Commit Graph

1160 Commits

Author SHA1 Message Date
Victor Marmol 1b755bf962 Merge pull request #386 from mrunalp/userns_check
Validation for user namespace in the config.
2015-02-19 09:16:13 -08:00
Rohit Jnagal 8c3b6b1868 Merge pull request #387 from mrunalp/rootfs_config
Fixes bug where rootfs was empty instead of pwd when not specified.
2015-02-19 08:27:22 -08:00
Mrunal Patel f34b3b765f Validation for User Namespaces in the config.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-02-18 23:14:01 -08:00
Mrunal Patel 4d863b7bd0 Fixes bug where rootfs was empty instead of pwd when not specified.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-02-18 21:36:04 -08:00
Mrunal Patel d06a2dab9f Merge pull request #385 from crosbymichael/userns-updates
Make usernamespaces work without sidecar process
2015-02-18 16:20:49 -08:00
Michael Crosby afa8443118 Remove userns sidecar process
Move the network setup back into the standard init even for user
namespaces now that mounts are fully supported and working.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-18 15:47:26 -08:00
Michael Crosby 339edce03e Update console and mount handling for user namespaces
This updates the console handling to chown the console on creation to
the root user within the container.

This also moves the setup mounts from the userns sidecar process into
the main init processes by trying to mknod devices, if it fails on an
EPERM then bind mount the device from the host into the container for
use.  This prevents access issues when the sidecar process mknods the
device for the usernamespace returning an EPERM when writting to
dev/null.

