jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,897 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

2897 Commits

Author SHA1 Message Date
Qiang Huang a08733bd5d Merge pull request #1147 from datawolf/check-pid-file 
Check pid file
 2016-10-26 20:59:40 +08:00
Qiang Huang 157a96a428 Merge pull request #977 from cyphar/nsenter-userns-ordering 
nsenter: guarantee correct user namespace ordering
 2016-10-26 16:45:15 +08:00
Wang Long 2c74f86e23 Employ jq and state command to make sure that pid-file contains the right information 
Signed-off-by: Wang Long <long.wanglong@huawei.com>
 2016-10-25 15:48:38 +08:00
Aleksa Sarai d6b68e8a60
merge branch 'pr-1141' 
LGTMs: @mrunalp @cyphar
Closes #1141
 2016-10-25 16:39:53 +11:00
Aleksa Sarai ae078224fc
merge branch 'pr-1129' 
LGTMs: @mrunalp @cyphar
Closes #1129
 2016-10-25 16:38:01 +11:00
Qiang Huang 4ec570d060 Merge pull request #1138 from gaocegege/fix-config-validator 
docker/docker#27484-check if sysctls are used in host network mode.
 2016-10-25 11:08:51 +08:00
Aleksa Sarai c7ed2244f4
merge branch 'pr-1125' 
LGTMs: @hqhq @mrunalp
Closes #1125
 2016-10-25 10:05:28 +11:00
Mrunal Patel 35f55e6aa8 Merge pull request #1140 from rajasec/ps-bash-completions 
Updating bash completion for ps command
 2016-10-24 09:56:39 -07:00
Mrunal Patel fdfe45b22a Merge pull request #1139 from allencloud/fix-nit-in-stderr-log 
fix nits in stderr log
 2016-10-24 09:56:01 -07:00
Wang Long ba1c0b4fa3 check the arguments for `runc create` 
This patch checks the arguments for command  `runc create`.
the `create` command requires exactly one argument

eg:

root@ubuntu:~# runc create -b /mycontainer/ a
root@ubuntu:~# runc list
ID          PID         STATUS      BUNDLE         CREATED
a           61637       created     /mycontainer   2016-10-20T08:21:20.169810942Z
root@ubuntu:~# runc create -b /mycontainer/ a b
runc: "create" requires exactly one argument
root@ubuntu:~# runc create -b /mycontainer/
runc: "create" requires exactly one argument

Signed-off-by: Wang Long <long.wanglong@huawei.com>
 2016-10-24 11:09:06 +08:00
allencloud f550f04f20 fix nits in stderr log 
Signed-off-by: allencloud <allen.sun@daocloud.io>
 2016-10-23 22:43:53 +08:00
rajasec 4cfbd2555d Small typo in README 
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixing small typo in README

Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-10-23 19:08:17 +05:30
rajasec b2a194f226 Updating bash completion for ps command 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-10-22 21:51:21 +05:30
Qiang Huang 850b9c0b50 Merge pull request #1132 from datawolf/add-integration-test-for-create 
add test cases for create command
 2016-10-22 17:46:33 +08:00
Qiang Huang d15661dc4d Merge pull request #1131 from datawolf/add-integration-test-for-list 
add test cases for list command
 2016-10-22 17:43:04 +08:00
Ce Gao 41c35810f2 add test cases about host ns 
Signed-off-by: Ce Gao <ce.gao@outlook.com>
 2016-10-22 11:31:15 +08:00
Ce Gao bc84f83344 fix docker/docker#27484 
Signed-off-by: Ce Gao <ce.gao@outlook.com>
 2016-10-22 11:22:52 +08:00
Alexander Morozov 1ab9d5e6f4 Merge pull request #845 from mrunalp/cp_tmpfs 
Add support for copying up directories into tmpfs when a tmpfs is mounted over them
 2016-10-21 13:47:16 -07:00
Mrunal Patel c4198ad9af Merge pull request #1134 from WeiZhang555/tiny-refactor 
Some refactor and cleanup
 2016-10-20 15:08:40 -07:00
Mrunal Patel fa5e0cdba2 Merge pull request #1136 from yongtang/27540-exec-state-proc-pid-stat 
Fix issue in `GetProcessStartTime`
 2016-10-20 15:08:01 -07:00
Yong Tang a83f5bac28 Fix issue in `GetProcessStartTime` 
This fix tries to address the issue raised in docker:
https://github.com/docker/docker/issues/27540

The issue was that `GetProcessStartTime` use space `"  "`
to split the `/proc/[pid]/stat` and take the `22`th value.

