Commit Graph

2288 Commits

Author SHA1 Message Date
Julian Friedman e91b2b8aca Set rlimits using prlimit in parent
Fixes #680

This changes setupRlimit to use the Prlimit syscall (rather than
Setrlimit) and moves the call to the parent process. This is necessary
because Setrlimit would affect the libcontainer consumer if called in
the parent, and would fail if called from the child if the
child process is in a user namespace and the requested rlimit is higher
than that in the parent.

Signed-off-by: Julian Friedman <julz.friedman@uk.ibm.com>
2016-03-25 15:11:44 +00:00
Qiang Huang 344b0ccaa6 Merge pull request #685 from allencloud/fix-typos
fix typos
2016-03-25 18:18:29 +08:00
allencloud 10cc27888c fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-03-25 11:11:48 +08:00
Michael Crosby 5439bd2d95 Merge pull request #682 from anusha-ragunathan/dont-cleanpath
Dont cleanPath for systemd cgroup paths.
2016-03-24 11:18:51 -07:00
Anusha Ragunathan 89abd91694 Dont cleanPath for systemd cgroup paths.
systemd expects cgroupsPath to be of form "slice:prefix:name".
So dont call cleanPath on it anymore.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-03-24 10:52:41 -07:00
Michael Crosby 24950964ec Merge pull request #667 from mrunalp/systemd_cgroups
Add support for enabling systemd cgroups
2016-03-23 16:14:03 -07:00
Mrunal Patel d563bd1342 Merge pull request #677 from tonistiigi/pipe-crash-logging
Show proper error from init process panic
2016-03-23 09:52:57 -07:00
Mrunal Patel 0e4170849f Update man page for runc
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-22 17:09:51 -07:00
Mrunal Patel 7e91a96605 Add support for systemd cgroups in runc
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-22 17:08:07 -07:00
Mrunal Patel 24142a8514 Add a flag to enable systemd cgroups support in runc
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-22 17:07:57 -07:00
Tonis Tiigi 78ecdfe18e Show proper error from init process panic
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-22 15:57:15 -07:00
Mrunal Patel 5f182ce738 Merge pull request #673 from rajasec/error-typo
fixing typo in device access error
2016-03-22 14:16:33 -07:00
Mrunal Patel a35f907983 Merge pull request #668 from mrunalp/fix_exec_oom
Set oom_score_adj before we send the config to avoid race
2016-03-22 09:42:34 -07:00
Qiang Huang 69f8a50081 Merge pull request #669 from mrunalp/fix_test
Fix the kmem TCP test
2016-03-22 09:45:13 +08:00
Michael Crosby e80b6b67e6 Merge pull request #651 from mrunalp/quota_validation
Add more information in the error messages when writing to a file
2016-03-21 17:53:49 -07:00
Mrunal Patel 73e48633a3 Fix the kmem TCP test
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 15:51:42 -07:00
Mrunal Patel 69db69668e Set oom_score_adj before we send the config to avoid race
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 15:33:17 -07:00
Mrunal Patel 4d7929274d Merge pull request #644 from cyphar/fix-pids-max-unlimited
libcontainer: cgroups: deal with unlimited case for pids.max
2016-03-21 14:55:20 -07:00
Mrunal Patel 4856ed1d53 Merge pull request #665 from cyphar/cgroup-kmem-tcp-limit
libcontainer: cgroups: add support for kmem.tcp limits
2016-03-21 14:51:10 -07:00
rajasec 945ef1d51f fixing typo in device access error
Signed-off-by: rajasec <rajasec79@gmail.com>

fixing typo in device access error

Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-21 22:45:53 +05:30
Mrunal Patel 35541ebcd2 Add more information in the error messages when writing to a file
This is helpful to debug "invalid argument" errors when writing to cgroup files

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-21 09:27:24 -07:00
Qiang Huang e32651842a Merge pull request #650 from november-eleven/master
Export user and group lookup errors as variables.
2016-03-21 09:41:56 +08:00
Qiang Huang 37ff49b9d1 Merge pull request #661 from mikebrow/spec-help
adds detail to runc start and spec help text
2016-03-21 09:16:13 +08:00
Aleksa Sarai f5e60cf775 libcontainer: cgroups: add statistics for kmem.tcp
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-20 22:04:02 +11:00
Aleksa Sarai 1448fe9568 libcontainer: cgroups: add support for kmem.tcp limits
Kernel TCP memory has its own special knobs inside the cgroup.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-20 22:03:52 +11:00
Mike Brown fdf9ef46b2 adds detail to runc start and spec help text
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-03-18 13:54:06 -05:00
Mrunal Patel 54a6e56004 Merge pull request #647 from rajasec/valid-id
Fixing valid-id in regex
2016-03-18 09:38:56 -07:00
Mrunal Patel b336a84aeb Merge pull request #658 from hqhq/hq_fix_init_help_info
Fix help info of init command
2016-03-18 09:38:17 -07:00
Qiang Huang c82ec8e898 Fix help info of init command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-18 14:02:42 +08:00
Mrunal Patel 62470e0bd8 Merge pull request #653 from jfrazelle/remove-deadcode
remove deadcode
2016-03-17 16:50:45 -07:00
Michael Crosby 541725b6ef Merge pull request #655 from mrunalp/sync_pid
Sync on the pid file to ensure the write is persisted
2016-03-17 16:15:30 -07:00
Mrunal Patel c85f24fda2 Sync on the pid file to ensure the write is persisted
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-17 15:12:35 -07:00
Aleksa Sarai a6d5179f60 libcontainer: cgroups: add tests for pids.max == "max"
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-18 08:46:24 +11:00
Aleksa Sarai 087b953dc5 libcontainer: cgroups: deal with unlimited case for pids.max
Make sure we don't error out collecting statistics for cases where
pids.max == "max". In that case, we can use a limit of 0 which means
"unlimited".

