This adds a new env var for identifying the internal sync pipe that
libcontainer uses to sync with the container and parent process. This
replaces #496 to allow the user to add additional files to the processes
and not take over fd 3 for all containers.
Closes#496
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
More people are using this to test new features and this makes it very
simple to run a container with a simple command.
`nsinit exec --tty sh`
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently we have a problem when buffers are used for std file
descriptors. These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Move the network setup back into the standard init even for user
namespaces now that mounts are fully supported and working.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This updates the console handling to chown the console on creation to
the root user within the container.
This also moves the setup mounts from the userns sidecar process into
the main init processes by trying to mknod devices, if it fails on an
EPERM then bind mount the device from the host into the container for
use. This prevents access issues when the sidecar process mknods the
device for the usernamespace returning an EPERM when writting to
dev/null.
This also adds some error handling for init processes and nsinit updates
with added flags for testing and other functions.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This allows you to set certian configuration options such as what cgroup
implementation to use on the factory at create time.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This removes a new unused methods from the container interface and types
parameters such as os.Signal and WaitStatus
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Change the various config structs into one package and have a flatter
structure for easier use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This adds the ability to receive OOM notifications for a container via
the `nsinit oom` command.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
A new constructor function (like nsenter) is added in this patch. This
function gets arguments from environment variables and its behaviour doesn't
depend on a command line arguments.
A program which calls factory.StartInitialization() must import the nsenter
package. It looks ugly, but I don't know another way how to enter into CT from
a go code.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Use namespace.Exec() and namespace.Init() to execute processes in CT.
Now an init process is actually executed in a new container. This series
doesn't change code about creating containers, it only reworks code according
with new API.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Michael Crosby
Mrunal Patel
wonderflow
Qiang Huang
Mrunal Patel
Alexander Morozov
Andrey Vagin
Victor Marmol