Now that the generated spec (and the example above in the README) use
uid/gid and don't have the hardcoded `daemon` entry, the statement about
changing `daemon` to `root` no longer applies. Also added a comment
about using the `runc spec` command to generate `config.json`.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Only add the localhost interface information to the config if the NEWNET
flag is passed on the namespaces.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
When the copyBusybox() fails, the error message should be
propagated to the caller of newRootfs().
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
This makes some changes to the maintainer's guide and roles within the
project. It removed the concept of a BDFL and carries over the chief
maintainer role into the project. BDFL sucks and we can do better and
these changed help to make many more things specific around adding new
maintainers and removing them as well.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Actually cgroup mounts are bind-mounts, so they should be
handled by the same way.
Reported-by: Ross Boucher <rboucher@gmail.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Sometimes subsystem can be mounted to path like "subsystem1,subsystem2",
so we need to handle this.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
This is needed because for nested containers cgroups. Without this patch
they creating unnecessary intermediate cgroup like:
/sys/fs/cgroup/memory/system.slice/docker-9409d9f0b68fb9e9d7d532d5b3f35e7c7f9cca1312af392ae3b28436f1f2998f.scope/system.slice/docker-9409d9f0b68fb9e9d7d532d5b3f35e7c7f9cca1312af392ae3b28436f1f2998f.scope/docker/908ebcc9c13584a14322ec070bd971e0de62f126c0cd95c079acdb99990ad3a3
It is because in /proc/self/cgroup we see paths from host, and they don't
exist in container.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Before name=systemd cgroup was mounted inside container to
/sys/fs/cgroup/name=systemd, which is wrong, it should be
/sys/fs/cgroup/systemd
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
And allow cgroup mount take flags from user configs.
As we show ro in the recommendation, so hard-coded
read-only flag should be removed.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Fixes: https://github.com/docker/docker/issues/14543
Fixes: https://github.com/docker/docker/pull/14610
Before this, we got mount info in container:
```
sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0
/sys/fs/cgroup tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset 0 0
```
It has no mount source, so in `parseInfoFile` in Docker code,
we'll get:
```
Error found less than 3 fields post '-' in "84 83 0:41 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs rw,seclabel"
```
After this fix, we have mount info corrected:
```
sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0
tmpfs /sys/fs/cgroup tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset 0 0
```
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
- Initialize swappiness to -1 for the default config.json
- Pass swappiness from config.json to libcontainer config
Signed-off-by: Zefan Li <lizefan@huawei.com>
Mrunal Patel
Phil Estes
Michael Crosby
Mrunal Patel
Alexander Morozov
Lai Jiangshan
Jin-Hwan Jeong
Fabio Kung
Shishir Mahajan
Alexander Morozov
Rohit Jnagal
Andrey Vagin
Qiang Huang
Zefan Li