Commit Graph

31 Commits

Author SHA1 Message Date
Michael Crosby b9c32b3869 Merge pull request #223 from rajasec/rlimitspec
Adding rlimit in spec
2015-08-28 10:34:59 -07:00
Matthew Heon 2ee6d1e8b6 Connect Seccomp configuration in Spec to configuration in Libcontainer
Signed-off-by: Matthew Heon <mheon@redhat.com>
2015-08-25 17:35:06 -04:00
Rajasekaran ab4b825f8c Adding rlimit in spec
Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Removing return type

Signed-off-by: Rajasekaran <rajasec79@gmail.com>
2015-08-24 21:33:36 +05:30
Mrunal Patel 31f88daf91 Integrate security settings
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-18 20:10:23 -04:00
Tonis Tiigi b5eed4a246 Update runc to use device structs from updated spec
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-11 14:24:00 -07:00
Fabio Kung 85f40c2bc7 container id is the cgroup name
Without this, multiple runc containers can accidentally share the same cgroup(s)
(and change each other's limits), when runc is invoked from the same directory
(i.e.: same cwd on multiple runc executions).

After these changes, each runc container will run on its own cgroup(s). Before,
the only workaround was to invoke runc from an unique (temporary?) cwd for each
container.

Common cgroup configuration (and hierarchical limits) can be set by having
multiple runc containers share the same cgroup parent, which is the cgroup of
the process executing runc.

Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
2015-08-10 16:41:39 -07:00
Michael Crosby bdd67b9029 Merge pull request #180 from LK4D4/rename_proc_ns
Rename process namespace to pid
2015-08-04 17:49:46 -04:00
Mrunal Patel f3a3025933 Fix minor stylistic issues
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-04 17:44:45 -04:00
Alexander Morozov 6d1e6a17e1 Rename process namespace to pid
It's "pid" in opencontainers/specs

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-04 14:12:21 -07:00
Mrunal Patel 5f65056c89 Update github.com/opecontainers/specs to 5b31bb2b77
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Make runc changes required to pull in the updated spec

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-08-03 15:33:48 -04:00
Michael Crosby b14412ec36 Only add network info if NEWNET is set
Only add the localhost interface information to the config if the NEWNET
flag is passed on the namespaces.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-27 16:36:28 -07:00
Fabio Kung 963fc63fca bring the loopback interface up
Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
2015-07-23 19:07:24 -07:00
Mrunal Patel 42aa891a6b Merge pull request #91 from hqhq/hq_add_cgroup_mount
Add cgroup mount in the recommended config
2015-07-15 09:51:24 -07:00
Qiang Huang d7181a73e4 Add cgroup mount in the recommended config
And allow cgroup mount take flags from user configs.
As we show ro in the recommendation, so hard-coded
read-only flag should be removed.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-15 09:31:39 +08:00
Zefan Li 6bd71ad6a4 Add memory swappiness support
- Initialize swappiness to -1 for the default config.json
- Pass swappiness from config.json to libcontainer config

Signed-off-by: Zefan Li <lizefan@huawei.com>
2015-07-14 10:43:43 +08:00
Michael Crosby 3c403a265e Merge pull request #98 from wking/clarify-idmapping-fields
Fix IDMapping host / container field confusion
2015-07-10 14:08:00 -07:00
Qiang Huang 0b2fb3edb5 Sort mount flags so it's easier to be found
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-10 10:31:20 +08:00
W. Trevor King 41979ca62c spec.go: Adjust to new IDMapping field names
This fixes a bug where IDMapping.From was mapped to IDMap.ContainerID
and IDMapping.To was mapped to IDMap.HostID, while the old spec docs
were:

  // From is the uid/gid of the host user or group.
  From int32 `json:"from"`
  // To is the uid/gid of the container's user or group.
  To int32 `json:"to"`

The new IDMapping field names make the expected mapping more obvious
(HostID -> HostID and ContainerID -> ContainerID ;).
2015-07-08 10:53:06 -07:00
Michael Crosby 48182db8cc Merge pull request #90 from hqhq/hq_add_memory_limit
Add memory limit set
2015-07-07 11:30:24 -07:00
Qiang Huang 2539d53896 Add memory limit set
Don't know why we missed that.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-07 09:20:51 +08:00
Mrunal Patel 8ea6c65d12 Rename SystemProperties to Sysctl and make it available in the runc config
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-06 19:18:08 -04:00
Michael Crosby 845fc65e54 Create linux spec for runc spec command
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-02 13:45:56 -07:00
Michael Crosby f4c35e70d1 Depend on Spec types from specs repository
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-02 13:45:27 -07:00
Michael Crosby d8af59822b Remove spec types from runc
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-02 13:45:27 -07:00
Michael Crosby e15b86edb9 Add user struct based on spec implementation.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-02 13:45:27 -07:00
Marianna 5aa82c950d Enable build on unsupported platforms
Should compile now without errors but changes needed to be added for each system so it actually works.
main_unsupported.go is a new file with all the unsupported commands
Fixes #9

Signed-off-by: Marianna <mtesselh@gmail.com>
2015-06-29 17:03:44 -07:00
Michael Crosby c4fd381a38 Move namespaces into linux spec
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-29 13:30:35 -07:00
Michael Crosby b2d9d99610 Only define a single process
This removes the Processes slice and only allows for one process of the
container.  It also renames TTY to Terminal for a cross platform
meaning.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-29 13:30:35 -07:00
Michael Crosby cb44dec571 Add Platform struct
This struct hold information like OS and Arch for the container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-29 13:30:35 -07:00
Michael Crosby 1fa65466ea Move linux specific options to subsection
This moves the linux specific options into a "linux" {} section on the
config.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-29 13:30:35 -07:00
Michael Crosby 9fac183294 Initial commit of runc binary
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:34:13 -07:00