Commit Graph

2459 Commits

Author SHA1 Message Date
Mrunal Patel f0ec80b93c Merge pull request #821 from runcom/warnings
libcontainer: nsenter: nsexec.c: fix warnings
2016-05-16 09:38:45 -07:00
Antonio Murdaca 9d14efec4c libcontainer: nsenter: nsexec.c: fix warnings
Fix the following warnings when building runc with gcc 6+:

Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:
In function ‘nsexec’:
Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:322:6:
warning: ‘__s’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
      pr_perror("Failed to open %s", ns);
Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:273:30:
note: ‘__s’ was declared here
 static struct nsenter_config process_nl_attributes(int pipenum, char
*data, int data_size)
                              ^~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-05-14 11:19:44 +02:00
Michael Crosby c6a791bef9 Merge pull request #816 from opencontainers/revert-796-relabeldev
Revert "Need to make sure labels applied to /dev"
2016-05-11 11:41:50 -07:00
Aleksa Sarai e991f041a1 Revert "Need to make sure labels applied to /dev"
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-11 23:28:01 +10:00
Aleksa Sarai 9bc97e2291 Merge pull request #813 from rajasec/update-kmem-tcp
Adding kernel mem tcp for update command
2016-05-11 08:31:47 +00:00
rajasec 8839f9f70b Adding kernel mem tcp for update command
Signed-off-by: rajasec <rajasec79@gmail.com>

Adding kernel mem tcp for update command

Signed-off-by: rajasec <rajasec79@gmail.com>

Fixing update.bats to reduce the TCP value

Signed-off-by: rajasec <rajasec79@gmail.com>

Updated the kernelTCP in bats as per json

Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed some minor issue in bats file

Signed-off-by: rajasec <rajasec79@gmail.com>

Rounded off to right bytes for kernel TCP

Signed-off-by: rajasec <rajasec79@gmail.com>

Updating man file for update command

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-10 14:11:36 +05:30
Mrunal Patel be46e644f6 Merge pull request #809 from hqhq/hq_add_update_man
Add man page and fix typo for update command
2016-05-09 19:17:10 -07:00
Qiang Huang e75465b1a3 Add man page and fix typo for update command
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-09 19:04:25 +08:00
Qiang Huang d49ece5a83 Merge pull request #790 from mlaventure/runc-update-cgroup-kmem-limit
Runc update cgroup kmem limit
2016-05-09 14:01:18 +08:00
Kenfe-Mickael Laventure d78ae51a2d Add test for cgroup memory.kmem.limit_in_bytes handling
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Kenfe-Mickael Laventure 4190e5a920 Add new `update` command to runc.
This command allow users to update some of a container cgroups
parameters.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Kenfe-Mickael Laventure 27814ee120 Allow updating kmem.limit_in_bytes if initialized at cgroup creation
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Michael Crosby 4ad7bbc172 Merge pull request #783 from cyphar/test-all-the-things
Use full test suite on make test
2016-05-05 17:26:47 -07:00
Mrunal Patel ec77200ceb Merge pull request #804 from rajasec/apparmor-error
Updating error condition in applying apparmor profile
2016-05-05 15:28:24 -07:00
Michael Crosby 03ef0a2f89 Merge pull request #800 from mrunalp/ocf_oci
Change OCF to OCI in help string and man page.
2016-05-05 14:11:59 -07:00
rajasec cb04f48486 Updating error condition in applying apparmor profile
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-04 19:10:55 +05:30
Mrunal Patel 8075a9ee6f Change OCF to OCI in help string and man page.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-05-03 16:05:20 -07:00
Aleksa Sarai dd4a897f5d *: enable full test suite on make test
Enable the full test suite to run on `make test`. They also all run
inside a Docker container for maximum reproducibility.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-03 17:15:49 +10:00
Mrunal Patel 89c3c97a84 Merge pull request #796 from rhatdan/relabeldev
Need to make sure labels applied to /dev
2016-05-02 09:50:26 -07:00
Dan Walsh 77f312c51c Need to make sure labels applied to /dev
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-05-02 08:17:49 -04:00
Michael Crosby e87c59e2e4 Merge pull request #793 from bboreham/label-sep
Use '=' instead of ':' separator on labels
2016-04-29 15:19:28 -07:00
Mrunal Patel a36c2b373a Merge pull request #795 from jimberlage/794-update-documentation
Correct outdated URL
2016-04-29 09:08:51 -07:00
Jim Berlage c5b0caf76d Correct outdated URL
`libcontainer/cgroups/utils.go` uses an incorrect path to the
documentation for cgroups.  This updates the comment to use the correct
URL.  Fixes #794.

