This is a proof-of-concept for the --console-socket API. It just acts as
a dumb input-output copy process (nowhere near as good as the internal
runC one since it doesn't handle console resizes or signals). It also
provides a test-friendly mode that will be used in the bats integration
tests.
This patch is part of the console rewrite patchset.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This moves the ambient capability support behind an `ambient` build tag
so that it is only compiled upon request.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
So we can make all types of release binary with combination
of following flags:
seccomp
selinux
apparmor
static
All binary files are put in release/ dir, like:
[root@zlosvm1 runc]# ls -l release
total 53556
-rwxr-xr-x 1 root root 9517965 Aug 24 16:59 runc
-rwxr-xr-x 1 root root 9673533 Aug 24 17:00 runc.seccomp
-rwxr-xr-x 1 root root 9705839 Aug 24 17:00 runc.seccomp.selinux
-rwxr-xr-x 1 root root 9546175 Aug 24 16:59 runc.selinux
-rwxr-xr-x 1 root root 8205015 Aug 24 16:59 runc.selinux.static
-rwxr-xr-x 1 root root 8181789 Aug 24 16:59 runc.static
...
Closes#899
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
If runc binary is compiled from codes with modified but not commited
files, git commits should report "COMMIT-dirty" instead of single
"COMMIT" to warn users.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Enable the full test suite to run on `make test`. They also all run
inside a Docker container for maximum reproducibility.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The runc symlink is only created when building non-static builds, so it
might be missing when building static builds. Fix this.
Signed-off-by: Ido Yariv <ido@wizery.com>
Since runC requires root in order to run, it makes more sense to put it
in /usr/local/sbin (which is traditionally for root-only utilities).
This also fixes the section number mismatch (man8 is usually for
administrative utilities in /usr/local/sbin).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
So we won't see the link message every time we make
runc. Also it use force remove when make clean, so
we don't see annoying error when do extra make clean.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
just so that we're not merging code into master w/o any tests at all.
I expect this to be removed once we have a real testing infrastructure.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Currently we need to clone github.com/opencontainers/runc to
GOPATH so we can make it, it's not friendly for developers.
We can resolve it by vendoring itself as a symlink in GOPATH.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This commit allows to send `go test` arguments to current makefile
`test` and `localtest` targets.
A usage example would be `make test TESTFLAGS="-run=SomeTestFunction"`
to easily run a single test function.
Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
This add `make binary` to perform direct install libcontainer binaries inside
dockercore/libcontainer container instead of having to install dependencies and
run `make direct-install` on the host.
The `nsinit` binary will be placed into `bundles/nsinit`, and we ignore the
bundles directory from git.
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.
This patch allows us to mimic the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
We need --privileged for apparmor based systems until we have an
apparmor specific flag to set the profile to unconfined.
Signed-off-by: Michael Crosby <michael@docker.com>
This is a modification of original PR by @erikh (R118)
to keep the netlink codebase more consistent and my OCD
under control :-)
Docker-DCO-1.1-Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com> (github: milosgajdos83)
Also, updated .travis.yml to use the new "vendor" directory (since this is pretty pointless without that :D)
Signed-off-by: Andrew Page <admwiggin@gmail.com>
make sh will spawn a new container using the minimal.json file inside
busybox and you don't even know what is going on.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)