jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,040 Commits 5 Branches 25 Tags 17 MiB
Commit Graph

1040 Commits

Author SHA1 Message Date
Lei Jitang 29f5cb6b39 Add systemd support cpu.cfs_quota_us and cpu.cfs_period_us 
Signed-off-by: Lei Jitang <leijitang@huawei.com>
 2015-02-13 14:33:03 +08:00
Victor Marmol 031524c73d Merge pull request #375 from crosbymichael/move-system-mounts 
Refactor system mounts to be placed on the config
 2015-02-12 21:36:03 -08:00
Alexander Morozov ebefcddc3c Use netlink to set hairpin mode 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-02-12 18:40:54 -08:00
Michael Crosby 1a37242fa2 Refactor system mounts to be placed on the config 
Also remove the RestrictSys bool replaced by configurable paths that the
user can specify.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-12 16:58:38 -08:00
Michael Crosby a9a503082e Merge pull request #374 from LK4D4/go1.3_support 
Fix compilation with golang 1.3(uid/gid mappings is unsupported)
 2015-02-12 14:21:41 -08:00
Alexander Morozov fe9f766895 Fix compilation with golang 1.3(uid/gid mappings is unsupported) 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-02-12 13:28:07 -08:00
Mrunal Patel cee97cb0cc Merge pull request #372 from rhatdan/gcc5.0 
Changes required to keep gcc 5.0 quiet and happy.
 2015-02-12 11:42:14 -08:00
Dan Walsh 6262667787 Changes required to keep gcc 5.0 quiet 
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2015-02-12 14:21:34 -05:00
Mrunal Patel e2ed997ae5 Merge pull request #370 from crosbymichael/state 
Ensure state is persisted
 2015-02-12 11:19:58 -08:00
Michael Crosby c2403c32db Add GetPath on namespace config 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-12 10:38:43 -08:00
Michael Crosby 91a3f162af Implement nsinit state command 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 18:49:28 -08:00
Michael Crosby 5df859ad24 Add config command to nsinit 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 17:26:29 -08:00
Michael Crosby d909440c48 Unexport certain internal funcs and types 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 17:12:03 -08:00
Michael Crosby 5c246d038f Persist container state to disk 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 16:52:28 -08:00
Michael Crosby 31327166e5 Rename OOM to NotifyOOM 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 15:09:54 -08:00
Michael Crosby 7fff13632e Add state method to return container's runtime state 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 14:45:07 -08:00
Victor Marmol 9f0cca11d0 Merge pull request #367 from crosbymichael/validation 
API Refactoring
 2015-02-11 13:47:45 -08:00
Michael Crosby fde0b7aa0d Refactor network and veth creation 
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 13:33:58 -08:00
Michael Crosby 2ec6b585ea Add new API examples to readme 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:27 -08:00
Michael Crosby 758d151e61 Fully remove security package 
This moves the capabilities package into the root package.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby ad49d71504 Remove network package 
Also add ability to get network stats from multiple interfaces.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 6a04779b41 Remove restrict package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 1c895b409a Move mount logic into root package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby b0e274c0d2 Remove console package and add Console type 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 20daff5e2c Move mount package into libcontainer root 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 1edada52fd Move Cwd and User to Process 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 9dcbc4f3f8 Implement container signaling 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 0c1919c427 Refactor parent processes into types 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 21bb5ccc4f Move environment configuration to Process 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 58023ad32f Add parent death signal to the container config 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:09 -08:00
Michael Crosby 8850636eb3 Refactor init actions into separate types 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:08 -08:00
Michael Crosby 5fc19e8db5 Rename Fs fields to fs 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-02-11 11:20:08 -08:00
Mrunal Patel e48806d39d Merge pull request #360 from avagin/api-userns-test 
integration: check a container with userns
 2015-02-10 17:14:47 -08:00
Mrunal Patel 21ed4766b1 Merge pull request #366 from icecrime/hairpin-nat 
Resurrect hairpin NAT
 2015-02-10 15:35:43 -08:00
Arnaud Porterie 190e50b08d Selectively enable hairpin NAT 
Offer the ability to enable hairpin NAT on a per network basis, while
keeping it disable by default as it is unsupported by older kernel.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
 2015-02-10 15:30:36 -08:00
Mrunal Patel d6fae7bb26 Merge pull request #369 from dqminh/exec-reap-zombie 
handle SIGCHLD when running as child subreaper
 2015-02-10 11:11:07 -08:00
Daniel, Dao Quang Minh 770e258390 handle SIGCHLD when running as child subreaper 
When running under child subreaper mode, it's useful for nsenter to be able to
reap child processes. We have seen cases where spawned user processes wasnt
reaped properly (https://github.com/creationix/nvm/issues/650)

