More people are using this to test new features and this makes it very
simple to run a container with a simple command.
`nsinit exec --tty sh`
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently we have a problem when buffers are used for std file
descriptors. These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Move the network setup back into the standard init even for user
namespaces now that mounts are fully supported and working.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This updates the console handling to chown the console on creation to
the root user within the container.
This also moves the setup mounts from the userns sidecar process into
the main init processes by trying to mknod devices, if it fails on an
EPERM then bind mount the device from the host into the container for
use. This prevents access issues when the sidecar process mknods the
device for the usernamespace returning an EPERM when writting to
dev/null.
This also adds some error handling for init processes and nsinit updates
with added flags for testing and other functions.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This allows you to set certian configuration options such as what cgroup
implementation to use on the factory at create time.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This removes a new unused methods from the container interface and types
parameters such as os.Signal and WaitStatus
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Change the various config structs into one package and have a flatter
structure for easier use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This adds the ability to receive OOM notifications for a container via
the `nsinit oom` command.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
A new constructor function (like nsenter) is added in this patch. This
function gets arguments from environment variables and its behaviour doesn't
depend on a command line arguments.
A program which calls factory.StartInitialization() must import the nsenter
package. It looks ugly, but I don't know another way how to enter into CT from
a go code.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Use namespace.Exec() and namespace.Init() to execute processes in CT.
Now an init process is actually executed in a new container. This series
doesn't change code about creating containers, it only reworks code according
with new API.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
This removes the entire syncpipe package and replaces it with standard
operations on the pipes. The syncpipe type just never felt right and
probably should not have been there.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Since currently the container.json file does not include the pathname
to a container's root filesystem, we need to parse /proc/mounts which
is slow and error-prone. This patch addresses this issue by adding a
new RootFs field.
Signed-off-by: Saied Kazemi <saied@google.com>
Qiang Huang
wonderflow
Mrunal Patel
Michael Crosby
Alexander Morozov
Andrey Vagin
Victor Marmol
Saied Kazemi
Michael Crosby