Commit Graph

2032 Commits

Author SHA1 Message Date
Stefan Berger ad22e23aee Create a new session key for every container
Create a new session key ring '_ses' for every container. This avoids sharing
the key structure with the process that created the container and the
container inherits from.

This patch fixes it init and exec.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2016-02-04 22:05:50 -05:00
Michael Crosby 79d3577743 Merge pull request #523 from crosbymichael/double-exec
Remove double exec from command list
2016-01-28 14:22:27 -08:00
Michael Crosby 8dfa57234c Remove double exec from command list
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-28 14:16:19 -08:00
Mrunal Patel 67aa3843e8 Merge pull request #474 from crosbymichael/detach
Add detach to runc
2016-01-28 14:09:07 -08:00
Michael Crosby 5cdb1be88f Merge pull request #517 from hqhq/hq_fix_comment
Fix the comment about sendConfig
2016-01-28 14:00:11 -08:00
Michael Crosby bb6a747825 Add detach to runc
By adding detach to runc the container process is the only thing running
on the system is the containers process.
This allows better usage of memeory and no runc process being long
lived.  With this addition you also need a delete command because the
detached container will not be able to remove state and the left over
cgroups directories.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-28 13:35:13 -08:00
Michael Crosby 480e5f4416 Merge pull request #507 from mikebrow/runc-ls-command
adds list command
2016-01-28 13:20:07 -08:00
Mike Brown 4c871267db adds list command, and a timestamp in the container state
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-01-28 14:21:06 -06:00
Qiang Huang 064113363d Fix the comment about sendConfig
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-28 09:58:30 +08:00
Mrunal Patel f22a4fd5ba Merge pull request #518 from cyphar/add-further-systemd-slice-validation
cgroup: systemd: further systemd slice validation
2016-01-27 09:40:19 -08:00
Aleksa Sarai 57ba666ef3 cgroup: systemd: further systemd slice validation
Add some further (not critical, since Docker does this already)
validation to systemd slice names, to make sure users don't get cryptic
errors.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-27 19:00:52 +11:00
Michael Crosby 7ca2aa4873 Merge pull request #512 from LK4D4/bump_version
Bump runc version to 0.0.7
2016-01-26 14:45:16 -08:00
Michael Crosby 7cd384c0e5 Merge pull request #515 from crosbymichael/readall
Do not use stream encoders for pipe communication
2016-01-26 14:37:54 -08:00
Alexander Morozov 32ad3ba688 Merge pull request #514 from mrunalp/update_spec
Update github.com/opencontainers/specs to a7b50925d8
2016-01-26 14:36:43 -08:00
Mrunal Patel 80c24730fa Merge pull request #511 from cyphar/fix-systemd-slice-expansion
cgroup: systemd: properly expand systemd slice names
2016-01-26 14:34:29 -08:00
Michael Crosby ddcee3cc2a Do not use stream encoders
Marshall the raw objects for the sync pipes so that no new line chars
are left behind in the pipe causing errors.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-26 11:22:05 -08:00
Alexander Morozov ee0a019448 Merge pull request #513 from duglin/RemoveNullState
Remove the nullState
2016-01-26 11:03:32 -08:00
Mrunal Patel 6bfdfce967 Merge pull request #504 from rajasec/readmeupdate
Adding user namespace in README
2016-01-25 18:10:50 -08:00
Mrunal Patel 9cd641486a Update github.com/opencontainers/specs to a7b50925d8
This leaves out the internal conversions as we may need to consider
docker backward compatibility for those changes.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-01-25 19:19:15 -05:00
Alexander Morozov fb2718f8d0 Bump runc version to 0.0.7
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-01-25 13:47:54 -08:00
Alexander Morozov 3268a1ea00 Merge pull request #499 from crosbymichael/state-fixes
Fix various state bugs for pause and destroy
2016-01-25 11:33:59 -08:00
Mrunal Patel e1efaf6094 Merge pull request #510 from hqhq/revert-441-update-date
Revert "update date in README"
2016-01-25 09:28:20 -08:00
Aleksa Sarai 8b32914065 cgroup: systemd: properly expand systemd slice names
Rather than using '/' to denote hierarchy in slice names, systemd uses
'-' in an odd way. This results in runC incorrectly assuming that
certain kernel features are missing (and using inconsistent paths for
the cgroups not supported by systemd), because the "subsystem path" used
is not the one that systemd has created. Fix all of this by properly
expanding slice names.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-25 23:18:34 +11:00
Doug Davis ff034a5119 Remove the nullState
Add a "createdState" in its place since I think that better describes
what its used for.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-01-25 00:26:11 -08:00
Qiang Huang 045ada9be6 Revert "update date in README"
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-25 14:25:34 +08:00
rajasec 94b206102f Adding user namespace in README
Signed-off-by: rajasec <rajasec79@gmail.com>

