Mrunal Patel
c7ebda72ac
Add a test for testing that we ignore cgroup2 mounts
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-11 16:49:53 -08:00
Mrunal Patel
e7b57cb042
Ignore cgroup2 mountpoints
...
Our current cgroup parsing logic assumes cgroup v1 mounts
so we should ignore cgroup2 mounts for now
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-11 12:34:50 -08:00
Michael Crosby
5d93fed3d2
Set init processes as non-dumpable
...
This sets the init processes that join and setup the container's
namespaces as non-dumpable before they setns to the container's pid (or
any other ) namespace.
This settings is automatically reset to the default after the Exec in
the container so that it does not change functionality for the
applications that are running inside, just our init processes.
This prevents parent processes, the pid 1 of the container, to ptrace
the init process before it drops caps and other sets LSMs.
This patch also ensures that the stateDirFD being used is still closed
prior to exec, even though it is set as O_CLOEXEC, because of the order
in the kernel.
https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318
The order during the exec syscall is that the process is set back to
dumpable before O_CLOEXEC are processed.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-01-11 09:56:56 -08:00
Daniel, Dao Quang Minh
2cc5a91249
Merge pull request #1260 from coolljt0725/remove_redundant
...
Cleanup: remove redundant code
2017-01-11 17:18:15 +00:00
Mrunal Patel
eedebb8c40
Merge pull request #1265 from WeiZhang555/fix-exec-regression
...
Fix regression of exec command
2017-01-10 11:08:59 -08:00
Zhang Wei
7719dca0ae
Fix regression of exec command
...
Set minimal required args to 1 for `exec` command to roll back to
previous behavior, also modify help message a little bit.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-01-10 22:52:05 +08:00
Qiang Huang
db99936a0e
Merge pull request #1110 from avagin/cpt-in-userns
...
checkpoint: handle config.Devices and config.MaskPaths
2017-01-10 00:34:40 -06:00
Mrunal Patel
11f6c37e75
Merge pull request #1248 from datawolf/fix-the-outdated-comment
...
Fix the outdated comment for Error interface
2017-01-09 11:14:07 -08:00
Mrunal Patel
7ae521cef0
Merge pull request #1251 from datawolf/update-cgroup-comment
...
cgroups: update the comments
2017-01-09 11:13:39 -08:00
Michael Crosby
54a4439700
Merge pull request #1252 from FengtuWang/remove-i
...
remove `-i` option to avoid failure of jenkins in non-interactive mode.
2017-01-09 10:51:13 -08:00
Michael Crosby
9100e5f1f9
Merge pull request #1254 from hqhq/fix_go_vet
...
Fix go_vet errors
2017-01-09 10:49:45 -08:00
Michael Crosby
9adbb6cbf0
Merge pull request #1255 from hqhq/fix_typo
...
Fix typos
2017-01-09 10:49:16 -08:00
Michael Crosby
70672da684
Merge pull request #1257 from mrunalp/fix_warnings
...
Simplify error handling on function return
2017-01-09 10:48:17 -08:00
Michael Crosby
d8bf8b2e5a
Merge pull request #1258 from mrunalp/remove_dead_code
...
Remove unused code and unnecessary conversion
2017-01-09 10:47:02 -08:00
Michael Crosby
fb0beac48f
Merge pull request #1259 from mrunalp/fix_err_chk_shadow
...
Fix error shadow and error check warnings
2017-01-09 10:46:18 -08:00
Michael Crosby
5b8d1ecb4a
Merge pull request #1232 from Mashimiao/fix-makefile-add-pages-cleanup
...
Makefile: add manpage cleanup
2017-01-09 10:35:19 -08:00
Michael Crosby
44e60af49d
Merge pull request #1196 from hqhq/fix_cgroup_leftover
...
Fix leftover cgroup directory issue
2017-01-09 10:31:04 -08:00
Lei Jitang
689a116d18
Cleanup: remove redundant code
...
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-01-09 01:56:14 -05:00
Mrunal Patel
c54f1495e3
Fix error shadow and error check warnings
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-06 16:21:23 -08:00
Mrunal Patel
a47e433428
Remove unused code and unnecessary conversion
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-06 16:10:13 -08:00
Mrunal Patel
87d08d1ac2
Simplify loop to a simple array append
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-06 16:02:05 -08:00
Mrunal Patel
84a3bd250c
Simplify error handling on function return
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-06 15:57:31 -08:00
Qiang Huang
20f0ca7306
Fix typos
...
Found by:
https://goreportcard.com/report/github.com/opencontainers/runc#misspell
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-01-06 10:54:33 +08:00
Qiang Huang
f3c16acd47
Fix go_vet errors
...
runc/libcontainer/configs/namespaces_syscall_unsupported.go
Line 7: error: unreachable code (vet)
Line 14: error: unreachable code (vet)
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-01-06 10:20:27 +08:00
Daniel, Dao Quang Minh
1a9dd2678d
Merge pull request #1253 from xlgao-zju/add-goreport-badge
...
Add badge for Go Report Card
2017-01-05 12:52:09 +00:00
Xianglin Gao
27f7490b7e
Add badge for Go Report Card
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2017-01-04 16:52:29 +08:00
Fengtu Wang
b5d4da872c
remove `-i` option to avoid failure of jenkins in non-interactive mode.
...
Signed-off-by: Fengtu Wang <wangfengtu@huawei.com>
2017-01-04 16:33:05 +08:00
Qiang Huang
1e4ca86a72
Merge pull request #1250 from caniszczyk/add-travis-badge
...
