jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,302 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

256 Commits

Author SHA1 Message Date
Andrey Vagin f705221b4a go: fmt 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-05-20 15:17:59 -07:00
Saied Kazemi 9212f68293 Some C/R bug fixes and changes in the new libcontainer and nsinit. 
This is work in progress, integrating C/R support from
https://github.com/SaiedKazemi/docker/tree/cr into the
new libcontainer and nsinit.

Signed-off-by: Saied Kazemi <saied@google.com>
 2015-05-20 15:17:59 -07:00
Michael Crosby 406f32a774 Set default criu binary 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-20 15:17:34 -07:00
Michael Crosby f15aba685b Update criu support with restored processes 
Also use pipes for non tty so that the parent's tty of the nsinit
process does not leak into the conatiner.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-20 15:17:34 -07:00
Michael Crosby da009f5710 Add nsinit support for checkpoint and restore 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-20 15:16:13 -07:00
Michael Crosby ef5240072a Merge pull request #562 from mrunalp/sys_prop_flag 
Add a flag for specifying system properties.
 2015-05-18 11:08:32 -07:00
Mrunal Patel b38cce017b Add a flag for specifying system properties. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-05-16 22:10:30 -04:00
Qiang Huang e5a7aad7eb Replace aliased imports of logrus 
Docker already did this: https://github.com/docker/docker/issues/11762
libcontainer should also do it.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-05-06 21:14:04 +08:00
Andrey Vagin 08af005e6b Use logrus everywhere 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-05-01 18:41:28 +03:00
Michael Crosby 03bbb04f26 Implement mounting cgroups as readonly 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-20 12:21:11 -07:00
Mrunal Patel ec4b6e0bc3 nsinit: Add a flag to enable system support for cgroups 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-04-13 15:01:48 -04:00
Michael Crosby 570eed473b Move childPipe to the end of FD set 
This adds a new env var for identifying the internal sync pipe that
libcontainer uses to sync with the container and parent process.  This
replaces #496 to allow the user to add additional files to the processes
and not take over fd 3 for all containers.

Closes #496

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-08 14:14:51 -07:00
Mrunal Patel 87ef802709 Merge pull request #501 from ZJU-SEL/nsinit_readme_add 
Add documentation for nsinit
 2015-04-08 11:24:36 -07:00
wonderflow 521cc35a48 Add documentation for nsinit 
About how to use and explaination of available options.

Signed-off-by: Sun Jianbo <wonderflow@zju.edu.cn>
 2015-04-08 09:27:26 +08:00
Michael Crosby fa9efe82f9 Change nsinit root to /var/run/nsinit 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-03 10:45:01 -07:00
Qiang Huang c06f92353f fix README.md for nsinit 
Cut the long lines and add `--config` to the `nsinit exec` command.
And some grammar fix.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-04-01 13:50:48 +08:00
wonderflow 3b95acdfa1 Add readme for nsinit about how to build nsinit 
Signed-off-by: Sun Jianbo <wonderflow@zju.edu.cn>
 2015-03-30 13:37:26 +08:00
Mrunal Patel c1ca18404f mount: Take out the base mounts and move them to the config. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-03-17 14:03:28 -04:00
Michael Crosby c22d5c90cf Remove default log 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-03-12 12:00:01 -07:00
Michael Crosby 3977c892e7 Remove --create from nsinit and make it default 
More people are using this to test new features and this makes it very
simple to run a container with a simple command.

`nsinit exec --tty sh`

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-03-11 11:46:11 -07:00
Alexander Morozov 8d0b06257b Move tty configuration to Process 
Now you need to call Process.NewConsole to setup console for process

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-02-25 15:04:43 -08:00
Mrunal Patel f9590b0927 Adds missing exit to fatal function. 
Extracts ProcessState when we get ExitError.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-02-25 13:54:45 -05:00
Andrey Vagin 94fb37f557 process: add Wait(), Signal() and Pid() methods 
Currently we have a problem when buffers are used for std file
descriptors.  These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.

Signed-off-by: Andrew Vagin <avagin@openvz.org>
 2015-02-23 23:40:41 +03:00
Mrunal Patel 4d863b7bd0 Fixes bug where rootfs was empty instead of pwd when not specified. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-02-18 21:36:04 -08:00
Michael Crosby afa8443118 Remove userns sidecar process 
Move the network setup back into the standard init even for user
namespaces now that mounts are fully supported and working.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-18 15:47:26 -08:00
Michael Crosby 339edce03e Update console and mount handling for user namespaces 
This updates the console handling to chown the console on creation to
the root user within the container.

