If the container's state is `created` when runc delete is called make
sure that the init is killed before deleting the on system state.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Kernel memory cannot be set in these circumstances (before kernel 4.6):
1. kernel memory is not initialized, and there are tasks in cgroup
2. kernel memory is not initialized, and use_hierarchy is enabled,
and there are sub-cgroups
While we don't need to cover case 2 because when we set kernel
memory in runC, it's either:
- in Apply phase when we create the container, and in this case,
set kernel memory would definitely be valid;
- or in update operation, and in this case, there would be tasks
in cgroup, we only need to check if kernel memory is initialized
or not.
Even if we want to check use_hierarchy, we need to check sub-cgroups
as well, but for here, we can just leave it aside.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
For example:
./runc checkpoint --empty-ns network CTID
In this case criu creates a network namespace, but doesn't restore it.
We are going to use this option to restore docker containers and
Docker sets a hook to restore a network namespace.
https://github.com/xemul/criu/issues/165
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
On GitHub the maintainers of runC are *not* the same as the maintainers
of runtime-spec. Fix this, and use the right team.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This makes it much simpler to write tests, and you don't have to worry
about some of the oddness with bats.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This patch add manual for ps command, and remove remove example
for --format command, which is not necessary.
Suggested-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
This patch add losted --no-subreaper and --no-pivot options in
manual:
# ./runc restore --help
..
OPTIONS:
...
--no-subreaper disable the use of the subreaper used to reap reparented processes
--no-pivot do not use pivot root to jail process inside rootfs. This should be used whenever the rootfs is on top of a ramdisk
#
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
The description contents in manual is for --format argument
actually, see:
# ./runc list --help
...
OPTIONS:
--format, -f select one of: table or json.
The default format is table. The following will output the list of containers
in json format:
# runc list -f json
--quiet, -q display only container IDs
#
This patch move above content into right place, and remove the command
example which is not necessary.
Suggested-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
When we set a wrong --log-format value, runc exit without any
message:
# ./runc --log-format aaa list
#
It is again "no news is good news" rule.
And it is not unified with the case when we set a wrong --log
value:
# ./runc --log / list
ERRO[0000] open /: is a directory
open /: is a directory
#
This patch unified action for above two error-setting.
After patch:
# ./runc --log-format aaa list
unknown log-format: "aaa"
#
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
--no-subreaper's description exist in code but not in manual:
# ./runc exec --help
...
OPTIONS:
...
--no-subreaper disable the use of the subreaper used to reap reparented processes
#
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
--events argument's usage was updated by:
commit:a62dbf48b0fe5e2e28e3cc9dc80a70d2ec5ebc25
We need to update manual together.
This patch also removes last useless blank line
in manual.
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
There are 3 types of EXAMPLE title in manual and code:
1: "# EXAMPLE"
runc-delete.8.md
runc-exec.8.md
runc-kill.8.md
2: "EXAMPE:"
runc-spec.8.md
3: EXAMPLE title exist in manual, but not exist in code's --help output
delete.go
exec.go
kill.go
This patch unified above format, and deleted some useless blanks.
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Reason1:
other runc manual are using word of "SYNOPSIS"
# grep USAGE man/*
# man/runc-checkpoint.8.md:#USAGE
#
# grep SYNOPSIS man/*
man/runc-checkpoint.8.md:# SYNOPSIS
man/runc-delete.8.md:# SYNOPSIS
man/runc-events.8.md:# SYNOPSIS
man/runc-exec.8.md:# SYNOPSIS
man/runc-kill.8.md:# SYNOPSIS
man/runc-list.8.md:# SYNOPSIS
man/runc-pause.8.md:# SYNOPSIS
man/runc-restore.8.md:# SYNOPSIS
man/runc-resume.8.md:# SYNOPSIS
man/runc-spec.8.md:# SYNOPSIS
man/runc-start.8.md:# SYNOPSIS
man/runc-state.8.md:# SYNOPSIS
man/runc-update.8.md:# SYNOPSIS
man/runc.8.md:# SYNOPSIS
#
Reason2:
Most linux commands are using word of "SYNOPSIS"
# man ls
# man find
# ...
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
This update allows more distributions to build runC with seccomp out of
the box (the include path and library paths are not always the Go
defaults). In addition, update the test's Dockerfile to have pkg-config
installed.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
In user namespaces, we need to make sure we don't chown() the console to
unmapped users. This means we need to get both the UID and GID of the
root user in the container when changing the owner.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Since kernel 4.6, we can update kernel memory without
initialization, because it's accounted by default.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>