Commit Graph

3137 Commits

Author SHA1 Message Date
Wentao Zhang d4091ef151 fix minor issue
When failed to attach veth pair, should remove the veth device

Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
2017-03-17 03:18:44 +08:00
Daniel, Dao Quang Minh 31980a53ae Merge pull request #1366 from hqhq/remove_ExecFifoPath
Remove unused ExecFifoPath
2017-03-09 18:13:34 +00:00
Qiang Huang b7932a2e07 Remove unused ExecFifoPath
In container process's Init function, we use
fd + execFifoFilename to open exec fifo, so this
field in init config is never used.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-03-09 10:58:16 +08:00
Qiang Huang df4d872dd9 Merge pull request #1327 from CarltonSemple/lxd-fix
Update devices_unix.go for LXD
2017-03-08 19:34:31 -06:00
Michael Crosby 4815f67a5f Merge pull request #1363 from hqhq/allow_single_cont_oper
Only allow single container operation
2017-03-08 10:43:14 -08:00
Carlton-Semple 0590736890 Added comment linking to LXD issue 2825
Signed-off-by: Carlton-Semple <carlton.semple@ibm.com>
2017-03-08 10:25:37 -05:00
Qiang Huang e0c7b6ceb7 Only allow single container operation
As per the discussions in #1156 , we think it's a bad
idea to allow multi container operations in runc. So
revert it.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-03-08 10:02:39 +08:00
Mrunal Patel 66781a7810 Merge pull request #1362 from crosbymichael/remove-alex
Remove lk4d4 as a maintainer
2017-03-07 16:09:29 -08:00
Michael Crosby d81f5a6b18 Remove lk4d4 as a maintainer
Closes #1361

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-03-07 13:12:52 -08:00
Mrunal Patel a0da8e28e9 Merge pull request #1360 from hqhq/remove_unused_systemd_func
Remove unused function in systemd cgroup
2017-03-07 11:39:34 -08:00
Qiang Huang 8773c5f9a6 Remove unused function in systemd cgroup
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-03-07 15:11:37 +08:00
Michael Crosby 49a33c41f8 Merge pull request #1344 from xuxinkun/fixCPUQuota20170224
fix cpu.cfs_quota_us changed when systemd daemon-reload using systemd.
2017-03-06 10:02:28 -08:00
xuxinkun c44aec9b23 fix cpu.cfs_quota_us changed when systemd daemon-reload using systemd.
Signed-off-by: xuxinkun <xuxinkun@gmail.com>
2017-03-06 20:08:30 +11:00
Daniel, Dao Quang Minh 291bf60110 Merge pull request #1354 from crosbymichael/dup-io
Don't fchown when inheriting io
2017-03-03 14:22:04 +00:00
Michael Crosby eebdb644f9 Don't fchown when inheriting io
This is a fix for rootless containers and general io handling.  The
higher level systems must preparte the IO for the container in the
detach case and make sure it is setup correctly for the container's
process.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-03-02 10:06:10 -08:00
Aleksa Sarai dcbcdf2470
merge branch 'pr-1353'
Closes #1353
LGTMs: @hqhq @cyphar
2017-03-01 19:57:17 +11:00
CuiHaozhi f82a38e160 container can be in stopped status from create process.
Signed-off-by: CuiHaozhi <cuihaozhi@chinacloud.com.cn>
2017-02-28 22:21:43 +08:00
Michael Crosby c50d024500 Merge pull request #1280 from datawolf/user
user: fix the parameter error
2017-02-27 11:22:58 -08:00
Daniel, Dao Quang Minh 770e37fb32 Merge pull request #1350 from hqhq/fix_kmem_accouting
Fix kmem accouting when use with cgroupsPath
2017-02-27 15:25:41 +00:00
Qiang Huang fe898e7862 Fix kmem accouting when use with cgroupsPath
Fixes: #1347
Fixes: #1083

The root cause of #1083 is because we're joining an
existed cgroup whose kmem accouting is not initialized,
and it has child cgroup or tasks in it.

Fix it by checking if the cgroup is first time created,
and we should enable kmem accouting if the cgroup is
craeted by libcontainer with or without kmem limit
configed. Otherwise we'll get issue like #1347

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-02-25 10:58:18 -08:00
Qiang Huang cf883a87e7 Merge pull request #1340 from dqminh/vndr-take2
Carry #998: Use vndr tool for vendoring
2017-02-24 21:48:51 -08:00
Mrunal Patel 899b0748f0 Merge pull request #1308 from giuseppe/fix-systemd-notify
fix systemd-notify when using a different PID namespace
2017-02-24 11:05:21 -08:00
Qiang Huang 707dd48b2f Merge pull request #1001 from x1022as/predump
add pre-dump and parent-path to checkpoint
2017-02-24 10:55:06 -08:00
Daniel, Dao Quang Minh 17966ce845 Merge pull request #1320 from ijc25/preserve-fds
Add --preserve-file-descriptors=N to create
2017-02-24 18:05:54 +00:00
Daniel, Dao Quang Minh 1f4dd3056f Merge pull request #1342 from sak0/dev
small cleanup for `runc ps` man pages
2017-02-24 11:32:26 +00:00
Daniel Dao 912d20cbd1
mention vndr in README
add a new dependencies management section in README to note that we are
using vndr.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-02-24 11:25:21 +00:00
Alexander Morozov 993cbf9db0
move from Godeps to vndr
This uses the standard go vendor location instead of old Godeps
location.

