Mrunal Patel
2cae11ba35
Merge pull request #1189 from runcom/fix-apparmor-master
...
container_create: fix apparmor from container config
2017-11-30 08:56:46 -10:00
Antonio Murdaca
c8aad704dd
container_create: fix apparmor from container config
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-30 16:12:16 +01:00
Antonio Murdaca
902acca4af
container_create: correctly set image and kube envs
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-30 12:28:50 +01:00
Antonio Murdaca
c6f68f1bf1
container_exec: use process file with runc exec
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-30 11:23:37 +01:00
Antonio Murdaca
87f1ae214f
image_pull: fix image resolver
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-28 23:53:18 +01:00
Liu Chang
42800cc96b
Adding unit tests for server/utils.go
...
Signed-off-by: Liu Chang <liuchang@qiniu.com>
2017-11-27 16:01:00 +08:00
Antonio Murdaca
a75362dca0
Add /proc/scsi to masked paths
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-22 12:25:43 +01:00
Mrunal Patel
946307e5c2
Make pid namespace sharing optional and disabled by default
...
We reverse the logic so that pid ns sharing is disabled by default.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-11-18 06:47:06 -08:00
Mrunal Patel
d68da8929a
Merge pull request #1149 from weiwei04/share_pid_namespace
...
share pid namespace for Pod container
2017-11-17 08:12:49 -10:00
Wei Wei
702ab3ee3a
share pid namespace for Pod container
...
Signed-off-by: Wei Wei <weiwei.inf@gmail.com>
2017-11-17 09:56:33 +08:00
Mrunal Patel
8fe6dd36a4
Move crio default sock to /var/run/crio/crio.sock
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-14 16:11:43 +01:00
Mrunal Patel
a447b2985c
Merge pull request #1148 from agonzalezro/config-tests
...
Add tests for server/config.go
2017-11-13 18:58:50 -10:00
Álex González
c3f86cd016
Add tests for server/config.go
...
The tests are trying to read an write configuration files and check that the
fields are being set or saved properly.
A folder fixtures/ was created on server/ as well adding an example crio.conf
file to it.
Note: some extra paths about Vagrant and VSCode were added to gitignore.
Signed-off-by: Álex González <agonzalezro@gmail.com>
2017-11-13 13:43:47 +01:00
Antonio Murdaca
586eda8245
container_create: set the seccomp profile in the container object
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-12 17:51:32 +01:00
Antonio Murdaca
99e8676967
container_list: guard against list filter being nil
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-12 01:54:20 +01:00
Antonio Murdaca
33f699bad4
server: validate labels size to avoid dos
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-12 01:54:19 +01:00
Antonio Murdaca
befd719812
Revert "Merge pull request #654 from nalind/storage-update"
...
This reverts commit 4c06116c18
, reversing
changes made to c5e73ba65f
.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-12 01:54:19 +01:00
CuiHaozhi
a7f919f071
allow update running/created container.
...
Signed-off-by: CuiHaozhi <cuihaozhi@chinacloud.com.cn>
2017-11-11 11:04:07 -05:00
Daniel J Walsh
4fb52c2b12
Merge pull request #1133 from runcom/prom-runtime-metrics
...
server: add prometheus metrics for CRI operations
2017-11-10 07:30:59 -05:00
Antonio Murdaca
8611c2dfef
image_pull: repull when image ID (config digest) changed
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-09 19:46:55 +01:00
Antonio Murdaca
b959f8996d
server: add prometheus metrics for CRI operations
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-09 16:51:00 +01:00
Mrunal Patel
3f9e539bde
Merge pull request #1117 from runcom/setup-cwd
...
container_create: setup cwd for containers
2017-11-04 05:21:26 -07:00
Antonio Murdaca
140f85df72
container_create: setup cwd for containers
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-03 19:23:44 +01:00
Mrunal Patel
fa1ad4f54e
Add HOSTNAME env var to container
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-11-02 10:24:56 -07:00
Mrunal Patel
4e2c6911ad
container: Don't add rprivate to all mounts
...
This fixes the mount propagation tests
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-11-02 16:07:52 +01:00
Mrunal Patel
815bb7652b
sandbox: Use first class sysctls instead of annotations
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:52 +01:00
Antonio Murdaca
c25530ac0b
server: implement update container resources
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:52 +01:00
Antonio Murdaca
7d7024999b
sandbox, ctrs: fixup seccomp for 1.8
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:52 +01:00
Antonio Murdaca
c70198617f
container_create: set mount propagation
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:51 +01:00
Antonio Murdaca
e41ba62b19
container_create: honor no_new_privs
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:51 +01:00
Antonio Murdaca
d6e819133d
*: initial update to kube 1.8
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:51 +01:00
Nalin Dahyabhai
2e5e92730a
Switch to ImageServer.UntagImage in RemoveImage handler
...
