Commit Graph

1750 Commits

Author SHA1 Message Date
Tonis Tiigi bc38c9d1b0 Add pause/resume commands
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-18 13:37:36 -07:00
Mrunal Patel 4a478a9775 Merge pull request #209 from rajasec/tmpfsunmount
make localtest fills up /tmp with /tmp/libcontainer
2015-08-18 10:24:44 -07:00
Mrunal Patel ee3ebc9842 Merge pull request #197 from laijs/kill-default
Add the default signal (SIGTERM) for runc kill
2015-08-17 20:28:49 -07:00
rajasec 8cdc409715 Fixing tmpfs
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-17 06:22:48 +05:30
Shijiang Wei f0679089b9 Ensure the cleanup jobs in the deferrer are executed on error
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2015-08-16 12:29:04 +08:00
Michael Chase-Salerno 9bc81d1699 Fixing netlink build error on ppc64le with gccgo
Again. It looks like a build tag was somehow dropped between
the PR here: https://github.com/docker/libcontainer/pull/625
and the move to runc.

Signed-off-by: Christy Perez <clnperez@linux.vnet.ibm.com>
2015-08-13 17:52:47 -05:00
Matthew Heon a6b73dbc73 Remove Seccomp build tag to fix godep
Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-13 15:23:43 -04:00
Lai Jiangshan 6abd42c1b6 Add the default signal (SIGTERM) for runc kill
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-08-13 23:42:54 +08:00
Matthew Heon 59264040bd Update tests to not error on library v2.2.0 and lower
As v2.1.0 is no longer required for successful testing, do not build it in the
Dockerfile - instead just use the version Ubuntu ships.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-13 09:36:21 -04:00
Matthew Heon 8da24a5447 Update vendored Libseccomp bindings
Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-13 09:36:09 -04:00
Matthew Heon 2ae581ae62 Convert Seccomp support to use Libseccomp
This removes the existing, native Go seccomp filter generation and replaces it
with Libseccomp. Libseccomp is a C library which provides architecture
independent generation of Seccomp filters for the Linux kernel.

This adds a dependency on v2.2.1 or above of Libseccomp.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-13 07:56:27 -04:00
Mrunal Patel 744a6b0e7b Merge pull request #196 from laijs/simplify-return
Simplify the return on process wait
2015-08-12 21:17:35 -07:00
Lai Jiangshan e8817e1104 Simplify the return on process wait
Simplify the code introduced by the commit d1f0d5705deb:
    Return actual ProcessState on Wait error

Cc: Alexander Morozov <lk4d4@docker.com>
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-08-12 22:37:34 +08:00
Alexander Morozov 2b28b3c276 Always use cgroup root of current process
Because for host PID namespace /proc/1/cgroup can point to whole other
world of cgroups.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-11 18:04:59 -07:00
Alexander Morozov 5aa6005498 Revert "Fix cgroup parent searching"
This reverts commit 2f9052ca29.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-11 18:04:55 -07:00
Tonis Tiigi b5eed4a246 Update runc to use device structs from updated spec
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-11 14:24:00 -07:00
Tonis Tiigi 0f99c20fd0 Update specs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-11 13:50:57 -07:00
Alexander Morozov 15c709ed73 Merge pull request #192 from fabiokung/cgroup-per-container
container id is the cgroup name
2015-08-10 20:40:57 -07:00
Fabio Kung 85f40c2bc7 container id is the cgroup name
Without this, multiple runc containers can accidentally share the same cgroup(s)
(and change each other's limits), when runc is invoked from the same directory
(i.e.: same cwd on multiple runc executions).

After these changes, each runc container will run on its own cgroup(s). Before,
the only workaround was to invoke runc from an unique (temporary?) cwd for each
container.

Common cgroup configuration (and hierarchical limits) can be set by having
multiple runc containers share the same cgroup parent, which is the cgroup of
the process executing runc.

Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
2015-08-10 16:41:39 -07:00
Mrunal Patel d90058ced8 Merge pull request #188 from duglin/UpdateUsage
Minor update to usage/help text
2015-08-10 16:32:36 -07:00
Michael Crosby a96723f922 Merge pull request #191 from LK4D4/fix_cgroup_parent
Fix cgroup parent searching
2015-08-10 17:41:24 -04:00
Alexander Morozov 2f9052ca29 Fix cgroup parent searching
I had pretty convenient input data to miss this bug.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-10 14:30:05 -07:00
Doug Davis 88de2aee5a Minor update to usage/help text
Seemed a little out of date