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
 2015-02-10 04:50:22 -05:00
Patrick Hemmer da109f3af0 enable hairpin mode on virtual interface bridge port 
This is to support being able to DNAT/MASQ traffic from a container back into itself (dotcloud/docker#4442)

Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
 2015-02-09 14:56:27 -08:00
Michael Crosby da32455210 Merge pull request #343 from dqminh/dqminh 
add dqminh as maintainer
 2015-02-09 12:11:06 -08:00
Rohit Jnagal 623fe598e4 Merge pull request #361 from hqhq/hq_typo_for_userns 
fix typo for GetHostRootGid
 2015-02-07 11:05:40 -08:00
Qiang Huang f115a5f6c8 fix typo and outdated comments in exec.go 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-02-07 08:52:50 +08:00
Mrunal Patel 62bdfc482d Merge pull request #362 from vmarmol/cgroup 
Retry getting the cgroup root at apply time.
 2015-02-06 12:25:01 -08:00
Victor Marmol e0de51f53c Retry getting the cgroup root at apply time. 
This will allow late-binding of the cgroup hierarchy.

Fixes docker/docker#8791

Signed-off-by: Victor Marmol <vmarmol@google.com>
 2015-02-06 11:04:25 -08:00
Mrunal Patel 4bd39999a0 Merge pull request #359 from philips/systemd-default-dependencies-false 
cgroups: systemd: set DefaultDependencies=false if possible
 2015-02-05 10:41:32 -08:00
Andrey Vagin c6f5420bed integration: check a container with userns 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-02-04 14:21:05 +03:00
Brandon Philips 99233fde8c cgroups: systemd: set DefaultDependencies=false if possible 
The root problem this fixes is the docker daemon uses DefaulDependencies
for all of its scopes which means that the containers get killed by
systemd before the docker daemon is notified to shutdown. This means
that a docker run in a service file won't get ordered properly on
shutdown! This has affected many CoreOS users and is documented in
systemd as so:

"Unless DefaultDependencies=false is used, scope units will implicitly
have dependencies of type Conflicts= and Before= on shutdown.target."

Unfortunately, systemd didn't allow setting DefaultDependencies=false on
transient units until today:

    systemd-run --scope --property="DefaultDependencies=false" /usr/bin/sleep 50000
    Unknown assignment DefaultDependencies=false.
    Failed to create message: Invalid argument

Fixed here:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=261420ba2a20305ad271b6f5f380aa74c5c9dd50

Discussion with systemd upstream:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026313.html
http://lists.freedesktop.org/archives/systemd-devel/2015-February/027890.html

Tested with docker and systemd master as of today and it work for me.

Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
 2015-02-03 22:25:27 -05:00
Victor Marmol 2da44f8c7b Merge pull request #358 from avagin/capabilities 
namespaces: allow to use pid namespace without mount namespace
 2015-02-03 15:05:54 -08:00
Andrey Vagin 21c344a479 update vendor/src/github.com/syndtr/gocapability/ 
Signed-off-by: Andrey Vagin <avagin@openvz.org>
 2015-02-04 01:22:25 +03:00
Andrey Vagin 444cc2989a namespaces: allow to use pid namespace without mount namespace 
The gocapability package uses /proc/PID/status to get a bounding set.
If a container uses pidns without mntns, it sees /proc from the host
namespace, but the process doesn't know its own pid in this namespace.

In this case it can use /proc/self/status, which is always the right one.

Signed-off-by: Andrew Vagin <avagin@openvz.org>
 2015-02-04 01:01:43 +03:00
Mrunal Patel 5d25c7262e Merge pull request #357 from crosbymichael/api 
Flatten config structures and remove namespace package
 2015-02-03 10:55:06 -08:00