Also remove usage of symlink GOPATH. Since our README mentions that you
should build it inside GOPATH, i think its a reasonable to assume that
you dont need to create a tmp GOPATH.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-02-24 11:25:21 +00:00
Aleksa Sarai 02141ce862
merge branch 'pr-1317'
Closes #1317
LGTMs: @cyphar @crosbymichael
2017-02-24 08:21:58 +11:00
CuiHaozhi 5f1afecbe6 small cleanup for `runc ps` man pages
Signed-off-by: CuiHaozhi <cuihaozhi@chinacloud.com.cn>
2017-02-23 15:34:49 +08:00
Giuseppe Scrivano d5026f0e43 signals: support detach and notify socket together
let runc run until READY= is received and then proceed with
detaching the process.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2017-02-22 22:28:03 +01:00
Giuseppe Scrivano c8593c4d61 sanitize systemd-notify message
Accept only READY= notify messages from the container.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2017-02-22 22:28:03 +01:00
Giuseppe Scrivano 892f2ded6f fix systemd-notify when using a different PID namespace
The current support of systemd-notify has a race condition as the
message send to the systemd notify socket might be dropped if the sender
process is not running by the time systemd checks for the sender of the
datagram.  A proper fix of this in systemd would require changes to the
kernel to maintain the cgroup of the sender process when it is dead (but
it is not probably going to happen...)
Generally, the solution to this issue is to specify the PID in the
message itself so that systemd has not to guess the sender, but this
wouldn't work when running in a PID namespace as the container will pass
the PID known in its namespace (something like PID=1,2,3..) and systemd
running on the host is not able to map it to the runc service.

The proposed solution is to have a proxy in runc that forwards the
messages to the host systemd.

Example of this issue:

https://github.com/projectatomic/atomic-system-containers/pull/24

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2017-02-22 22:27:59 +01:00
Qiang Huang bd2f9c52cd Merge pull request #1339 from cpuguy83/dont_override_errors
Don't override system error
2017-02-22 11:08:18 -08:00
Qiang Huang 733563552e Fix state when _LIBCONTAINER in environment
Fixes: #1311

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-02-22 10:35:14 -08:00
Qiang Huang 805b8c73d3 Do not create exec fifo in factory.Create
It should not be binded to container creation, for
example, runc restore needs to create a
libcontainer.Container, but it won't need exec fifo.

So create exec fifo when container is started or run,
where we really need it.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-02-22 10:34:48 -08:00
Brian Goff d193f95d07 Don't override system error
The error message added here provides no value as the caller already
knows all the added details. However it is covering up the underyling
system error (typically `ENOTSUP`). There is no way to handle this error before
this change.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-22 09:29:38 -05:00
Qiang Huang 3293874044 Merge pull request #1332 from sak0/dev
ps: --format value check
2017-02-21 11:56:15 -08:00
CuiHaozhi 08937e97bc ps: --format value check
Signed-off-by: CuiHaozhi <cuihaozhi@chinacloud.com.cn>
2017-02-22 00:20:23 +08:00
Aleksa Sarai 3d7cd1f1b2
merge branch 'pr-1335'
Closes #1335
LGTMs: @crosbymichael @cyphar
2017-02-21 12:29:57 +11:00
Michael Crosby 8438b26e9f Merge pull request #1237 from hqhq/fix_sync_race
Fix race condition when sync with child and grandchild
2017-02-20 17:16:43 -08:00
Qiang Huang 6ccc2096a8 Merge pull request #1336 from crosbymichael/size_t
Use %zu for printing of size_t values
2017-02-20 17:14:34 -08:00
Michael Crosby 4a164a826c Use %zu for printing of size_t values
This helps fix compile warnings on some arm systems.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-02-20 16:57:27 -08:00
Máximo Cuadros e773f96b0e update go version at travis-ci
Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>
2017-02-20 13:15:58 +01:00
Ian Campbell f5adb05bce Add --preserve-fds=N to create and run
This preserves the given number of file descriptors on top of the 3 stdio and
the socket activation ($LISTEN_FDS=M) fds.

If LISTEN_FDS is not set then [3..3+N) would be preserved by --preserve-fds=N.

Given LISTEN_FDS=3 and --preserve-fds=5 then we would preserve fds [3, 11) (in
addition to stdio).  That's 3, 4 & 5 from LISTEN_FDS=3 and 6, 7, 8, 9 & 10 from
--preserve-fds=5.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2017-02-20 11:50:18 +00:00
Qiang Huang a54316bae1 Fix race condition when sync with child and grandchild
Fixes: #1236
Fixes: #1281

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-02-18 20:42:08 +08:00
Qiang Huang 6b1d0e76f2 Merge pull request #1127 from boynux/fix-set-mem-to-unlimited
Fixes set memory to unlimited
2017-02-16 09:51:23 +08:00
Daniel, Dao Quang Minh b433dea1fc Merge pull request #1328 from sak0/dev
fix typo
2017-02-15 16:52:09 +00:00
CuiHaozhi f6524df0b1 fix typo
Signed-off-by: CuiHaozhi <61755280@qq.com>
2017-02-15 22:20:40 +08:00
Mohammad Arab 18ebc51b3c Reset Swap when memory is set to unlimited (-1)
Kernel validation fails if memory set to -1 which is unlimited but
swap is not set so.

Signed-off-by: Mohammad Arab <boynux@gmail.com>
2017-02-15 08:11:57 +01:00
Carlton Semple 9a7e5a9434 Update devices_unix.go for LXD
getDevices() has been updated to skip `/dev/.lxc` and `/dev/.lxd-mounts`, which was breaking privileged Docker containers running on runC, inside of LXD managed Linux Containers

Signed-off-by: Carlton-Semple <carlton.semple@ibm.com>
2017-02-14 16:12:03 -05:00