The format of the capabilities section in config.json was changed in the
runtime spec 1.0.0.rc5 (pulled in through PR #1370). Update the example
in README.md correspondingly.
Also fix a small typo (though -> through).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Refactor DeviceFromPath in order to get rid of package syscall and
directly use the functions from x/sys/unix. This also allows to get rid
of the conversion from the OS-independent file mode values (from the os
package) to Linux specific values and instead let's us use the raw
file mode value directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Updated logrus to use v1 which includes a breaking name change Sirupsen -> sirupsen.
This includes a manual edit of the docker term package to also correct the name there too.
Signed-off-by: Steven Hartland <steven.hartland@multiplay.co.uk>
If criu isn't installed in the host, integration tests won't be able
to go on, it should skip checkpoint/restore tests instead of interrupt.
Output before:
```
$ make localintegration
bats -t tests/integration
/usr/lib/bats/bats-exec-suite: line 20: let: count+=: syntax error:
operand expected (error token is "+=")
Makefile:103: recipe for target 'localintegration' failed
```
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Use ParseSocketControlMessage and ParseUnixRights from
golang.org/x/sys/unix instead of their syscall equivalent.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
It appears as though these semantics were not fully thought out when
implementing them for rootless containers. It is not necessary (and
could be potentially dangerous) to set the owner of /run/ctr/$id to be
the root inside the container (if user namespaces are being used).
Instead, just use the e{g,u}id of runc to determine the owner.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
If a container is owned by a UID that is not listed in /etc/passwd,
previously we would cast the UID to a string which contained a character
with the unicode value of the UID. This is clearly wrong, switch to
using fmt.Sprintf as intended.
In addition, notate unknown users with a leading '#' in the column. This
is necessary to ensure that a user is not under the impression that the
UID is the same as a numeric username.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Use IoctlGetInt and IoctlGetTermios/IoctlSetTermios instead of manually
reimplementing them.
Because of unlockpt, the ioctl wrapper is still needed as it needs to
pass a pointer to a value, which is not supported by any ioctl function
in x/sys/unix yet.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Update golang.org/x/sys to get newly added functions and constants which
will be used in successive commits.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
We don't have that many scripts and for the amount of errors this is
causing on a weekly basis for contributors its not worth the overhead.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Recent changes in upstream shfmt have started causing our scripts to no
longer be "correctly formatted". Fix up with `shfmt -w`.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Solaris runc equivalent is not open source. The unsupported option does
not build as other code is Linux specific.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
replace #1492#1494fix#1422
Since https://github.com/opencontainers/runtime-spec/pull/876 the memory
specifications are now `int64`, as that better matches the visible interface where
`-1` is a valid value. Otherwise finding the correct value was difficult as it
was kernel dependent.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
CI has fixed kernel version for stack gap bug, updated to
3ca8e575b4
which seems to fix the failed tests.
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
print out errors in checkpoint/restore log when it failed similar to how we did i
in `checkpoint --pre-dump` tests
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
This updates criu to the latest release to help resolve some of the
issues we are seeing on the CI.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Use unix.Eventfd() instead of calling manually reimplementing it using
the raw syscall. Also use the correct corresponding unix.EFD_CLOEXEC
flag instead of unix.FD_CLOEXEC (which can have a different value on
some architectures and thus might lead to unexpected behavior).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Update golang.org/x/sys to get the Eventfd syscall wrapper and the
corresponding EFD_* flags. These will be used in a successive commit to
simplify code in libcontainer/notify_linux.go.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
And Stat_t.PID and Stat_t.Name while we're at it. Then use the new
.State property in runType to distinguish between running and
zombie/dead processes, since kill(2) does not [1]. With this change
we no longer claim Running status for zombie/dead processes.
I've also removed the kill(2) call from runType. It was originally
added in 13841ef3 (new-api: return the Running state only if the init
process is alive, 2014-12-23), but we've been accessing
/proc/[pid]/stat since 14e95b2a (Make state detection precise,
2016-07-05, #930), and with the /stat access the kill(2) check is
redundant.
I also don't see much point to the previously-separate
doesInitProcessExist, so I've inlined that logic in runType.
It would be nice to distinguish between "/proc/[pid]/stat doesn't
exist" and errors parsing its contents, but I've skipped that for the
moment.
The Running -> Stopped change in checkpoint_test.go is because the
post-checkpoint process is a zombie, and with this commit zombie
processes are Stopped (and no longer Running).
[1]: https://github.com/opencontainers/runc/pull/1483#issuecomment-307527789
Signed-off-by: W. Trevor King <wking@tremily.us>
And convert the various start-time properties from strings to uint64s.
This removes all internal consumers of the deprecated
GetProcessStartTime function.
Signed-off-by: W. Trevor King <wking@tremily.us>
Michael Crosby
Daniel, Dao Quang Minh
Tobias Klauser
yangshukui
Mrunal Patel
Steven Hartland
Mrunal Patel
Ma Shimiao
Qiang Huang
Zhang Wei
Aleksa Sarai
Justin Cormack
W. Trevor King