Aleksa Sarai
ae078224fc
merge branch 'pr-1129'
...
LGTMs: @mrunalp @cyphar
Closes #1129
2016-10-25 16:38:01 +11:00
Qiang Huang
4ec570d060
Merge pull request #1138 from gaocegege/fix-config-validator
...
docker/docker#27484-check if sysctls are used in host network mode.
2016-10-25 11:08:51 +08:00
Aleksa Sarai
c7ed2244f4
merge branch 'pr-1125'
...
LGTMs: @hqhq @mrunalp
Closes #1125
2016-10-25 10:05:28 +11:00
Mrunal Patel
35f55e6aa8
Merge pull request #1140 from rajasec/ps-bash-completions
...
Updating bash completion for ps command
2016-10-24 09:56:39 -07:00
Mrunal Patel
fdfe45b22a
Merge pull request #1139 from allencloud/fix-nit-in-stderr-log
...
fix nits in stderr log
2016-10-24 09:56:01 -07:00
Wang Long
ba1c0b4fa3
check the arguments for `runc create`
...
This patch checks the arguments for command `runc create`.
the `create` command requires exactly one argument
eg:
root@ubuntu:~# runc create -b /mycontainer/ a
root@ubuntu:~# runc list
ID PID STATUS BUNDLE CREATED
a 61637 created /mycontainer 2016-10-20T08:21:20.169810942Z
root@ubuntu:~# runc create -b /mycontainer/ a b
runc: "create" requires exactly one argument
root@ubuntu:~# runc create -b /mycontainer/
runc: "create" requires exactly one argument
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-10-24 11:09:06 +08:00
allencloud
f550f04f20
fix nits in stderr log
...
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-10-23 22:43:53 +08:00
rajasec
4cfbd2555d
Small typo in README
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Fixing small typo in README
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-10-23 19:08:17 +05:30
rajasec
b2a194f226
Updating bash completion for ps command
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-10-22 21:51:21 +05:30
Qiang Huang
850b9c0b50
Merge pull request #1132 from datawolf/add-integration-test-for-create
...
add test cases for create command
2016-10-22 17:46:33 +08:00
Qiang Huang
d15661dc4d
Merge pull request #1131 from datawolf/add-integration-test-for-list
...
add test cases for list command
2016-10-22 17:43:04 +08:00
Ce Gao
41c35810f2
add test cases about host ns
...
Signed-off-by: Ce Gao <ce.gao@outlook.com>
2016-10-22 11:31:15 +08:00
Ce Gao
bc84f83344
fix docker/docker#27484
...
Signed-off-by: Ce Gao <ce.gao@outlook.com>
2016-10-22 11:22:52 +08:00
Alexander Morozov
1ab9d5e6f4
Merge pull request #845 from mrunalp/cp_tmpfs
...
Add support for copying up directories into tmpfs when a tmpfs is mounted over them
2016-10-21 13:47:16 -07:00
Mrunal Patel
c4198ad9af
Merge pull request #1134 from WeiZhang555/tiny-refactor
...
Some refactor and cleanup
2016-10-20 15:08:40 -07:00
Mrunal Patel
fa5e0cdba2
Merge pull request #1136 from yongtang/27540-exec-state-proc-pid-stat
...
Fix issue in `GetProcessStartTime`
2016-10-20 15:08:01 -07:00
Yong Tang
a83f5bac28
Fix issue in `GetProcessStartTime`
...
This fix tries to address the issue raised in docker:
https://github.com/docker/docker/issues/27540
The issue was that `GetProcessStartTime` use space `" "`
to split the `/proc/[pid]/stat` and take the `22`th value.
However, the `2`th value is inside `(` and `)`, and could
contain space. The following are two examples:
```
ubuntu@ubuntu:~/runc$ cat /proc/90286/stat
90286 (bash) S 90271 90286 90286 34818 90286 4194560 1412 1130576 4 0 2 1 2334 438 20 0 1 0 3093098 20733952 823 18446744073709551615 1 1 0 0 0 0 0 3670020 1266777851 0 0 0 17 1 0 0 0 0 0 0 0 0 0 0 0 0 0
ubuntu@ubuntu:~/runc$ cat /proc/89653/stat
89653 (gunicorn: maste) S 89630 89653 89653 0 -1 4194560 29689 28896 0 3 146 32 76 19 20 0 1 0 2971844 52965376 3920 18446744073709551615 1 1 0 0 0 0 0 16781312 137447943 0 0 0 17 1 0 0 0 0 0 0 0 0 0 0 0 0 0
```
This fix fixes this issue by removing the prefix before `)`,
then finding the `20`th value (instead of `22`th value).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-20 11:34:21 -07:00
Zhang Wei
c179b0ffc7
Some refactor and cleanup
...