In addition, change the name of the stats attribute (Max) to mirror the
name of the resources attribute in the spec (Limit) so that it's
consistent internally.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-18 08:46:24 +11:00
Mrunal Patel d6c22f29e3 Merge pull request #652 from crosbymichael/atomic-pid
Create pid-file atomically
2016-03-17 14:44:30 -07:00
Michael Crosby d26cd4da40 Create pid-file atomically
For things that depend or watch for this pid file to know when the
container is started we need to create this file atomically.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-17 14:41:18 -07:00
Jessica Frazelle 2c5b10189c
remove deadcode
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-03-17 13:36:28 -07:00
Thomas LE ROUX 570deee7ac Export user and group lookup errors as variables.
Export errors as variables when no matching entries are found in passwd or group file.

Signed-off-by: Thomas LE ROUX <thomas@november-eleven.fr>
2016-03-17 21:03:27 +01:00
Alexander Morozov bbde9c426f Merge pull request #646 from crosbymichael/pid-host-block
Destroy container along with processes before stdio
2016-03-17 09:51:59 -07:00
Mrunal Patel 015fad9fa8 Merge pull request #604 from hqhq/hq_clean_force_remove
Don't link runc every time
2016-03-16 18:53:51 -07:00
Qiang Huang a719ea5c61 Don't link runc every time
So we won't see the link message every time we make
runc. Also it use force remove when make clean, so
we don't see annoying error when do extra make clean.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-03-17 08:24:24 +08:00
Mrunal Patel 53ca128353 Merge pull request #648 from mrunalp/cgroups_delegate
Set Delegate to true for cgroups transient units
2016-03-16 14:44:02 -07:00
Mrunal Patel 93d1a1a6ea Set Delegate to true for cgroups transient units
This is required because we manage some of the cgroups ourselves.
This recommendation came from talking with systemd devs about
some of the issues that we see when using the systemd cgroups driver.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-16 09:44:27 -07:00
Michael Crosby fdb100d247 Destroy container along with processes before stdio
We need to make sure the container is destroyed before closing the stdio
for the container.  This becomes a big issues when running in the host's
pid namespace because the other processes could have inherited the stdio
of the initial process.  The call to close will just block as they still
have the io open.

Calling destroy before closing io, especially in the host pid namespace
will cause all additional processes to be killed in the container's
cgroup.  This will allow the io to be closed successfuly.

This change makes sure the order for destroy and close is correct as
well as ensuring that if any errors encoutered during start or exec will
be handled by terminating the process and destroying the container.  We
cannot use defers here because we need to enforce the correct ordering
on destroy.

This also sets the subreaper setting for runc so that when running in
pid host, runc can wait on the addiontal processes launched by the
container, useful on destroy, but also good for reaping the additional
processes that were launched.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-15 13:17:11 -07:00
Mrunal Patel 69fe79de10 Merge pull request #637 from crosbymichael/flush-logs
Ensure logs are flushed
2016-03-15 11:05:10 -07:00
Mrunal Patel 2faade9bc7 Merge pull request #503 from cyphar/maintainers-add-aleksa
MAINTAINERS: add Aleksa Sarai to maintainers
2016-03-15 07:56:16 -07:00
Aleksa Sarai ed10cf2804 MAINTAINERS: add Aleksa Sarai to maintainers
In light of my recent contributions, I believe myself to be technically
competent enough to be a maintainer of runC. I'm an active contributor,
authored the PIDs cgroup subsystem specfically for the runC and Docker
projects, and am already a maintainer of libcontainer/user.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-03-15 15:09:53 +11:00
Qiang Huang 3237cad790 Merge pull request #623 from rajasec/validate-spec
Adding spec validation for exec and start
2016-03-15 09:45:02 +08:00
Mrunal Patel be30e557bf Merge pull request #643 from hqhq/hq_add_uninstall
Add make uninstall command
2016-03-14 12:49:48 -07:00
Michael Crosby 732a0fb440 Merge pull request #638 from hqhq/hq_fix_bootstrapData
Fix encoding gid mappings
2016-03-14 11:55:12 -07:00