Alexander Morozov
b89cd0cf5c
Merge pull request #304 from mrunalp/feature/user_namespaces
...
Adds user namespace support to libcontainer
2015-01-19 11:55:20 -08:00
Mrunal Patel
b0eece8d7d
Adds support for User Namespaces.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Adds sample configuration to test user namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Rebases to master.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Fixes integration tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Move selinux labeling, apparmor profile and restrict kernel files back to init.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Separate the code paths for userns and default cases.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
tty not required for setup
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Cleanup and address review comments.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Remove debug logs and other cleanup.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Use function paramaters for SetupContainer.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-19 14:50:21 -05:00
Mrunal Patel
eb74393a3d
Merge pull request #338 from avagin/fixes
...
cgroups: set a freezer state before calling FreezerGroup.Set()
2015-01-19 09:33:08 -08:00
Andrey Vagin
30b3306416
cgroups: set a freezer state before calling FreezerGroup.Set()
...
My previous patch moved the setting of the freezer state after the Set()
command. It's wrong, because this command uses it, so we need to set the
freezer state before the command and rollback it in an error case.
Fixes: 13a5703d85
("cgroups: don't change a freezer state if an operation failed")
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 17:26:34 +03:00
Michael Crosby
73ba097bf5
Merge pull request #336 from dqminh/execin-wait
...
nsenter waits for parent signal before forking
2015-01-16 14:51:02 -08:00
Daniel, Dao Quang Minh
5a87153824
fix TestNsenterAlivePid
...
unblock the nsenter-exec test process to let it finish succesfully
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-01-16 05:13:19 -05:00
Daniel, Dao Quang Minh
f5dfd9a702
nit: reindent with indent -linux
...
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-01-16 04:58:30 -05:00
Daniel, Dao Quang Minh
9946e299af
nsenter waits for parent signal before forking
...
this allows the parent to place the process into cgroup first so it can track
the children properly
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2015-01-16 04:56:45 -05:00
Victor Marmol
29ba9b3179
Merge pull request #335 from avagin/fixes
...
cgroups: don't change a freezer state if an operation failed
2015-01-15 08:25:10 -08:00
Andrey Vagin
13a5703d85
cgroups: don't change a freezer state if an operation failed
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 19:03:18 +03:00
Mrunal Patel
1d3b2589d7
Merge pull request #328 from icecrime/signal_exit_code
...
Fix exit codes when dying on a signal
2015-01-12 17:29:26 -08:00
Victor Marmol
dd6bc28afb
Merge pull request #329 from crosbymichael/oom-nsinit
...
Add nsinit command to display oom notifications
2015-01-12 16:39:16 -08:00
Michael Crosby
4bbd44784c
Add nsinit command to display oom notifications
...
This adds the ability to receive OOM notifications for a container via
the `nsinit oom` command.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-12 16:37:33 -08:00
Arnaud Porterie
fec4c5ab0a
Fix exit codes when dying on a signal
...
Test the process WaitStatus for a signal, and return an exit code of 128
+ signal which killed the process. Fixes docker/docker#9979 .
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-01-12 16:20:31 -08:00
Victor Marmol
9377591781
Merge pull request #326 from estesp/add-multiarch-info
...
Update ROADMAP.md to correctly reflect current arch status
2015-01-12 14:28:56 -08:00
Michael Crosby
6460fd7966
Merge pull request #327 from crosbymichael/refactor-killAllPids
...
Refactor kill all pids
2015-01-12 10:36:59 -08:00
Mrunal Patel
ba613c5a84
Merge pull request #315 from avagin/nsenter
...
A few fixes for nsenter
2015-01-12 10:36:20 -08:00
Michael Crosby
4903df2ed5
Refactor killAllPids
...
This refactors the function to avoid two calls to FindProcess
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-12 10:31:31 -08:00
Michael Crosby
2d9ef3af72
Add config for running a container in host pid ns
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-12 10:29:41 -08:00
Michael Crosby
09809b551c
Merge pull request #320 from rhatdan/pidns
...
killall processes in a cgroup if you are not using the pid namespace
2015-01-12 10:18:48 -08:00
Phil Estes
50f0faa795
Update ROADMAP.md to correctly reflect current arch status
...
