d4f77606f1
Merge pull request #718 from albertoleal/validator-unittests
...
Add unit tests for validate.Validator
2016-04-06 09:34:32 -07:00
dca2d12760
Add unit tests for validate.Validator
...
Signed-off-by: Alberto Leal <albertonb@gmail.com>
2016-04-06 11:18:11 +01:00
3f4f4420fd
Merge pull request #592 from hqhq/hq_fix_update_memory
...
Fix problem when update memory and swap memory
2016-04-05 10:19:33 -07:00
df25eddce6
Add spec support for masked and readonly paths
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-01 13:04:47 -07:00
89ab7f2ccc
Merge pull request #712 from mrunalp/comment_fixup
...
Fixup incorrect package name in a comment
2016-03-31 17:02:02 +08:00
0c1c615ebd
Merge pull request #711 from rhatdan/sysctl
...
Return a more meaningful error when namespaces are disabled
2016-03-30 15:35:06 -07:00
79a2479099
Fixup incorrect pacakge name in a comment
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-30 14:48:19 -07:00
2441732d6f
Merge pull request #710 from crosbymichael/no-pivot
...
Add --no-pivot option for containers on ramdisk
2016-03-30 13:57:24 -07:00
3cfff676b1
libcontainer: user: general cleanups
...
Some of the code was quite confusing inside libcontainer/user, so
refactor and comment it so future maintainers can understand what's
going and what edge cases we have to deal with.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-31 07:44:16 +11:00
4468dd5890
libcontainer: user: add tests for numeric user specifications
...
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-31 07:44:16 +11:00
69af385de6
libcontainer: user: always treat numeric ids numerically
...
Most shadow-related tools don't treat numeric ids as potential
usernames, so change our behaviour to match that. Previously, using an
explicit specification like 111:222 could result in the UID and GID not
being 111 and 222 respectively (which is confusing).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-31 07:33:31 +11:00
d2a39ea043
Return a more meaningful error when namespaces are disabled
...
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-03-30 16:16:24 -04:00
12bd4cffd0
Add --no-pivot option for containers on ramdisk
...
This adds a `--no-pivot` cli flag to runc so that a container's rootfs
can be located ontop of ramdisk/tmpfs and not fail because you cannot
pivot root.
This should be a cli flag and not part of the spec because this is a
detail of the host/runtime environment and not an attribute of a
container.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-30 12:02:17 -07:00
6f84d902ca
Implement hook timeouts
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-29 11:14:59 -07:00
e55fcbda8a
Merge pull request #683 from thtanaka/mqueue-label
...
Only perform mount labelling when necessary
2016-03-29 09:30:43 -07:00
ed03709656
Merge pull request #700 from marcosnils/tests_fix
...
Fix hanging tests when run without root
2016-03-28 16:47:26 -07:00
851c050340
Merge pull request #686 from hqhq/hq_refactor_nsexec
...
Refactor nsexec.c and add some comments
2016-03-28 09:36:06 -07:00
857d418b09
Merge pull request #698 from ggaaooppeenngg/gaopeng/format-errorf
...
Use %v for map structure format
2016-03-28 09:28:28 -07:00
d9520aeba4
Close opened files before exit
...
Not to say it'll cause memory leak, it'll still be a
good practice.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-28 11:16:34 +08:00
3b7e10652b
Refactor nsexec.c and add some comments
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-28 11:16:12 +08:00
d8b8f76c4f
Fix problem when update memory and swap memory
...
Currently, if we start a container with:
`docker run -ti --name foo --memory 300M --memory-swap 500M busybox sh`
Then we want to update it with:
`docker update --memory 600M --memory-swap 800M foo`
It'll get error because we can't set memory to 600M with
the 500M limit of swap memory.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-28 10:48:29 +08:00
f5ad78dc49
Merge pull request #699 from ggaaooppeenngg/gaopeng/fix-typo
...
Fix typo
2016-03-27 16:27:52 -07:00
61ffdc0661
Fix hanging tests when run without root
...
Fixes #692
Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
2016-03-27 01:53:01 -03:00
3fa246609c
Fix typo
...
Signed-off-by: Peng Gao <peng.gao.dut@gmail.com>
2016-03-27 12:44:16 +08:00
ffbc626e53
Use %v for map structure format
...
Based on Golang document, %s is for "the uninterpreted bytes of the
string or slice", so %v is more appropriate.
Signed-off-by: Peng Gao <peng.gao.dut@gmail.com>
2016-03-26 23:28:59 +08:00
9428c58e85
Fix libcontainer README.md example config
...
Signed-off-by: Matt Hartzler <matt@cryptopanic.org>
2016-03-25 21:49:02 -05:00
47499e0415
Merge pull request #687 from cloudfoundry-incubator/rlimit-with-prlimit
...