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-10-20 17:58:51 +08:00
Wang Long
5aef160c5a
add test cases for list command
...
This patch add test `-q` option for list command.
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-10-20 16:45:34 +08:00
Wang Long
596a4c397c
add test cases for create command
...
This patch add test `--pid-file` option for create command.
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-10-20 16:23:27 +08:00
Aleksa Sarai
f8e6b5af5e
rootfs: make pivot_root not use a temporary directory
...
Namely, use an undocumented feature of pivot_root(2) where
pivot_root(".", ".") is actually a feature and allows you to make the
old_root be tied to your /proc/self/cwd in a way that makes unmounting
easy. Thanks a lot to the LXC developers which came up with this idea
first.
This is the first step of many to allowing runC to work with a
completely read-only rootfs.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-20 12:55:58 +11:00
Michael Crosby
2a5001c1bc
Merge pull request #1124 from derekwaynecarr/apply-idempotent
...
Ignore error when starting transient unit that already exists
2016-10-19 13:52:10 -07:00
Derek Carr
d223e2adae
Ignore error when starting transient unit that already exists
...
Signed-off-by: Derek Carr <decarr@redhat.com>
2016-10-19 14:55:52 -04:00
Michael Crosby
b827292ef7
Merge pull request #1121 from cyphar/fix-masked-paths-test
...
tests: mask: use test paths rather than /sys
2016-10-19 11:16:42 -07:00
Qiang Huang
19ab304367
Merge pull request #1091 from rajasec/ps-errors
...
ps error logging improvement
2016-10-19 11:11:41 +08:00
Aleksa Sarai
6e97f3ad69
tests: mask: use test paths rather than /sys
...
In certain circumstances (such as the rootless containers patchset), it
is not possible to test things using /sys/firmware. In addition, we
should be testing our own functionality rather than testing protection
against /sys attacks (for which the system might already have extra
protections).
Instead, just make some fake paths in the rootfs that we then mask.
Oddly I noticed that one of the errors changed when doing this (because
before we tested removing a file from /sys/firmware which is -EPERM). So
the old test was broken.
Fixes: 53179559a1
("MaskPaths: support directory")
Fixes : #1068
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-19 05:59:50 +11:00
Andrew Vagin
88b4c4851e
Merge pull request #1120 from cyphar/fix-gofmt
...
checkpoint: fix gofmt
2016-10-18 23:56:48 +05:00
Aleksa Sarai
38560a0316
checkpoint: fix gofmt
...
Fixes: a60040c62d
("Container must not checkpoint in created state")
Fixes : #1076
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-19 05:37:24 +11:00
Aleksa Sarai
e3cd191acc
nsenter: un-split clone(cloneflags) for RHEL
...
Without this patch applied, RHEL's SELinux policies cause container
creation to not really work. Unfortunately this might be an issue for
rootless containers (opencontainers/runc#774 ) but we'll cross that
bridge when we come to it.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-18 18:26:27 +11:00
Aleksa Sarai
bf77e5976a
merge branch 'pr-1118'
...
Closes : #1118
LGTMs: @cyphar @hqhq
2016-10-18 18:17:31 +11:00
Wang Long
ed6c5c038c
update the man for runc delete command
...
This patch also change the description in delete.go in order to
keep consistent with the mannual.
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-10-18 12:18:10 +08:00
Michael Crosby
fcc40b7a63
Remove panic from init
...
Print the error message to stderr if we are unable to return it back via
the pipe to the parent process. Also, don't panic here as it is most
likely a system or user error and not a programmer error.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-10-17 15:54:51 -07:00
Mrunal Patel
0259c00a35
Merge pull request #1105 from keloyang/check-kill-signal-num
...
Add num check for kill command
2016-10-17 15:15:28 -07:00
Mrunal Patel
4161f2a63b
Merge pull request #1115 from rajasec/filemode-panic
...
Fixing runc panic for missing file mode
2016-10-17 15:01:49 -07:00
Mrunal Patel
30a122d068
Merge pull request #1112 from rhatdan/romount
...
Add support for r/o mount labels
2016-10-17 14:45:32 -07:00
Michael Crosby
4dcc0466e2
Merge pull request #1074 from datawolf/multi-containers
...
start multi-containers with `runc start` command
2016-10-17 14:31:04 -07:00
Dan Walsh
6932807107
Add support for r/o mount labels
...
We need support for read/only mounts in SELinux to allow a bunch of
containers to share the same read/only image. In order to do this
we need a new label which allows container processes to read/execute
all files but not write them.
Existing mount label is either shared write or private write. This
label is shared read/execute.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-17 16:56:42 -04:00
rajasec
528bf3718d
ps error logging improvement
...
