Tonis Tiigi
bc38c9d1b0
Add pause/resume commands
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-18 13:37:36 -07:00
Mrunal Patel
4a478a9775
Merge pull request #209 from rajasec/tmpfsunmount
...
make localtest fills up /tmp with /tmp/libcontainer
2015-08-18 10:24:44 -07:00
Mrunal Patel
ee3ebc9842
Merge pull request #197 from laijs/kill-default
...
Add the default signal (SIGTERM) for runc kill
2015-08-17 20:28:49 -07:00
rajasec
8cdc409715
Fixing tmpfs
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-17 06:22:48 +05:30
Shijiang Wei
f0679089b9
Ensure the cleanup jobs in the deferrer are executed on error
...
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2015-08-16 12:29:04 +08:00
Michael Chase-Salerno
9bc81d1699
Fixing netlink build error on ppc64le with gccgo
...
Again. It looks like a build tag was somehow dropped between
the PR here: https://github.com/docker/libcontainer/pull/625
and the move to runc.
Signed-off-by: Christy Perez <clnperez@linux.vnet.ibm.com>
2015-08-13 17:52:47 -05:00
Matthew Heon
a6b73dbc73
Remove Seccomp build tag to fix godep
...
Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-13 15:23:43 -04:00
Lai Jiangshan
6abd42c1b6
Add the default signal (SIGTERM) for runc kill
...
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-08-13 23:42:54 +08:00
Matthew Heon
59264040bd
Update tests to not error on library v2.2.0 and lower
...
As v2.1.0 is no longer required for successful testing, do not build it in the
Dockerfile - instead just use the version Ubuntu ships.
Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-13 09:36:21 -04:00
Matthew Heon
8da24a5447
Update vendored Libseccomp bindings
...
Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-13 09:36:09 -04:00
Matthew Heon
2ae581ae62
Convert Seccomp support to use Libseccomp
...
This removes the existing, native Go seccomp filter generation and replaces it
with Libseccomp. Libseccomp is a C library which provides architecture
independent generation of Seccomp filters for the Linux kernel.
This adds a dependency on v2.2.1 or above of Libseccomp.
Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-13 07:56:27 -04:00
Mrunal Patel
744a6b0e7b
Merge pull request #196 from laijs/simplify-return
...
Simplify the return on process wait
2015-08-12 21:17:35 -07:00
Lai Jiangshan
e8817e1104
Simplify the return on process wait
...
Simplify the code introduced by the commit d1f0d5705deb:
Return actual ProcessState on Wait error
Cc: Alexander Morozov <lk4d4@docker.com>
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-08-12 22:37:34 +08:00
Alexander Morozov
2b28b3c276
Always use cgroup root of current process
...
Because for host PID namespace /proc/1/cgroup can point to whole other
world of cgroups.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-11 18:04:59 -07:00
Alexander Morozov
5aa6005498
Revert "Fix cgroup parent searching"
...
This reverts commit 2f9052ca29
.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-11 18:04:55 -07:00
Tonis Tiigi
b5eed4a246
Update runc to use device structs from updated spec
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-11 14:24:00 -07:00
Tonis Tiigi
0f99c20fd0
Update specs
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-11 13:50:57 -07:00
Alexander Morozov
15c709ed73
Merge pull request #192 from fabiokung/cgroup-per-container
...
container id is the cgroup name
2015-08-10 20:40:57 -07:00
Fabio Kung
85f40c2bc7
container id is the cgroup name
...
Without this, multiple runc containers can accidentally share the same cgroup(s)
(and change each other's limits), when runc is invoked from the same directory
(i.e.: same cwd on multiple runc executions).
After these changes, each runc container will run on its own cgroup(s). Before,
the only workaround was to invoke runc from an unique (temporary?) cwd for each
container.
Common cgroup configuration (and hierarchical limits) can be set by having
multiple runc containers share the same cgroup parent, which is the cgroup of
the process executing runc.
Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
2015-08-10 16:41:39 -07:00
Mrunal Patel
d90058ced8
Merge pull request #188 from duglin/UpdateUsage
...
Minor update to usage/help text
2015-08-10 16:32:36 -07:00
Michael Crosby
a96723f922
Merge pull request #191 from LK4D4/fix_cgroup_parent
...
Fix cgroup parent searching
2015-08-10 17:41:24 -04:00
Alexander Morozov
2f9052ca29
Fix cgroup parent searching
...
I had pretty convenient input data to miss this bug.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-10 14:30:05 -07:00
Doug Davis
88de2aee5a
Minor update to usage/help text
...
Seemed a little out of date
Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-08-10 12:56:53 -07:00
Michael Crosby
9be9157fc5
Merge pull request #182 from willmtemple/master
...
