Commit Graph

2817 Commits

Author SHA1 Message Date
Qiang Huang 220e5098a8 Fix default cgroup path
Alternative of #895 , part of #892

The intension of current behavior if to create cgroup in
parent cgroup of current process, but we did this in a
wrong way, we used devices cgroup path of current process
as the default parent path for all subsystems, this is
wrong because we don't always have the same cgroup path
for all subsystems.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-08-30 14:12:15 +08:00
Qiang Huang 0c80599812 Combine runctestimage and runcimage
There is no need that keep them separate, it also
fixes #1006.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-08-30 09:46:47 +08:00
Qiang Huang 189a2ab2f7 Merge pull request #1003 from rajasec/container-error
Error handling when container not exists
2016-08-27 11:18:55 +08:00
Qiang Huang face64a1ed Merge pull request #880 from rajasec/exec-status
Not exec a container from stopped state
2016-08-27 11:07:02 +08:00
Qiang Huang dc9be6cab1 Merge pull request #933 from zhaoleidd/workaround_for_ps
cli: Workaround for ps's argument
2016-08-27 10:57:17 +08:00
Mrunal Patel 9b53b362e2 Merge pull request #906 from TristanCacqueray/master
Add "--" exec cli support for command arguments
2016-08-26 10:35:26 -07:00
Tristan Cacqueray c562e4cd91 exec: Support command arguments
This enables support for exec command argument starting with a '-'.
This uses the usual argument separator '--', for example:
  runc exec containerid -- ps -afx

Without this, cli interprets command argument and fails with
'flag provided but not defined'.

Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
2016-08-26 02:01:40 +00:00
Qiang Huang 1e319efa36 Merge pull request #815 from rajasec/basecont-comments
Updated the libcontainer interface comments
2016-08-26 09:43:50 +08:00
rajasec 714550f87c Error handling when container not exists
Signed-off-by: rajasec <rajasec79@gmail.com>

Error handling when container not exists

Signed-off-by: rajasec <rajasec79@gmail.com>

Error handling when container not exists

Signed-off-by: rajasec <rajasec79@gmail.com>

Error handling when container not exists

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-08-26 00:00:54 +05:30
Daniel, Dao Quang Minh 91dd6d2452 Merge pull request #1002 from crosbymichael/stopped
Return 0 for pid if container is stopped
2016-08-25 18:18:32 +01:00
Michael Crosby 4294d882b1 Return 0 for pid if container is stopped
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-08-25 09:44:48 -07:00
Michael Crosby 46d9535096 Merge pull request #934 from macrosheep/fix-initargs
Fix and refactor init args
2016-08-24 10:06:01 -07:00
Mrunal Patel 4d34c30196 Merge pull request #988 from chlunde/i386-32-bit-uid
Support 32 bit UID on i386
2016-08-24 09:55:41 -07:00
Daniel, Dao Quang Minh c92d105863 Merge pull request #997 from xiekeyang/defer
let defer function
2016-08-24 11:15:53 +01:00
Aleksa Sarai e43f740ed7
Merge branch 'pr-987'
Closes #987 [Test: Make TestCaptureTestFunc pass in localunittest]
2016-08-24 18:37:06 +10:00
Aleksa Sarai a56fc8264c
Merge branch 'pr-878'
Closes #878 [Adjust man pages for create start split].
2016-08-24 18:35:11 +10:00
xiekeyang 200f8cb69d let defer function
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2016-08-24 11:35:49 +08:00
Michael Crosby b4ffe2974d Merge pull request #995 from estesp/starttime-for-criu-container
Restored-from-checkpoint containers should have a start time
2016-08-23 15:07:14 -07:00
Alexander Morozov 0c6733d669 Merge pull request #970 from hqhq/fix_race_cgroup_paths
Fix race condition when using cgroups.Paths
2016-08-23 10:47:00 -07:00
rajasec 1ea17d73fe Updated the libcontainer interface comments
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-08-23 19:14:27 +05:30
rajasec 98d63504a4 Not exec a container from stopped state
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-08-23 18:25:08 +05:30
Aleksa Sarai 31d51c10e1
Merge branch 'pr-994'
Closes #994
2016-08-23 01:47:41 +10:00
xiekeyang 206fea7f50 remove unused code
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2016-08-22 17:16:45 +08:00
Phil Estes 85f4d20b44
Restored-from-checkpoint containers should have a start time
Set the start time similar to a brand new container.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2016-08-21 18:15:18 -04:00
Daniel, Dao Quang Minh c520720728 Merge pull request #993 from crosbymichael/disable-subreaper-exec
Disable the subreaper on exec
2016-08-19 18:18:08 +01:00
Michael Crosby f61c6e413f Disable the subreaper on exec
This keeps the flag but makes it hidden so that existing clients do not
encounter an error if we were to have removed the flag.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-08-19 09:56:00 -07:00
Daniel, Dao Quang Minh 84c344d260 Merge pull request #992 from xiekeyang/master
move util function
2016-08-19 15:56:40 +01:00
xiekeyang 2fcbb5a494 move util function
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2016-08-19 16:08:06 +08:00
Michael Crosby 6df383c2f8 Merge pull request #989 from mrunalp/fix_format
Fix format specifier for size_t
2016-08-17 11:54:33 -07:00
Mrunal Patel 0bd675a56c Fix format specifier for size_t
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-08-17 11:40:08 -07:00
Mrunal Patel aee3f6ff5a Merge pull request #950 from cyphar/cleanup-nsenter
nsenter: major cleanups
2016-08-16 16:00:22 -07:00
Aleksa Sarai 4e72ffc237
nsenter: simplify netlink parsing
This just moves everything to one function so we don't have to pass a
bunch of things to functions when there's no real benefit. It also makes
the API nicer.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-08-17 08:21:48 +10:00
Carl Henrik Lunde 0a45903563 Support 32 bit UID on i386
The original SETUID takes a 16 bit UID.  Linux 2.4 introduced  a new
syscall, SETUID32, with support for 32 bit UIDs.  The setgid wrapper
already uses SETGID32.

