Commit Graph

968 Commits

Author SHA1 Message Date
Michael Crosby ccd2c20aa4 Merge pull request #1559 from Mashimiao/panic-fix-nil-linux
fix panic when Linux is nil for rootless case
2017-08-17 09:57:35 -04:00
Ma Shimiao 2333e7dc67 fix panic when Linux is nil for rootless case
congfig.Sysctl setting is duplicated.
when contianer is rootless and Linux is nil, runc will panic.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-08-16 09:11:13 +08:00
Mrunal Patel b31bdfc38a Merge pull request #1558 from hqhq/update_state
Update state after update
2017-08-15 10:46:44 -07:00
Qiang Huang e6e1c34a7d Update state after update
state.json should be a reflection of the container's
realtime state, including resource configurations,
so we should update state.json after updating container
resources.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-08-15 14:38:44 +08:00
Michael Crosby 3096b3fc85 Merge pull request #1556 from hqhq/fix_flakytest_TestNotifyOnOOM
Fix flaky test TestNotifyOnOOM
2017-08-14 10:03:23 -04:00
Qiang Huang 7726bcf0e2 Some fixes for testMemoryNotification
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-08-14 15:28:03 +08:00
Qiang Huang 40a1fb0e2f Fix flaky test TestNotifyOnOOM
Fixes: #1228

It can be reproduced by applying this patch:
```diff
@@ -45,6 +46,7 @@ func registerMemoryEvent(cgDir string, evName string, arg string) (<-chan struct
        go func() {
                defer func() {
                        close(ch)
+                       <-time.After(1 * time.Second)
                        eventfd.Close()
                        evFile.Close()
                }()
```

We can close channel after fds were closed.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-08-14 15:18:59 +08:00
Ma Shimiao 527dc5acbb fix panic when Linux is nil
Linux is not always not nil.
If Linux is nil, panic will occur.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-08-10 15:57:49 -04:00
Kenfe-Mickael Laventure 3ed492ad33
Handle non-devices correctly in DeviceFromPath
Before this change, some file type would be treated as char devices
(e.g. symlinks).

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-08-09 08:52:20 -07:00
Alex Fang e92add2151 Pass back the pid of runc:[1:CHILD] so we can wait on it
This allows the libcontainer to automatically clean up runc:[1:CHILD]
processes created as part of nsenter.

Signed-off-by: Alex Fang <littlelightlittlefire@gmail.com>
2017-08-05 13:44:36 +10:00
Aleksa Sarai 45bde006ca
merge branch 'pr-1535'
LGTMs: @avagin @cyphar
Closes #1535
2017-08-05 13:33:07 +10:00
Aleksa Sarai 22bbec1b7f
merge branch 'pr-1548'
LGTMs: @crosbymichael @mrunalp @cyphar
Closes #1548
2017-08-05 13:02:46 +10:00
Mrunal Patel 135b9992b3 Merge pull request #1544 from mlaventure/fix-device-from-path
Fix condition to detect device type in DeviceFromPath
2017-08-04 17:36:57 -07:00
Kenfe-Mickael Laventure 6056912217
Revert "Merge pull request #1450 from vrothberg/sgid-non-numeric"
This reverts commit 5c73abbe75, reversing
changes made to 51b501dab1.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-08-04 14:28:21 -07:00
Kenfe-Mickael Laventure 25f4c7e72b
Move user pkg unix specific calls to unix file
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-08-03 11:31:21 -07:00
Kenfe-Mickael Laventure 9ed15e94c8
Fix condition to detect device type in DeviceFromPath
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-08-03 11:06:54 -07:00
Adrian Reber 5d386f6e2b checkpoint: use CRIU VERSION RPC if available
With this runC also uses RPC to ask CRIU for its version. CRIU supports
a VERSION RPC since CRIU 3.0 and using the RPC interface does not
require parsing the console output of CRIU (which could change anytime).

For older CRIU versions which do not yet have the VERSION RPC runC falls
back to its old CRIU output parsing mode.

Once CRIU 3.0 is the minimum version required for runC the old code can
be removed.

v2:
 * adapt to changes in the previous patches based on the review

Signed-off-by: Adrian Reber <areber@redhat.com>
2017-08-02 16:08:07 +00:00
Adrian Reber 2393692536 criurpc.proto: copy latest criurpc.proto from criu 3.3
Update criurpc.proto for the upcoming VERSION RPC.

This includes lazy_pages for the upcoming lazy migration support.

Signed-off-by: Adrian Reber <areber@redhat.com>
2017-08-02 16:07:32 +00:00
Adrian Reber c71d9cd447 criuSwrk: prepare for CRIU VERSION RPC
To use the CRIU VERSION RPC the criuSwrk function is adapted to work
with CriuOpts set to 'nil' as CriuOpts is not required for the VERSION
RPC.

