Samuel Ortiz
5d8537f270
testdata: sandbox ns options should be under security_context
...
And not directly under linux.
Fixes #243
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-08 18:09:28 +01:00
Mrunal Patel
0fcb25cc97
Merge pull request #241 from sameo/topic/sandbox_remove
...
Make RemovePodSandbox idempotent
2016-12-08 07:15:25 -08:00
Samuel Ortiz
365c291f1a
server: Make RemovePodSandbox idempotent
...
And in particular make it not fail when removing an already removed
sandbox pod. According to the CRI spec:
[RemovePodSandbox] is idempotent, and must not return an error if
the sandbox has already been removed.
We now only print a warning instead of returning an error.
We still return an error when the passed pod ID is empty.
Fixes #240
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-08 10:40:14 +01:00
Xianglin Gao
6977b3e88d
move duplicated consts to apparmor_common.go
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:46:38 +08:00
Xianglin Gao
cb5ed1ce9d
reload default apparmor profile if it is unloaded
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:19:29 +08:00
Mrunal Patel
8547c0dbd9
Merge pull request #236 from runcom/check-netns-on-stop
...
server: check netns path on pod stop
2016-12-06 10:06:46 -08:00
Mrunal Patel
a4021ba179
Merge pull request #235 from runcom/fix-state
...
server: sync ctr state before checking it
2016-12-06 09:42:43 -08:00
Mrunal Patel
c4fc22af51
Merge pull request #234 from runcom/fixies
...
fix filter by truncated ids (+ apparmor tests)
2016-12-06 09:35:18 -08:00
Antonio Murdaca
46dc2b4347
server: check netns path on pod stop
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 15:36:05 +01:00
Antonio Murdaca
1b2d4f3d60
server: sync ctr state before checking it
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:39:38 +01:00
Antonio Murdaca
f2b4fda554
server: fix ctr filter by truncated id
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:34 +01:00
Antonio Murdaca
e7492ca12f
server: fix pod filter by truncated id
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:30 +01:00
Antonio Murdaca
15f23bc6ac
test: fix apparmor detection
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:10:32 +01:00
Mrunal Patel
79073df3c2
Merge pull request #215 from xlgao-zju/support-apparmor
...
support apparmor
2016-12-05 21:24:50 -08:00
Xianglin Gao
4f323377ee
add apparmor build tag and update readme
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-06 11:51:15 +08:00
Mrunal Patel
6983ae628b
Merge pull request #230 from rhatdan/docs
...
Add missing man pages and bash completions for kpod
2016-12-02 11:43:48 -08:00
Dan Walsh
e61c672aa7
Add missing man pages and bash completions for kpod
...
We need to start off with man pages and bash completion
support for kpod.
Also fix Makefile to install kpod by default
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-12-02 10:17:58 -05:00
Mrunal Patel
529bebbe68
Merge pull request #222 from mheon/kpod
...
Add basic skeleton of kpod executable
2016-12-01 20:37:32 -08:00
Matthew Heon
f512f211d0
Add basic skeleton of kpod executable
...
Signed-off-by: Matthew Heon <mheon@redhat.com>
2016-12-01 22:42:54 -05:00
Antonio Murdaca
d5a40ef032
Merge pull request #220 from mrunalp/kpod_readme
...
Add README for kpod
2016-12-01 21:49:52 +01:00
Mrunal Patel
0d0b70a475
Add README for kpod
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-01 07:31:36 -08:00
Xianglin Gao
bec3c3e2aa
add test cases
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 21:42:13 +08:00
Xianglin Gao
06cc0ba6ba
Add docs about apparmor profile setting
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
26645c90ac
Make the profile configurable
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
1f863846f5
add default apparmor profile
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
71b80591e3
support apparmor
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Mrunal Patel
be32aa566e
Merge pull request #219 from runcom/seccomp-buildtag
...
*: add seccomp buildtag
2016-11-29 08:18:06 -08:00
Antonio Murdaca
0e4af6d69d
*: add seccomp buildtag
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-29 17:01:45 +01:00
Pengfei Ni
947b247e4a
Merge pull request #217 from sameo/topic/pod_annotations
...
server: Export more container metadata for VM containers
2016-11-29 22:11:32 +08:00
Aleksa Sarai
e1113c12e3
merge branch 'pr-136'
...