Signed-off-by: rajasec <rajasec79@gmail.com>
ps error logging improvement
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-10-17 20:50:33 +05:30
Qiang Huang
509ddd6f11
Merge pull request #1075 from datawolf/pause-resume-multi-containers
...
pause and resume multi-containers
2016-10-17 22:53:22 +08:00
Wang Long
2f5c0afbbc
pause and resume multi-containers
...
With this patch, `runc pasue` and `runc resume` can
pause and resume multi-containers.
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-10-17 19:44:08 +08:00
Qiang Huang
a6284a7bdb
Merge pull request #1116 from rajasec/hugetlb-panic
...
Fixing runc panic during hugetlb pages
2016-10-17 13:55:59 +08:00
rajasec
034cba6af0
Fixing runc panic for missing file mode
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Fixing runc panic for missing file mode
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-10-16 20:39:44 +05:30
Aleksa Sarai
7be6edaa60
merge branch 'pr-1114'
...
LGTMs: @hqhq @cyphar
Closes : #1114
2016-10-16 22:27:15 +11:00
rajasec
4b263c9594
Fixing runc panic during hugetlb pages
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Fixing runc panic during hugetlb pages
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-10-15 19:47:33 +05:30
Mrunal Patel
3abefdff18
Merge pull request #1109 from rhatdan/dupsec
...
DupSecOpt needs to match InitLabels
2016-10-14 08:18:25 -07:00
Lei Jitang
1cd050244e
Valide platform on loading config.json
...
run an arm64 image on an amd64 platform, it will failed with
````
panic: standard_init_linux.go:175: exec user process caused "exec format error" [recovered]
panic: standard_init_linux.go:175: exec user process caused "exec format error"
goroutine 1 [running, locked to thread]:
panic(0x7e7e40, 0xc820124380)
/usr/local/go/src/runtime/panic.go:481 +0x3e6
github.com/urfave/cli.HandleAction.func1(0xc8200c52f8)
/home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/urfave/cli/app.go:478 +0x38e
panic(0x7e7e40, 0xc820124380)
/usr/local/go/src/runtime/panic.go:443 +0x4e9
github.com/opencontainers/runc/libcontainer.(*LinuxFactory).StartInitialization.func1(0xc8200c4c08, 0xc8200220a0, 0xc8200c4d18)
/home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/factory_linux.go:259 +0x136
github.com/opencontainers/runc/libcontainer.(*LinuxFactory).StartInitialization(0xc82006c780, 0x7fb9124733f8, 0xc820124380)
/home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/factory_linux.go:277 +0x5b1
main.glob.func8(0xc820090780, 0x0, 0x0)
/home/lei/opencontainers/runc/main_unix.go:26 +0x68
reflect.Value.call(0x74ca00, 0x8fda40, 0x13, 0x844470, 0x4, 0xc8200c5278, 0x1, 0x1, 0x0, 0x0, ...)
/usr/local/go/src/reflect/value.go:435 +0x120d
reflect.Value.Call(0x74ca00, 0x8fda40, 0x13, 0xc8200c5278, 0x1, 0x1, 0x0, 0x0, 0x0)
/usr/local/go/src/reflect/value.go:303 +0xb1
github.com/urfave/cli.HandleAction(0x74ca00, 0x8fda40, 0xc820090780, 0x0, 0x0)
/home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/urfave/cli/app.go:487 +0x2ee
github.com/urfave/cli.Command.Run(0x847330, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dcec0, 0x51, 0x0, ...)
/home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/urfave/cli/command.go:191 +0xfec
github.com/urfave/cli.(*App).Run(0xc820001980, 0xc82000a100, 0x2, 0x2, 0x0, 0x0)
/home/lei/opencontainers/runc/Godeps/_workspace/src/github.com/urfave/cli/app.go:240 +0xaa4
main.main()
/home/lei/opencontainers/runc/main.go:137 +0xe24
````
instead of throwing panic on execing the container process, we should
throw the platform mismatch at the very beginning, it's much more
clear and can tell user what's wrong.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2016-10-14 02:53:37 -04:00
Dan Walsh
491cadac92
DupSecOpt needs to match InitLabels
...
At some point InitLabels was changed to look for SecuritOptions
separated by a ":" rather then an "=", but DupSecOpt was never
changed to match this default.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-13 16:10:29 -04:00
Daniel, Dao Quang Minh
d186a7552b
Merge pull request #1111 from keloyang/rpid-limit-check
...
tiny fix, add a null check for specs.Resources.Pids.Limit
2016-10-13 18:04:49 +01:00
Shukui Yang
affc105264
tiny fix, add a null check for specs.Resources.Pids.Limit
...
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
2016-10-13 15:55:30 +08:00
Mrunal Patel
3b4ff53867
Merge pull request #1097 from keloyang/remove-tmp-bats
...
remove /tmp/bats from dev_runc
2016-10-12 11:07:56 -07:00