Commit Graph

600 Commits

Author SHA1 Message Date
Alexander Morozov c0e18b96fb Fix subsystem path with abs parent
Sometimes subsystem can be mounted to path like "subsystem1,subsystem2",
so we need to handle this.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-20 11:48:58 -07:00
Mrunal Patel 5b805276c2 Revert "Remount /sys/fs/cgroup as readonly always"
This reverts commit 18de1a273e.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-17 17:50:46 -04:00
Mrunal Patel 618e0caeca Merge pull request #135 from LK4D4/fix_apply_cgroups
Substract source mount from cgroup dir
2015-07-17 13:55:01 -07:00
Alexander Morozov 18de1a273e Remount /sys/fs/cgroup as readonly always
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-17 12:45:09 -07:00
Alexander Morozov fc31076c23 Substract source mount from cgroup dir
This is needed because for nested containers cgroups. Without this patch
they creating unnecessary intermediate cgroup like:
/sys/fs/cgroup/memory/system.slice/docker-9409d9f0b68fb9e9d7d532d5b3f35e7c7f9cca1312af392ae3b28436f1f2998f.scope/system.slice/docker-9409d9f0b68fb9e9d7d532d5b3f35e7c7f9cca1312af392ae3b28436f1f2998f.scope/docker/908ebcc9c13584a14322ec070bd971e0de62f126c0cd95c079acdb99990ad3a3

It is because in /proc/self/cgroup we see paths from host, and they don't
exist in container.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-17 11:41:58 -07:00
Mrunal Patel 2598484b97 Merge pull request #130 from LK4D4/cgroups_mount_fix
Cgroups mount fix
2015-07-16 10:49:13 -07:00
Alexander Morozov e289cf734b Fix handling name= cgroups
Before name=systemd cgroup was mounted inside container to
/sys/fs/cgroup/name=systemd, which is wrong, it should be
/sys/fs/cgroup/systemd

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-15 13:58:17 -07:00
Alexander Morozov f6eb19c0d5 Tests for mounting cgroups
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-15 11:07:03 -07:00
Alexander Morozov 40b9b89107 Substract bindmount path from cgroup dir
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-15 10:41:25 -07:00
Mrunal Patel 42aa891a6b Merge pull request #91 from hqhq/hq_add_cgroup_mount
Add cgroup mount in the recommended config
2015-07-15 09:51:24 -07:00
Alexander Morozov 0d948945b0 Merge pull request #127 from hqhq/hq_fix_tmpfs_mount
Correct tmpfs mount for cgroup
2015-07-14 22:11:52 -07:00
Qiang Huang d7181a73e4 Add cgroup mount in the recommended config
And allow cgroup mount take flags from user configs.
As we show ro in the recommendation, so hard-coded
read-only flag should be removed.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-15 09:31:39 +08:00
Qiang Huang b1fd78346e Correct tmpfs mount for cgroup
Fixes: https://github.com/docker/docker/issues/14543
Fixes: https://github.com/docker/docker/pull/14610

Before this, we got mount info in container:
```
sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0
 /sys/fs/cgroup tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset 0 0
```

It has no mount source, so in `parseInfoFile` in Docker code,
we'll get:
```
Error found less than 3 fields post '-' in "84 83 0:41 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs  rw,seclabel"
```

After this fix, we have mount info corrected:
```
sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0
tmpfs /sys/fs/cgroup tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset 0 0
```

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-15 09:09:09 +08:00
Qiang Huang 4e244108ef Fix error when memory cgroup not mounted
Fixes: #57

Normally all cgroup subsystems are optional except device cgroup,
but memory cgroup optional was broken by:
https://github.com/docker/libcontainer/pull/637

This patch fixes this.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-13 18:22:35 +08:00
root b5412d1b59 the data type should be int8 for ppc64le
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-07-10 20:11:11 +00:00
root 23e3887e05 avoid infinite loop with GCCGO
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-07-10 19:15:26 +00:00
Mrunal Patel 503adf586f Remove deserialization tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-09 18:46:13 -04:00
Michael Crosby e9c0535f3c Merge pull request #52 from jhowardmsft/remove-seccomp
Windows: Factor out seccomp
2015-07-09 11:50:41 -07:00
Michael Crosby e224e2c468 Merge pull request #53 from jhowardmsft/CloseExecFrom
Windows: Factor out CloseExecFrom
2015-07-09 11:50:07 -07:00
Mrunal Patel 6c88b305de Merge pull request #97 from hqhq/hq_add_oom_kill_disable
Add oom-kill-disable support for systemd
2015-07-08 09:40:08 -07:00
Qiang Huang b4d1df0131 Add oom-kill-disable support for systemd
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-08 09:21:46 +08:00
Michael Crosby a7a7263b4c Merge pull request #95 from rajasec/runc_teststepissue
Fixing memory swappiness as -1 in template file for older kernels
2015-07-07 11:08:16 -07:00
Michael Crosby f7431f1f66 Merge pull request #73 from mrunalp/sysctl
Adds Sysctl support
2015-07-07 09:33:44 -07:00
Rajasekaran e027c57f38 Fixing test step for memory swappiness
Signed-off-by: Rajasekaran <rajasec79@gmail.com>
2015-07-07 21:15:59 +05:30
Qiang Huang 18a2ca3758 Remove sample configs from libcontainer
They are for nsinit, and is no longer used.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-07 07:41:19 +08:00
Mrunal Patel 8ea6c65d12 Rename SystemProperties to Sysctl and make it available in the runc config
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-06 19:18:08 -04:00
Mrunal Patel 5ec11a2918 Merge pull request #86 from ktraghavendra/85_container_swappiness
Treat -1 as default value for memory swappiness
2015-07-06 10:12:22 -07:00
Raghavendra K T 88104a4444 Treat -1 as default value for memory swappiness.
In some older kernels setting swappiness fails. This happens even
when nobody tries to configure swappiness from docker UI because
we would still get some default value from host config.
With this we treat -1 value as default value (set implicitly) and skip
the enforcement of swappiness.