Adds POWER (ppc64 and ppc64le), System z (s390x), and ARM to list of
architectures currently supported by libcontainer
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-01-12 12:58:27 -05:00
Andrey Vagin
35ae1c4871
nsenter: add a macros to print errors
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin
85cd86999f
nsenter: use %m instead of strerror(errno)
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin
0f8f0601ae
nsenter: return an error if a process with specified pid is a zombie
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin
b6a1b88985
nsenter: return an error if a process with specified pid doesn't exist
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin
ecace12e5a
nsenter: check errors from open(), read() and open()
...
Currently if nsenter is executed without /proc, it segfaulted.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Andrey Vagin
b7e54b0b41
nsenter: add tests
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-12 07:56:12 +03:00
Dan Walsh
1bd146ed82
This patch adds a test for the shared HOST Pid namespace
...
It also kills all processes in a cgroup if you are not using the pid namespace
If we stop using the PID namespace, and more then one process is running
when the pid 1 exits, docker will hang since the cgroups do not disappear.
This code will kill all remaining processes
Add Tests for handing of Pid Namespaces
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-01-09 13:43:47 -05:00
Victor Marmol
e30793aed7
Merge pull request #322 from mrunalp/features/add_groups
...
Adds functionality to specify additional groups to join.
2015-01-08 14:04:03 -08:00
Mrunal Patel
445bebc1b1
Adds functionality to specify additional groups to join.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-08 17:01:47 -05:00
Michael Crosby
d7dea0e925
Merge pull request #321 from vmarmol/no-file
...
Don't get stats for cgroups that don't exist.
2015-01-08 11:26:02 -08:00
Victor Marmol
e3184f97e0
Don't get stats for cgroups that don't exist.
...
Signed-off-by: Victor Marmol <vmarmol@google.com>
2015-01-08 11:17:09 -08:00
Michael Crosby
be02944484
Merge pull request #318 from mrunalp/subreaper
...
Use the child subreaper option only when available
2015-01-06 15:33:37 -08:00
Mrunal Patel
a1ac9b1015
Use the child subreaper option only when available
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-06 18:30:30 -05:00
Alexander Morozov
8067e34ec0
Merge pull request #317 from mrunalp/go1.4
...
Changes Dockerfile to use go 1.4
2015-01-05 13:37:51 -08:00
Mrunal Patel
6c285c1d49
Changes Dockerfile to use go 1.4
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-05 16:30:22 -05:00
Mrunal Patel
14af6755f0
Merge pull request #316 from LK4D4/fix_vet
...
Fix vet errors
2015-01-02 11:39:38 -08:00
Alexander Morozov
c34b3d5ce9
Fix vet errors
...
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-29 10:57:01 -08:00
Alexander Morozov
0f397d4e14
Merge pull request #314 from crosbymichael/use-ns-ptr
...
Namespaces methods should act on pointer
2014-12-23 19:18:50 -08:00
Michael Crosby
afb167a417
Namespaces methods should act on pointer
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-23 16:57:07 -08:00
Rohit Jnagal
10d49f830b
Merge pull request #313 from crosbymichael/lk4d4
...
Add lk4d4 as maintainer
2014-12-23 16:31:32 -08:00
Michael Crosby
6fae0d4fa6
Add lk4d4 as maintainer
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-23 15:29:55 -08:00
Mrunal Patel
1597c68f7b
Merge pull request #312 from LK4D4/care_#302
...
Add type for namespaces for better UI (replacement of #302 )
2014-12-23 11:27:51 -08:00
Alexander Morozov
5bb8146989
Add Contains wrapper for Namespaces type
...
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-23 11:13:45 -08:00
Mrunal Patel
6423c8d261
Merge pull request #307 from LK4D4/systemd_notify_oom
...
OOM Notify refactoring
2014-12-23 09:15:50 -08:00
Rohit Jnagal
9455a8ce3a
Merge pull request #310 from jfrazelle/9771-non-local-mac-address
...
Allow non local mac-address.
2014-12-22 23:03:42 -08:00
Jessica Frazelle
312f997de6
Allow non local mac-address.
...
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
2014-12-22 22:42:49 -08:00
Rohit Jnagal
f61899ece3
Merge pull request #308 from LK4D4/fix_cgroups_removing
...
Fix removing of cgroups if something still alive in container
2014-12-22 17:45:41 -08:00
Alexander Morozov
6feb7bda04
Fix removing of cgroups if something still alive in container
...
Now we try to remove cgroups 5 times with increased delay between
tries.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-22 14:34:58 -08:00
Alexander Morozov
9825a26db5
Refactor NotifyOnOOM a little
...
Now there is function NotifyOnOOM in libcontainer package, which
receives *libcontainer.State as argument.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-22 11:44:41 -08:00