Signed-off-by: Jim Berlage <james.berlage@gmail.com>
2016-04-29 10:44:27 -05:00
Bryan Boreham 4a87beb661 Use '=' instead of ':' separator on labels, which is now deprecated by Docker
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2016-04-29 13:01:44 +01:00
Michael Crosby 7d23639138 Merge pull request #789 from justincormack/unprivseccomp
If possible, apply seccomp rules immediately before exec
2016-04-27 17:08:16 -07:00
Justin Cormack e18de63108 If possible, apply seccomp rules immediately before exec
See https://github.com/docker/docker/issues/22252

Previously we would apply seccomp rules before applying
capabilities, because it requires CAP_SYS_ADMIN. This
however means that a seccomp profile needs to allow
operations such as setcap() and setuid() which you
might reasonably want to disallow.

If prctl(PR_SET_NO_NEW_PRIVS) has been applied however
setting a seccomp filter is an unprivileged operation.
Therefore if this has been set, apply the seccomp
filter as late as possible, after capabilities have
been dropped and the uid set.

Note a small number of syscalls will take place
after the filter is applied, such as `futex`,
`stat` and `execve`, so these still need to be allowed
in addition to any the program itself needs.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-04-27 20:06:14 +01:00
Aleksa Sarai 07d062bb7b Merge pull request #782 from hqhq/hq_specs_name
Change specs to runtime-spec in integration test
2016-04-26 23:08:38 +00:00
Mrunal Patel 7605fce790 Merge pull request #786 from hqhq/hq_fix_event_test
Fix integration test for events
2016-04-26 12:07:53 -07:00
Mrunal Patel 9c89737e6e Merge pull request #785 from hqhq/hq_remove_sniffTest
Remove sniffTest
2016-04-26 09:31:15 -07:00
Qiang Huang fb7dcac662 Fix integration test for events
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 19:00:21 +08:00
Qiang Huang 5c1ea321df Merge pull request #780 from crosbymichael/stats-format
Improve stats output format for stability
2016-04-26 17:16:53 +08:00
Qiang Huang 18612e6c7f Remove sniffTest
We have integration test now, not ideal though, but it
surely can replace sniffTest.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 16:20:45 +08:00
Qiang Huang 38271a38be Change specs to runtime-spec in integration test
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 15:59:00 +08:00
Qiang Huang 6d1c115b10 Merge pull request #779 from crosbymichael/ps-json
Add json format to ps command
2016-04-26 09:34:27 +08:00
Michael Crosby a62dbf48b0 Improve stats output
This adds specific types and improves the json format for the marshaled
structure so that it is inline with the output that the spec produce,
camelCase not snake_case.

