Could someone explain why we should close this fds? Usually users
cares about closing them or not.
For example exec.Cmd declares them as io.Reader.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Use namespace.Exec() and namespace.Init() to execute processes in CT.
Now an init process is actually executed in a new container. This series
doesn't change code about creating containers, it only reworks code according
with new API.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Here is a first step to implement a new API. Currently the init
processes is executed without namespaces and cgroups.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
This modifies Load in the factory to return a ContainerInfo interface
that is the read only view of the container when it is loaded.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This removes the unsued namespace types from the namespace package
and simplifies getting the values for the namespaces.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This changes the namespace configuration on the config to include the
name of the namespace along with an optional path. This path is used to
point to a file of another namespace for the namespace so that it can be
joined in place of the empty, initialized namespace.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This document specifies the current container specification with all the
underlying setup and configuration that goes into making a container.
This is the v1 spec that is today but allows for flexability when we
introduce more features such as seccomp default profiles and more.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Adds a new item to the config struct []*Rlimit
Rlimit takes a type (ie, syscall.RLIMIT_NOFILE) and the hard/soft limit
(As max/cur)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
SELinux supports a call that tells the kernel, from this point onward
create content with this label. If you pass "", the kernel will
go back to the default.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Writing to this file within /sys is casuing some issues for
older kernels, specifically with 2.6.xx, where the write is failing
because /sys is becoming ro. We will continue to work on the 2.6 issues
but for the time being we cannot ship this with it enabled as it's
breaking all container runs.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently if we don't use --cpuset, the cpuset cgroup is not
created, it's bad if we want to modify cpuset config subsequently,
change the behavior to make it right.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Andrey Vagin
Victor Marmol
Mrunal Patel
Michael Crosby
Mrunal Patel
Michael Crosby
Rohit Jnagal
Brian Goff
Milos Gajdos
Yohei Ueda
unclejack
Dan Walsh
Vishnu Kannan
Qiang Huang