Since currently the container.json file does not include the pathname
to a container's root filesystem, we need to parse /proc/mounts which
is slow and error-prone. This patch addresses this issue by adding a
new RootFs field.
Signed-off-by: Saied Kazemi <saied@google.com>
The current paths for the different systemd cgroup subsystems that
systemd manages and that we have to manage are very inconsistent. This
patch cleans up those differences and allows consistent paths to be
used.
Signed-off-by: Michael Crosby <michael@docker.com>
namespaces.DefaultCreateCommand prepends the user-supplied command to
execute with "--", so that "nsinit init" does not attempt to interpret
it.
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
This moves the sync pipe into a separate package to help the changes
when moving the API around.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Ensure that the command is killed if we receive an error from the child
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
We use a unix domain socketpair instead of a pipe for the sync pipe,
which allows us to use two-way shutdown. After sending the
context we shut down the write side which lets the child know
it finished reading.
We then block on a read in the parent for the child closing the file
(ensuring we close our version of it too) to sync for when the child
is finished initializing. If the read is non-empty we assume this
is an error report and fail with an error. Otherwise we continue as
before.
This also means we're now calling back the start callback later,
meaning at that point its more likely to have succeeded, as well as
having consumed all the container resources (like volume mounts,
making it safe to e.g. unmount them when the start callback is
called).
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
nsinit must be run as root.
Tidy up the README somewhat to clarify the distinction between
libcontainer and the nsinit CLI.
Fix some typos in other files.
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2. Introducing a new checkpoint file 'network.stats' which will contain the network runtime information (veth interface names for now).
3. Adding network stats to 'nsinit stats'.
4. Added a libcontainer Stats API to get both network and cgroup stats
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
'namespaces' need to refactored a bit more to move the API part of it to 'libcontainer' package and keep the namespace specific code inside that package.
This change is not expected to break docker.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Saied Kazemi
Michael Crosby
Vishnu Kannan
Bernerd Schaefer
Alexander Larsson
Glyn Normington
Victor Marmol
Michael Crosby
Guillaume J. Charmes