- Mar 10, 2016
-
-
Michael Crosby authoredSigned-off-by:
Michael Crosby <crosbymichael@gmail.com> -
Michael Crosby authored
This updates runc and libcontainer to handle rlimits per process and set them correctly for the container. Signed-off-by:Michael Crosby <crosbymichael@gmail.com> -
Michael Crosby authored
Signed-off-by:Michael Crosby <crosbymichael@gmail.com> -
Michael Crosby authored
Signed-off-by:Michael Crosby <crosbymichael@gmail.com> -
Michael Crosby authored
nsexec: don't use CLONE_PARENT and CLONE_NEWPID together
-
Andrey Vagin authored
The rhel6 kernel returns EINVAL in this case Known issue: * CT with userns doesn't work This is a copy of https://github.com/avagin/runc/commit/d31e97fa28345375b3f76bff64d12cdb07e03ba0 to address https://github.com/opencontainers/runc/issues/613 Signed-off-by:
Andrey Vagin <avagin@virtuozzo.com>
Signed-off-by: Andrew Fernandes <andrew@fernandes.org> -
Alexander Morozov authored
Improve error handling in runc
-
- Mar 09, 2016
-
-
Mrunal Patel authored
Create pid file when not exist
-
Michael Crosby authored
The error handling on the runc cli is currenly pretty messy because messages to the user are split between regular stderr format and logrus message format. This changes all the error reporting to the cli to only output on stderr and exit(1) for consumers of the api. By default logrus logs to /dev/null so that it is not seen by the user. If the user wants extra and/or structured loggging/errors from runc they can use the `--log` flag to provide a path to the file where they want this information. This allows a consistent behavior on the cli but extra power and information when debugging with logs. This also includes a change to enable the same logging information inside the container's init by adding an init cli command that can share the existing flags for all other runc commands. Signed-off-by:Michael Crosby <crosbymichael@gmail.com>
-
- Mar 08, 2016
-
-
Mrunal Patel authored
Handling error condition in loadspec
-
Michael Crosby authored
Add man pages
-
Michael Crosby authored
Remove duplicated included head file
-
Michael Crosby authored
Serialize CommandHooks to state so that PostStop hooks execute during 'runc delete'
-
Michael Crosby authored
Add the most basic sniff tests of runc
-
Mrunal Patel authored
Cleanup systemd apply
-
- Mar 07, 2016
-
-
Doug Davis authored
just so that we're not merging code into master w/o any tests at all. I expect this to be removed once we have a real testing infrastructure. Signed-off-by:Doug Davis <dug@us.ibm.com>
-
- Mar 06, 2016
-
-
Rajasekaran authored
Signed-off-by:Rajasekaran <rajasec79@gmail.com>
-
- Mar 04, 2016
-
-
Mrunal Patel authored
Signed-off-by:Mrunal Patel <mrunalp@gmail.com> -
Mrunal Patel authored
Signed-off-by:Mrunal Patel <mrunalp@gmail.com> -
Mrunal Patel authored
This is copied from docker Signed-off-by:Mrunal Patel <mrunalp@gmail.com> -
Mrunal Patel authored
Signed-off-by:Mrunal Patel <mrunalp@gmail.com> -
Mrunal Patel authored
Remove no longer used uid/gid mapping functions
-
Alexander Morozov authored
Properly setuid/setgid after entering userns
-
Phil Estes authored
Now that all the user namespace code is moved into C, these routines are no longer used. Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
-
Phil Estes authored
The re-work of namespace entering lost the setuid/setgid that was part of the Go-routine based process exec in the prior code. A side issue was found with setting oom_score_adj before execve() in a userns that is also solved here. Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
-
Mrunal Patel authored
Stub RunningInUserNS for non-Linux
-
Qiang Huang authored
Update specs dep and runc functionality
-
- Mar 03, 2016
-
-
Phil Estes authored
Add a stub for non-Linux that always returns false Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
-
Michael Crosby authored
This commit adds support to libcontainer to allow caps, no new privs, apparmor, and selinux process label to the process struct so that it can be used together of override the base settings on the container config per individual process. Signed-off-by:Michael Crosby <crosbymichael@gmail.com> -
Michael Crosby authored
This bump of the spec includes a change to the deivce type to be a string so that it is more readable in the json serialization. It also includes the change were caps, no new privs, and process labeling features are moved from the container config onto the process. Signed-off-by:Michael Crosby <crosbymichael@gmail.com> -
Ed King authored
This is needed to make 'runc delete' correctly run the post-stop hooks. Signed-off-by:
Julian Friedman <julz.friedman@uk.ibm.com>
Signed-off-by: Ed King <eking@pivotal.io> -
Qiang Huang authored
Signed-off-by:Qiang Huang <h.huangqiang@huawei.com>
-
- Mar 02, 2016
-
-
Mrunal Patel authored
Eliminating checkpoint state in container
-
Mrunal Patel authored
Fix build error on centos6
-
Mrunal Patel authored
Fix handling of unsupported namespaces
-
Rajasekaran authored
Signed-off-by:Rajasekaran <rajasec79@gmail.com> -
Ido Yariv authored
currentState() always adds all possible namespaces to the state, regardless of whether they are supported. If orderNamespacePaths detects an unsupported namespace, an error is returned that results in initialization failure. Fix this by only adding paths of supported namespaces to the state. Signed-off-by:Ido Yariv <ido@wizery.com> -
Ye Yin authored
Signed-off-by:Ye Yin <eyniy@qq.com>
-
- Mar 01, 2016
-
-
Mrunal Patel authored
adds the spec required state command
-
Mike Brown authored
Signed-off-by:Mike Brown <brownwm@us.ibm.com>
-