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
2016-08-16 22:47:38 +02:00
Zhao Lei bb067f55aa Test: Make TestCaptureTestFunc pass in localunittest
TestCaptureTestFunc failed in localunittest:
 # make localunittest
 === RUN   TestCaptureTestFunc
 --- FAIL: TestCaptureTestFunc (0.00s)
         capture_test.go:26: expected package "github.com/opencontainers/runc/libcontainer/stacktrace" but received "_/root/runc/libcontainer/stacktrace"
 #

Reason: the path for stacktrace is a fixed string which
only valid for container environment.
And we can switch to relative path to make both in-container
and out-of-container test works.

After patch:
 # make localunittest
 === RUN   TestCaptureTestFunc
 --- PASS: TestCaptureTestFunc (0.00s)
 #

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
2016-08-16 18:37:01 +08:00
Michael Crosby 12c3d17017 Merge pull request #985 from hallyn/whitelist
checkMountDesktionation: add swaps and uptime to /proc whitelist
2016-08-15 09:42:23 -07:00
Serge Hallyn 52a8873f62 checkMountDesktionation: add swaps and uptime to /proc whitelist
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2016-08-14 18:32:39 -05:00
Aleksa Sarai faa3281ce8
nsenter: major cleanup
Removed a lot of clutter, improved the style of the code, removed
unnecessary complexity. In addition, made errors unique by making bail()
exit with a unique error code. Most of this code comes from the current
state of the rootless containers branch.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-08-13 03:18:04 +10:00
Michael Crosby ae7a92e352 Merge pull request #983 from justincormack/no-dev-fuse
Do not create /dev/fuse by default
2016-08-12 09:35:08 -07:00
Michael Crosby 7d8f322fdd Merge pull request #860 from bgray/806-set_cgroup_cpu_rt_before_joining
Set the cpu cgroup RT sched params before joining.
2016-08-12 09:24:15 -07:00
Mrunal Patel e9b06d166e Merge pull request #981 from dims/mask-timer_list
Adding /proc/timer_list to the masked paths list
2016-08-12 07:04:39 -07:00
Justin Cormack 834e53144b Do not create /dev/fuse by default
This device is not required by the OCI spec.

The rationale for this was linked to https://github.com/docker/docker/issues/2393

So a non functional /dev/fuse was created, and actual fuse use still is
required to add the device explicitly. However even old versions of the JVM
on Ubuntu 12.04 no longer require the fuse package, and this is all not
needed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-08-12 13:00:24 +01:00
Aleksa Sarai 91ff092487 Merge pull request #972 from brauner/2016-08-05/add_requires_for_cgroups_kmem
tests: add requires cgroups_kmem
2016-08-12 18:50:59 +10:00
Davanum Srinivas 27915db384 Adding /proc/timer_list to the masked paths list
/proc/timer_list seems to leak information about the host. Here is
an example from a busybox container running on docker+kubernetes.

 # cat /proc/timer_list | grep -i -e kube
 <ffff8800b8cc3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2497
 <ffff880129ac3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3478
 <ffff8800b1b77db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3470
 <ffff8800bb6abdb0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2499

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2016-08-11 19:02:02 -04:00
Christian Brauner 7c59766049
tests: add requires cgroups_kmem
On older kernels or kernels were CONFIG_MEMCG_KMEM is not set some cgroup tests
cannot be run. We simply test for the existence of the file
"${CGROUP_BASE_PATH}/memory/memory.kmem.limit_in_bytes" which should be
sufficient to conclude that CONFIG_MEMCG_KMEM is not set.

Signed-off-by: Christian Brauner <cbrauner@suse.de>
2016-08-10 15:17:22 +02:00
Aleksa Sarai 0f76457138 Merge pull request #980 from LK4D4/safer_hook_run
libcontainer/configs: make hooks run safer
2016-08-09 22:22:04 +10:00
Alexander Morozov 7679c80be5 libcontainer/configs: make hooks run safer
It's possible that `cmd.Process` is still nil when we reach timeout.
Start creates `Process` field synchronously, and there is no way to such
race.

Signed-off-by: Alexander Morozov <lk4d4math@gmail.com>
2016-08-08 10:16:35 -07:00
Alexander Morozov 946d3b7c9d Merge pull request #979 from hmeng-19/fix_chdir_err
Fix the err info of chdir(cwd) failure
2016-08-08 09:57:53 -07:00
Alexander Morozov 6c7e43594e Merge pull request #978 from hmeng-19/fix_mount_error
Fix the err info of mount failure
2016-08-08 09:51:57 -07:00
Mrunal Patel 1fb47b08fc Merge pull request #974 from hqhq/fix_cgroup_test
Use absolute cgroup path for integration test
2016-08-08 09:32:35 -07:00
Haiyan Meng def07036a0 Fix the err info of chdir(cwd) failure
Signed-off-by: Haiyan Meng <haiyanalady@gmail.com>
2016-08-08 12:26:59 -04:00