Add an UntagImage() method to pkg/storage/ImageServer, which will check
if the passed-in NameOrID is a name. If so, it merely removes that name
from the image, removing the image only if it was the last name that the
image had. If the NameOrID is an image ID, the image is removed, as
RemoveImage() does.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-31 10:30:18 -04:00
Nalin Dahyabhai
3f2bc09231
Return image references in ImageStatus()
...
The image's canonical reference is a name with a digest of the image's
manifest, so compute and return that value as the image's reference in
ImageStatus() and in ContainerStatus().
We don't auto-store a name based on the image digest when we pull one by
tag, but then CRI doesn't need us to do that.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-31 10:29:06 -04:00
Daniel J Walsh
f6555bd868
Merge pull request #1087 from runcom/sort-mounts
...
container_create: sort mounts before adding them to the spec
2017-10-30 12:40:00 -04:00
Antonio Murdaca
15afc4d3de
container_create: sort mounts before adding them to the spec
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-29 12:31:18 +01:00
Mrunal Patel
03f9350a15
lint fixes
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-28 13:17:00 -07:00
Antonio Murdaca
584a256388
server: correctly return and close ch from exits routine
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-26 16:55:18 +02:00
Daniel J Walsh
a3cd7c422c
Merge pull request #1052 from mheon/conmon_socket_as_arg
...
Make attach sockets directory an argument in Conmon
2017-10-24 21:48:33 -07:00
Antonio Murdaca
c316e5d8cf
oci: respect process spec on exec
...
This patch fixes exec to use the original (start-time) process exec
configuration. Otherwise, we were creating a brand new spec process w/o
additional groups for instance.
Spotted while integrating CRI-O with cri-test...The test was failing
with:
```
• Failure [10.640 seconds]
[k8s.io] Security Context
/home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/framework/framework.go:72
bucket
/home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:407
runtime should support SupplementalGroups [It]
/home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:272
Expected
<[]string | len:1, cap:1>: ["0"]
to contain element matching
<string>: 1234
```
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-24 22:39:17 +02:00
Matthew Heon
ae5fc471ea
Make attach sockets directory an argument in Conmon
...
This is required to enable ongoing work in libpod
Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-10-24 15:42:23 -04:00
Mrunal Patel
d7d2ce7ce2
Merge pull request #1044 from runcom/fix-host-pid
...
fix host pid handling for containers and share uts ns
2017-10-19 14:11:41 -07:00
Antonio Murdaca
da725f3e5f
fix host pid handling for containers and share uts ns
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-19 21:13:28 +02:00
Mrunal Patel
b0e9f0eba8
Revert "Move crio default sock to /var/run/crio/crio.sock"
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-19 10:13:49 -07:00
Antonio Murdaca
12ce3ba3ed
Merge pull request #1030 from mrunalp/move_crio_sock
...
Move crio default sock to /var/run/crio/crio.sock
2017-10-19 00:53:10 +02:00
Daniel J Walsh
c2b7f37bd3
Merge pull request #1017 from baude/cri_tests_sandbox
...
server/sandbox_list.go: No error on filtered list find by ID
2017-10-18 16:10:11 -04:00
Mrunal Patel
c04f585a53
Merge pull request #1021 from runcom/fix-crio-versioning
...
version: fix version handling and kube info
2017-10-17 22:04:55 -07:00
Mrunal Patel
761e73c82e
Move crio default sock to /var/run/crio/crio.sock
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-17 22:02:53 -07:00
Mrunal Patel
eafb7f7105
Merge pull request #1014 from runcom/oci-kill-all-fix
...
oci: fixes to properly handle container stop action
2017-10-17 21:59:32 -07:00
umohnani8
a11b1f953d
Fixed logic flaw in the secrets mounts
...
Tested on a REHL box and found out that the mounts were not showing up
Had a logic flaw, where if the mount was "host:container"
Was setting the mount source to "host" and destination to "ctrRunDir/container"
When instead, the mount source should be "ctrRunDir/container" and destination "container"
with the data copied from "host" to "ctrRunDir/container"
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-17 13:08:42 -04:00
Antonio Murdaca
e07ba4b2d1
version: fix version handling and kube info
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-17 10:44:50 +02:00