jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
316 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

316 Commits

Author SHA1 Message Date
Victor Marmol c4ec56a9ac Merge pull request #26 from crosbymichael/device-copy-links 
Use lstat to check device symlinks
 2014-06-16 17:42:34 -07:00
Michael Crosby bbb502c8db Use lstat to check device symlinks 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-16 14:51:02 -07:00
Michael Crosby e00eadd77d Merge pull request #17 from alexlarsson/fix-close-race 
Fix invalid fd race
 2014-06-16 13:29:17 -07:00
Victor Marmol 4145356abe Merge pull request #21 from mrunalp/use_path_max 
Use PATH_MAX as buffer size for buffers containing paths.
 2014-06-16 11:06:28 -07:00
Mrunal Patel 014bb3f18f Use PATH_MAX as buffer size for buffers containing paths. 
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
 2014-06-16 10:48:25 -07:00
Victor Marmol 3b5ae6c352 Merge pull request #15 from alexlarsson/mount-cgroup-in-container 
Mount cgroup in container
 2014-06-16 08:57:59 -07:00
Alexander Larsson b441dfa729 Mount cgroups in the container 
We make a tmpfs on /sys/fs/cgroups, and here we mount read-only
versions of all the host cgroups. Additionally we make symlinks
for all merged subsystems.

For any "named" cgroup, such as "name=systemd" we also mount the
subset of the cgroup where the container lives as read-write. This
means that the container can create sub-cgroups inside the container
and move tasks into those, but it can never escape from its current
position in the cgroup hierarchy.

In particular, this allows systemd to mostly work in a non-privileged
container. The only problem currently is that PrivateTmp=true fails
because systemd is not allowed to mount a new /tmp.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-06-16 17:16:23 +02:00
Alexander Larsson e0e0da9e28 pkg/cgroups Add GetCgroupMounts() and GetAllSubsystems() 
This lists all currently mounted cgroups and all supported cgroup
subsystems on the machine.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-06-16 17:16:10 +02:00
Alexander Larsson f6028219a5 Fix invalid fd race 
Sometimes I was getting:

2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor

This happens when applying the capabilities, and the code that
reads the current caps opens /proc/1/status and then reads some data from it.
But during this it gets a EBADFD error.

The problem is that FinalizeNamespace() closes all FDs before applying
the caps, and if a GC then happens after /proc/1/status is opened but
before reading from the fd, then an old os.File finalizer may close the
already closed-and-reused fd, wreaking havoc.

