Commit Graph

1469 Commits

Author SHA1 Message Date
Michael Crosby 9fac183294 Initial commit of runc binary
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:34:13 -07:00
Michael Crosby 080df7ab88 Update import paths for new repository
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:59 -07:00
Michael Crosby 8f97d39dd2 Move libcontainer into subdirectory
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:15 -07:00
Michael Crosby 4b5bf88a08 Remove nsinit
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:28:36 -07:00
Alexander Morozov b675770455 Merge pull request #643 from runcom/cleanup-unused
Remove unused code
2015-06-20 09:02:03 -07:00
Antonio Murdaca eb0408b199 Remove unused code
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-06-20 14:53:44 +02:00
Alexander Morozov a4cc960eaf Merge pull request #642 from crosbymichael/parent-cgroup
Ensure all parent dirs are properly setup
2015-06-19 16:41:48 -07:00
Michael Crosby 5e729ced92 Ensure all parent dirs are properly setup
Even if libcontainer does not create the directories for the cpuset
cgroup we should ensure that they are properly populated with the
parent's cpus and mems values.  Some systems create the directory
structures but do not correctly populate the values and causes our
implementation to fail.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-19 15:56:12 -07:00
Daniel, Dao Quang Minh ae8fc2f8de Merge pull request #640 from estesp/nsinit-memory-swappiness
Fix nsinit to configure default cgroup entry for MemorySwappiness
2015-06-19 12:54:29 +08:00
Phil Estes e1128da32a Fix nsinit to configure default cgroup entry for MemorySwappiness
As related to #639, this at least makes the "nsinit" consumer of
libcontainer initialize the value to "-1" and also allows the user to
specify a setting for the container.

This is an analog to Docker PR docker/docker#14030.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-06-18 23:42:51 -04:00
Mrunal Patel 107b7ed268 Merge pull request #638 from lizf-os/fix-check-cpu-shares
Avoid trying to access cpu.shares when it doesn't exist
2015-06-18 13:41:58 -07:00
Rohit Jnagal ed1146a8ee Merge pull request #637 from hqhq/hq_fix_kmem_cgroup
Fix kmem limit set
2015-06-18 09:45:52 -07:00
Zefan Li f112d83776 Avoid trying to access cpu.shares when it doesn't exist
Even if cpu cgroup controller is enabled it's still possible that
cpu.shares doesn't exist.

This is the case when the kernel config has CONFIG_CGROUP_SCHED
enabled but CONFIG_FAIR_GROUP_SCHED disabled. Then docker fails to
start containers even --cpu-shares isn't specified.

$ sudo docker run -i -t ubuntu:14.04
Error response from daemon: Cannot start container 5600ae87eb9d0eca49f6bcee012247d6b4beb49c426d6cf17e2456279f9311f6: [8] System error: open /sys/fs/cgroup/cpu/docker/5600ae87eb9d0eca49f6bcee012247d6b4beb49c426d6cf17e2456279f9311f6/cpu.shares: no such file or directory

Signed-off-by: Zefan Li <lizefan@huawei.com>
2015-06-18 21:15:52 +08:00
Qiang Huang 39279b1762 Fix kmem limit set
Currently we can't start container with kmem limit, because we
set kmem limit after processes joined to cgroup, we'll get device
busy error in this case.

Fix it by moving set before join.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-06-18 15:44:30 +08:00
Daniel, Dao Quang Minh ca3ab4ba40 Merge pull request #635 from LK4D4/vet_only_needed
Fix some suspicious things in vendor
2015-06-17 11:18:41 +08:00
Alexander Morozov 76ed4ed758 Fix suspicious places in vendor
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-16 09:59:40 -07:00
Alexander Morozov 6585cf0147 Use validate-vet script from docker
It tests only changed files from commit.
We can't expect vet fixes from all projects from vendor directory.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-16 09:45:01 -07:00
Mrunal Patel 6029e2334a Merge pull request #634 from unclejack/gofmt_pass
gofmt to fix formatting
2015-06-16 09:27:08 -07:00
unclejack 19f9dea4a8 gofmt to fix formatting
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2015-06-16 12:26:27 +03:00
Michael Crosby 73eab50ed6 Merge pull request #630 from tsuna/master
Handle SYS_setns not existing but __NR_setns does.
2015-06-15 10:34:30 -07:00
Daniel, Dao Quang Minh 5dc7ba0f24 Merge pull request #627 from mrunalp/add_groups_check
Only try to get AdditionalGroups if they are configured.
2015-06-15 17:03:53 +08:00
Benoit Sigoure 6aeb7e1fa5 Handle SYS_setns not existing but __NR_setns does.
On some older Fedora distros SYS_setns was not defined, but
__NR_setns is a usable replacement.