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-08-10 12:56:53 -07:00
Michael Crosby 9be9157fc5 Merge pull request #182 from willmtemple/master
Change example JSON to refer to "pid" namespace rather than "process."
2015-08-05 14:18:42 -04:00
William Temple a5d98a64e0 Changed README.md to refer to "pid" namespace rather than "process."
Signed-off-by: William Temple <wtemple@redhat.com>
2015-08-05 14:09:53 -04:00
rajasec 24f7a10a93 Adding securityfs mount
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-05 16:50:08 +05:30
Michael Crosby bdd67b9029 Merge pull request #180 from LK4D4/rename_proc_ns
Rename process namespace to pid
2015-08-04 17:49:46 -04:00
Michael Crosby 765fa4a34e Merge pull request #181 from mrunalp/fixes
Fix minor stylistic issues
2015-08-04 17:49:33 -04:00
Mrunal Patel f3a3025933 Fix minor stylistic issues
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-04 17:44:45 -04:00
Alexander Morozov 6d1e6a17e1 Rename process namespace to pid
It's "pid" in opencontainers/specs

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-04 14:12:21 -07:00
Michael Crosby a28f627c39 Merge pull request #96 from mrunalp/dev_mount_fix
Don't make modifications to /dev when it is bind mounted
2015-08-04 17:07:03 -04:00
Mrunal Patel c9d5850629 Don't make modifications to /dev there are no devices in the configuration
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-04 16:57:29 -04:00
Mrunal Patel aa6aa41205 Merge pull request #178 from crosbymichael/runc-kill
Runc kill
2015-08-04 11:47:27 -07:00
Michael Crosby fbb8d3e8fe Add parse signal function for runc kill
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-04 11:35:13 -07:00
Alexander Morozov 53138e8289 Merge pull request #174 from crosbymichael/restore-signal-handler
Use signal handler for restore
2015-08-04 11:26:54 -07:00
Alexander Morozov 072fa6fdcc Merge pull request #175 from crosbymichael/container-signal
Add signal API to Container interface
2015-08-04 08:40:10 -07:00
Michael Crosby a5ef75b681 Add signal API to Container interface
This adds a `Signal()` method to the container interface so that the
initial process can be signaled after a Load or operation.  It also
implements signaling the init process from a nonChildProcess.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-03 17:07:29 -07:00
Michael Crosby 2a94a930e1 Use signal handler for restore
There was previously a memory issue in the signal handler that showed up
when using restore.  This has been fixed, therefore, restore can use the
signal handler.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-03 16:27:56 -07:00
Mrunal Patel ce0a339632 Merge pull request #166 from gitido/fixes
Go1.5 compatibility fix
2015-08-03 13:51:26 -07:00
Michael Crosby 76e706f856 Merge pull request #151 from LK4D4/use_proc_exe
Use /proc/self/exe as default for InitPath
2015-08-03 16:15:33 -04:00
Michael Crosby b1821a4edc Merge pull request #150 from runcom/update-go-systemd-dbus-v3
Update go systemd dbus v3
2015-08-03 16:11:52 -04:00
Alexander Morozov 44d8d2871a Merge pull request #173 from mrunalp/update_spec
Update spec
2015-08-03 12:45:29 -07:00
Mrunal Patel 5f65056c89 Update github.com/opecontainers/specs to 5b31bb2b77
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Make runc changes required to pull in the updated spec

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-03 15:33:48 -04:00
Ido Yariv 86a85582d2 Don't set /proc/<PID>/setgroups to deny in Go1.5
A boolean field named GidMappingsEnableSetgroups was added to
SysProcAttr in Go1.5. This field determines the value of the process's
setgroups proc entry.

Since the default is to set the entry to 'deny', calling setgroups will
fail on systems running kernels 3.19+.

Set GidMappingsEnableSetgroups to true so setgroups wont be set to
'deny'.

Signed-off-by: Ido Yariv <ido@wizery.com>
2015-08-03 14:59:15 -04:00
Mrunal Patel 2fbe13aac3 Merge pull request #172 from huikang/dmsg-invalid-criu-path
Add debug message when unable to execute criu
2015-08-03 10:57:12 -07:00
Hui Kang 0f66ff921a Add debug message when unable to execute criu
Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
2015-08-03 17:09:45 +00:00
rajasec 5a4e4dad79 container kill support
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-03 16:19:07 +05:30
rajasec 067890ce20 container kill support
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-03 16:12:20 +05:30
Alexander Morozov 0518d5aaf9 Merge pull request #168 from runcom/remove-ref-to-nsinit
Remove reference to nsinit
2015-08-02 10:17:59 -07:00
Antonio Murdaca 9caef6c8c4 Remove reference to nsinit
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-08-02 12:00:39 +02:00