If the pid namespace mode is set to POD, then the container's namespace
should be set to the namespace of the pod infra container.
Signed-off-by: umohnani8 <umohnani@redhat.com>
These changes allow for the container's pid namespace to be set to the same
as the pod infra container's namespace if the pid namespace mode is set to POD
Signed-off-by: umohnani8 <umohnani@redhat.com>
using github.com/LK4D4/vndr, but then trimming all vendored packages
that had changed, back to only containers/storage.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
We may consider setting it to true all the time but this
should match our previous behavior before we started
using process json for exec.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
We've been occasionally creating this file since 9c44933b (build:
create a local GOPATH if none specified, 2017-03-27, #410). But it's
recording information about the local environment, not part of our
common source. Adding it to .gitignore helps avoid having it
accidentally committed.
Signed-off-by: W. Trevor King <wking@tremily.us>
The GOPATH layout is created in the Makefile:
mkdir -p "/home/test/cri-o/_output/src/github.com/kubernetes-incubator"
ln -s "/home/test/cri-o" "/home/test/cri-o/_output/src/github.com/kubernetes-incubator"
Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
CRI-O's server relies on this for creation attempts, but it can set
the option. conmon itself doesn't need to care one way or the other.
Perhaps it is being called by a process that doesn't care about the
container exit code or has another way to access that information.
With this commit, we trust callers to set --exit-dir if they want it,
instead of requiring non-exec callers to set it.
Signed-off-by: W. Trevor King <wking@tremily.us>
add the possibility to run a custom command, and optionally provide
additional arguments to it, when conmon exits.
For example, it could be possible to delete the terminated container
with:
conmon [...] --exit-command /usr/bin/runc \
--exit-command-arg delete \
--exit-command-arg $CONTAINER_UUID
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Avoid:
$ make clean && make conmon.o 2>&1
rm -f conmon.o cmsg.o ../bin/conmon
cc -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -DVERSION=\"1.9.0-dev\" -DGIT_COMMIT=\""74cd1ec97c13a9784ce5e67a9e50e8977b5d2f38"\" -c -o conmon.o conmon.c
conmon.c: In function ‘main’:
conmon.c:1175:3: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
read(start_pipe_fd, buf, BUF_SIZE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by catching and exiting on any read errors. A read error here would
be because the caller died before writing to the start pipe, and we
don't want to continue in those cases because it would reopen the
cgroup race discussed in af4fbcd9 (conmon: Don't leave zombies and fix
cgroup race, 2017-06-09, #583). af4fbcd9 is where this line
originally landed, and it didn't have error checking then.
Signed-off-by: W. Trevor King <wking@tremily.us>
This patch fixes selinuxopt generation as found in:
```
install /usr/sbin/selinuxenabled -D -m 644 crio.conf /etc/crio/crio.conf
```
The above is clearly wrong when installing the configuration because
`commmand -v` outputs the path of selinuxenabled as well, resulting in
/usr/bin/selinuxenabled -Z
This patch fixes that by just echoing the -Z as needed.
Issue introduced in
https://github.com/kubernetes-incubator/cri-o/pull/1363
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This should have happened in f4883dd2 (Makefile: do not install man1
files, 2017-11-08, #1129). It may have been missed due to the
man1/man8 typo from e61c672a (Add missing man pages and bash
completions for kpod, 2016-12-02, #230).
Signed-off-by: W. Trevor King <wking@tremily.us>