However, the `2`th value is inside `(` and `)`, and could
contain space. The following are two examples:
```
ubuntu@ubuntu:~/runc$ cat /proc/90286/stat
90286 (bash) S 90271 90286 90286 34818 90286 4194560 1412 1130576 4 0 2 1 2334 438 20 0 1 0 3093098 20733952 823 18446744073709551615 1 1 0 0 0 0 0 3670020 1266777851 0 0 0 17 1 0 0 0 0 0 0 0 0 0 0 0 0 0
ubuntu@ubuntu:~/runc$ cat /proc/89653/stat
89653 (gunicorn: maste) S 89630 89653 89653 0 -1 4194560 29689 28896 0 3 146 32 76 19 20 0 1 0 2971844 52965376 3920 18446744073709551615 1 1 0 0 0 0 0 16781312 137447943 0 0 0 17 1 0 0 0 0 0 0 0 0 0 0 0 0 0
```

This fix fixes this issue by removing the prefix before `)`,
then finding the `20`th value (instead of `22`th value).

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
 2016-10-20 11:34:21 -07:00
Zhang Wei c179b0ffc7 Some refactor and cleanup 
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
 2016-10-20 17:58:51 +08:00
Wang Long 5aef160c5a add test cases for list command 
This patch add test `-q` option for list command.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
 2016-10-20 16:45:34 +08:00
Wang Long 596a4c397c add test cases for create command 
This patch add test `--pid-file` option for create command.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
 2016-10-20 16:23:27 +08:00
Aleksa Sarai f8e6b5af5e
rootfs: make pivot_root not use a temporary directory 
Namely, use an undocumented feature of pivot_root(2) where
pivot_root(".", ".") is actually a feature and allows you to make the
old_root be tied to your /proc/self/cwd in a way that makes unmounting
easy. Thanks a lot to the LXC developers which came up with this idea
first.

This is the first step of many to allowing runC to work with a
completely read-only rootfs.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2016-10-20 12:55:58 +11:00
Michael Crosby 2a5001c1bc Merge pull request #1124 from derekwaynecarr/apply-idempotent 
Ignore error when starting transient unit that already exists
 2016-10-19 13:52:10 -07:00
Derek Carr d223e2adae Ignore error when starting transient unit that already exists 
Signed-off-by: Derek Carr <decarr@redhat.com>
 2016-10-19 14:55:52 -04:00
Michael Crosby b827292ef7 Merge pull request #1121 from cyphar/fix-masked-paths-test 
tests: mask: use test paths rather than /sys
 2016-10-19 11:16:42 -07:00
Qiang Huang 19ab304367 Merge pull request #1091 from rajasec/ps-errors 
ps error logging improvement
 2016-10-19 11:11:41 +08:00
Aleksa Sarai 6e97f3ad69
tests: mask: use test paths rather than /sys 
In certain circumstances (such as the rootless containers patchset), it
is not possible to test things using /sys/firmware. In addition, we
should be testing our own functionality rather than testing protection
against /sys attacks (for which the system might already have extra
protections).

Instead, just make some fake paths in the rootfs that we then mask.
Oddly I noticed that one of the errors changed when doing this (because
before we tested removing a file from /sys/firmware which is -EPERM). So
the old test was broken.

Fixes: 53179559a1 ("MaskPaths: support directory")
Fixes: #1068
Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2016-10-19 05:59:50 +11:00
Andrew Vagin 88b4c4851e Merge pull request #1120 from cyphar/fix-gofmt 
checkpoint: fix gofmt
 2016-10-18 23:56:48 +05:00
Aleksa Sarai 38560a0316
checkpoint: fix gofmt 
Fixes: a60040c62d ("Container must not checkpoint in created state")
Fixes: #1076
Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2016-10-19 05:37:24 +11:00
Aleksa Sarai e3cd191acc
nsenter: un-split clone(cloneflags) for RHEL 
Without this patch applied, RHEL's SELinux policies cause container
creation to not really work. Unfortunately this might be an issue for
rootless containers (opencontainers/runc#774) but we'll cross that
bridge when we come to it.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2016-10-18 18:26:27 +11:00
Aleksa Sarai bf77e5976a
merge branch 'pr-1118' 
Closes: #1118
LGTMs: @cyphar @hqhq
 2016-10-18 18:17:31 +11:00
Wang Long ed6c5c038c update the man for runc delete command 
This patch also change the description in delete.go in order to
keep consistent with the mannual.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
 2016-10-18 12:18:10 +08:00
Mrunal Patel 0259c00a35 Merge pull request #1105 from keloyang/check-kill-signal-num 
Add num check for kill command
 2016-10-17 15:15:28 -07:00
Mrunal Patel 4161f2a63b Merge pull request #1115 from rajasec/filemode-panic 
Fixing runc panic for missing file mode
 2016-10-17 15:01:49 -07:00
Mrunal Patel 30a122d068 Merge pull request #1112 from rhatdan/romount 
Add support for r/o mount labels
 2016-10-17 14:45:32 -07:00
Michael Crosby 4dcc0466e2 Merge pull request #1074 from datawolf/multi-containers 
start multi-containers with `runc start` command
 2016-10-17 14:31:04 -07:00
Dan Walsh 6932807107 Add support for r/o mount labels 
We need support for read/only mounts in SELinux to allow a bunch of
containers to share the same read/only image.  In order to do this
we need a new label which allows container processes to read/execute
all files but not write them.

