So we can make all types of release binary with combination
of following flags:
seccomp
selinux
apparmor
static
All binary files are put in release/ dir, like:
[root@zlosvm1 runc]# ls -l release
total 53556
-rwxr-xr-x 1 root root 9517965 Aug 24 16:59 runc
-rwxr-xr-x 1 root root 9673533 Aug 24 17:00 runc.seccomp
-rwxr-xr-x 1 root root 9705839 Aug 24 17:00 runc.seccomp.selinux
-rwxr-xr-x 1 root root 9546175 Aug 24 16:59 runc.selinux
-rwxr-xr-x 1 root root 8205015 Aug 24 16:59 runc.selinux.static
-rwxr-xr-x 1 root root 8181789 Aug 24 16:59 runc.static
...
Closes#899
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
If runc binary is compiled from codes with modified but not commited
files, git commits should report "COMMIT-dirty" instead of single
"COMMIT" to warn users.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Alternative of #895 , part of #892
The intension of current behavior if to create cgroup in
parent cgroup of current process, but we did this in a
wrong way, we used devices cgroup path of current process
as the default parent path for all subsystems, this is
wrong because we don't always have the same cgroup path
for all subsystems.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This enables support for exec command argument starting with a '-'.
This uses the usual argument separator '--', for example:
runc exec containerid -- ps -afx
Without this, cli interprets command argument and fails with
'flag provided but not defined'.
Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
Signed-off-by: rajasec <rajasec79@gmail.com>
Error handling when container not exists
Signed-off-by: rajasec <rajasec79@gmail.com>
Error handling when container not exists
Signed-off-by: rajasec <rajasec79@gmail.com>
Error handling when container not exists
Signed-off-by: rajasec <rajasec79@gmail.com>
This keeps the flag but makes it hidden so that existing clients do not
encounter an error if we were to have removed the flag.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This just moves everything to one function so we don't have to pass a
bunch of things to functions when there's no real benefit. It also makes
the API nicer.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The original SETUID takes a 16 bit UID. Linux 2.4 introduced a new
syscall, SETUID32, with support for 32 bit UIDs. The setgid wrapper
already uses SETGID32.
Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
TestCaptureTestFunc failed in localunittest:
# make localunittest
=== RUN TestCaptureTestFunc
--- FAIL: TestCaptureTestFunc (0.00s)
capture_test.go:26: expected package "github.com/opencontainers/runc/libcontainer/stacktrace" but received "_/root/runc/libcontainer/stacktrace"
#
Reason: the path for stacktrace is a fixed string which
only valid for container environment.
And we can switch to relative path to make both in-container
and out-of-container test works.
After patch:
# make localunittest
=== RUN TestCaptureTestFunc
--- PASS: TestCaptureTestFunc (0.00s)
#
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Removed a lot of clutter, improved the style of the code, removed
unnecessary complexity. In addition, made errors unique by making bail()
exit with a unique error code. Most of this code comes from the current
state of the rootless containers branch.
Signed-off-by: Aleksa Sarai <asarai@suse.de>