Added UID/GID mappings section as per review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

Added UID/GID mappings section as per review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

Change size to 65536 per comments

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-01-25 07:07:44 +05:30
Qiang Huang 690e5d3251 Merge pull request #441 from ZJU-SEL/update-date
update date in README
2016-01-25 09:22:55 +08:00
Michael Crosby 59f3066c39 Merge pull request #405 from marcosnils/spec_version
Add spec version to runC version cli
2016-01-22 13:55:28 -08:00
Mrunal Patel 1fdcf95ab1 Merge pull request #505 from marcosnils/patch-1
Add build status badge
2016-01-22 13:10:11 -08:00
Marcos Nils 7871e987ca Add build status badge
Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
2016-01-22 16:47:30 -03:00
Qiang Huang 4e6893b05a Merge pull request #494 from crosbymichael/cwd
Only set cwd when not empty
2016-01-22 09:50:38 +08:00
Qiang Huang 20c678ef50 Merge pull request #495 from cyphar/fix-memcg-set
cgroups: set memory cgroups in Set
2016-01-22 09:22:39 +08:00
Michael Crosby 9c3fa7928e Allow switch to anything from nullState
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-21 16:48:05 -08:00
Michael Crosby 556f798a19 Fix various state bugs for pause and destroy
There were issues where a process could die before pausing completed
leaving the container in an inconsistent state and unable to be
destoryed.  This makes sure that if the container is paused and the
process is dead it will unfreeze the cgroup before removing them.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-21 16:43:33 -08:00
Mrunal Patel 27132f2e51 Merge pull request #486 from duglin/removeHardCode
Remove some hard coded strings
2016-01-21 14:53:17 -08:00
Mrunal Patel 3cae88cc55 Merge pull request #490 from hqhq/hq_fix_comment_swap
Fix comment of swap limit
2016-01-21 14:49:37 -08:00
Aleksa Sarai 75e38f94a0 cgroups: set memory cgroups in Set
Modify the memory cgroup code such that kmem is not managed by Set(), in
order to allow updating of memory constraints for containers by Docker.
This also removes the need to make memory a special case cgroup.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-22 07:46:43 +11:00
Michael Crosby ed7be1d082 Only set cwd when not empty
For existing consumers of libconatiner to not require cwd inside the
libcontainer code.  This can be done at the runc level and is already
evaluated there.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-21 11:08:32 -08:00
Qiang Huang 8bbe901045 Fix comment of swap limit
Set `-1` doesn't mean disable swap, disable swap means you
can't use swap memory, set `-1` really means you can use
unlimited swap memory.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-21 14:02:03 +08:00
Qiang Huang 986637c97a Merge pull request #466 from mrunalp/cgroup_apply_paths
Add support for just joining in apply using cgroup paths
2016-01-21 08:51:33 +08:00
Mrunal Patel 41d9d26513 Add support for just joining in apply using cgroup paths
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-01-20 14:23:05 -05:00
Doug Davis 49dfa1b62d Remove some hard coded strings
Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-01-19 19:02:31 -08:00
Mrunal Patel e91b055623 Merge pull request #476 from hqhq/hq_embed_resource
Embed Resources for backward compatibility
2016-01-19 14:59:39 -08:00
Michael Crosby 5637f38b8a Merge pull request #471 from jfrazelle/add-seccomp-enabled-check
add seccomp.IsEnabled() function
2016-01-19 14:52:51 -08:00
Michael Crosby 9c41e8388c
Handle seccomp proc parsing errors
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-19 11:43:49 -08:00
Qiang Huang f048eaf87a Embed Resources for backward compatibility
Fixes: docker/docker#19329

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-19 19:08:14 +08:00
Jessica Frazelle 41edbeb25e
add seccomp.IsEnabled() function
This is much like apparmor.IsEnabled() function and a nice helper.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-18 10:44:31 -08:00
Alexander Morozov 96530dbe27 Merge pull request #481 from jfrazelle/cleanup-old-hack-dir
cleanup old hack dir
2016-01-18 08:40:17 -08:00
Qiang Huang 809235019f Merge pull request #480 from mrunalp/cwd_abs
Check that cwd is absolute
2016-01-18 10:09:02 +08:00
Jessica Frazelle ecf03fafa5
cleanup old hack dir
looks like this was left around from the libcontainer days ;)

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-15 16:39:38 -08:00