Change example JSON to refer to "pid" namespace rather than "process."
2015-08-05 14:18:42 -04:00
William Temple
a5d98a64e0
Changed README.md to refer to "pid" namespace rather than "process."
...
Signed-off-by: William Temple <wtemple@redhat.com>
2015-08-05 14:09:53 -04:00
rajasec
24f7a10a93
Adding securityfs mount
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-05 16:50:08 +05:30
Michael Crosby
bdd67b9029
Merge pull request #180 from LK4D4/rename_proc_ns
...
Rename process namespace to pid
2015-08-04 17:49:46 -04:00
Michael Crosby
765fa4a34e
Merge pull request #181 from mrunalp/fixes
...
Fix minor stylistic issues
2015-08-04 17:49:33 -04:00
Mrunal Patel
f3a3025933
Fix minor stylistic issues
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-04 17:44:45 -04:00
Alexander Morozov
6d1e6a17e1
Rename process namespace to pid
...
It's "pid" in opencontainers/specs
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-04 14:12:21 -07:00
Michael Crosby
a28f627c39
Merge pull request #96 from mrunalp/dev_mount_fix
...
Don't make modifications to /dev when it is bind mounted
2015-08-04 17:07:03 -04:00
Mrunal Patel
c9d5850629
Don't make modifications to /dev there are no devices in the configuration
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-04 16:57:29 -04:00
Mrunal Patel
aa6aa41205
Merge pull request #178 from crosbymichael/runc-kill
...
Runc kill
2015-08-04 11:47:27 -07:00
Michael Crosby
fbb8d3e8fe
Add parse signal function for runc kill
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-04 11:35:13 -07:00
Alexander Morozov
53138e8289
Merge pull request #174 from crosbymichael/restore-signal-handler
...
Use signal handler for restore
2015-08-04 11:26:54 -07:00
Alexander Morozov
072fa6fdcc
Merge pull request #175 from crosbymichael/container-signal
...
Add signal API to Container interface
2015-08-04 08:40:10 -07:00
Michael Crosby
a5ef75b681
Add signal API to Container interface
...
This adds a `Signal()` method to the container interface so that the
initial process can be signaled after a Load or operation. It also
implements signaling the init process from a nonChildProcess.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-03 17:07:29 -07:00
Michael Crosby
2a94a930e1
Use signal handler for restore
...
There was previously a memory issue in the signal handler that showed up
when using restore. This has been fixed, therefore, restore can use the
signal handler.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-03 16:27:56 -07:00
Mrunal Patel
ce0a339632
Merge pull request #166 from gitido/fixes
...
Go1.5 compatibility fix
2015-08-03 13:51:26 -07:00
Michael Crosby
76e706f856
Merge pull request #151 from LK4D4/use_proc_exe
...
Use /proc/self/exe as default for InitPath
2015-08-03 16:15:33 -04:00
Michael Crosby
b1821a4edc
Merge pull request #150 from runcom/update-go-systemd-dbus-v3
...
Update go systemd dbus v3
2015-08-03 16:11:52 -04:00
Alexander Morozov
44d8d2871a
Merge pull request #173 from mrunalp/update_spec
...
Update spec
2015-08-03 12:45:29 -07:00
Mrunal Patel
5f65056c89
Update github.com/opecontainers/specs to 5b31bb2b77
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Make runc changes required to pull in the updated spec
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-03 15:33:48 -04:00
Ido Yariv
86a85582d2
Don't set /proc/<PID>/setgroups to deny in Go1.5
...
A boolean field named GidMappingsEnableSetgroups was added to
SysProcAttr in Go1.5. This field determines the value of the process's
setgroups proc entry.
Since the default is to set the entry to 'deny', calling setgroups will
fail on systems running kernels 3.19+.
Set GidMappingsEnableSetgroups to true so setgroups wont be set to
'deny'.
Signed-off-by: Ido Yariv <ido@wizery.com>
2015-08-03 14:59:15 -04:00
Mrunal Patel
2fbe13aac3
Merge pull request #172 from huikang/dmsg-invalid-criu-path
...
Add debug message when unable to execute criu
2015-08-03 10:57:12 -07:00
Hui Kang
0f66ff921a
Add debug message when unable to execute criu
...
Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
2015-08-03 17:09:45 +00:00
rajasec
5a4e4dad79
container kill support
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-03 16:19:07 +05:30
rajasec
067890ce20
container kill support
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-08-03 16:12:20 +05:30
Alexander Morozov
0518d5aaf9
Merge pull request #168 from runcom/remove-ref-to-nsinit
...
Remove reference to nsinit
2015-08-02 10:17:59 -07:00
Antonio Murdaca
9caef6c8c4
Remove reference to nsinit
...
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-08-02 12:00:39 +02:00