We fix this by instead of closing the FDs we mark them close-on-exec
which guarantees that they will be closed when we do the final
exec into the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-06-16 10:26:18 +02:00
Victor Marmol 124aba2f15 Merge pull request #20 from vbatts/vbatts-cleanup_setns 
nsenter: fixing the cpp order
 2014-06-13 11:19:07 -07:00
Vincent Batts d7cbde80a1 nsenter: fixing the cpp order 
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
 2014-06-13 13:09:13 -04:00
Victor Marmol 82a1592e88 Merge pull request #10 from glyn/hack 
Initial hacker documentation
 2014-06-13 09:49:15 -07:00
Victor Marmol c59b670720 Merge pull request #14 from tianon/travis 
Add Travis
 2014-06-13 08:59:16 -07:00
Glyn Normington e3a8e4e73e Change how to become a maintainer 
These changes were suggested by @vmarmol.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 12:06:05 +01:00
Glyn Normington 988950a4dc Add placeholder for dev env setup 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 12:06:05 +01:00
Glyn Normington e39a0f1eac Correct links to libcontainer issues 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 12:06:05 +01:00
Glyn Normington f363dd3830 Clarify roadmap 
Remove lxc and aufs dependencies and priority of running on older kernels.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 12:06:05 +01:00
Glyn Normington 976a57b02e Add section on testing 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 12:06:05 +01:00
Glyn Normington 74409a5de5 Merge approval criteria 
This is based on feedback from @rjnagal.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 12:05:59 +01:00
Glyn Normington f589d42e81 Remove reference to non-existent script 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 11:25:57 +01:00
Glyn Normington 97a3a7109a Avoid implying Michael wrote the Maintainers' Guide 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 11:25:57 +01:00
Glyn Normington 1c81b532f2 Aspiring maintainers must be aware of the election process 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 11:25:57 +01:00
Glyn Normington 6087476b48 Grammatical improvements 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 11:14:29 +01:00
Glyn Normington 3ce18ef0b3 Move hack directory contents to top level 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 11:14:29 +01:00
Glyn Normington 5e3312f358 Remove reference to AUTHORS file 
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 11:14:29 +01:00
Glyn Normington b49464f6c6 Initial hacker documentation 
This was such a good resource in Docker that it would be a shame to
lose it. Unfortunately, we can't just link to the corresponding
information in the Docker project as a number of aspects are bound to
be different here.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
 2014-06-13 11:14:28 +01:00
Tianon Gravi 6980a6e2fd Add Tianon as the .travis.yml maintainer 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-06-12 13:01:30 -06:00
Tianon Gravi 91b5dbe867 Update .travis.yml to invoke Docker's scripts directly 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-06-12 13:00:04 -06:00
Victor Marmol dae62af4d2 Merge pull request #12 from vbatts/vbatts-fix_setns_rhel6 
nsenter: fix setns() for rhel6 (glibc-2.12)
 2014-06-12 11:44:52 -07:00
Victor Marmol a30b789e07 Merge pull request #11 from timthelion/patch-1 
Grammar in README
 2014-06-12 11:44:03 -07:00
Victor Marmol 4fe4e5c298 Merge pull request #8 from LK4D4/fix_vet_errors 
Fix vet errors
 2014-06-12 11:43:39 -07:00
Victor Marmol 7fffa34066 Merge pull request #5 from crosbymichael/build-flag 
Add build flag for nsenter file
 2014-06-12 11:42:59 -07:00
Michael Crosby f00e7f96db Add travis.yml file 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-12 10:42:31 -07:00
Vincent Batts c43dd7b50d nsenter: fix setns() for rhel6 (glibc-2.12) 
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
 2014-06-12 13:25:52 -04:00
Timothy Hobbs eb396d3136 Grammar in README 2014-06-12 16:07:31 +00:00
LK4D4 0c2c75b12a Fix vet errors 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-12 09:52:31 +04:00
Michael Crosby 1a01d3be50 Add build flag for nsenter file 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-11 11:40:33 -07:00
Michael Crosby 8f74c29bc5 Merge pull request #3 from crosbymichael/update-maintainer-email 
Update email address in maintainer file
 2014-06-11 11:08:02 -07:00
Michael Crosby 588a4d31ab Update email address in maintainer file 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-10 21:17:28 -07:00
Michael Crosby bfcd86f32d Remove todo in favor of github issues 2014-06-10 08:22:54 -07:00
Michael Crosby 10597cb9c5 Update maintainers file 2014-06-10 08:21:46 -07:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Solomon Hykes c1bcd3829b Add licensing information 
Signed-off-by: Solomon Hykes <solomon@docker.com>
 2014-06-09 16:16:58 -07:00
Michael Crosby bd92fe8a70 Gofmt imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-09 16:01:57 -07:00
Michael Crosby 3b1acc34fb Move libcontainer deps into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-09 15:52:12 -07:00
Michael Crosby 2d538dc80d Update for nsenter 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-05 14:31:16 -07:00
Michael Crosby 4e51c8b41f Update nsinit to be nicer to work with and test 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-05 14:13:02 -07:00
Michael Crosby 2b0cb56eb9 Exclude the user namespace for setns 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 18:03:17 -07:00
Michael Crosby 3e6f4b3d0b Move env load to nsenter 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-04 17:54:00 -07:00
Victor Marmol 944b4434a6 Adding initial version of C-based nsenter for allowing execin in 
libcontainer.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-06-05 00:44:13 +00:00