jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,411 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

54 Commits

Author SHA1 Message Date
Raghavendra K T ddd92caf18 Add the memory swappiness tuning support to libcontainer 
Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
 2015-06-11 16:56:03 +05:30
Mrunal Patel 429752a69d Lookup additional groups in the container. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-06-09 23:11:25 -04:00
Michael Crosby 5edcda910e Improve seccomp API 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	configs/config.go
	container_linux.go
	seccomp/seccomp.go
	seccomp/seccomp.test
 2015-06-05 11:21:40 -07:00
yangshukui 12a41c825d seccomp surport filter args 
1. add args surport for seccomp
    2. add CLONE_SECCOMP flag for preventing seccomp feature
Signed-off-by: Yang Shukui <yangshukui@huawei.com>
 2015-06-05 11:21:40 -07:00
yangshukui 02e05e0884 Add seccomp feature 
add seccomp feature which is not use third-party
add multi arch surport
add test case
all code use golang

this pr is relate to #511 because I close it and find it can not be reopen

Signed-off-by: Yang Shukui <yangshukui@huawei.com>
 2015-06-05 11:21:40 -07:00
Alexey Guskov f66187d234 make libcontainer compile on freebsd (again) 
Signed-off-by: Alexey Guskov <lexag@mail.ru>
 2015-06-05 14:23:32 +03:00
Ma Shimiao 4002033269 hugetlb: Add support of Set and GetStats function 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-05-28 13:09:49 +08:00
Michael Crosby a4a648ce30 Merge pull request #583 from jhowardmsft/master 
Windows: Initial compilation enablement
 2015-05-18 11:11:08 -07:00
John Howard c712fa0814 Windows: Initial compilation enablement 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-05-15 15:26:17 -07:00
Michael Crosby fabd8e98be Merge pull request #582 from Mashimiao/add-cgroup-subsystem-net_cls 
cgroups: add support for net_cls
 2015-05-15 10:22:54 -07:00
Qiang Huang 676be0c5f8 Add support for kmem limit 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-05-15 14:24:56 +08:00
Ma Shimiao b88944f9e0 cgroups: add support for net_cls 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-05-15 08:44:40 +08:00
Victor Marmol 64c5e5193f Merge pull request #584 from Mashimiao/add-cgroup-subsystem-net_prio 
cgroup: add support for net_prio
 2015-05-14 12:54:45 -07:00
Ma Shimiao 3a788dd7f3 croup cpu: add support for realtime throttling 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-05-14 20:46:39 +08:00
Ma Shimiao 0810bc868c cgroup: add support for net_prio 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-05-14 14:47:07 +08:00
Michael Crosby 3e661186ba Merge pull request #535 from mrunalp/sys_props 
Adds support for setting system properties.
 2015-04-30 11:46:33 -07:00
Michael Crosby d70569a238 Merge pull request #554 from estesp/namespace_linux_split 
Split namespace syscall content for building on non-Linux
 2015-04-27 17:47:19 -07:00
Alexander Morozov 984ec36fa1 Merge pull request #539 from Mashimiao/cgroups-add-support-for-blkio-throttle 
cgroups: add support blkio.throttle.read/write_*
 2015-04-27 10:34:45 -07:00
Phil Estes 7f1bcd5ebf Spit namespace syscall content for building on non-Linux 
libcontainer/configs is used by the docker user namespace proposed
patchset to use IDMap for uid/gid maps across the codebase.  Given the
client uses some of this code, it needs to build on non-Linux.  This
separates out the Linux-only syscalls using build tags.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
 2015-04-24 18:09:56 -04:00
Mrunal Patel 60d3a49f6e Adds functionality to set system properties. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-04-22 22:17:30 -04:00
Michael Crosby b806655f91 Merge pull request #492 from Mashimiao/cgroup-add-support-for-device-deny 
cgroups: add support of devices deny for another use of cgroup devices
 2015-04-22 18:43:22 -07:00
Mrunal Patel bada39cf31 Merge pull request #495 from rhatdan/tmpfs 
Add support for Premount and Postmount commands.
 2015-04-20 09:20:52 -07:00
bin liu 4a2ae107c8 fix some typos in source code comments 
Signed-off-by: bin liu <liubin0329@gmail.com>
 2015-04-20 02:35:51 +00:00
Ma Shimiao 59eb58b640 cgroups: add support blkio.throttle.read/write_* 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-04-17 16:03:42 +08:00
Dan Walsh 59c5c3ac0f Add support for Premount and Postmount commands. 
We want to allow docker to mount tmpfs directories over existing directories
in the image. We will use this patch to pass commands from docker to
libcontainer. The first command we will use is the tar command to gather
all of the contents of the destination directory before mounting, then after
we mount the post mount command will untar the content.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2015-04-16 20:34:12 -04:00
Ma Shimiao 689afbcf66 cgroups: add support for devices deny 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-04-16 08:30:22 +08:00
Dan Walsh 907c7c17f0 Change mount point propogation to default to slave 
As an admin I would expect that if I volume mount a partition into a container, and then later add a mount point to the volume, it will show up in the container.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2015-04-10 10:49:28 -04:00
Qiang Huang 054d8e02bf cgroups: add support for blkio.weight_device 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-04-08 14:11:29 +08:00
Alexander Morozov cbc8dee085 Ensure that state always contains pathes to all namespaces 
Thanks coolljit0725 for initial fix.