LGTMs: @cyphar @rhatdan
2016-11-29 23:53:28 +11:00
Samuel Ortiz
60123a77ce
server: Export more container metadata for VM containers
...
VM base container runtimes (e.g. Clear Containers) will run each pod
in a VM and will create containers within that pod VM. Unfortunately
those runtimes will get called by ocid with the same commands
(create and start) for both the pause containers and subsequent
containers to be added to the pod namespace. Unless they work around
that by e.g. infering that a container which rootfs is under
"/pause" would represent a pod, they have no way to decide if they
need to create/start a VM or if they need to add a container to an
already running VM pod.
This patch tries to formalize this difference through pod
annotations. When starting a container or a sandbox, we now add 2
annotations for the container type (Infrastructure or not) and the
sandbox name. This will allow VM based container runtimes to handle
2 things:
- Decide if they need to create a pod VM or not.
- Keep track of which pod ID runs in a given VM, so that they
know to which sandbox they have to add containers.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-11-29 10:24:33 +01:00
Mrunal Patel
d6dfd0bf23
Merge pull request #211 from runcom/seccomp-take-1
...
Add support for Seccomp
2016-11-28 14:48:00 -08:00
Antonio Murdaca
78ee03a8fc
add seccomp support
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-28 22:05:34 +01:00
Mrunal Patel
1bd0ba8516
Merge pull request #216 from mrunalp/skip_vendor_lint
...
Skip lint on vendored code
2016-11-28 12:48:16 -08:00
Mrunal Patel
b53a315c35
Skip lint on vendored code
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-28 12:32:49 -08:00
Mrunal Patel
b6f1b027eb
Merge pull request #213 from runcom/bump-runtime-tools
...
*: bump opencontainers/runtime-tools
2016-11-24 08:29:43 -08:00
Mrunal Patel
d12c4b68ac
Merge pull request #212 from runcom/execsync-fix
...
execsync: return proper error description
2016-11-24 08:28:45 -08:00
Mrunal Patel
19b11293f6
Merge pull request #206 from Crazykev/add-sysctls
...
Add support for sysctls
2016-11-24 08:07:35 -08:00
Mrunal Patel
46c1e95929
Merge pull request #214 from runcom/bump-golang-dockerfile
...
Dockerfile: bump to golang 1.7.3
2016-11-24 08:04:56 -08:00
Antonio Murdaca
cd85d49ff3
Dockerfile: bump to golang 1.7.3
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 13:47:49 +01:00
HaoZhang
bdd817d002
add test for sysctls
...
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-24 20:32:33 +08:00
Antonio Murdaca
70481bc5af
*: bump opencontainers/runtime-tools
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 12:26:18 +01:00
Antonio Murdaca
cbe2a68ce5
execsync: return proper error description
...
The gprc execsync client call doesn't populate `ExecSyncResponse` on
error at all. You just get an error.
This patch modifies the code to include command's streams, exit code
and error direcly into the error. `ocic` will then print useful
infomation in the cli, otherwise it won't.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 12:11:04 +01:00
HaoZhang
d1e1b7c183
pass sysctls down to oci runtime
...
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-24 16:29:37 +08:00
Mrunal Patel
2e3ad167bb
Merge pull request #207 from runcom/refactor-actions
...
split files under server/
2016-11-22 14:53:06 -08:00
Antonio Murdaca
ebe2ea0dba
server: split sandboxes actions
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 23:23:01 +01:00
Antonio Murdaca
4447207cf1
server: split images actions
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 23:05:37 +01:00
Antonio Murdaca
61bb04c87c
server: split containers actions
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 18:38:05 +01:00
Antonio Murdaca
5c94544fb8
Merge pull request #203 from mrunalp/exec_sync
...
Exec sync
2016-11-21 23:22:20 +01:00
Mrunal Patel
3e415d0c2f
Add test for exec sync
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-21 13:16:36 -08:00