Commit Graph

837 Commits

Author SHA1 Message Date
Alexander Morozov b89cd0cf5c Merge pull request #304 from mrunalp/feature/user_namespaces
Adds user namespace support to libcontainer
2015-01-19 11:55:20 -08:00
Mrunal Patel b0eece8d7d Adds support for User Namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Adds sample configuration to test user namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Rebases to master.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Fixes integration tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Move selinux labeling, apparmor profile and restrict kernel files back to init.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Separate the code paths for userns and default cases.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

tty not required for setup

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Cleanup and address review comments.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Remove debug logs and other cleanup.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Use function paramaters for SetupContainer.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-19 14:50:21 -05:00
Mrunal Patel eb74393a3d Merge pull request #338 from avagin/fixes
cgroups: set a freezer state before calling FreezerGroup.Set()
2015-01-19 09:33:08 -08:00
Andrey Vagin 30b3306416 cgroups: set a freezer state before calling FreezerGroup.Set()
My previous patch moved the setting of the freezer state after the Set()
command. It's wrong, because this command uses it, so we need to set the
freezer state before the command and rollback it in an error case.

Fixes: 13a5703d85 ("cgroups: don't change a freezer state if an operation failed")

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 17:26:34 +03:00
Michael Crosby 73ba097bf5 Merge pull request #336 from dqminh/execin-wait
nsenter waits for parent signal before forking
2015-01-16 14:51:02 -08:00
Daniel, Dao Quang Minh 5a87153824 fix TestNsenterAlivePid
unblock the nsenter-exec test process to let it finish succesfully

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-01-16 05:13:19 -05:00
Daniel, Dao Quang Minh f5dfd9a702 nit: reindent with indent -linux
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-01-16 04:58:30 -05:00
Daniel, Dao Quang Minh 9946e299af nsenter waits for parent signal before forking
this allows the parent to place the process into cgroup first so it can track
the children properly

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2015-01-16 04:56:45 -05:00
Victor Marmol 29ba9b3179 Merge pull request #335 from avagin/fixes
cgroups: don't change a freezer state if an operation failed
2015-01-15 08:25:10 -08:00
Andrey Vagin 13a5703d85 cgroups: don't change a freezer state if an operation failed
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 19:03:18 +03:00
Mrunal Patel 1d3b2589d7 Merge pull request #328 from icecrime/signal_exit_code
Fix exit codes when dying on a signal
2015-01-12 17:29:26 -08:00
Victor Marmol dd6bc28afb Merge pull request #329 from crosbymichael/oom-nsinit
Add nsinit command to display oom notifications
2015-01-12 16:39:16 -08:00
Michael Crosby 4bbd44784c Add nsinit command to display oom notifications
This adds the ability to receive OOM notifications for a container via
the `nsinit oom` command.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-12 16:37:33 -08:00
Arnaud Porterie fec4c5ab0a Fix exit codes when dying on a signal
Test the process WaitStatus for a signal, and return an exit code of 128
+ signal which killed the process. Fixes docker/docker#9979.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-01-12 16:20:31 -08:00
Victor Marmol 9377591781 Merge pull request #326 from estesp/add-multiarch-info
Update ROADMAP.md to correctly reflect current arch status
2015-01-12 14:28:56 -08:00
Michael Crosby 6460fd7966 Merge pull request #327 from crosbymichael/refactor-killAllPids
Refactor kill all pids
2015-01-12 10:36:59 -08:00
Mrunal Patel ba613c5a84 Merge pull request #315 from avagin/nsenter
A few fixes for nsenter
2015-01-12 10:36:20 -08:00
Michael Crosby 4903df2ed5 Refactor killAllPids
This refactors the function to avoid two calls to FindProcess

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-12 10:31:31 -08:00
Michael Crosby 2d9ef3af72 Add config for running a container in host pid ns
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-12 10:29:41 -08:00
Michael Crosby 09809b551c Merge pull request #320 from rhatdan/pidns
killall processes in a cgroup if you are not using the pid namespace
2015-01-12 10:18:48 -08:00
Phil Estes 50f0faa795 Update ROADMAP.md to correctly reflect current arch status
Adds POWER (ppc64 and ppc64le), System z (s390x), and ARM to list of
architectures currently supported by libcontainer

