Commit Graph

49 Commits

Author SHA1 Message Date
Akihiro Suda bf15cc99b1 cgroup v2: support rootless systemd
Tested with both Podman (master) and Moby (master), on Ubuntu 19.10 .

$ podman --cgroup-manager=systemd run -it --rm --runtime=runc \
  --cgroupns=host --memory 42m --cpus 0.42 --pids-limit 42 alpine
/ # cat /proc/self/cgroup
0::/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope
/ # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/memory.max
44040192
/ # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/cpu.max
42000 100000
/ # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/pids.max
42

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-05-08 12:39:20 +09:00
Akihiro Suda 60c647e3b8 fs2: fix cgroup.subtree_control EPERM on rootless + add CI
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-27 13:30:15 +09:00
Kir Kolyshkin 084144a64a travis: run vagrant tests on the host
Since we already have to build everything and run integration tests
on the Vagrant Fedora 31 host (in order to test how runc talks to
systemd), let's do the same for unit tests (otherwise we build
everything twice).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-04-24 11:25:51 -07:00
Mrunal Patel 46be7b612e
Merge pull request #2299 from kolyshkin/fs2-init-ctrl
cgroupv2: fix fs2 driver initialization
2020-04-20 21:27:42 -07:00
Kir Kolyshkin 992d5cadfb travis: enable fs2 driver test on fedora
Run in the same environment as systemd tests.

Disable CRIU tests because:

 - they all fail with cgroup v2;

 - CRIU v3.14 is required and it's not yet released, and
   rebuilding it from sources with patches applied (like
   it is currently done in Dockerfile) is too much work.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-04-19 16:27:40 -07:00
Kir Kolyshkin b6cc3975de travis: rm BUILDTAGS
It is not needed since commit 89c108b1be.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-04-19 15:35:11 -07:00
Kir Kolyshkin 84583eb1a4 Enable integration tests in cgroupv2 env
Those needs to be run on the (Vagrant Fedora 31) host
(since we need real systemd running), and so we have
to have all the tools needed to compile runc and run
the tests.

The good news is Fedora packages a decent and recent release
of bats-core (1.1.0), which we can use (Debian does not),
and we can also use golang (currently 1.13.9) from Fedora.

The bad news are

 1. Currently cgroups tests are only working with
    RUNC_USE_SYSTEMD=yes (addressed by #2299, #2305)

 2. Tests in events.bats do not work (need cgroupv2
    memory.events support)

 3. Fedora 31 image is 6 months old (and has broken
    container-selinux policy) so we need `dnf update`,
    which adds ~5 min to test time.

[v2: add -t to ssh to enforce pty]
[v3: disable events tests for cgroupv2]
[v4: update fedora packages, use a single dnf transation]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-04-13 18:40:08 -07:00
Akihiro Suda 16d21e2d0a travis: move `cgroup-v2` out of `allow_failures`
`cgroup-v2` was marked `allow_failures` because of the flakiness of VirtualBox VM: dc7d0bf

The flakiness seems to have gone away since we switched from VirtualBox to QEMU/KVM and increased HW resources: b8eed86

Close #2301

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-09 20:59:22 +09:00
Akihiro Suda b8eed86ea9 vagrant: switch from VirtualBox to KVM + increase HW resources
* Switch from VirtualBox to KVM because GCE (used in Travis) doesn't officially support VirtualBox:
https://cloud.google.com/compute/docs/instances/enable-nested-virtualization-vm-instances

* Increase HW resources: 512MB -> 2GB, 1 vCPU -> 2 vCPUs

* Cache /home/travis/.vagrant.d/boxes

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-01 09:32:24 +09:00
Adrian Reber 3e99aa3628
Fix checkpoint/restore tests on Fedora 31
The Travis tests running on Fedora 31 with cgroup2 on Vagrant had the
CRIU parts disabled because of a couple of problems.

One problem was a bug in runc and CRIU handling that Andrei fixed.

In addition four patches from the upcoming  CRIU 3.14 are needed for
minimal cgroup2 support (freezer and mounting of cgroup2). With Andrei's
fix and the CRIU cgroup2 support and the runc CRIU cgroup2 integration
it is now possible the checkpoint integration tests again on the Fedora
Vagrant cgroup2 based integration test.

To run CRIU based tests the modules of Fedora 31 (the test host system)
are mounted inside of the container used to test runc in the buster
based container with -v /lib/modules:/lib/modules.

