Commit Graph

18 Commits

Author SHA1 Message Date
Alexander Morozov bbde9c426f Merge pull request #646 from crosbymichael/pid-host-block
Destroy container along with processes before stdio
2016-03-17 09:51:59 -07:00
Michael Crosby fdb100d247 Destroy container along with processes before stdio
We need to make sure the container is destroyed before closing the stdio
for the container.  This becomes a big issues when running in the host's
pid namespace because the other processes could have inherited the stdio
of the initial process.  The call to close will just block as they still
have the io open.

Calling destroy before closing io, especially in the host pid namespace
will cause all additional processes to be killed in the container's
cgroup.  This will allow the io to be closed successfuly.

This change makes sure the order for destroy and close is correct as
well as ensuring that if any errors encoutered during start or exec will
be handled by terminating the process and destroying the container.  We
cannot use defers here because we need to enforce the correct ordering
on destroy.

This also sets the subreaper setting for runc so that when running in
pid host, runc can wait on the addiontal processes launched by the
container, useful on destroy, but also good for reaping the additional
processes that were launched.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-15 13:17:11 -07:00
Rajasekaran d1faa82a0a Adding spec validation for exec and start
Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

Rebased with latest spec version

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-13 21:58:00 +05:30
Michael Crosby 47eaa08f5a Update runc usage for new specs changes
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 14:18:39 -08:00
Michael Crosby 044e298507 Improve error handling in runc
The error handling on the runc cli is currenly pretty messy because
messages to the user are split between regular stderr format and logrus
message format.  This changes all the error reporting to the cli to only
output on stderr and exit(1) for consumers of the api.

By default logrus logs to /dev/null so that it is not seen by the user.
If the user wants extra and/or structured loggging/errors from runc they
can use the `--log` flag to provide a path to the file where they want
this information.  This allows a consistent behavior on the cli but
extra power and information when debugging with logs.

This also includes a change to enable the same logging information
inside the container's init by adding an init cli command that can share
the existing flags for all other runc commands.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-09 11:08:30 -08:00
Michael Crosby 3cc90bd2d8 Add support for process overrides of settings
This commit adds support to libcontainer to allow caps, no new privs,
apparmor, and selinux process label to the process struct so that it can
be used together of override the base settings on the container config
per individual process.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-03 11:41:33 -08:00
Michael Crosby f23ff4d194 Fix bundle path for exec
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-25 10:29:48 -08:00
Mike Brown f4e37ab63e updating usage for runc and runc commands
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-17 09:00:39 -06:00
Doug Davis ad26ef1afc Create some util funcs that are common between start and exec
and it'll really help my start/create PR when I need to rebase  :-)

Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-02-09 10:22:44 -08:00
Michael Crosby a7278cad98 Require containerd id as arg 1
Closes #532

This requires the container id to always be passed to all runc commands
as arg one on the cli.  This was the result of the last OCI meeting and
how operations work with the spec.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-09 11:20:55 -08:00
Mike Brown c2c0458598 merges latest spec with runc
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-05 12:47:09 -08:00
Michael Crosby fbc74c0eba Add detach and pid-file to restore
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:56:21 -08:00
Michael Crosby 92ab7309d5 Add detach to exec
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:53:45 -08:00
Michael Crosby e838be38d2 Add load process.json for exec command
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:53:45 -08:00
Jessica Frazelle f931e446b4
update exec to pass args and --tty on run
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-28 17:45:51 -08:00
Michael Crosby 4c4c9b85b7 Add --console to specify path to use from runc
This flag allows systems that are running runc to allocate tty's that
they own and provide to the container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-07 15:01:36 -08:00
Mrunal Patel 9f739e0429 Validate process configuration for runc exec
We make sure that the args are present. All other items are optional and default to sensible values.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-11-06 14:08:50 -05:00
Tonis Tiigi 47f294d0ed Add exec command
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-19 12:01:38 -07:00