Mrunal Patel
f0ec80b93c
Merge pull request #821 from runcom/warnings
...
libcontainer: nsenter: nsexec.c: fix warnings
2016-05-16 09:38:45 -07:00
Antonio Murdaca
9d14efec4c
libcontainer: nsenter: nsexec.c: fix warnings
...
Fix the following warnings when building runc with gcc 6+:
Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:
In function ‘nsexec’:
Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:322:6:
warning: ‘__s’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
pr_perror("Failed to open %s", ns);
Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:273:30:
note: ‘__s’ was declared here
static struct nsenter_config process_nl_attributes(int pipenum, char
*data, int data_size)
^~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-05-14 11:19:44 +02:00
Michael Crosby
c6a791bef9
Merge pull request #816 from opencontainers/revert-796-relabeldev
...
Revert "Need to make sure labels applied to /dev"
2016-05-11 11:41:50 -07:00
Aleksa Sarai
e991f041a1
Revert "Need to make sure labels applied to /dev"
...
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-11 23:28:01 +10:00
Aleksa Sarai
9bc97e2291
Merge pull request #813 from rajasec/update-kmem-tcp
...
Adding kernel mem tcp for update command
2016-05-11 08:31:47 +00:00
rajasec
8839f9f70b
Adding kernel mem tcp for update command
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Adding kernel mem tcp for update command
Signed-off-by: rajasec <rajasec79@gmail.com>
Fixing update.bats to reduce the TCP value
Signed-off-by: rajasec <rajasec79@gmail.com>
Updated the kernelTCP in bats as per json
Signed-off-by: rajasec <rajasec79@gmail.com>
Fixed some minor issue in bats file
Signed-off-by: rajasec <rajasec79@gmail.com>
Rounded off to right bytes for kernel TCP
Signed-off-by: rajasec <rajasec79@gmail.com>
Updating man file for update command
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-10 14:11:36 +05:30
Mrunal Patel
be46e644f6
Merge pull request #809 from hqhq/hq_add_update_man
...
Add man page and fix typo for update command
2016-05-09 19:17:10 -07:00
Qiang Huang
e75465b1a3
Add man page and fix typo for update command
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-09 19:04:25 +08:00
Qiang Huang
d49ece5a83
Merge pull request #790 from mlaventure/runc-update-cgroup-kmem-limit
...
Runc update cgroup kmem limit
2016-05-09 14:01:18 +08:00
Kenfe-Mickael Laventure
d78ae51a2d
Add test for cgroup memory.kmem.limit_in_bytes handling
...
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Kenfe-Mickael Laventure
4190e5a920
Add new `update` command to runc.
...
This command allow users to update some of a container cgroups
parameters.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Kenfe-Mickael Laventure
27814ee120
Allow updating kmem.limit_in_bytes if initialized at cgroup creation
...
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-05-06 08:05:15 -07:00
Michael Crosby
4ad7bbc172
Merge pull request #783 from cyphar/test-all-the-things
...
Use full test suite on make test
2016-05-05 17:26:47 -07:00
Mrunal Patel
ec77200ceb
Merge pull request #804 from rajasec/apparmor-error
...
Updating error condition in applying apparmor profile
2016-05-05 15:28:24 -07:00
Michael Crosby
03ef0a2f89
Merge pull request #800 from mrunalp/ocf_oci
...
Change OCF to OCI in help string and man page.
2016-05-05 14:11:59 -07:00
rajasec
cb04f48486
Updating error condition in applying apparmor profile
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-05-04 19:10:55 +05:30
Mrunal Patel
8075a9ee6f
Change OCF to OCI in help string and man page.
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-05-03 16:05:20 -07:00
Aleksa Sarai
dd4a897f5d
*: enable full test suite on make test
...
Enable the full test suite to run on `make test`. They also all run
inside a Docker container for maximum reproducibility.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-03 17:15:49 +10:00
Mrunal Patel
89c3c97a84
Merge pull request #796 from rhatdan/relabeldev
...