This also moves the setup mounts from the userns sidecar process into
the main init processes by trying to mknod devices, if it fails on an
EPERM then bind mount the device from the host into the container for
use.  This prevents access issues when the sidecar process mknods the
device for the usernamespace returning an EPERM when writting to
dev/null.

This also adds some error handling for init processes and nsinit updates
with added flags for testing and other functions.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-17 21:37:02 -08:00
Michael Crosby f4cf808a3d Merge branch 'master' into api 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	MAINTAINERS
	cgroups/cgroups.go
	cgroups/fs/apply_raw.go
	cgroups/fs/notify_linux.go
	cgroups/fs/notify_linux_test.go
	cgroups/systemd/apply_systemd.go
	config.go
	configs/config_test.go
	console/console.go
	integration/exec_test.go
	integration/init_test.go
	integration/template_test.go
	integration/utils_test.go
	linux_notify.go
	linux_notify_test.go
	mount/init.go
	mount/mount_config.go
	mount/pivotroot.go
	mount/ptmx.go
	namespaces/create.go
	namespaces/exec.go
	namespaces/execin.go
	namespaces/init.go
	namespaces/nsenter/nsenter.c
	namespaces/nsenter/nsenter.go
	namespaces/utils.go
	network/network.go
	network/types.go
	network/veth.go
	notify_linux.go
	notify_linux_test.go
	nsinit/exec.go
	nsinit/main.go
	nsinit/nsenter.go
	nsinit/oom.go
	sample_configs/host-pid.json
	sample_configs/userns.json
	security/capabilities/capabilities.go
	update-vendor.sh
 2015-02-16 15:09:42 -08:00
Michael Crosby b21b19e060 Add factory configuration via functional api 
This allows you to set certian configuration options such as what cgroup
implementation to use on the factory at create time.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-16 11:26:13 -08:00
Mrunal Patel cacc15360e Add config generation for simple user namespace testing. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-02-13 20:17:16 -05:00
Victor Marmol 031524c73d Merge pull request #375 from crosbymichael/move-system-mounts 
Refactor system mounts to be placed on the config
 2015-02-12 21:36:03 -08:00
Michael Crosby 1a37242fa2 Refactor system mounts to be placed on the config 
Also remove the RestrictSys bool replaced by configurable paths that the
user can specify.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-12 16:58:38 -08:00
Alexander Morozov fe9f766895 Fix compilation with golang 1.3(uid/gid mappings is unsupported) 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-02-12 13:28:07 -08:00
Michael Crosby c2403c32db Add GetPath on namespace config 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-12 10:38:43 -08:00
Michael Crosby 91a3f162af Implement nsinit state command 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 18:49:28 -08:00
Michael Crosby 5df859ad24 Add config command to nsinit 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 17:26:29 -08:00
Michael Crosby 5c246d038f Persist container state to disk 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 16:52:28 -08:00
Michael Crosby 31327166e5 Rename OOM to NotifyOOM 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 15:09:54 -08:00
Michael Crosby fde0b7aa0d Refactor network and veth creation 
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 13:33:58 -08:00
Michael Crosby 2ec6b585ea Add new API examples to readme 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:27 -08:00
Michael Crosby b0e274c0d2 Remove console package and add Console type 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby ab76a88d6b Remove Wait() on container interface 
Since we return the pid for the started process we do not need this
method on the interface.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-03 10:50:18 -08:00
Michael Crosby bbeae7445a Remove namespaces package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-02 15:41:32 -08:00
Michael Crosby 8191d4d60f Refactory container interface 
This removes a new unused methods from the container interface and types
parameters such as os.Signal and WaitStatus

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-31 20:51:12 -08:00
Michael Crosby 935d81f23d Flatten configuration structs 
Change the various config structs into one package and have a flatter
structure for easier use.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-31 19:56:27 -08:00
Michael Crosby 77f255a544 Add missing initializers 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-31 14:05:53 -08:00
Andrey Vagin ca633b2f29 Merge remote-tracking branch 'origin/master' into api 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-01-28 14:37:40 +03:00
Mrunal Patel b0eece8d7d Adds support for User Namespaces. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Adds sample configuration to test user namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Rebases to master.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Fixes integration tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Move selinux labeling, apparmor profile and restrict kernel files back to init.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Separate the code paths for userns and default cases.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

tty not required for setup

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Cleanup and address review comments.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Remove debug logs and other cleanup.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Use function paramaters for SetupContainer.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2015-01-19 14:50:21 -05:00
Andrey Vagin 46e62c9204 nsinit: return console 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-01-15 18:22:47 +03:00
Andrey Vagin ba4257a146 new-api: add the Freezer method to cgroup.Manager 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-01-15 00:43:14 +03:00
Andrey Vagin 59e66b818d nsinit: add getContainer() 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-01-15 00:43:13 +03:00