Closes #512

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-04-07 14:50:08 -07:00
Arnaud Porterie e1c14b3ca2 Hairpin NAT network configuration 
Offer the ability to enable hairpin NAT on a per network basis, while
keeping it disable by default as it is unsupported by older kernel.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
 2015-03-11 13:42:37 -07:00
HuKeping 295c70865d cgroups: add support for oom control 
This patch add support for diable OOM Killer.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2015-03-07 02:49:31 +08:00
Andrey Vagin a72f710d89 configs: check that config doesn't contain extra fields 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-03-05 00:26:33 +03:00
Alexander Morozov 8d0b06257b Move tty configuration to Process 
Now you need to call Process.NewConsole to setup console for process

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-02-25 15:04:43 -08:00
Alexander Morozov ec005e73b9 Make possible to call config methods on values 
Because container.Config() returns values and you can't get pointer from
function call immediately. So it is impossible to call
container.Config().HostUID().

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-02-24 16:06:53 -08:00
Mrunal Patel f34b3b765f Validation for User Namespaces in the config. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-02-18 23:14:01 -08:00
Michael Crosby f4cf808a3d Merge branch 'master' into api 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	MAINTAINERS
	cgroups/cgroups.go
	cgroups/fs/apply_raw.go
	cgroups/fs/notify_linux.go
	cgroups/fs/notify_linux_test.go
	cgroups/systemd/apply_systemd.go
	config.go
	configs/config_test.go
	console/console.go
	integration/exec_test.go
	integration/init_test.go
	integration/template_test.go
	integration/utils_test.go
	linux_notify.go
	linux_notify_test.go
	mount/init.go
	mount/mount_config.go
	mount/pivotroot.go
	mount/ptmx.go
	namespaces/create.go
	namespaces/exec.go
	namespaces/execin.go
	namespaces/init.go
	namespaces/nsenter/nsenter.c
	namespaces/nsenter/nsenter.go
	namespaces/utils.go
	network/network.go
	network/types.go
	network/veth.go
	notify_linux.go
	notify_linux_test.go
	nsinit/exec.go
	nsinit/main.go
	nsinit/nsenter.go
	nsinit/oom.go
	sample_configs/host-pid.json
	sample_configs/userns.json
	security/capabilities/capabilities.go
	update-vendor.sh
 2015-02-16 15:09:42 -08:00
Michael Crosby 1a37242fa2 Refactor system mounts to be placed on the config 
Also remove the RestrictSys bool replaced by configurable paths that the
user can specify.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-12 16:58:38 -08:00
Michael Crosby c2403c32db Add GetPath on namespace config 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-12 10:38:43 -08:00
Michael Crosby 5c246d038f Persist container state to disk 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 16:52:28 -08:00
Michael Crosby 7fff13632e Add state method to return container's runtime state 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 14:45:07 -08:00
Michael Crosby fde0b7aa0d Refactor network and veth creation 
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 13:33:58 -08:00
Michael Crosby 1c895b409a Move mount logic into root package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 1edada52fd Move Cwd and User to Process 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 0c1919c427 Refactor parent processes into types 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 21bb5ccc4f Move environment configuration to Process 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 58023ad32f Add parent death signal to the container config 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 8850636eb3 Refactor init actions into separate types 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:08 -08:00
Michael Crosby 5fc19e8db5 Rename Fs fields to fs 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:08 -08:00
Andrey Vagin bcd0222be5 api: fix config tests 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-02-03 10:00:21 -08:00
Michael Crosby bbeae7445a Remove namespaces package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-02 15:41:32 -08:00