If the pid namespace mode is set to POD, then the container's namespace
should be set to the namespace of the pod infra container.
Signed-off-by: umohnani8 <umohnani@redhat.com>
These changes allow for the container's pid namespace to be set to the same
as the pod infra container's namespace if the pid namespace mode is set to POD
Signed-off-by: umohnani8 <umohnani@redhat.com>
using github.com/LK4D4/vndr, but then trimming all vendored packages
that had changed, back to only containers/storage.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
We may consider setting it to true all the time but this
should match our previous behavior before we started
using process json for exec.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
We've been occasionally creating this file since 9c44933b (build:
create a local GOPATH if none specified, 2017-03-27, #410). But it's
recording information about the local environment, not part of our
common source. Adding it to .gitignore helps avoid having it
accidentally committed.
Signed-off-by: W. Trevor King <wking@tremily.us>
The GOPATH layout is created in the Makefile:
mkdir -p "/home/test/cri-o/_output/src/github.com/kubernetes-incubator"
ln -s "/home/test/cri-o" "/home/test/cri-o/_output/src/github.com/kubernetes-incubator"
Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
CRI-O's server relies on this for creation attempts, but it can set
the option. conmon itself doesn't need to care one way or the other.
Perhaps it is being called by a process that doesn't care about the
container exit code or has another way to access that information.
With this commit, we trust callers to set --exit-dir if they want it,
instead of requiring non-exec callers to set it.
Signed-off-by: W. Trevor King <wking@tremily.us>
Avoid:
$ make clean && make conmon.o 2>&1
rm -f conmon.o cmsg.o ../bin/conmon
cc -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -DVERSION=\"1.9.0-dev\" -DGIT_COMMIT=\""74cd1ec97c13a9784ce5e67a9e50e8977b5d2f38"\" -c -o conmon.o conmon.c
conmon.c: In function ‘main’:
conmon.c:1175:3: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
read(start_pipe_fd, buf, BUF_SIZE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by catching and exiting on any read errors. A read error here would
be because the caller died before writing to the start pipe, and we
don't want to continue in those cases because it would reopen the
cgroup race discussed in af4fbcd9 (conmon: Don't leave zombies and fix
cgroup race, 2017-06-09, #583). af4fbcd9 is where this line
originally landed, and it didn't have error checking then.
Signed-off-by: W. Trevor King <wking@tremily.us>
This patch fixes selinuxopt generation as found in:
```
install /usr/sbin/selinuxenabled -D -m 644 crio.conf /etc/crio/crio.conf
```
The above is clearly wrong when installing the configuration because
`commmand -v` outputs the path of selinuxenabled as well, resulting in
/usr/bin/selinuxenabled -Z
This patch fixes that by just echoing the -Z as needed.
Issue introduced in
https://github.com/kubernetes-incubator/cri-o/pull/1363
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This should have happened in f4883dd2 (Makefile: do not install man1
files, 2017-11-08, #1129). It may have been missed due to the
man1/man8 typo from e61c672a (Add missing man pages and bash
completions for kpod, 2016-12-02, #230).
Signed-off-by: W. Trevor King <wking@tremily.us>
The hard-coded path landed in 488216f5 (Make sure selinuxenabled
exists before executing it, 2016-10-17, #154), but there's no need to
require that path. Using 'command -v' (in POSIX [1]) supports anyone
who has selinuxenabled in their PATH.
[1]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Without this change, hitting these targets directly will fail. For
example:
$ make clean
$ make MANDIR=/tmp install.man
install -d -m 755 /tmp/man5
install -d -m 755 /tmp/man8
install -m 644 docs/crio.conf.5 -t /tmp/man5
install: cannot stat 'docs/crio.conf.5': No such file or directory
make: *** [Makefile:150: install.man] Error 1
Signed-off-by: W. Trevor King <wking@tremily.us>
Umount/Remove below can go wrong and next calls to NetNsRemove would
trigger:
481 Feb 22 14:37:35 ip-172-31-48-190.ec2.internal
atomic-openshift-node[88937]: E0222 14:37:35.291692 88937
remote_runtime.g o:115] StopPodSandbox
"200a062985ebfda2bbdb1b5d724005d4a0c1be54f277a4de52f9f101d9c43db6" from
runtime service failed: rpc error: code = Unknown desc = close
/var/run/netns/k8s_psql-1-tht5r_bingli328usyu727s_6a7b8edc-174d-11e8-9e8f-0a46c474dfe0_
0-dda1c649: file already closed
Signed-off-by: Antonio Murdaca <runcom@redhat.com>