Signed-off-by: Benoit Sigoure <tsunanet@gmail.com>
2015-06-14 02:54:44 -07:00
Alexander Morozov 61adc0d9c5 Merge pull request #622 from ktraghavendra/621_container_swappiness
Add the memory swappiness tuning support to libcontainer
2015-06-12 13:37:23 -07:00
Mrunal Patel ab3d3ce15e Only try to get AdditionalGroups if they are configured.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-06-12 13:20:44 -04:00
Michael Crosby 33b3f3801a Merge pull request #626 from icecrime/fix_nsinit_config_link
Fix nsinit README.md config link
2015-06-11 17:22:54 -07:00
Arnaud Porterie abeeada1b5 Fix nsinit README.md config link
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-06-11 17:10:25 -07:00
Alexander Morozov 024e2020d5 Merge pull request #625 from mchasal/13856-ppcifrDataByte
Additional ppc architectures follow the arm datatype
2015-06-11 16:18:18 -07:00
Mrunal Patel 73f967559b Merge pull request #624 from LK4D4/improve_cgroupmount
Use simpler parsing of /proc/self/mountinfo for FindCgroupMountpoint
2015-06-11 13:47:13 -07:00
Michael Chase-Salerno 251880b22d Additional ppc architectures follow the arm datatype
Signed-off-by: Michael Chase-Salerno <bratac@linux.vnet.ibm.com>
2015-06-11 20:07:33 +00:00
Alexander Morozov 3716bd9db2 Use simpler parsing of /proc/self/mountinfo for FindCgroupMountpoint
It sped up this function x10 times(because of not using Ssprintf).
It was one of two major performance drawbacks in docker, because we're parsing
this file pretty often.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-11 12:56:55 -07:00
Raghavendra K T ddd92caf18 Add the memory swappiness tuning support to libcontainer
Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
2015-06-11 16:56:03 +05:30
Daniel, Dao Quang Minh 2a3954f053 Merge pull request #620 from hqhq/hq_memswap_change
Don't change memswap value in libcontainer
2015-06-11 12:51:32 +08:00
Qiang Huang f7c16f1d3e Don't change memswap value in libcontainer
As discussed in https://github.com/docker/libcontainer/issues/616,
remove this logic in libcontainer.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-06-11 08:54:24 +08:00
Victor Marmol cb2d973545 Merge pull request #603 from dqminh/mrunalp-add_groups_lookup
Rebased: Additional groups lookup
2015-06-10 09:56:56 -04:00
Daniel, Dao Quang Minh d4ece29c0b refactor GetAdditionalGroupsPath
This parses group file only once to process a list of groups instead of parsing
once for each group. Also added an unit test for GetAdditionalGroupsPath

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-06-09 23:54:03 -04:00
Mrunal Patel 50603caabe Adds tests for Additional Groups.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-06-09 23:12:07 -04:00
Mrunal Patel f28dff5539 Add flags for specifying additional groups.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-06-09 23:12:07 -04:00
Mrunal Patel 429752a69d Lookup additional groups in the container.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-06-09 23:11:25 -04:00
Alexander Morozov c963786c6e Merge pull request #618 from glevand/for-merge-1
linux: Convert dup2 calls to dup3
2015-06-09 15:47:34 -07:00
Geoff Levand 29ee54ce2a nsenter: Convert dup2 calls to dup3
For consistency with similar changes required by go lang sources, convert the
C library dup2() calls to dup3().

The go language syscall.Dup2() routine is not available on all CPU
architectures, so yscall.Dup2() calls were converted to syscall.Dup3().

Signed-off-by: Geoff Levand <geoff@infradead.org>
2015-06-09 15:19:47 -07:00
Geoff Levand 0e8afb8f9d linux: Convert dup2 calls to dup3
Convert syscall.Dup2 calls to syscall.Dup3.  The dup2 syscall is depreciated
and is not available on some architectures.  Fixes build errors like these when
building for arm64:

  console_linux.go: undefined: syscall.Dup2

Signed-off-by: Geoff Levand <geoff@infradead.org>
2015-06-09 15:19:47 -07:00
Mrunal Patel 4369703200 Merge pull request #619 from rhatdan/relabel
Fix relabel to allow volume mounting of /
2015-06-09 13:46:39 -07:00
Dan Walsh 827ae1f0a2 Fix relabel to allow volume mounting of /
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-06-09 16:35:16 -04:00
Mrunal Patel 688ec20a4a Merge pull request #617 from LK4D4/stop_transient_unit
Stop systemd unit on destroy
2015-06-09 10:22:12 -07:00
Mrunal Patel 204502647d Merge pull request #613 from crosbymichael/seccomp-args
Golang seccomp package
2015-06-09 10:13:19 -07:00
Alexander Morozov f6ad210785 Stop systemd unit on destroy
It totally fixes leftover ".scope" fails. Of course it's just
workaround, real issue seems to be in go-systemd library or in systemd
itself.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-08 15:06:11 -07:00
Michael Crosby 5edcda910e Improve seccomp API
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	configs/config.go
	container_linux.go
	seccomp/seccomp.go
	seccomp/seccomp.test
2015-06-05 11:21:40 -07:00
yangshukui 4a99434e8b add the generated go file
Signed-off-by: Yang Shukui <yangshukui@huawei.com>
2015-06-05 11:21:40 -07:00
yangshukui 12a41c825d seccomp surport filter args
1. add args surport for seccomp
    2. add CLONE_SECCOMP flag for preventing seccomp feature
Signed-off-by: Yang Shukui <yangshukui@huawei.com>
2015-06-05 11:21:40 -07:00
yangshukui 02e05e0884 Add seccomp feature
add seccomp feature which is not use third-party
add multi arch surport
add test case
all code use golang

this pr is relate to #511 because I close it and find it can not be reopen

Signed-off-by: Yang Shukui <yangshukui@huawei.com>
2015-06-05 11:21:40 -07:00