Andrey Vagin
df52d63854
namespaces: send config, network state and other arguments in one packet
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-30 10:38:35 +03:00
Mrunal Patel
e31ef02610
Merge pull request #351 from avagin/api-rebase-2
...
Merge remote-tracking branch 'origin/master' into api-rebase
2015-01-29 19:20:09 -08:00
Victor Marmol
3c52181f61
Merge pull request #353 from LK4D4/update_dbus
...
Update github.com/godbus/dbus to v2
2015-01-29 15:46:05 -08:00
Alexander Morozov
689e8ec949
Update github.com/godbus/dbus to v2
...
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-01-29 15:35:22 -08:00
Rohit Jnagal
2fac2dad91
Merge pull request #341 from shishir-a412ed/master
...
Created man page for nsinit
2015-01-29 14:00:07 -08:00
Shishir Mahajan
e9f8f8528a
Created man page for nsinit
...
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2015-01-29 16:33:08 -05:00
Victor Marmol
c37b9125ec
Merge pull request #344 from hqhq/hq_fix_systemd_device
...
cgroups: always create device cgroup on systemd
2015-01-29 11:39:07 -08:00
Andrey Vagin
ca633b2f29
Merge remote-tracking branch 'origin/master' into api
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-28 14:37:40 +03:00
Michael Crosby
904bae3247
Merge pull request #348 from avagin/api-nsexec
...
nsenter: remove a proxy process
2015-01-26 13:08:02 -08:00
Michael Crosby
e05f807a89
Merge pull request #349 from LK4D4/replace_wait_for_wait4
...
Use Wait4 instead of cmd.Wait
2015-01-26 13:07:54 -08:00
Alexander Morozov
39fbf0a904
Use cmd.Process.Wait instead of cmd.Wait
...
Issue with cmd.Wait is that it is waiting for closing pipes and if we
have forked processes which inherited pipes from parent, then we need to
kill them to unblock cmd.Wait.
Should fix docker/docker#10303
Now idea is next:
- cmd.Process.Wait for init process dead
- Kill remaining processes in cgroup (pipes closed as side effect)
- use cmd.Wait for waiting pipes flushed to client
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-01-26 12:54:52 -08:00
Andrey Vagin
8d8242aa8a
nsenter: add tests
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-26 23:12:50 +03:00
Andrey Vagin
82367938b7
nsenter: remove a proxy process
...
Currently nsexec() creates a proxy process to enter into a pid namespace.
It isn't good, because we need to proxy an exit code and signals.
We can use CLONE_PARENT to fork a process with the right parent.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-26 23:12:50 +03:00
Andrey Vagin
11b2dab1c5
nsenter: add a macros to print errors
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-26 19:44:44 +03:00
Andrey Vagin
e77b238a83
namespaces: don't send a container config twice
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-26 19:44:44 +03:00
Mrunal Patel
045e9ae4a0
Merge pull request #347 from guoxiuyan/master
...
Fix a minor typo
2015-01-25 18:44:12 -08:00
guoxiuyan
7d9244eab2
Fix a minor typo
...
Signed-off-by: Guo Xiuyan <guoxiuyan@huawei.com>
2015-01-26 09:41:22 +08:00
Mrunal Patel
cab4b9bce1
Merge pull request #345 from fabiokung/allow-readonly-rootfs
...
Support read-only root filesystems
2015-01-22 16:02:57 -08:00
Fabio Kung
2a452c17aa
Support read-only root filesystems
...
The only place I could find where libcontainer tries to write to the
container's root FS is when setting up the pivot dir, to be used on
pivot_root(2).
This makes the pivot base dir configurable, so a read-only FS can be
used as root FS of containers. Users can then specify a writeable
subpath to be used as pivot inside the container.
Signed-off-by: Fabio Kung <fabio@heroku.com> (github: fabiokung)
2015-01-22 13:58:41 -08:00
Qiang Huang
46573774a2
cgroups: simplify the join_memory check
...
If c.Memory=0, there is no point to set memoryswap.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-01-22 12:19:40 +08:00
Qiang Huang
c4821b6f3e
cgroups: always create device cgroup on systemd
...
This is the same behavior as fs does.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-01-22 09:53:30 +08:00
Daniel, Dao Quang Minh
eb84dd1b73
add dqminh as maintainer
...
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-01-21 20:37:37 -05:00
Mrunal Patel
fae3abdadd
Merge pull request #342 from avagin/api-next
...
new-api: implement Wait, WaitProcess
2015-01-21 16:59:05 -08:00
Andrew Vagin
61fef16f4a
new-api: implement Wait, WaitProcess
...
Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-01-21 18:46:01 +03:00
Andrey Vagin
e79e87e426
cgroup/systemd: set config.Cgroups.Freezer
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Andrey Vagin
6fc1dd5f25
integration: check a container state after resumning the CT
...
Otherwise CT will be left in a frozen state in a fail case
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Andrey Vagin
5162e5a81c
integration: check container.Processes()
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Andrey Vagin
10f0ac2921
new-api: remove nsenter.c
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Andrey Vagin
f0c20b5601
new-api: remove DefaultCreateCommand()
...
Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-01-21 18:45:57 +03:00
Michael Crosby
3fbf185602
Merge pull request #337 from hqhq/hq_add_blkio_weight
...
add support for blkio.weight
2015-01-20 10:40:12 -08:00
Michael Crosby
5847aacb32
Merge pull request #340 from mrunalp/check_ns_flags
...
Checks namespace flags for user ns code path.
2015-01-20 10:39:23 -08:00
Mrunal Patel
bde8bf2ebc
Adds namespace flag checks to userns setup.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-20 13:26:59 -05:00
Mrunal Patel
107bad0ee5
Adds namespace flag checks for userns code path in init.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-20 13:26:20 -05:00
Mrunal Patel
9303a8f15f
Merge pull request #324 from avagin/namespaces
...
namespace: don't change namespaces which are not belonged to the CT
2015-01-20 09:31:24 -08:00
Andrey Vagin
ef73d7e235
namespace: don't change namespaces which are not belonged to the CT
...
An error is reported if a config file contains configuration for
shared namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-20 15:05:00 +03:00
Mrunal Patel
c70b6812b5
Merge pull request #339 from avagin/api-freezer
...
new-api: implement Pause() and Resume()
2015-01-19 15:17:45 -08:00
Alexander Morozov
b89cd0cf5c
Merge pull request #304 from mrunalp/feature/user_namespaces
...
Adds user namespace support to libcontainer
2015-01-19 11:55:20 -08:00
Mrunal Patel
b0eece8d7d
Adds support for User Namespaces.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Adds sample configuration to test user namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Rebases to master.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Fixes integration tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Move selinux labeling, apparmor profile and restrict kernel files back to init.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Separate the code paths for userns and default cases.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
tty not required for setup
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Cleanup and address review comments.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Remove debug logs and other cleanup.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
Use function paramaters for SetupContainer.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-19 14:50:21 -05:00
Andrey Vagin
5138417f80
integration: add test to check Pause and Resume operations
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 22:25:52 +03:00
Mrunal Patel
eb74393a3d
Merge pull request #338 from avagin/fixes
...
cgroups: set a freezer state before calling FreezerGroup.Set()
2015-01-19 09:33:08 -08:00
Andrey Vagin
e451df796a
namespace: don't create needless namespaces
...
A non-zero Path field for a namespace says that a process should attach to an
existing namespace, so the process can be forked without the flag for this
namespace.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 18:43:16 +03:00
Andrey Vagin
02c1de6f11
cgroups: set a freezer state before calling FreezerGroup.Set()
...
My previous patch moved the setting of the freezer state after the Set()
command. It's wrong, because this command uses it, so we need to set the
freezer state before the command and rollback it in an error case.
Fixes: 13a5703
("cgroups: don't change a freezer state if an operation failed")
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 17:38:26 +03:00
Andrey Vagin
dcb3bca32c
namespaces: destroy cgroups only on error paths
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 17:38:26 +03:00
Andrey Vagin
9c50d819ae
new-api: implement Pause() and Resume()
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 17:38:26 +03:00
Andrey Vagin
30b3306416
cgroups: set a freezer state before calling FreezerGroup.Set()
...
My previous patch moved the setting of the freezer state after the Set()
command. It's wrong, because this command uses it, so we need to set the
freezer state before the command and rollback it in an error case.
Fixes: 13a5703d85
("cgroups: don't change a freezer state if an operation failed")
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 17:26:34 +03:00
Qiang Huang
54968f68bc
add support for blkio.weight
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-01-19 14:33:48 +08:00
Michael Crosby
73ba097bf5
Merge pull request #336 from dqminh/execin-wait
...
nsenter waits for parent signal before forking
2015-01-16 14:51:02 -08:00
Daniel, Dao Quang Minh
5a87153824
fix TestNsenterAlivePid
...
unblock the nsenter-exec test process to let it finish succesfully
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-01-16 05:13:19 -05:00
Daniel, Dao Quang Minh
f5dfd9a702
nit: reindent with indent -linux
...
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-01-16 04:58:30 -05:00
Daniel, Dao Quang Minh
9946e299af
nsenter waits for parent signal before forking
...
this allows the parent to place the process into cgroup first so it can track
the children properly
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2015-01-16 04:56:45 -05:00