This also adds some error handling for init processes and nsinit updates
with added flags for testing and other functions.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-17 21:37:02 -08:00
Mrunal Patel f4a4391e4e Merge pull request #371 from coolljt0725/add_support_cpu_cfs_quota
Add systemd support cpu.cfs_quota_us and cpu.cfs_period_us
2015-02-17 10:42:14 -08:00
Mrunal Patel cc42996625 Merge pull request #382 from crosbymichael/merges
Update api branch with master changes
2015-02-16 15:20:01 -08:00
Michael Crosby f4cf808a3d Merge branch 'master' into api
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	MAINTAINERS
	cgroups/cgroups.go
	cgroups/fs/apply_raw.go
	cgroups/fs/notify_linux.go
	cgroups/fs/notify_linux_test.go
	cgroups/systemd/apply_systemd.go
	config.go
	configs/config_test.go
	console/console.go
	integration/exec_test.go
	integration/init_test.go
	integration/template_test.go
	integration/utils_test.go
	linux_notify.go
	linux_notify_test.go
	mount/init.go
	mount/mount_config.go
	mount/pivotroot.go
	mount/ptmx.go
	namespaces/create.go
	namespaces/exec.go
	namespaces/execin.go
	namespaces/init.go
	namespaces/nsenter/nsenter.c
	namespaces/nsenter/nsenter.go
	namespaces/utils.go
	network/network.go
	network/types.go
	network/veth.go
	notify_linux.go
	notify_linux_test.go
	nsinit/exec.go
	nsinit/main.go
	nsinit/nsenter.go
	nsinit/oom.go
	sample_configs/host-pid.json
	sample_configs/userns.json
	security/capabilities/capabilities.go
	update-vendor.sh
2015-02-16 15:09:42 -08:00
Michael Crosby 55d61e22c5 Merge pull request #381 from crosbymichael/configfactory
Add functional API for Factory configuration
2015-02-16 11:44:47 -08:00
Michael Crosby b21b19e060 Add factory configuration via functional api
This allows you to set certian configuration options such as what cgroup
implementation to use on the factory at create time.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-16 11:26:13 -08:00
Michael Crosby 4c43b0f498 Add mutex around stateful container operations
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-16 09:59:02 -08:00
Victor Marmol 2b45128091 Merge pull request #379 from mrunalp/userns_config_gen
Add config generation for simple user namespace testing.
2015-02-13 17:20:30 -08:00
Mrunal Patel cacc15360e Add config generation for simple user namespace testing.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-02-13 20:17:16 -05:00
Victor Marmol 8002fd2263 Merge pull request #378 from mrunalp/cleanup_comments
Fixed some typos and tried to make comments read better.
2015-02-13 16:18:57 -08:00
Mrunal Patel a1d509759b Fixed some typos and tried to make comments read better.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-02-13 19:06:17 -05:00
Michael Crosby 2990f254f0 Merge pull request #377 from mrunalp/console_path
Add a constant for the container console path.
2015-02-13 15:24:44 -08:00
Mrunal Patel 77085907a4 Add a constant for the container console path.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-02-13 18:23:17 -05:00
Michael Crosby 3f35b26b8b Merge pull request #373 from LK4D4/netlink_hairpin_support
Use netlink to set hairpin mode
2015-02-13 14:08:28 -08:00
Lei Jitang 29f5cb6b39 Add systemd support cpu.cfs_quota_us and cpu.cfs_period_us
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-02-13 14:33:03 +08:00
Victor Marmol 031524c73d Merge pull request #375 from crosbymichael/move-system-mounts
Refactor system mounts to be placed on the config
2015-02-12 21:36:03 -08:00
Alexander Morozov ebefcddc3c Use netlink to set hairpin mode
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-02-12 18:40:54 -08:00
Michael Crosby 1a37242fa2 Refactor system mounts to be placed on the config
Also remove the RestrictSys bool replaced by configurable paths that the
user can specify.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-12 16:58:38 -08:00
Michael Crosby a9a503082e Merge pull request #374 from LK4D4/go1.3_support
Fix compilation with golang 1.3(uid/gid mappings is unsupported)
2015-02-12 14:21:41 -08:00
Alexander Morozov fe9f766895 Fix compilation with golang 1.3(uid/gid mappings is unsupported)
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-02-12 13:28:07 -08:00
Mrunal Patel cee97cb0cc Merge pull request #372 from rhatdan/gcc5.0
Changes required to keep gcc 5.0 quiet and happy.
2015-02-12 11:42:14 -08:00
Dan Walsh 6262667787 Changes required to keep gcc 5.0 quiet
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-02-12 14:21:34 -05:00
Mrunal Patel e2ed997ae5 Merge pull request #370 from crosbymichael/state
Ensure state is persisted
2015-02-12 11:19:58 -08:00
Michael Crosby c2403c32db Add GetPath on namespace config
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-12 10:38:43 -08:00
Michael Crosby 91a3f162af Implement nsinit state command
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 18:49:28 -08:00
Michael Crosby 5df859ad24 Add config command to nsinit
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 17:26:29 -08:00
Michael Crosby d909440c48 Unexport certain internal funcs and types
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 17:12:03 -08:00
Michael Crosby 5c246d038f Persist container state to disk
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 16:52:28 -08:00
Michael Crosby 31327166e5 Rename OOM to NotifyOOM
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 15:09:54 -08:00
Michael Crosby 7fff13632e Add state method to return container's runtime state
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 14:45:07 -08:00
Victor Marmol 9f0cca11d0 Merge pull request #367 from crosbymichael/validation
API Refactoring
2015-02-11 13:47:45 -08:00
Michael Crosby fde0b7aa0d Refactor network and veth creation
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 13:33:58 -08:00
Michael Crosby 2ec6b585ea Add new API examples to readme
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:27 -08:00
Michael Crosby 758d151e61 Fully remove security package
This moves the capabilities package into the root package.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby ad49d71504 Remove network package
Also add ability to get network stats from multiple interfaces.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 6a04779b41 Remove restrict package
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 1c895b409a Move mount logic into root package
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby b0e274c0d2 Remove console package and add Console type
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 20daff5e2c Move mount package into libcontainer root
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 1edada52fd Move Cwd and User to Process
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 9dcbc4f3f8 Implement container signaling
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 0c1919c427 Refactor parent processes into types
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 21bb5ccc4f Move environment configuration to Process
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 58023ad32f Add parent death signal to the container config
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00