jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,897 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

29 Commits

Author SHA1 Message Date
Alexander Morozov 1ab9d5e6f4 Merge pull request #845 from mrunalp/cp_tmpfs 
Add support for copying up directories into tmpfs when a tmpfs is mounted over them
 2016-10-21 13:47:16 -07:00
rajasec 034cba6af0 Fixing runc panic for missing file mode 
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixing runc panic for missing file mode

Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-10-16 20:39:44 +05:30
rajasec 4b263c9594 Fixing runc panic during hugetlb pages 
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixing runc panic during hugetlb pages

Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-10-15 19:47:33 +05:30
Shukui Yang affc105264 tiny fix, add a null check for specs.Resources.Pids.Limit 
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
 2016-10-13 15:55:30 +08:00
Mrunal Patel 4356468f49 Parse the new extension flags 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2016-09-30 09:48:03 -07:00
Adam Thomason 83cbdbd64c Add checks for nil spec.Linux 
Signed-off-by: Adam Thomason <ad@mthomason.net>
 2016-09-11 16:31:34 -07:00
Zhang Wei 7303a9a720 Tiny refactor: remove unused local variables 
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
 2016-09-06 23:41:40 +08:00
Qiang Huang aa2dd02f5a Fix null point reference panic 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2016-09-01 08:34:22 +08:00
Qiang Huang 220e5098a8 Fix default cgroup path 
Alternative of #895 , part of #892

The intension of current behavior if to create cgroup in
parent cgroup of current process, but we did this in a
wrong way, we used devices cgroup path of current process
as the default parent path for all subsystems, this is
wrong because we don't always have the same cgroup path
for all subsystems.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2016-08-30 14:12:15 +08:00
Mrunal Patel 4dedd09396 Merge pull request #937 from hushan/net_cls-classid 
fix setting net_cls classid
 2016-07-18 17:18:23 -04:00
Yen-Lin Chen a318a2ae1b Fixed typo in build constraint. 
Signed-off-by: Yenlin Chen <hencrice@gmail.com>
 2016-07-15 19:24:22 -07:00
Hushan Jia bb42f80a86 fix setting net_cls classid 
Setting classid of net_cls cgroup failed:

ERRO[0000] process_linux.go:291: setting cgroup config for ready process caused "failed to write 𐀁 to net_cls.classid: write /sys/fs/cgroup/net_cls,net_prio/user.slice/abc/net_cls.classid: invalid argument"
process_linux.go:291: setting cgroup config for ready process caused "failed to write 𐀁 to net_cls.classid: write /sys/fs/cgroup/net_cls,net_prio/user.slice/abc/net_cls.classid: invalid argument"

The spec has classid as a *uint32, the libcontainer configs should match the type.

Signed-off-by: Hushan Jia <hushan.jia@gmail.com>
 2016-07-11 05:00:35 +08:00
Petar Petrov f9b72b1b46 Allow additional groups to be overridden in exec 
Signed-off-by: Julian Friedman <julz.friedman@uk.ibm.com>
Signed-off-by: Petar Petrov <pppepito86@gmail.com>
Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>
 2016-06-21 10:35:11 +03:00
Aleksa Sarai 0636bdd45b Merge pull request #874 from crosbymichael/keyring 
Add option to disable new session keys
 2016-06-12 21:44:45 +10:00
root 56abe735f2 bug fix, LeafWeight nil err 
Signed-off-by: root <yangshukui@huawei.com>
 2016-06-10 18:11:20 -07:00
Michael Crosby 8c9db3a7a5 Add option to disable new session keys 
This adds an `--no-new-keyring` flag to run and create so that a new
session keyring is not created for the container and the calling
processes keyring is inherited.

