Commit Graph

34 Commits

Author SHA1 Message Date
Andrey Vagin 94fb37f557 process: add Wait(), Signal() and Pid() methods
Currently we have a problem when buffers are used for std file
descriptors.  These buffers are filled from goroutines (Cmd.goroutine),
and we need to wait them to be sure that all data have been copied.

Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-02-23 23:40:41 +03:00
Michael Crosby f4cf808a3d Merge branch 'master' into api
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	MAINTAINERS
	cgroups/cgroups.go
	cgroups/fs/apply_raw.go
	cgroups/fs/notify_linux.go
	cgroups/fs/notify_linux_test.go
	cgroups/systemd/apply_systemd.go
	config.go
	configs/config_test.go
	console/console.go
	integration/exec_test.go
	integration/init_test.go
	integration/template_test.go
	integration/utils_test.go
	linux_notify.go
	linux_notify_test.go
	mount/init.go
	mount/mount_config.go
	mount/pivotroot.go
	mount/ptmx.go
	namespaces/create.go
	namespaces/exec.go
	namespaces/execin.go
	namespaces/init.go
	namespaces/nsenter/nsenter.c
	namespaces/nsenter/nsenter.go
	namespaces/utils.go
	network/network.go
	network/types.go
	network/veth.go
	notify_linux.go
	notify_linux_test.go
	nsinit/exec.go
	nsinit/main.go
	nsinit/nsenter.go
	nsinit/oom.go
	sample_configs/host-pid.json
	sample_configs/userns.json
	security/capabilities/capabilities.go
	update-vendor.sh
2015-02-16 15:09:42 -08:00
Michael Crosby b21b19e060 Add factory configuration via functional api
This allows you to set certian configuration options such as what cgroup
implementation to use on the factory at create time.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-16 11:26:13 -08:00
Michael Crosby 1a37242fa2 Refactor system mounts to be placed on the config
Also remove the RestrictSys bool replaced by configurable paths that the
user can specify.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-12 16:58:38 -08:00
Michael Crosby 5c246d038f Persist container state to disk
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 16:52:28 -08:00
Michael Crosby fde0b7aa0d Refactor network and veth creation
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 13:33:58 -08:00
Michael Crosby 0c1919c427 Refactor parent processes into types
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 21bb5ccc4f Move environment configuration to Process
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby 5fc19e8db5 Rename Fs fields to fs
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:08 -08:00
Andrey Vagin c6f5420bed integration: check a container with userns
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-02-04 14:21:05 +03:00
Andrey Vagin bcd0222be5 api: fix config tests
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-02-03 10:00:21 -08:00
Andrey Vagin daca745c4c api: fix integration tests
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-02-03 09:59:58 -08:00
Andrey Vagin ca633b2f29 Merge remote-tracking branch 'origin/master' into api
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-28 14:37:40 +03:00
Andrew Vagin 61fef16f4a new-api: implement Wait, WaitProcess
Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-01-21 18:46:01 +03:00
Andrey Vagin 6fc1dd5f25 integration: check a container state after resumning the CT
Otherwise CT will be left in a frozen state in a fail case

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Andrey Vagin 5162e5a81c integration: check container.Processes()
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Mrunal Patel b0eece8d7d Adds support for User Namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Adds sample configuration to test user namespaces.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Rebases to master.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Fixes integration tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Move selinux labeling, apparmor profile and restrict kernel files back to init.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Separate the code paths for userns and default cases.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

tty not required for setup

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Cleanup and address review comments.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Remove debug logs and other cleanup.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)

Use function paramaters for SetupContainer.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2015-01-19 14:50:21 -05:00
Andrey Vagin 5138417f80 integration: add test to check Pause and Resume operations
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-19 22:25:52 +03:00
Andrew Vagin 7b33e53e4a integration: check that a process can be executed in an existing CT
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 23:48:28 +03:00
Dan Walsh 1bd146ed82 This patch adds a test for the shared HOST Pid namespace
It also kills all processes in a cgroup if you are not using the pid namespace

If we stop using the PID namespace, and more then one process is running
when the pid 1 exits, docker will hang since the cgroups do not disappear.

This code will kill all remaining processes

Add Tests for handing of Pid Namespaces

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-01-09 13:43:47 -05:00
Alexander Morozov c34b3d5ce9 Fix vet errors
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-29 10:57:01 -08:00
Andrey Vagin 86653c66a3 libcontinaer: use new API in integration tests
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2014-12-19 14:48:16 +03:00
Andrey Vagin 7038ddbc8c libcontainer: move Config in a separate package
We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2014-12-19 12:32:34 +03:00
Michael Crosby 2329014b6d Implement types for namespaces
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-16 16:34:46 -08:00
Michael Crosby 4661c239dc Add type for namespaces for better UI
This adds `type Namespaces []Namespace` so that methods can be added to
this slice so that it is easier for consumers to work with the values.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-16 16:15:35 -08:00
Daniel, Dao Quang Minh 6a76ecb1ce refactor common container setup out of execin tests
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2014-12-10 04:18:43 -05:00
Daniel, Dao Quang Minh 0195469398 execin should honour rlimit of the container
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2014-12-10 04:13:31 -05:00
Daniel, Dao Quang Minh 2f1b2ce204 add support for testing execin
when the test binary starts, it detects whether it should run the container
initialization code or the execin initialization code based on the suppplied
arguments. The execin initialization code is taken from docker.

also added a sample test for execin process.

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
2014-12-10 03:39:00 -05:00
Michael Crosby 549f508d5b Change namespaces config to include path for setns
This changes the namespace configuration on the config to include the
name of the namespace along with an optional path.  This path is used to
point to a file of another namespace for the namespace so that it can be
joined in place of the empty, initialized namespace.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-03 12:00:43 -08:00
Brian Goff e6cc8fc713 Add support for setting rlimit for contianer
Adds a new item to the config struct []*Rlimit
Rlimit takes a type (ie, syscall.RLIMIT_NOFILE) and the hard/soft limit
(As max/cur)

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2014-11-26 14:10:01 -05:00
Michael Crosby 2be676643e Remove syncpipe pkg
This removes the entire syncpipe package and replaces it with standard
operations on the pipes.  The syncpipe type just never felt right and
probably should not have been there.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-11-06 00:08:10 +00:00
Michael Crosby ad9b433e6c Add test for ipc private and shared path
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-28 22:13:05 +00:00
Michael Crosby 85f3df2539 Add test for IPC host sharing
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-28 22:00:28 +00:00
Michael Crosby 3f2333b667 Add integration test pkg
This integration pkg adds a framework for writing integration tests
aginst the libcontainer APIs

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-17 23:25:30 +00:00