This should be the last change needed for people to really depend on the
output of this command and ensure that it does not change with any
internal changes instead of just marshaling the libcontainer structure.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 16:15:48 -07:00
Michael Crosby bb8591138b Add json format to ps command
For programatic parsing add a json format option to the new `runc ps`
command.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 15:21:07 -07:00
Michael Crosby e559f7aebb Merge pull request #767 from hqhq/hq_add_ps
Add ps command
2016-04-25 14:51:43 -07:00
Mrunal Patel 6b4da4fff1 Merge pull request #778 from opencontainers/mount-label-release
Bump to v0.1.1 for selinux mount label fix
2016-04-25 14:28:22 -07:00
Michael Crosby baf6536d62 Bump to 0.1.1
This includes a fix for selinux mount labels in the spec.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 14:18:35 -07:00
Mrunal Patel 9d16d9472e Bump up spec and add support for mount label
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-25 14:14:15 -07:00
Michael Crosby ee42f8bbb6 Merge pull request #768 from rajasec/events-destroy
Not showing up the events for destroyed container
2016-04-25 10:51:58 -07:00
Mrunal Patel 091ed0b043 Merge pull request #777 from cyphar/fix-null-pointer-deref
libcontainer: specconv: fix nil dereference in resource setup
2016-04-24 19:09:30 -07:00
Aleksa Sarai 4b710d33d2 Merge pull request #776 from rajasec/runc-path
Updating README for runc path
2016-04-25 01:56:37 +00:00
Aleksa Sarai a939c7ecd9 libcontainer: specconv: fix nil dereference in resource setup
This caused issues if someone omitted or set "resources": null, in the
runC config. The panic follows.

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x20 pc=0x545b53]

goroutine 1 [running]:
panic(0x7aed40, 0xc820014260)
        /usr/lib64/go/src/runtime/panic.go:464 +0x3e6
github.com/opencontainers/runc/libcontainer/specconv.CreateLibcontainerConfig(0xc8200b0e30, 0x836480, 0x0, 0x0)
        /home/cyphar/src/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/specconv/spec_linux.go:222 +0xe83
main.createContainer(0xc82007eb40, 0x7ffd8024e439, 0x4, 0xc82008e780, 0x0, 0x0, 0x0, 0x0)
        /home/cyphar/src/runc/utils_linux.go:174 +0x105
main.startContainer(0xc82007eb40, 0xc82008e780, 0x0, 0x0, 0x0)
        /home/cyphar/src/runc/start.go:114 +0x189
main.glob.func11(0xc82007eb40)
        /home/cyphar/src/runc/start.go:78 +0x13e
github.com/codegangsta/cli.Command.Run(0x829a58, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87ada0, 0x1a, 0x8dff80, ...)
        /home/cyphar/src/runc/Godeps/_workspace/src/github.com/codegangsta/cli/command.go:137 +0x1081
github.com/codegangsta/cli.(*App).Run(0xc82007e900, 0xc82000a050, 0x5, 0x5, 0x0, 0x0)
        /home/cyphar/src/runc/Godeps/_workspace/src/github.com/codegangsta/cli/app.go:176 +0xffa
main.main()
        /home/cyphar/src/runc/main.go:123 +0xc8e

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-04-25 11:52:22 +10:00
Aleksa Sarai 399175c227 Merge pull request #679 from rajasec/selinux-errorcheck
Adding selinux check during container start
2016-04-24 16:24:26 +00:00
Alexander Morozov ae0fc15b1e Merge pull request #608 from inatatsu/reduce-parsing-mountinfo
Eliminate redundant parsing of mountinfo
2016-04-23 22:30:54 -07:00
rajasec 0015f86cf3 Updating README for runc path
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-04-23 22:00:08 +05:30
rajasec 9adc142404 Updated as per review comments by moving to caller
Signed-off-by: rajasec <rajasec79@gmail.com>

Changing to container ID as per comments

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-04-23 20:31:05 +05:30
rajasec fb53190389 Not showing up the events for destroyed container
Signed-off-by: rajasec <rajasec79@gmail.com>

Updated as per review comments by moving to caller

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-04-23 20:25:57 +05:30
Qiang Huang 45605bb48d Merge pull request #773 from mrunalp/mount_label
Bump up spec and add support for mount label
2016-04-23 08:09:26 +08:00