SPEC.md
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-09 20:42:11 +05:30
Michael Crosby
ee1aac06a0
Merge pull request #540 from rajasec/specupdate
...
Fixing capabilities name in SPEC.md
2016-02-08 13:15:46 -08:00
Michael Crosby
3baae2d525
Update runc for devices changes
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-08 13:15:12 -08:00
Michael Crosby
fb3f69e097
Merge pull request #539 from rajasec/resume-usage
...
Fixing usage in resume command
2016-02-08 13:13:08 -08:00
rajasec
f1cde33ed7
Fixing capabilities name in SPEC.md
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-07 21:57:28 +05:30
rajasec
7b24b9a826
Fixing usage in resume command
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-07 19:27:58 +05:30
Mike Brown
c2c0458598
merges latest spec with runc
...
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-05 12:47:09 -08:00
Alexander Morozov
4f601205d4
Merge pull request #525 from crosbymichael/exec
...
Load process.json for exec and add detach
2016-02-05 12:37:56 -08:00
Michael Crosby
fbc74c0eba
Add detach and pid-file to restore
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:56:21 -08:00
Michael Crosby
92ab7309d5
Add detach to exec
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:53:45 -08:00
Michael Crosby
e838be38d2
Add load process.json for exec command
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:53:45 -08:00
Michael Crosby
9c9f8eeb4b
Merge pull request #488 from stefanberger/new_session_keyring
...
Create a new session key for every container
2016-02-05 10:48:26 -08:00
Michael Crosby
106e4777f7
Merge pull request #493 from rajasec/processops
...
Added error string for process operations
2016-02-05 10:44:33 -08:00
Stefan Berger
ad22e23aee
Create a new session key for every container
...
Create a new session key ring '_ses' for every container. This avoids sharing
the key structure with the process that created the container and the
container inherits from.
This patch fixes it init and exec.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2016-02-04 22:05:50 -05:00
Michael Crosby
5fe15a53b6
Merge pull request #496 from LK4D4/remove_sscanf
...
Remove usage of GetMounts from GetCgroupMounts
2016-02-04 14:55:41 -08:00
Michael Crosby
67cca27798
Merge pull request #529 from mlaventure/memory-limit-stat
...
Add limit value to memory stats
2016-02-04 11:21:35 -08:00
rajasec
298cd1b285
Added error string for process operations
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Changing the error code string name as per review comments
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-04 11:54:50 +05:30
Qiang Huang
d66c9632bf
Merge pull request #524 from adfernandes/master
...
Add a compatibility header for CentOS/RHEL 6
2016-02-04 14:24:01 +08:00
Mrunal Patel
11a238b891
Merge pull request #522 from crosbymichael/created
...
Update list command and created methods
2016-02-04 09:47:10 +05:30
Mrunal Patel
98f72fe399
Merge pull request #521 from crosbymichael/version-validation
...
Remove version check in runc
2016-02-04 09:45:02 +05:30
Kenfe-Mickael Laventure
7a12c92dbe
Add limit value to memory stats
...
The value is populated with the content of `limit_in_bytes`.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-02-03 11:54:09 -08:00
Alexander Morozov
97146f4dc6
Remove usage of GetMounts from GetCgroupMounts
...
GetMounts is very cpu-expensive. I'll change other funcs in this package
to reuse code from GetCgroupMounts later.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-02-01 11:00:23 -08:00
Qiang Huang
13e8f6e589
Remove procStart
...
It's never used and not needed. Our pipe is created with
syscall.SOCK_CLOEXEC, so pipe will be closed once container
process executed successfully, parent process will read EOF
and continue. If container process got error before executed,
we'll write procError to sync with parent.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-30 13:41:21 +08:00
Andrew Fernandes
3c2e77eed5
Add a compatibility header for CentOS/RHEL 6
...
Signed-off-by: Andrew Fernandes <andrew@fernandes.org>
2016-01-29 20:46:50 +00:00