jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,842 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

1842 Commits

Author SHA1 Message Date
Vivek Goyal d1f4a5b8b5 libcontainer: Allow passing mount propagation flags 
Right now if one passes a mount propagation flag in spec file, it
does not take effect. For example, try following in spec json file.

{
  "type": "bind",
  "source": "/root/mnt-source",
  "destination": "/root/mnt-dest",
  "options": "rbind,shared"
}

One would expect that /root/mnt-dest will be shared inside the container
but that's not the case.

#findmnt -o TARGET,PROPAGATION
`-/root/mnt-dest                      private

Reason being that propagation flags can't be passed in along with other
regular flags. They need to be passed in a separate call to mount syscall.
That too, one propagation flag at a time. (from mount man page).

Hence, store propagation flags separately in a slice and apply these
in that order after the mount call wherever appropriate. This allows
user to control the propagation property of mount point inside
the container.

Storing them separately also solves another problem where recursive flag
(syscall.MS_REC) can get mixed up. For example, options "rbind,private"
and "bind,rprivate" will be same and there will be no way to differentiate
between these if all the flags are stored in a single integer.

This patch would allow one to pass propagation flags "[r]shared,[r]slave,
[r]private,[r]unbindable" in spec file as per mount property.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
 2015-09-16 15:53:23 -04:00
Alexander Morozov dae4560ec2 Merge pull request #257 from mrunalp/cap_prefix 
Add CAP prefix for capabilities
 2015-09-16 11:39:39 -07:00
Mrunal Patel abb40ac3c7 Merge pull request #272 from laijs/close-config-file 
close config file after loaded
 2015-09-16 11:34:12 -07:00
Mrunal Patel 5a599a4c10 Merge pull request #268 from laijs/runc-usage 
update the command usage of `runc`
 2015-09-16 08:59:23 -07:00
Lai Jiangshan 8132f4d797 close config file after loaded 
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
 2015-09-16 10:54:53 +08:00
Lai Jiangshan 66f152d6dd simple refactor for the options of `runc spec` 
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
 2015-09-16 10:06:59 +08:00
Lai Jiangshan ac56948250 update the command usage of `runc` 
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
 2015-09-16 09:49:06 +08:00
Mrunal Patel ec37110957 Update README for the CAP prefix change 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-09-15 14:44:12 -04:00
Mrunal Patel 859abee0c8 Add CAP prefix for capabilities 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-09-15 14:43:03 -04:00
Mrunal Patel 4ab132458f Merge pull request #242 from LK4D4/adjust_spec 
Adjust runc to new opencontainers/specs version
 2015-09-15 10:21:58 -07:00
Alexander Morozov ea5032bc5e Adjust runc to new opencontainers/specs version 
I deleted possibility to specify config file from commands for now.
Until we decide how it'll be done. Also I changed runc spec interface to
write config files instead of output them.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-09-15 08:35:25 -07:00
Mrunal Patel 07a2f4eaa5 Merge pull request #237 from hqhq/hq_add_testflags_docs 
Add testing docs in README
 2015-09-14 19:24:10 -07:00
Qiang Huang 088fd3f6df Add testing docs in README 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-09-15 08:30:28 +08:00
Mrunal Patel 4d8e13fc3e Merge pull request #43 from LK4D4/new_netlink 
New netlink library
 2015-09-14 14:01:07 -07:00
Mrunal Patel 1cf8ac8d6e Merge pull request #248 from rajasec/fixcheckpoint 
Fixing checkpoint issue
 2015-09-14 13:53:54 -07:00
Michael Crosby 6d2761d67e Merge pull request #251 from hqhq/hq_fix_comments 
Minor comments fix
 2015-09-14 13:44:19 -07:00
Mrunal Patel 486ac97618 Merge pull request #236 from hqhq/hq_fix_cgroup_rw 
Always remount for bind mount
 2015-09-14 12:08:34 -07:00
Michael Crosby c4780db6a5 Merge pull request #266 from rajasec/seccompfix 
make localtest failure on removing seccomp flag in Makefile
 2015-09-14 12:00:08 -07:00
Rajasekaran 2940f73a14 make localtest failure on removing seccomp flag 
Signed-off-by: Rajasekaran <rajasec79@gmail.com>
 2015-09-12 14:43:55 +05:30
Mrunal Patel ef9471fd5b Merge pull request #253 from avagin/cr-cgroups 
c/r: create cgroups to restore a container
 2015-09-11 18:03:40 -07:00
Mrunal Patel 8660fd2325 Merge pull request #265 from crosbymichael/tags 
Add all support build tags for runc features
 2015-09-11 12:16:37 -07:00
Michael Crosby 3200c16937 Add all support build tags for runc features 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-11 12:12:18 -07:00
Alexander Morozov b0fd9fb75a Merge pull request #220 from crosbymichael/build-tags 
Add seccomp build tag
 2015-09-11 12:06:27 -07:00
Michael Crosby a8e0185d97 Add seccomp build tag 
Add a seccomp build tag and also support in the Makefile to add or
remove build tags.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-11 12:03:57 -07:00
Alexander Morozov 7d122ff30e Merge pull request #261 from crosbymichael/hooks 
Implement hooks in libcontainer code base
 2015-09-11 11:43:49 -07:00
David Calavera 0f28592b35 Turn hook pointers into values. 
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-11 11:34:34 -07:00
Michael Crosby dd969cbacd Add test for function based hooks 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-10 18:15:00 -07:00
Mrunal Patel 1dca365393 Add test for prestart hook 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Conflicts:
	libcontainer/integration/exec_test.go
 2015-09-10 17:59:36 -07:00
Michael Crosby 05567f2c94 Implement hooks in libcontainer 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-09-10 17:57:31 -07:00
Mrunal Patel cd01b01018 Merge pull request #259 from hqhq/hq_fix_cgroup 
Fix bug in find cgroup mount point dir
 2015-09-10 12:01:22 -07:00
Andrey Vagin df39686c93 c/r: create cgroups to restore a container 
Here are two reasons:
* If we use systemd, we need to ask it to create cgroups
* If a container is restored with another ID, we need to
  change paths to cgroups.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-09-10 21:00:27 +03:00
Andrey Vagin da2535f2d1 mount: don't read /proc/self/cgroup many times 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-09-10 21:00:22 +03:00
Andrey Vagin e49c1dc559 Rework ParseCgroupFile 
Currently we parse /proc/self/cgroup for each controller.
It's ineffective.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-09-10 20:59:27 +03:00
Alexander Morozov 24f4d5d1fd Remove old netlink library 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-09-09 19:38:02 -07:00
Alexander Morozov 916bd6bd68 Use github.com/vishvananda/netlink for networking 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-09-09 19:32:46 -07:00
Qiang Huang b94fe5b7f8 Fix bug in find cgroup mount point dir 
Bug was introduced in #250

