In order to do more complex things with checkpointing
and restoring of containers it's necessary to have
control over where the image files are being saved
and whether or not to kill the running process. It's
possible more flags will be wanted in the future.
Some things probably should always be auto-configured
by libcontainer though.
Docker-DCO-1.1-Signed-off-by: Ross Boucher <rboucher@gmail.com> (github: boucher)
This is work in progress, integrating C/R support from
https://github.com/SaiedKazemi/docker/tree/cr into the
new libcontainer and nsinit.
Signed-off-by: Saied Kazemi <saied@google.com>
Also use pipes for non tty so that the parent's tty of the nsinit
process does not leak into the conatiner.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We only have libcontainer.Container on Docker side, can't change `config`
in linuxContainer, pass config to libcontainer so we can change config of
container.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
I think this is more convenient because for working with namespaces we
using configs.NamespaceType.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Currently we have a problem when buffers are used for std file
descriptors. These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
This removes a new unused methods from the container interface and types
parameters such as os.Signal and WaitStatus
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Change the various config structs into one package and have a flatter
structure for easier use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
This modifies Load in the factory to return a ContainerInfo interface
that is the read only view of the container when it is loaded.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add a rich Error type to the libcontainer package and use it in the API so
that callers can:
* Check for a specific error without depending on an error string,
* Obtain the stack trace of the function or method which detected the error.
The Error type provides a typed error code and a stack trace. The error code
identifies the error and enables the caller to test for it without being
sensitive to changes in the error text. The stack trace identifies the point
at which the error was detected. The combination of error code and stack trace
will enable errors to be diagnosed much more easily and with less guesswork
than when raw string-based errors are used.
The Error type conforms to the error interface and its Error method prints a
short error message. The Detail method provides a verbose error message
including the stack trace.
Notes:
1. There is an unfortunate precedent in the Go standard library which uses
variables to define errors. Checking for a specific error involves a string
comparison and assumes the corresponding variable has not been updated. It is
more robust and efficient to identify errors with integer-based types and
associated constants, although errors should still include a string
description for ease of use by humans.
2. It is not feasible to assign distinct types to Factory and Container
error codes because common errors such as SystemError cannot be declared in
two places and the names of the error codes then need to be decorated. This is
less readable.
Signed-off-by: Steve Powell <spowell@pivotal.io>
Move concepts into specific files for easy management
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: vmarmol)
Also add unit test for container json files to ensure that the mount
config is read and device nodes are validated.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
'namespaces' need to refactored a bit more to move the API part of it to 'libcontainer' package and keep the namespace specific code inside that package.
This change is not expected to break docker.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
We now have one place that keeps track of (most) devices that are allowed and created within the container. That place is pkg/libcontainer/devices/devices.go
This fixes several inconsistencies between which devices were created in the lxc backend and the native backend. It also fixes inconsistencies between wich devices were created and which were allowed. For example, /dev/full was being created but it was not allowed within the cgroup. It also declares the file modes and permissions of the default devices, rather than copying them from the host. This is in line with docker's philosphy of not being host dependent.
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
Andrey Vagin
boucher
Saied Kazemi
Michael Crosby
bin liu
Qiang Huang
Alexander Morozov
Steve Powell
Glyn Normington
Michael Crosby
Victor Marmol
Vishnu Kannan
Michael Crosby
unclejack
Timothy Hobbs
William Thurston