Commit Graph

39 Commits

Author SHA1 Message Date
Aleksa Sarai 4776b4326a
libcontainer: refactor syncT handling
To make the code cleaner, and more clear, refactor the syncT handling
used when creating the `runc init` process. In addition, document the
state changes so that people actually understand what is going on.

Rather than only using syncT for the standard initProcess, use it for
both initProcess and setnsProcess. This removes some special cases, as
well as allowing for the use of syncT with setnsProcess.

Also remove a bunch of the boilerplate around syncT handling.

This patch is part of the console rewrite patchset.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-12-01 15:46:04 +11:00
Michael Crosby fcc40b7a63 Remove panic from init
Print the error message to stderr if we are unable to return it back via
the pipe to the parent process.  Also, don't panic here as it is most
likely a system or user error and not a programmer error.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-10-17 15:54:51 -07:00
Qiang Huang 3597b7b743 Merge pull request #1087 from williammartin/master
Fix typo when container does not exist
2016-09-29 09:19:45 +08:00
William Martin 152169ed34 Fix typo when container does not exist
Signed-off-by: William Martin <wmartin@pivotal.io>
2016-09-28 11:00:50 +00:00
Peng Gao c5393da813 Refactor enum map range to slice range
grep -r "range map" showw 3 parts use map to
range enum types, use slice instead can get
better performance and less memory usage.

Signed-off-by: Peng Gao <peng.gao.dut@gmail.com>
2016-09-28 15:36:29 +08:00
rajasec 714550f87c Error handling when container not exists
Signed-off-by: rajasec <rajasec79@gmail.com>

Error handling when container not exists

Signed-off-by: rajasec <rajasec79@gmail.com>

Error handling when container not exists

Signed-off-by: rajasec <rajasec79@gmail.com>

Error handling when container not exists

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-08-26 00:00:54 +05:30
Michael Crosby 46d9535096 Merge pull request #934 from macrosheep/fix-initargs
Fix and refactor init args
2016-08-24 10:06:01 -07:00
Yang Hongyang a59d63c5d3 Fix and refactor init args
1. According to docs of Cmd.Path and Cmd.Args from package "os/exec":
   Path is the path of the command to run. Args holds command line
   arguments, including the command as Args[0]. We have mixed usage
   of args. In InitPath(), InitArgs only take arguments, in InitArgs(),
   InitArgs including the command as Args[0]. This is confusing.
2. InitArgs() already have the ability to configure a LinuxFactory
   with the provided absolute path to the init binary and arguements as
   InitPath() does.
3. exec.Command() will take care of serching executable path.
4. The default "/proc/self/exe" instead of os.Args[0] is passed to
   InitArgs in order to allow relative path for the runC binary.

Signed-off-by: Yang Hongyang <imhy.yang@gmail.com>
2016-07-06 23:21:02 -04:00
Yang Hongyang 9ade2cc5ce libcontainer: Add a helper func to set CriuPath
Added a helper func to set CriuPath for LinuxFactory.

Signed-off-by: Yang Hongyang <imhy.yang@gmail.com>
2016-07-06 22:58:55 -04:00
Qiang Huang 14e95b2aa9 Make state detection precise
Fixes: https://github.com/opencontainers/runc/issues/871

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-07-05 08:24:13 +08:00
Michael Crosby 5ce88a95f6 Fix fifo usage with userns
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-06-13 20:20:48 -07:00
Michael Crosby 3aacff695d Use fifo for create/start
This removes the use of a signal handler and SIGCONT to signal the init
process to exec the users process.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-06-13 11:26:53 -07:00
Michael Crosby efcd73fb5b Fix signal handling for unit tests
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:10:47 -07:00
Michael Crosby 3fc929f350 Only create a buffered channel of one
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Michael Crosby 30f1006b33 Fix libcontainer states
Move initialized to created and destoryed to stopped.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Michael Crosby 3fe7d7f31e Add create and start command for container lifecycle
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-31 11:06:41 -07:00
Alexander Morozov d57898610b Merge pull request #675 from pankit/master
Allow + in container ID
2016-05-25 10:35:08 -07:00
Tonis Tiigi 78ecdfe18e Show proper error from init process panic
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-22 15:57:15 -07:00
pankit thapar 4629512d89 Allow + in container ID
Signed-off-by: pankit thapar <pankit@umich.edu>
2016-03-22 11:40:55 -04:00
rajasec d4be3405c7 Fixing valid-id in regex
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-03-14 08:48:41 +05:30
Michael Crosby 213c1a1a4a Revert "Return proper exit code for exec errors"
This reverts commit 6bb653a6e8.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-10 11:00:48 -08:00
Michael Crosby 6bb653a6e8 Return proper exit code for exec errors
Exec erros from the exec() syscall in the container's init should be
treated as if the container ran but couldn't execute the process for the
user instead of returning a libcontainer error as if it was an issue in
the library.

