Commit Graph

32 Commits

Author SHA1 Message Date
Aleksa Sarai 244c9fc426
*: console rewrite
This implements {createTTY, detach} and all of the combinations and
negations of the two that were previously implemented. There are some
valid questions about out-of-OCI-scope topics like !createTTY and how
things should be handled (why do we dup the current stdio to the
process, and how is that not a security issue). However, these will be
dealt with in a separate patchset.

In order to allow for late console setup, split setupRootfs into the
"preparation" section where all of the mounts are created and the
"finalize" section where we pivot_root and set things as ro. In between
the two we can set up all of the console mountpoints and symlinks we
need.

We use two-stage synchronisation to ensures that when the syscalls are
reordered in a suboptimal way, an out-of-place read() on the parentPipe
will not gobble the ancilliary information.

This patch is part of the console rewrite patchset.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-12-01 15:49:36 +11:00
Wang Long 8676c75442 Fix the pid-file option for runc run/exec/create command
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-11-02 14:08:32 +08:00
Shukui Yang cc0e2d567f Remove the workaround which add a -- flag to runc exec command and add integration for exec ls -la
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
2016-09-24 12:21:50 +08:00
Shukui Yang d5dd8931c5 fix ps/exec command parameter error
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
2016-09-18 09:34:06 +08:00
Qiang Huang face64a1ed Merge pull request #880 from rajasec/exec-status
Not exec a container from stopped state
2016-08-27 11:07:02 +08:00
Tristan Cacqueray c562e4cd91 exec: Support command arguments
This enables support for exec command argument starting with a '-'.
This uses the usual argument separator '--', for example:
  runc exec containerid -- ps -afx

Without this, cli interprets command argument and fails with
'flag provided but not defined'.

Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
2016-08-26 02:01:40 +00:00
rajasec 98d63504a4 Not exec a container from stopped state
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-08-23 18:25:08 +05:30
Michael Crosby f61c6e413f Disable the subreaper on exec
This keeps the flag but makes it hidden so that existing clients do not
encounter an error if we were to have removed the flag.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-08-19 09:56:00 -07:00
Mrunal Patel a753b06645 Replace github.com/codegangsta/cli by github.com/urfave/cli
The package got moved to a different repository

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-06-06 11:47:20 -07:00
Zhao Lei 8cd952f0a2 manual: Unify EXAMPLE title in code and manual
There are 3 types of EXAMPLE title in manual and code:
1: "# EXAMPLE"
   runc-delete.8.md
   runc-exec.8.md
   runc-kill.8.md
2: "EXAMPE:"
   runc-spec.8.md
3: EXAMPLE title exist in manual, but not exist in code's --help output
   delete.go
   exec.go
   kill.go

This patch unified above format, and deleted some useless blanks.

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
2016-05-25 10:48:11 +08:00
Qiang Huang 8477638aab Update cli package
The old one has bug when showing help message for IntFlags.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-10 13:58:09 +08:00
rajasec c3cc4b36ba Fixing index out of range during exec of container
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

updated the arguments check as per review comment

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-04-20 14:25:50 +05:30
Michael Crosby f417e993d0 Update spec to v0.5.0
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-12 14:11:40 -07:00
George Lestaris f7ae27bfb7 HookState adhears to OCI
Signed-off-by: George Lestaris <glestaris@pivotal.io>
Signed-off-by: Ed King <eking@pivotal.io>
2016-04-06 16:57:59 +01:00
Alexander Morozov bbde9c426f Merge pull request #646 from crosbymichael/pid-host-block
Destroy container along with processes before stdio
2016-03-17 09:51:59 -07:00
Michael Crosby fdb100d247 Destroy container along with processes before stdio
We need to make sure the container is destroyed before closing the stdio
for the container.  This becomes a big issues when running in the host's
pid namespace because the other processes could have inherited the stdio
of the initial process.  The call to close will just block as they still
have the io open.

Calling destroy before closing io, especially in the host pid namespace
will cause all additional processes to be killed in the container's
cgroup.  This will allow the io to be closed successfuly.

This change makes sure the order for destroy and close is correct as
well as ensuring that if any errors encoutered during start or exec will
be handled by terminating the process and destroying the container.  We
cannot use defers here because we need to enforce the correct ordering
on destroy.

This also sets the subreaper setting for runc so that when running in
pid host, runc can wait on the addiontal processes launched by the
container, useful on destroy, but also good for reaping the additional
processes that were launched.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-15 13:17:11 -07:00
Rajasekaran d1faa82a0a Adding spec validation for exec and start
Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

Rebased with latest spec version

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-13 21:58:00 +05:30
Michael Crosby 47eaa08f5a Update runc usage for new specs changes
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:18:39 -08:00
Michael Crosby 044e298507 Improve error handling in runc
The error handling on the runc cli is currenly pretty messy because
messages to the user are split between regular stderr format and logrus
message format.  This changes all the error reporting to the cli to only
output on stderr and exit(1) for consumers of the api.

By default logrus logs to /dev/null so that it is not seen by the user.
If the user wants extra and/or structured loggging/errors from runc they
can use the `--log` flag to provide a path to the file where they want
this information.  This allows a consistent behavior on the cli but
extra power and information when debugging with logs.

This also includes a change to enable the same logging information
inside the container's init by adding an init cli command that can share
the existing flags for all other runc commands.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-09 11:08:30 -08:00
Michael Crosby 3cc90bd2d8 Add support for process overrides of settings
This commit adds support to libcontainer to allow caps, no new privs,
apparmor, and selinux process label to the process struct so that it can
be used together of override the base settings on the container config
per individual process.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-03 11:41:33 -08:00
Michael Crosby f23ff4d194 Fix bundle path for exec
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-25 10:29:48 -08:00
Mike Brown f4e37ab63e updating usage for runc and runc commands
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-17 09:00:39 -06:00
Doug Davis ad26ef1afc Create some util funcs that are common between start and exec
and it'll really help my start/create PR when I need to rebase  :-)

Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-02-09 10:22:44 -08:00
Michael Crosby a7278cad98 Require containerd id as arg 1
Closes #532

This requires the container id to always be passed to all runc commands
as arg one on the cli.  This was the result of the last OCI meeting and
how operations work with the spec.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-09 11:20:55 -08:00
Mike Brown c2c0458598 merges latest spec with runc
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-05 12:47:09 -08:00
Michael Crosby fbc74c0eba Add detach and pid-file to restore
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:56:21 -08:00
Michael Crosby 92ab7309d5 Add detach to exec
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:53:45 -08:00
Michael Crosby e838be38d2 Add load process.json for exec command
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:53:45 -08:00
Jessica Frazelle f931e446b4
update exec to pass args and --tty on run
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-28 17:45:51 -08:00
Michael Crosby 4c4c9b85b7 Add --console to specify path to use from runc
This flag allows systems that are running runc to allocate tty's that
they own and provide to the container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-07 15:01:36 -08:00
Mrunal Patel 9f739e0429 Validate process configuration for runc exec
We make sure that the args are present. All other items are optional and default to sensible values.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-11-06 14:08:50 -05:00
Tonis Tiigi 47f294d0ed Add exec command
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-19 12:01:38 -07:00