Fixes #818

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-06-03 11:53:07 -07:00
Michael Crosby 5abffd3100 Add annotations to list and state output 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-06-02 12:44:43 -07:00
Mrunal Patel 091ed0b043 Merge pull request #777 from cyphar/fix-null-pointer-deref 
libcontainer: specconv: fix nil dereference in resource setup
 2016-04-24 19:09:30 -07:00
Aleksa Sarai a939c7ecd9 libcontainer: specconv: fix nil dereference in resource setup 
This caused issues if someone omitted or set "resources": null, in the
runC config. The panic follows.

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x20 pc=0x545b53]

goroutine 1 [running]:
panic(0x7aed40, 0xc820014260)
        /usr/lib64/go/src/runtime/panic.go:464 +0x3e6
github.com/opencontainers/runc/libcontainer/specconv.CreateLibcontainerConfig(0xc8200b0e30, 0x836480, 0x0, 0x0)
        /home/cyphar/src/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/specconv/spec_linux.go:222 +0xe83
main.createContainer(0xc82007eb40, 0x7ffd8024e439, 0x4, 0xc82008e780, 0x0, 0x0, 0x0, 0x0)
        /home/cyphar/src/runc/utils_linux.go:174 +0x105
main.startContainer(0xc82007eb40, 0xc82008e780, 0x0, 0x0, 0x0)
        /home/cyphar/src/runc/start.go:114 +0x189
main.glob.func11(0xc82007eb40)
        /home/cyphar/src/runc/start.go:78 +0x13e
github.com/codegangsta/cli.Command.Run(0x829a58, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87ada0, 0x1a, 0x8dff80, ...)
        /home/cyphar/src/runc/Godeps/_workspace/src/github.com/codegangsta/cli/command.go:137 +0x1081
github.com/codegangsta/cli.(*App).Run(0xc82007e900, 0xc82000a050, 0x5, 0x5, 0x0, 0x0)
        /home/cyphar/src/runc/Godeps/_workspace/src/github.com/codegangsta/cli/app.go:176 +0xffa
main.main()
        /home/cyphar/src/runc/main.go:123 +0xc8e

Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2016-04-25 11:52:22 +10:00
Aleksa Sarai 399175c227 Merge pull request #679 from rajasec/selinux-errorcheck 
Adding selinux check during container start
 2016-04-24 16:24:26 +00:00
Mrunal Patel e25811108b Bump up spec and add support for mount label 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2016-04-22 15:31:39 -07:00
rajasec d0bf80e481 Adding selinux check during container start 
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed review comments and rebased

Signed-off-by: rajasec <rajasec79@gmail.com>

updated the message as per review comment

Signed-off-by: Rajasekaran <rajasec79@gmail.com>
 2016-04-19 22:22:04 +05:30
rajasec d663afe2a3 Rebased with spec changes 
Signed-off-by: rajasec <rajasec79@gmail.com>
 2016-04-16 07:10:02 +05:30
Michael Crosby f417e993d0 Update spec to v0.5.0 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-04-12 14:11:40 -07:00
Michael Crosby df25eddce6 Add spec support for masked and readonly paths 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-04-01 13:04:47 -07:00
Mrunal Patel 79a2479099 Fixup incorrect pacakge name in a comment 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2016-03-30 14:48:19 -07:00
Michael Crosby 12bd4cffd0 Add --no-pivot option for containers on ramdisk 
This adds a `--no-pivot` cli flag to runc so that a container's rootfs
can be located ontop of ramdisk/tmpfs and not fail because you cannot
pivot root.

This should be a cli flag and not part of the spec because this is a
detail of the host/runtime environment and not an attribute of a
container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-03-30 12:02:17 -07:00
Michael Crosby 6f84d902ca Implement hook timeouts 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2016-03-29 11:14:59 -07:00
Ido Yariv 28b21a5988 Export CreateLibcontainerConfig 
Users of libcontainer other than runc may also require parsing and
converting specification configuration files.

Since runc cannot be imported, move the relevant functions and
definitions to a separate package, libcontainer/specconv.

Signed-off-by: Ido Yariv <ido@wizery.com>
 2016-03-25 12:19:18 -04:00