Signed-off-by: Adrian Reber <areber@redhat.com>
2020-03-31 16:36:36 +02:00
Akihiro Suda ad6d577ab5 travis: run `make verify-dependencies` with Go 1.14.x
Background: https://github.com/opencontainers/runc/pull/2073#issuecomment-596068439

> switched back to running the vendoring in 1.14. If we vendor with go
> 1.13, go build will fail on go 1.14, making the tests fil.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-30 18:24:21 +09:00
Kir Kolyshkin 3147c3200e Switch to golang 1.13, drop unsupported versions
Run CI with go 1.13 and 1.14 (aka "stable").

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-21 10:33:23 -07:00
Aleksa Sarai a15d2c3ca0
merge branch 'pr-2073'
Odin Ugedal (7):
  Run verify-dependencies only on go1.x
  Don't add git utils to go.mod in CI
  Remove refrences to vndr
  Make CI script to verify that vendor is in sync
  Fix file permissions for mounts.bats
  Update spec test to use go.mod
  Add support for GO Modules

LGTMs: @hqhq @AkihiroSuda @cyphar
Closes #2073
2020-03-16 12:38:40 +11:00
Kir Kolyshkin 69f6f32f6b README, travis.yml: rm ambient tag
This build tag was removed in commit 4f903a21c4 (PR #1370)
quite some time ago.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-15 10:25:33 -07:00
Odin Ugedal 777f97d8de
Run verify-dependencies only on go1.x
Signed-off-by: Odin Ugedal <odin@ugedal.com>
2020-03-07 10:46:34 +01:00
Odin Ugedal 83f9b8890f
Don't add git utils to go.mod in CI
Signed-off-by: Odin Ugedal <odin@ugedal.com>
2020-03-07 09:29:33 +01:00
Aleksa Sarai dc7d0bfa0f
travis: update configuration
Update the set of Go versions (and use 1.x to always test the latest
release), as well as making the cgroupv2 tests allowable failures (the
vagrant setup seems to break pretty often, causing flaky failures).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2020-02-05 13:41:28 +11:00
Akihiro Suda ccd4436fc4 .travis.yml: add Fedora 31 vagrant box (for cgroup2)
As the baby step, only unit tests are executed.

Failing tests are currently skipped and will be fixed in follow-up PRs.

Fix #2124

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-31 16:53:01 +09:00
Sebastiaan van Stijn e7831f2abb
Update to Go 1.12 and drop obsolete versions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-12 16:27:40 +02:00
Filipe Brandenburger 9fe7c939f8 Add a Travis-CI job for systemd cgroup driver
The additional test shows as a separate job. It sets environment
RUNC_USE_SYSTEMD=1 so it will be clear in Travis-CI that this job is
testing the systemd cgroup driver.

Signed-off-by: Filipe Brandenburger <filbranden@google.com>
2019-03-14 18:53:27 -07:00
Adrian Reber f1da0d3008
switched travis to xenial
The CRIU test for lazy migration was always skipped in Travis because
the kernel was too old. This switches Travis testing to dist: xenial
which provides a newer kernel which enables CRIU lazy migration testing.

Signed-off-by: Adrian Reber <areber@redhat.com>
2019-02-16 19:45:22 +01:00
Harald Nordgren 630fb5b802 Bump Travis versions
Signed-off-by: Harald Nordgren <haraldnordgren@gmail.com>
2018-10-21 22:06:36 +02:00
Mike Brown 36f8472053 fix build break
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2018-10-12 09:22:35 -05:00
Akihiro Suda 39f679c450 travis: test cross compilation
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-06-16 09:32:39 +09:00
Daniel Dao 121c7b458e upgrade to go 1.10 with debian stretch
This also remove jessie-backport version of libseccomp and just use
stretch bundled version

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2018-02-26 11:48:11 +00:00
Tobias Klauser db093f621f libcontainer: remove dependency on libapparmor
libapparmor is integrated in libcontainer using cgo but is only used to
call a single function: aa_change_onexec. It turns out this function is
simple enough (writing a string to a file in /proc/<n>/attr/...) to be
re-implemented locally in libcontainer in plain Go.

This allows to drop the dependency on libapparmor and the corresponding
cgo integration.