However from the docker UI setting an invalid value anything other than
0-100 including -1 should fail. This patch enables that fix in docker UI.

without this fix container creation with invalid value succeeds with a
default value (60) which in incorrect.

Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
2015-07-03 18:19:45 +05:30
Michael Crosby 1865c0aac6 Remove apparmor profile generation from libcontainer
The creation of the profile should be handled outside of libcontainer so
that it can be customized and packaged.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-02 13:45:27 -07:00
Alexander Morozov 38c34d6036 Fix build tags
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-01 13:22:09 -07:00
Michael Crosby 38d06a35e4 Merge pull request #45 from LK4D4/makefile_imp
Some new stuff for makefile
2015-06-30 11:04:03 -07:00
Alexander Morozov a87bc12f86 Add makefile targets for basic lint and testing
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-30 10:17:10 -07:00
Mrunal Patel 0a4ba80b71 Merge pull request #59 from cyphar/603-fixup-API
libcontainer: user: fix GetAdditionalGroups* API
2015-06-30 08:52:19 -07:00
Mrunal Patel 15ed8ff7b1 Merge pull request #55 from mapk0y/add_filelocks_option
checkpoint/restore commands support 'file-locks' option.
2015-06-28 16:23:45 -07:00
Aleksa Sarai 14f271fe4c libcontainer: user: update tests for GetAdditionalGroups
Update the tests to use the test-friendly GetAdditionalGroups API,
rather than making random files for no good reason.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2015-06-28 11:23:37 +10:00
Aleksa Sarai 85f722dea0 libcontainer: user: fix GetAdditionalGroupsPath to match API
The old GetAdditionalGroups* API didn't match the rest of
libcontainer/user, we make functions that take io.Readers and then make
wrappers around them. Otherwise we have to do dodgy stuff when testing
our code.

Fixes: d4ece29c0b ("refactor GetAdditionalGroupsPath")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2015-06-28 11:23:01 +10:00
John Howard dda986aaa0 Windows: Factor out seccomp
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-06-27 16:56:39 -07:00
mapk0y 986dc0f730 checkpoint/restore commands support 'file-locks' option.
Signed-off-by: mapk0y <mapk0y@gmail.com>
2015-06-27 18:56:24 +09:00
John Howard 9f80f3f181 Windows: Factor out CloseExecFrom
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-06-26 20:13:17 -07:00
Alexander Morozov 4d6c19af8b Fix absolute path getting for runc binary
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-26 14:56:53 -07:00
Michael Crosby f637539def Move libcontainer documenation to root of repo
This moves much of the documentation on contributing and maintainer the
codebase from the libcontainer sub directory to the root of the repo.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-26 11:50:46 -07:00
Phil Estes d95050084b Allow hyphen in "id" (based on `cwd` pathname)
A directory with a hyphen currently generates an InvalidId error because
of the regex in libcontainer.  I don't believe there is any reason a
hyphen should be disallowed.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-06-25 11:27:25 -07:00
Alexander Morozov f74baf28f9 Merge pull request #21 from unclejack/gofmt_pass
libcontainer: gofmt pass
2015-06-23 16:06:18 -07:00
unclejack 9408c09d50 libcontainer: gofmt pass 2015-06-24 01:57:42 +03:00
Michael Crosby 5336c57704 Merge pull request #8 from LK4D4/remove_nsinit_readme
Remove nsinit from libcontainer README.md
2015-06-23 11:33:02 -07:00
Alexander Morozov 5c56d28043 Fix panic in seccomp test on error
It can happen if newContainer is failed. Now test shows real error from
newContainer instead of trace.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-22 19:26:33 -07:00
Alexander Morozov 4ac21b5fd3 Remove nsinit from libcontainer README.md
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-22 10:34:38 -07:00
Michael Crosby f20d95b6f2 Use godeps for building of vendored files
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 09:23:17 -07:00
Michael Crosby 080df7ab88 Update import paths for new repository
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:59 -07:00
Michael Crosby 8f97d39dd2 Move libcontainer into subdirectory
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:15 -07:00