Set rlimits using prlimit in parent
2016-03-25 18:10:10 -07:00
40f4e7873d
Merge pull request #691 from crosbymichael/seccomp-log
...
Remove log from seccomp package
2016-03-25 17:45:26 -07:00
8873ac26a5
Remove log from seccomp package
...
Logging in packages is bad, mkay.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-25 14:21:30 -07:00
28b21a5988
Export CreateLibcontainerConfig
...
Users of libcontainer other than runc may also require parsing and
converting specification configuration files.
Since runc cannot be imported, move the relevant functions and
definitions to a separate package, libcontainer/specconv.
Signed-off-by: Ido Yariv <ido@wizery.com>
2016-03-25 12:19:18 -04:00
e91b2b8aca
Set rlimits using prlimit in parent
...
Fixes #680
This changes setupRlimit to use the Prlimit syscall (rather than
Setrlimit) and moves the call to the parent process. This is necessary
because Setrlimit would affect the libcontainer consumer if called in
the parent, and would fail if called from the child if the
child process is in a user namespace and the requested rlimit is higher
than that in the parent.
Signed-off-by: Julian Friedman <julz.friedman@uk.ibm.com>
2016-03-25 15:11:44 +00:00
10cc27888c
fix typos
...
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-03-25 11:11:48 +08:00
55aabc142c
Only perform mount labelling when necessary
...
Do label mqueue when mounting it with label failed/not supported.
Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>
2016-03-24 13:38:18 -07:00
78ecdfe18e
Show proper error from init process panic
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-22 15:57:15 -07:00
a35f907983
Merge pull request #668 from mrunalp/fix_exec_oom
...
Set oom_score_adj before we send the config to avoid race
2016-03-22 09:42:34 -07:00
69f8a50081
Merge pull request #669 from mrunalp/fix_test
...
Fix the kmem TCP test
2016-03-22 09:45:13 +08:00
e80b6b67e6
Merge pull request #651 from mrunalp/quota_validation
...
Add more information in the error messages when writing to a file
2016-03-21 17:53:49 -07:00
73e48633a3
Fix the kmem TCP test
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 15:51:42 -07:00
69db69668e
Set oom_score_adj before we send the config to avoid race
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 15:33:17 -07:00
4d7929274d
Merge pull request #644 from cyphar/fix-pids-max-unlimited
...
libcontainer: cgroups: deal with unlimited case for pids.max
2016-03-21 14:55:20 -07:00
4856ed1d53
Merge pull request #665 from cyphar/cgroup-kmem-tcp-limit
...
libcontainer: cgroups: add support for kmem.tcp limits
2016-03-21 14:51:10 -07:00
35541ebcd2
Add more information in the error messages when writing to a file
...
This is helpful to debug "invalid argument" errors when writing to cgroup files
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 09:27:24 -07:00
e32651842a
Merge pull request #650 from november-eleven/master
...
Export user and group lookup errors as variables.
2016-03-21 09:41:56 +08:00
f5e60cf775
libcontainer: cgroups: add statistics for kmem.tcp
...
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-20 22:04:02 +11:00
1448fe9568
libcontainer: cgroups: add support for kmem.tcp limits
...
Kernel TCP memory has its own special knobs inside the cgroup.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-20 22:03:52 +11:00
54a6e56004
Merge pull request #647 from rajasec/valid-id
...
Fixing valid-id in regex
2016-03-18 09:38:56 -07:00
a6d5179f60
libcontainer: cgroups: add tests for pids.max == "max"
...
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-18 08:46:24 +11:00
087b953dc5
libcontainer: cgroups: deal with unlimited case for pids.max
...
Make sure we don't error out collecting statistics for cases where
pids.max == "max". In that case, we can use a limit of 0 which means
"unlimited".
In addition, change the name of the stats attribute (Max) to mirror the
name of the resources attribute in the spec (Limit) so that it's
consistent internally.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-18 08:46:24 +11:00
2c5b10189c
remove deadcode
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-03-17 13:36:28 -07:00
570deee7ac
Export user and group lookup errors as variables.
...
Export errors as variables when no matching entries are found in passwd or group file.
Signed-off-by: Thomas LE ROUX <thomas@november-eleven.fr>
2016-03-17 21:03:27 +01:00
Mrunal Patel
Alberto Leal
Michael Crosby
Qiang Huang
Mrunal Patel
Alexander Morozov
Aleksa Sarai
Dan Walsh
Marcos Lilljedahl
Peng Gao
Matt Hartzler
Ido Yariv
Julian Friedman
allencloud
Thomas Tanaka
Tonis Tiigi
Jessica Frazelle
Thomas LE ROUX