Need to make sure labels applied to /dev
2016-05-02 09:50:26 -07:00
Dan Walsh
77f312c51c
Need to make sure labels applied to /dev
...
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-05-02 08:17:49 -04:00
Michael Crosby
e87c59e2e4
Merge pull request #793 from bboreham/label-sep
...
Use '=' instead of ':' separator on labels
2016-04-29 15:19:28 -07:00
Mrunal Patel
a36c2b373a
Merge pull request #795 from jimberlage/794-update-documentation
...
Correct outdated URL
2016-04-29 09:08:51 -07:00
Jim Berlage
c5b0caf76d
Correct outdated URL
...
`libcontainer/cgroups/utils.go` uses an incorrect path to the
documentation for cgroups. This updates the comment to use the correct
URL. Fixes #794 .
Signed-off-by: Jim Berlage <james.berlage@gmail.com>
2016-04-29 10:44:27 -05:00
Bryan Boreham
4a87beb661
Use '=' instead of ':' separator on labels, which is now deprecated by Docker
...
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2016-04-29 13:01:44 +01:00
Michael Crosby
7d23639138
Merge pull request #789 from justincormack/unprivseccomp
...
If possible, apply seccomp rules immediately before exec
2016-04-27 17:08:16 -07:00
Justin Cormack
e18de63108
If possible, apply seccomp rules immediately before exec
...
See https://github.com/docker/docker/issues/22252
Previously we would apply seccomp rules before applying
capabilities, because it requires CAP_SYS_ADMIN. This
however means that a seccomp profile needs to allow
operations such as setcap() and setuid() which you
might reasonably want to disallow.
If prctl(PR_SET_NO_NEW_PRIVS) has been applied however
setting a seccomp filter is an unprivileged operation.
Therefore if this has been set, apply the seccomp
filter as late as possible, after capabilities have
been dropped and the uid set.
Note a small number of syscalls will take place
after the filter is applied, such as `futex`,
`stat` and `execve`, so these still need to be allowed
in addition to any the program itself needs.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-04-27 20:06:14 +01:00
Aleksa Sarai
07d062bb7b
Merge pull request #782 from hqhq/hq_specs_name
...
Change specs to runtime-spec in integration test
2016-04-26 23:08:38 +00:00
Mrunal Patel
7605fce790
Merge pull request #786 from hqhq/hq_fix_event_test
...
Fix integration test for events
2016-04-26 12:07:53 -07:00
Mrunal Patel
9c89737e6e
Merge pull request #785 from hqhq/hq_remove_sniffTest
...
Remove sniffTest
2016-04-26 09:31:15 -07:00
Qiang Huang
fb7dcac662
Fix integration test for events
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 19:00:21 +08:00
Qiang Huang
5c1ea321df
Merge pull request #780 from crosbymichael/stats-format
...
Improve stats output format for stability
2016-04-26 17:16:53 +08:00
Qiang Huang
18612e6c7f
Remove sniffTest
...
We have integration test now, not ideal though, but it
surely can replace sniffTest.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 16:20:45 +08:00
Qiang Huang
38271a38be
Change specs to runtime-spec in integration test
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-26 15:59:00 +08:00
Qiang Huang
6d1c115b10
Merge pull request #779 from crosbymichael/ps-json
...
Add json format to ps command
2016-04-26 09:34:27 +08:00
Michael Crosby
a62dbf48b0
Improve stats output
...
This adds specific types and improves the json format for the marshaled
structure so that it is inline with the output that the spec produce,
camelCase not snake_case.
This should be the last change needed for people to really depend on the
output of this command and ensure that it does not change with any
internal changes instead of just marshaling the libcontainer structure.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 16:15:48 -07:00
Michael Crosby
bb8591138b
Add json format to ps command
...
For programatic parsing add a json format option to the new `runc ps`
command.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 15:21:07 -07:00
Michael Crosby
e559f7aebb
Merge pull request #767 from hqhq/hq_add_ps
...