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-01-12 12:58:27 -05:00
Andrey Vagin 35ae1c4871 nsenter: add a macros to print errors
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin 85cd86999f nsenter: use %m instead of strerror(errno)
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin 0f8f0601ae nsenter: return an error if a process with specified pid is a zombie
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin b6a1b88985 nsenter: return an error if a process with specified pid doesn't exist
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin ecace12e5a nsenter: check errors from open(), read() and open()
Currently if nsenter is executed without /proc, it segfaulted.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin b7e54b0b41 nsenter: add tests
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Dan Walsh 1bd146ed82 This patch adds a test for the shared HOST Pid namespace
It also kills all processes in a cgroup if you are not using the pid namespace

If we stop using the PID namespace, and more then one process is running
when the pid 1 exits, docker will hang since the cgroups do not disappear.

This code will kill all remaining processes

Add Tests for handing of Pid Namespaces

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-01-09 13:43:47 -05:00
Victor Marmol e30793aed7 Merge pull request #322 from mrunalp/features/add_groups
Adds functionality to specify additional groups to join.
2015-01-08 14:04:03 -08:00
Mrunal Patel 445bebc1b1 Adds functionality to specify additional groups to join.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-08 17:01:47 -05:00
Michael Crosby d7dea0e925 Merge pull request #321 from vmarmol/no-file
Don't get stats for cgroups that don't exist.
2015-01-08 11:26:02 -08:00
Victor Marmol e3184f97e0 Don't get stats for cgroups that don't exist.
Signed-off-by: Victor Marmol <vmarmol@google.com>
2015-01-08 11:17:09 -08:00
Michael Crosby be02944484 Merge pull request #318 from mrunalp/subreaper
Use the child subreaper option only when available
2015-01-06 15:33:37 -08:00
Mrunal Patel a1ac9b1015 Use the child subreaper option only when available
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-06 18:30:30 -05:00
Alexander Morozov 8067e34ec0 Merge pull request #317 from mrunalp/go1.4
Changes Dockerfile to use go 1.4
2015-01-05 13:37:51 -08:00
Mrunal Patel 6c285c1d49 Changes Dockerfile to use go 1.4
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-05 16:30:22 -05:00
Mrunal Patel 14af6755f0 Merge pull request #316 from LK4D4/fix_vet
Fix vet errors
2015-01-02 11:39:38 -08:00
Alexander Morozov c34b3d5ce9 Fix vet errors
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-29 10:57:01 -08:00
Alexander Morozov 0f397d4e14 Merge pull request #314 from crosbymichael/use-ns-ptr
Namespaces methods should act on pointer
2014-12-23 19:18:50 -08:00
Michael Crosby afb167a417 Namespaces methods should act on pointer
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-23 16:57:07 -08:00
Rohit Jnagal 10d49f830b Merge pull request #313 from crosbymichael/lk4d4
Add lk4d4 as maintainer
2014-12-23 16:31:32 -08:00
Michael Crosby 6fae0d4fa6 Add lk4d4 as maintainer
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-23 15:29:55 -08:00
Mrunal Patel 1597c68f7b Merge pull request #312 from LK4D4/care_#302
Add type for namespaces for better UI (replacement of #302)
2014-12-23 11:27:51 -08:00
Alexander Morozov 5bb8146989 Add Contains wrapper for Namespaces type
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-23 11:13:45 -08:00
Mrunal Patel 6423c8d261 Merge pull request #307 from LK4D4/systemd_notify_oom
OOM Notify refactoring
2014-12-23 09:15:50 -08:00
Rohit Jnagal 9455a8ce3a Merge pull request #310 from jfrazelle/9771-non-local-mac-address
Allow non local mac-address.
2014-12-22 23:03:42 -08:00
Jessica Frazelle 312f997de6 Allow non local mac-address.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
2014-12-22 22:42:49 -08:00
Rohit Jnagal f61899ece3 Merge pull request #308 from LK4D4/fix_cgroups_removing
Fix removing of cgroups if something still alive in container
2014-12-22 17:45:41 -08:00
Alexander Morozov 6feb7bda04 Fix removing of cgroups if something still alive in container
Now we try to remove cgroups 5 times with increased delay between
tries.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-22 14:34:58 -08:00
Alexander Morozov 9825a26db5 Refactor NotifyOnOOM a little
Now there is function NotifyOnOOM in libcontainer package, which
receives *libcontainer.State as argument.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-22 11:44:41 -08:00