Before specifying different commands like `/etc`, `asldfkjasdlfj`, or
`/alsdjfkasdlfj` would always return 1 on the command line with a
libcontainer specific error message.  Now they return the correct
message and exit status defined for unix processes.

Example:

```bash
root@deathstar:/containers/redis# runc start test
exec: "/asdlfkjasldkfj": file does not exist
root@deathstar:/containers/redis# echo $?
127
root@deathstar:/containers/redis# runc start test
exec: "asdlfkjasldkfj": executable file not found in $PATH
root@deathstar:/containers/redis# echo $?
127
root@deathstar:/containers/redis# runc start test
exec: "/etc": permission denied
root@deathstar:/containers/redis# echo $?
126
```

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-26 11:41:56 -08:00
Alexander Morozov c6d18308b8 Merge pull request #526 from hqhq/hq_remove_procStart
Remove procStart
2016-02-16 09:12:04 -08:00
Qiang Huang 13e8f6e589 Remove procStart
It's never used and not needed. Our pipe is created with
syscall.SOCK_CLOEXEC, so pipe will be closed once container
process executed successfully, parent process will read EOF
and continue. If container process got error before executed,
we'll write procError to sync with parent.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-01-30 13:41:21 +08:00
Michael Crosby 1172a1e1e5 Update list command and created methods
We don't need a CreatedTime method on the container because it's not
part of the interface and can be received via the state.  We also do not
need to call it CreateTime because the type of this field is time.Time
so we know its time.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-28 13:32:24 -08:00
Michael Crosby 480e5f4416 Merge pull request #507 from mikebrow/runc-ls-command
adds list command
2016-01-28 13:20:07 -08:00
Mike Brown 4c871267db adds list command, and a timestamp in the container state
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-01-28 14:21:06 -06:00
Michael Crosby 7cd384c0e5 Merge pull request #515 from crosbymichael/readall
Do not use stream encoders for pipe communication
2016-01-26 14:37:54 -08:00
Michael Crosby ddcee3cc2a Do not use stream encoders
Marshall the raw objects for the sync pipes so that no new line chars
are left behind in the pipe causing errors.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-26 11:22:05 -08:00
Doug Davis ff034a5119 Remove the nullState
Add a "createdState" in its place since I think that better describes
what its used for.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-01-25 00:26:11 -08:00
Michael Crosby 9c3fa7928e Allow switch to anything from nullState
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-21 16:48:05 -08:00
Aleksa Sarai 103853ead7 libcontainer: set cgroup config late
Due to the fact that the init is implemented in Go (which seemingly
randomly spawns new processes and loves eating memory), most cgroup
configurations are required to have an arbitrary minimum dictated by the
init. This confuses users and makes configuration more annoying than it
should. An example of this is pids.max, where Go spawns multiple
processes that then cause init to violate the pids cgroup constraint
before the container can even start.

Solve this problem by setting the cgroup configurations as late as
possible, to avoid hitting as many of the resources hogged by the Go
init as possible. This has to be done before seccomp rules are applied,
as the parent and child must synchronise in order for the parent to
correctly set the configurations (and writes might be blocked by seccomp).

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-12 10:06:35 +11:00
Michael Crosby 4415446c32 Add state pattern for container state transition
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Add state status() method

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Allow multiple checkpoint on restore

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Handle leave-running state

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Fix state transitions for inprocess

Because the tests use libcontainer in process between the various states
we need to ensure that that usecase works as well as the out of process
one.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Remove isDestroyed method

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Handling Pausing from freezer state

Signed-off-by: Rajasekaran <rajasec79@gmail.com>

freezer status

Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Fixing review comments

Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Added comment when freezer not available

Signed-off-by: Rajasekaran <rajasec79@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	libcontainer/container_linux.go

Change checkFreezer logic to isPaused()

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Remove state base and factor out destroy func

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Add unit test for state transitions

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-12-17 13:55:38 -08:00
Doug Davis e5dc12a0c9 Add more context around some error cases
Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-10-30 10:55:48 -07:00
Alexander Morozov d9e513043c Use /proc/self/exe as default for InitPath
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-24 11:45:09 -07:00
Alexander Morozov 4d6c19af8b Fix absolute path getting for runc binary
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-26 14:56:53 -07:00
Phil Estes d95050084b Allow hyphen in "id" (based on `cwd` pathname)
A directory with a hyphen currently generates an InvalidId error because
of the regex in libcontainer.  I don't believe there is any reason a
hyphen should be disallowed.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-06-25 11:27:25 -07:00
Michael Crosby 080df7ab88 Update import paths for new repository
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:59 -07:00
Michael Crosby 8f97d39dd2 Move libcontainer into subdirectory
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:15 -07:00