Add ps command
2016-04-25 14:51:43 -07:00
Mrunal Patel
6b4da4fff1
Merge pull request #778 from opencontainers/mount-label-release
...
Bump to v0.1.1 for selinux mount label fix
2016-04-25 14:28:22 -07:00
Michael Crosby
baf6536d62
Bump to 0.1.1
...
This includes a fix for selinux mount labels in the spec.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-25 14:18:35 -07:00
Mrunal Patel
9d16d9472e
Bump up spec and add support for mount label
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-25 14:14:15 -07:00
Michael Crosby
ee42f8bbb6
Merge pull request #768 from rajasec/events-destroy
...
Not showing up the events for destroyed container
2016-04-25 10:51:58 -07:00
Mrunal Patel
091ed0b043
Merge pull request #777 from cyphar/fix-null-pointer-deref
...
libcontainer: specconv: fix nil dereference in resource setup
2016-04-24 19:09:30 -07:00
Aleksa Sarai
4b710d33d2
Merge pull request #776 from rajasec/runc-path
...
Updating README for runc path
2016-04-25 01:56:37 +00:00
Aleksa Sarai
a939c7ecd9
libcontainer: specconv: fix nil dereference in resource setup
...
This caused issues if someone omitted or set "resources": null, in the
runC config. The panic follows.
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x20 pc=0x545b53]
goroutine 1 [running]:
panic(0x7aed40, 0xc820014260)
/usr/lib64/go/src/runtime/panic.go:464 +0x3e6
github.com/opencontainers/runc/libcontainer/specconv.CreateLibcontainerConfig(0xc8200b0e30, 0x836480, 0x0, 0x0)
/home/cyphar/src/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/specconv/spec_linux.go:222 +0xe83
main.createContainer(0xc82007eb40, 0x7ffd8024e439, 0x4, 0xc82008e780, 0x0, 0x0, 0x0, 0x0)
/home/cyphar/src/runc/utils_linux.go:174 +0x105
main.startContainer(0xc82007eb40, 0xc82008e780, 0x0, 0x0, 0x0)
/home/cyphar/src/runc/start.go:114 +0x189
main.glob.func11(0xc82007eb40)
/home/cyphar/src/runc/start.go:78 +0x13e
github.com/codegangsta/cli.Command.Run(0x829a58, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87ada0, 0x1a, 0x8dff80, ...)
/home/cyphar/src/runc/Godeps/_workspace/src/github.com/codegangsta/cli/command.go:137 +0x1081
github.com/codegangsta/cli.(*App).Run(0xc82007e900, 0xc82000a050, 0x5, 0x5, 0x0, 0x0)
/home/cyphar/src/runc/Godeps/_workspace/src/github.com/codegangsta/cli/app.go:176 +0xffa
main.main()
/home/cyphar/src/runc/main.go:123 +0xc8e
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-04-25 11:52:22 +10:00
Aleksa Sarai
399175c227
Merge pull request #679 from rajasec/selinux-errorcheck
...
Adding selinux check during container start
2016-04-24 16:24:26 +00:00
Alexander Morozov
ae0fc15b1e
Merge pull request #608 from inatatsu/reduce-parsing-mountinfo
...
Eliminate redundant parsing of mountinfo
2016-04-23 22:30:54 -07:00
rajasec
0015f86cf3
Updating README for runc path
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-04-23 22:00:08 +05:30
rajasec
9adc142404
Updated as per review comments by moving to caller
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Changing to container ID as per comments
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-04-23 20:31:05 +05:30
rajasec
fb53190389
Not showing up the events for destroyed container
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Updated as per review comments by moving to caller
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-04-23 20:25:57 +05:30
Qiang Huang
45605bb48d
Merge pull request #773 from mrunalp/mount_label
...
Bump up spec and add support for mount label
2016-04-23 08:09:26 +08:00