Also do not print c.criuVersion if it is '0' as the first RPC call will
always be the VERSION call and only after that the version will be
known.

Signed-off-by: Adrian Reber <areber@redhat.com>
2017-08-02 16:07:28 +00:00
Adrian Reber c5f0ce979b checkCriuVersion: only ask criu once about its version
If the version of criu has already been determined there is no need to
ask criu for the version again. Use the value from c.criuVersion.

v2:
 * reduce unnecessary code movement in the patch series
 * factor out the criu version parsing into a separate function

Signed-off-by: Adrian Reber <areber@redhat.com>
2017-08-02 16:07:15 +00:00
Adrian Reber b6c47281db checkCriuVersion: switch to version using int
The checkCriuVersion function used a string to specify the minimum
version required. This is more comfortable for an external interface
but for an internal function this added unnecessary complexity. This
changes to version string like '1.5.2' to an integer like 10502. This is
already the format used internally in the function.

Signed-off-by: Adrian Reber <areber@redhat.com>
2017-08-02 16:05:27 +00:00
Michael Crosby 882d8eaba6 Merge pull request #1537 from tklauser/staticcheck
Fix issues found by staticcheck
2017-08-02 09:52:11 -04:00
Daniel, Dao Quang Minh b313a75364 Merge pull request #1477 from yummypeng/save-own-ns-path
Always save own namespace paths
2017-08-02 11:24:30 +01:00
Tobias Klauser e4e56cb6d8 libcontainer: remove ineffective break statements
go's switch statement doesn't need an explicit break. Remove it where
that is the case and add a comment to indicate the purpose where the
removal would lead to an empty case.

Found with honnef.co/go/tools/cmd/staticcheck

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-28 15:13:39 +02:00
Tobias Klauser 24a4273cf9 libcontainer: handle error cases
Handle err return value of fmt.Scanf, os.Pipe and unix.ParseUnixRights.

Found with honnef.co/go/tools/cmd/staticcheck

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-28 15:13:11 +02:00
Michael Crosby e775f0fba3 Merge pull request #1526 from stevenh/logrus-v1
Updated logrus to v1
2017-07-27 13:28:55 -04:00
yangshukui 5428532bdd remove the code that close negative descriptor
Signed-off-by: yangshukui <yangshukui@huawei.com>
2017-07-24 11:10:18 +08:00
Tobias Klauser b0d014d0e1 libcontainer: one more switch from syscall to x/sys/unix
Refactor DeviceFromPath in order to get rid of package syscall and
directly use the functions from x/sys/unix. This also allows to get rid
of the conversion from the OS-independent file mode values (from the os
package) to Linux specific values and instead let's us use the raw
file mode value directly.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-21 16:59:15 +02:00
Steven Hartland ee4f68e302 Updated logrus to v1
Updated logrus to use v1 which includes a breaking name change Sirupsen -> sirupsen.

This includes a manual edit of the docker term package to also correct the name there too.

Signed-off-by: Steven Hartland <steven.hartland@multiplay.co.uk>
2017-07-19 15:20:56 +00:00
Daniel, Dao Quang Minh 7ab4f43a4b Merge pull request #1519 from tklauser/moar-unix
libcontainer: use additional functions and constants from x/sys/unix
2017-07-17 10:07:22 +01:00
Qiang Huang 825b5c020a Merge pull request #1516 from cyphar/list-casting-unicode
list: fix various problems with owner field
2017-07-16 14:57:20 +08:00
Tobias Klauser 4019833d46 libcontainer: use PR_SET_NO_NEW_PRIVS from x/sys/unix
Use PR_SET_NO_NEW_PRIVS defined in golang.org/x/sys/unix instead of
manually defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-13 15:31:33 +02:00
Tobias Klauser 54d27bed7f libcontainer: use ParseSocketControlMessage/ParseUnixRights from x/sys/unix
Use ParseSocketControlMessage and ParseUnixRights from
golang.org/x/sys/unix instead of their syscall equivalent.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-13 15:02:17 +02:00
Yuanhong Peng e939079acf Always save own namespace paths
fix #1476

If containerA shares namespace, say ipc namespace, with containerB, then
its ipc namespace path would be the same as containerB and be stored in
`state.json`. Exec into containerA will just read the namespace paths
stored in this file and join these namespaces. So, if containerB has
already been stopped, `docker exec containerA` will fail.

To address this issue, we should always save own namespace paths no
matter if we share namespaces with other containers.

Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
2017-07-13 16:13:05 +08:00
Michael Crosby eb70c213ba Update runtime-spec to rc6
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-07-12 16:24:04 -07:00
Aleksa Sarai 7cfb107f2c
factory: use e{u,g}id as the owner of /run/runc/$id
It appears as though these semantics were not fully thought out when
implementing them for rootless containers. It is not necessary (and
could be potentially dangerous) to set the owner of /run/ctr/$id to be
the root inside the container (if user namespaces are being used).

Instead, just use the e{g,u}id of runc to determine the owner.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-07-12 06:30:46 +10:00
Tobias Klauser 078e903296 libcontainer: use ioctl wrappers from x/sys/unix
Use IoctlGetInt and IoctlGetTermios/IoctlSetTermios instead of manually
reimplementing them.

Because of unlockpt, the ioctl wrapper is still needed as it needs to
pass a pointer to a value, which is not supported by any ioctl function
in x/sys/unix yet.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-10 10:56:58 +02:00
Tobias Klauser a380fae959 libcontainer: use Prctl() from x/sys/unix
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-10 10:56:58 +02:00
Michael Crosby 5c73abbe75 Merge pull request #1450 from vrothberg/sgid-non-numeric
libcontainer/user: add supplementary groups only for non-numeric users
2017-07-07 09:43:30 -07:00
Daniel, Dao Quang Minh 7139b61f7f Merge pull request #1378 from derekwaynecarr/expose_use_hierarchy
Expose memory.use_hierarchy in MemoryStats
2017-06-30 16:08:21 +01:00
Michael Crosby fef3aced0e Merge pull request #1460 from wking/mount-option-lazytime
libcontainer/specconv/spec_linux: Add support for (no)lazytime
2017-06-29 10:06:23 -07:00
Justin Cormack 3d9074ead3 Update memory specs to use int64 not uint64
replace #1492 #1494
fix #1422

Since https://github.com/opencontainers/runtime-spec/pull/876 the memory
specifications are now `int64`, as that better matches the visible interface where
`-1` is a valid value. Otherwise finding the correct value was difficult as it
was kernel dependent.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-27 12:16:07 +01:00
Justin Cormack e1146182a8 Remove Platform as no longer in OCI spec
This was never used, just validated, so was removed from spec.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-27 12:16:07 +01:00
Michael Crosby d337d807fc Merge pull request #1482 from tklauser/x-sys-unix-keyctl
Use keyctl wrappers from x/sys/unix
2017-06-23 11:07:55 -07:00
Mrunal Patel 8e1896b3bd Merge pull request #1491 from tklauser/unix-eventfd
Use Eventfd() from golang.org/x/sys/unix
2017-06-22 19:02:44 -07:00
Michael Crosby bd65ef625d Merge pull request #1489 from wking/process-status
libcontainer/container_linux: Consider process state (running, zombie, etc.) in runType
2017-06-21 10:24:04 -07:00
Tobias Klauser da4cebcfe2 libcontainer: use Eventfd() from x/sys/unix
Use unix.Eventfd() instead of calling manually reimplementing it using
the raw syscall. Also use the correct corresponding unix.EFD_CLOEXEC
flag instead of unix.FD_CLOEXEC (which can have a different value on
some architectures and thus might lead to unexpected behavior).

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-21 10:02:00 +02:00
W. Trevor King 2bea4c897e libcontainer/system/proc: Add Stat_t.State
And Stat_t.PID and Stat_t.Name while we're at it.  Then use the new
.State property in runType to distinguish between running and
zombie/dead processes, since kill(2) does not [1].  With this change
we no longer claim Running status for zombie/dead processes.

I've also removed the kill(2) call from runType.  It was originally
added in 13841ef3 (new-api: return the Running state only if the init
process is alive, 2014-12-23), but we've been accessing
/proc/[pid]/stat since 14e95b2a (Make state detection precise,
2016-07-05, #930), and with the /stat access the kill(2) check is
redundant.

I also don't see much point to the previously-separate
doesInitProcessExist, so I've inlined that logic in runType.

It would be nice to distinguish between "/proc/[pid]/stat doesn't
exist" and errors parsing its contents, but I've skipped that for the
moment.

The Running -> Stopped change in checkpoint_test.go is because the
post-checkpoint process is a zombie, and with this commit zombie
processes are Stopped (and no longer Running).

[1]: https://github.com/opencontainers/runc/pull/1483#issuecomment-307527789

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-06-20 16:26:55 -07:00
W. Trevor King 75d98b26b7 libcontainer: Replace GetProcessStartTime with Stat_t.StartTime
And convert the various start-time properties from strings to uint64s.
This removes all internal consumers of the deprecated
GetProcessStartTime function.

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-06-20 16:26:55 -07:00
Michael Crosby 6e57120d9f Merge pull request #1481 from elianka/dev
update READ.me for new struct configs.Config.Capabilities
2017-06-20 13:15:04 -07:00