Existing mount label is either shared write or private write.  This
label is shared read/execute.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
 2016-10-17 16:56:42 -04:00
rajasec 528bf3718d ps error logging improvement 
Signed-off-by: rajasec <rajasec79@gmail.com>

ps error logging improvement

Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-10-17 20:50:33 +05:30
Qiang Huang 509ddd6f11 Merge pull request #1075 from datawolf/pause-resume-multi-containers 
pause and resume multi-containers
 2016-10-17 22:53:22 +08:00
Wang Long 2f5c0afbbc pause and resume multi-containers 
With this patch, `runc pasue` and `runc resume` can
pause and resume multi-containers.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
 2016-10-17 19:44:08 +08:00
Qiang Huang a6284a7bdb Merge pull request #1116 from rajasec/hugetlb-panic 
Fixing runc panic during hugetlb pages
 2016-10-17 13:55:59 +08:00
rajasec 034cba6af0 Fixing runc panic for missing file mode 
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixing runc panic for missing file mode

Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-10-16 20:39:44 +05:30
Aleksa Sarai 7be6edaa60
merge branch 'pr-1114' 
LGTMs: @hqhq @cyphar
Closes: #1114
 2016-10-16 22:27:15 +11:00
rajasec 4b263c9594 Fixing runc panic during hugetlb pages 
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixing runc panic during hugetlb pages

Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-10-15 19:47:33 +05:30
Mrunal Patel 3abefdff18 Merge pull request #1109 from rhatdan/dupsec 
DupSecOpt needs to match InitLabels
 2016-10-14 08:18:25 -07:00
Lei Jitang 1cd050244e Valide platform on loading config.json 
run an arm64 image on an amd64 platform, it will failed with
````
panic: standard_init_linux.go:175: exec user process caused "exec format error" [recovered]
        panic: standard_init_linux.go:175: exec user process caused "exec format error"

goroutine 1 [running, locked to thread]:
panic(0x7e7e40, 0xc820124380)
        /usr/local/go/src/runtime/panic.go:481 +0x3e6
github.com/urfave/cli.HandleAction.func1(0xc8200c52f8)
        /home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/urfave/cli/app.go:478 +0x38e
panic(0x7e7e40, 0xc820124380)
        /usr/local/go/src/runtime/panic.go:443 +0x4e9
github.com/opencontainers/runc/libcontainer.(*LinuxFactory).StartInitialization.func1(0xc8200c4c08, 0xc8200220a0, 0xc8200c4d18)
        /home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/factory_linux.go:259 +0x136
github.com/opencontainers/runc/libcontainer.(*LinuxFactory).StartInitialization(0xc82006c780, 0x7fb9124733f8, 0xc820124380)
        /home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/factory_linux.go:277 +0x5b1
main.glob.func8(0xc820090780, 0x0, 0x0)
        /home/lei/opencontainers/runc/main_unix.go:26 +0x68
reflect.Value.call(0x74ca00, 0x8fda40, 0x13, 0x844470, 0x4, 0xc8200c5278, 0x1, 0x1, 0x0, 0x0, ...)
        /usr/local/go/src/reflect/value.go:435 +0x120d
reflect.Value.Call(0x74ca00, 0x8fda40, 0x13, 0xc8200c5278, 0x1, 0x1, 0x0, 0x0, 0x0)
        /usr/local/go/src/reflect/value.go:303 +0xb1
github.com/urfave/cli.HandleAction(0x74ca00, 0x8fda40, 0xc820090780, 0x0, 0x0)
        /home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/urfave/cli/app.go:487 +0x2ee
github.com/urfave/cli.Command.Run(0x847330, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dcec0, 0x51, 0x0, ...)
        /home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/urfave/cli/command.go:191 +0xfec
github.com/urfave/cli.(*App).Run(0xc820001980, 0xc82000a100, 0x2, 0x2, 0x0, 0x0)
        /home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/urfave/cli/app.go:240 +0xaa4
main.main()
        /home/lei/opencontainers/runc/main.go:137 +0xe24

````
instead of throwing panic on execing the container process, we should
throw the platform mismatch at the very beginning, it's much more
clear and can tell user what's wrong.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
 2016-10-14 02:53:37 -04:00
Dan Walsh 491cadac92 DupSecOpt needs to match InitLabels 
At some point InitLabels was changed to look for SecuritOptions
separated by a ":" rather then an "=", but DupSecOpt was never
changed to match this default.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
 2016-10-13 16:10:29 -04:00