According to: http://man7.org/linux/man-pages/man5/proc.5.html

36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
(1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
...
(7)  optional fields: zero or more fields of the form
       "tag[:value]".
The 7th field is optional. We should skip it when parsing mount info.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-09-10 08:29:12 +08:00
Mrunal Patel 5731a045fe Merge pull request #250 from hqhq/hq_cgroup_cleanup 
Some cgroups cleanup
 2015-09-09 11:48:02 -07:00
Qiang Huang f2ec7eff7e Rename FindCgroupMountpointAndSource 
Rename it to FindCgroupMountpointAndRoot.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-09-09 09:29:11 +08:00
Qiang Huang bc67941c72 Parse directly in FindCgroupMountpointDir 
Unify it with FindCgroupMountpoint, and add comments why
we should to do this.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-09-09 09:28:50 +08:00
Qiang Huang 8f35c181b2 Minor comments fix 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-09-07 10:39:22 +08:00
Rajasekaran 57cc442c13 Fixing checkpoint issue 
Signed-off-by: Rajasekaran <rajasec79@gmail.com>
 2015-09-04 16:20:45 +05:30
Mrunal Patel 0f85e4e1a3 Merge pull request #239 from rajasec/restore-leaverunning 
Restorefixforrunningcontainer
 2015-09-02 11:21:30 -07:00
Alexander Morozov 05b1cda5dd Merge pull request #235 from hqhq/hq_fix_cgroup_test 
Fix cgroup mount tests
 2015-09-01 14:57:44 -07:00
Mrunal Patel 5c92e5d7e0 Merge pull request #232 from vishh/oom-score-adj 
Adding oom_score_adj as a container config param
 2015-08-31 14:45:29 -07:00
Vishnu Kannan cc232c4707 Adding oom_score_adj as a container config param. 
Signed-off-by: Vishnu Kannan <vishnuk@google.com>
 2015-08-31 14:02:59 -07:00
Rajasekaran 77af09efd6 Restorefixforrunningcontainer 
Signed-off-by: Rajasekaran <rajasec79@gmail.com>
 2015-08-31 22:16:38 +05:30
Mrunal Patel 8447547797 Merge pull request #233 from shishir-a412ed/comment_move 
cleanup: outdated comment
 2015-08-31 09:27:34 -07:00
Qiang Huang 085f465c00 Fix cgroup mount tests 
I got:
```
exec_test.go:823: Mode expected to contain 'ro,nosuid,nodev,noexec': tmpfs on /sys/fs/cgroup type tmpfs (ro,seclabel,nosuid,nodev,noexec,relatime,mode=755
```wq

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-08-31 11:23:18 +08:00
Qiang Huang b7385e291c Always remount for bind mount 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-08-31 11:10:34 +08:00
Shishir Mahajan 0f3545e3d3 cleanup: outdated comment 
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
 2015-08-29 11:50:39 -04:00