Add Travis CI badge to README
2017-01-04 14:12:12 +08:00
Mrunal Patel
7b500a373d
Merge pull request #1243 from cyphar/govet-cleanup
...
*: fix go-vet failures
2017-01-03 17:59:07 -08:00
Chris Aniszczyk
165fba9e4b
Add Travis CI badge to README
...
https://travis-ci.org/opencontainers/runc
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
2017-01-03 19:31:29 -06:00
Aleksa Sarai
816efe0abd
*: fix go-vet failures
...
Previously, we would get failures with go-vet with test files.
% go vet ./...
libcontainer/integration/exec_test.go:42: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/exec_test.go:43: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/exec_test.go:184: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/exec_test.go:185: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/exec_test.go:1568: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/exec_test.go:1569: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/exec_test.go:1600: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/exec_test.go:1601: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/execin_test.go:92: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/execin_test.go:93: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/execin_test.go:506: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
libcontainer/integration/execin_test.go:507: github.com/opencontainers/runc/libcontainer/configs.IDMap composite literal uses unkeyed fields
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-01-04 09:48:32 +11:00
Wang Long
4dfd350a38
cgroups: update the comments
...
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2017-01-03 22:40:12 +08:00
Wang Long
61640b099a
Fix the outdated comment for Error interface
...
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2017-01-03 15:06:47 +08:00
Qiang Huang
c441a2fe0c
Merge pull request #1246 from cyphar/travis-ci
...
travis: add travis-ci
2017-01-03 10:53:17 +08:00
Aleksa Sarai
4a7934d86f
travis: add travis-ci
...
This sets up a working Travis CI configuration, that runs all of our
integration and unit tests (and also checks a simple raw-build on the
Travis server).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-12-31 05:15:29 +11:00
Aleksa Sarai
db25629d46
merge branch 'pr-1203'
...
Closes #1203
LGTMs: @cyphar @hqhq
2016-12-31 04:15:12 +11:00
Zhang Wei
51baedf3f3
Add integration for update rt period and runtime
...
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-12-27 17:57:13 +08:00
Qiang Huang
f376b8033d
Merge pull request #1222 from justincormack/remount-fixes
...
Split the code for remounting mount points and mounting paths.
2016-12-27 15:24:56 +08:00
Aleksa Sarai
c6d8a2f26f
merge branch 'pr-1158'
...
Closes #1158
LGTMs: @hqhq @cyphar
2016-12-26 13:59:47 +11:00
Aleksa Sarai
cae7979d1f
merge branch 'pr-1217'
...
Closes #1217
LGTMs: @cyphar @hqhq
2016-12-24 09:31:38 +11:00
Aleksa Sarai
303f9a5ebb
merge branch 'pr-1201'
...
Closes #1201
LGTMs: @cyphar @hqhq
2016-12-23 09:32:30 +11:00
Zhang Wei
a344b2d6a8
sync up `HookState` with OCI spec `State`
...
`HookState` struct should follow definition of `State` in runtime-spec:
* modify json name of `version` to `ociVersion`.
* Remove redundant `Rootfs` field as rootfs can be retrived from
`bundlePath/config.json`.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-12-20 00:00:43 +08:00
Qiang Huang
9a1e53eafc
Merge pull request #1233 from WeiZhang555/bump-runtime-spec
...
Bump runtime-spec to v1.0.0-rc3
2016-12-19 15:35:08 +08:00
Qiang Huang
6222318e93
Merge pull request #1231 from Mashimiao/fix-rename-ocitools
...
rename ocitools to oci-runtime-tool
2016-12-19 15:27:45 +08:00
Zhang Wei
8eea644ccc
Bump runtime-spec to v1.0.0-rc3
...
* Bump underlying runtime-spec to version 1.0.0-rc3
* Fix related changed struct names in config.go
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-12-17 14:02:35 +08:00
Qiang Huang
27a67c9aa0
Merge pull request #1226 from nhlfr/dockerfile-cleanup
...
Clean apt archives and source directories in Dockerfile
2016-12-17 09:47:55 +08:00
Justin Cormack
50acb55233
Split the code for remounting mount points and mounting paths.
...
A remount of a mount point must include all the current flags or
these will be cleared:
```
The mountflags and data arguments should match the values used in the
original mount() call, except for those parameters that are being
deliberately changed.
```
The current code does not do this; the bug manifests in the specified
flags for `/dev` being lost on remount read only at present. As we
need to specify flags, split the code path for this from remounting
paths which are not mount points, as these can only inherit the
existing flags of the path, and these cannot be changed.
In the bind case, remove extra flags from the bind remount. A bind
mount can only be remounted read only, no other flags can be set,
all other flags are inherited from the parent. From the man page:
```
Since Linux 2.6.26, this flag can also be used to make an existing
bind mount read-only by specifying mountflags as:
MS_REMOUNT | MS_BIND | MS_RDONLY
Note that only the MS_RDONLY setting of the bind mount can be changed
in this manner.
```
MS_REC can only be set on the original bind, so move this. See note
in man page on bind mounts:
```
The remaining bits in the mountflags argument are also ignored, with
the exception of MS_REC.
```
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-12-16 14:01:17 -08:00
Ma Shimiao
9befe82cde
Makefile: add manpage cleanup
...
I think generated manpages should also need cleanup
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2016-12-16 14:33:05 +08:00
Ma Shimiao
f22230a79d
rename ocitools to oci-runtime-tool
...
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2016-12-16 14:04:50 +08:00
Michal Rostecki
5032f434f3
Clean apt archives and source directories in Dockerfile
...
Signed-off-by: Michal Rostecki <michal@kinvolk.io>
2016-12-14 23:42:32 +01:00