Fixes #1674

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-12-15 09:59:58 +01:00
Vincent Demeester ab0a6dd295
Add build 1.9 to travis
`tip` should point to 1.10 already ? (or soon-ish)

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-11-08 15:42:59 +01:00
Matthew Heon 472fa3d054 Update Travis config to use trusty-backports libseccomp
Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-10-10 15:49:08 -04:00
Aleksa Sarai ace083b650
travis: drop shfmt install
It looks like we missed this in 5930d5b427 ("Remove shfmt"), which was
causing CI to break (since it looks like the repo has moved or something
like that). Since we're no longer using shfmt, drop it completely from
the repo.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-08-31 20:49:51 +10:00
Aleksa Sarai c24f602407
ci: smoke-test the release script
To make sure that `make release` doesn't suddenly break after we've cut
a release, smoke-test the release scripts. The script won't fail if GPG
keys aren't found, so running in CI shouldn't be a huge issue.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-08-16 14:44:45 +10:00
Andrei Vagin ff0521f8e8 travis: set go_import_path to github.com/opencontainers/runc
If someone forks runc and wants to check changes in travis, he will find
that the command 'make BUILDTAGS="${BUILDTAGS}"' fails, because
github.com/opencontainers/runc/ is used in many places to import
packages (e.g. libcontainer).

Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-06-10 01:15:51 +03:00
W. Trevor King d1fb97fb91 .travis.yml: Don't require FETCH_HEAD
Master builds only have a 'git clone ...' [1] so FETCH_HEAD isn't
defined and git-validation crashes [2].  We don't want to be
hard-coding a range here, and should update git-validation to handle
these cases automatically.

Also echo TRAVIS_* variables during testing to make debugging
git-validation easier.

[1]: https://travis-ci.org/opencontainers/runc/jobs/213508696#L243
[2]: https://travis-ci.org/opencontainers/runc/jobs/213508696#L347

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-03-21 15:26:20 -07:00
Vincent Batts 36b61ae590
travis: use alternate commit range
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2017-03-21 09:45:43 -04:00
Máximo Cuadros e773f96b0e update go version at travis-ci
Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>
2017-02-20 13:15:58 +01:00
Aleksa Sarai 4a7934d86f
travis: add travis-ci
This sets up a working Travis CI configuration, that runs all of our
integration and unit tests (and also checks a simple raw-build on the
Travis server).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-12-31 05:15:29 +11:00
Michael Crosby 75442b3ad2 Remove travis.yml
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-11-05 22:36:10 +00:00
Tianon Gravi e9f44b52de Add "update-vendor.sh" script and vendor our current deps (minus Docker, since that'd make a circle)
Also, updated .travis.yml to use the new "vendor" directory (since this is pretty pointless without that :D)

Signed-off-by: Andrew Page <admwiggin@gmail.com>
2014-08-04 17:24:11 -06:00
Tianon Gravi 95ce3af4d0 Update more "dotcloud/docker" refs to "docker/docker"
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-07-29 11:21:55 -06:00
Michael Crosby feb1d28456 Use short flag for identifying integration tests
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-23 13:45:05 -07:00
Michael Crosby 00047d5339 Update travis to test specific packages
Add another netlink test and remove the -v from the dockerfile test
output
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-23 11:34:07 -07:00
Tianon Gravi 29d9a4d364 Add "linux/arm" to Travis
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-07-21 23:47:13 -06:00
Tianon Gravi fbe52bc257 Add more Travis matrix targets (being explicit about CGO)
I've also updated the comments with the current status of the commented-out targets (since we're getting close to having them available for our Travis-use in the relevant upstreams).

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-07-21 10:35:29 -06:00
Tianon Gravi b718ecfd7d Add linux/386 testing back to Travis
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-07-18 16:25:00 -06:00
Tianon Gravi 1cdf742a82 Update a few build tags to be more generic, add a couple more SETNS constants, and update Travis with a bunch of fixes/tweaks (including removing the nonfunctional cross-compile stuff for now)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-07-17 02:24:49 -06:00
Tianon Gravi 1c0ea4a3e4 Update Travis to test all the packages
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-07-10 11:38:56 -06:00
Tianon Gravi 4f2dd420be Add cross-compilation testing to .travis.yml
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-06-30 17:08:01 -06:00
Michael Crosby 619088c49f Update travis to run unit tests
Also fix container_tests.go
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-17 16:12:36 -07:00
Tianon Gravi 91b5dbe867 Update .travis.yml to invoke Docker's scripts directly
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-06-12 13:00:04 -06:00
Michael Crosby f00e7f96db Add travis.yml file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-12 10:42:31 -07:00