Commit graph

1403 commits

Author SHA1 Message Date
Xianglin Gao
06cc0ba6ba Add docs about apparmor profile setting
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
26645c90ac Make the profile configurable
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
1f863846f5 add default apparmor profile
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
71b80591e3 support apparmor
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Mrunal Patel
be32aa566e Merge pull request #219 from runcom/seccomp-buildtag
*: add seccomp buildtag
2016-11-29 08:18:06 -08:00
Antonio Murdaca
0e4af6d69d
*: add seccomp buildtag
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-29 17:01:45 +01:00
Pengfei Ni
947b247e4a Merge pull request #217 from sameo/topic/pod_annotations
server: Export more container metadata for VM containers
2016-11-29 22:11:32 +08:00
Aleksa Sarai
e1113c12e3
merge branch 'pr-136'
LGTMs: @cyphar @rhatdan
2016-11-29 23:53:28 +11:00
Samuel Ortiz
60123a77ce server: Export more container metadata for VM containers
VM base container runtimes (e.g. Clear Containers) will run each pod
in a VM and will create containers within that pod VM. Unfortunately
those runtimes will get called by ocid with the same commands
(create and start) for both the pause containers and subsequent
containers to be added to the pod namespace. Unless they work around
that by e.g. infering that a container which rootfs is under
"/pause" would represent a pod, they have no way to decide if they
need to create/start a VM or if they need to add a container to an
already running VM pod.

This patch tries to formalize this difference through pod
annotations. When starting a container or a sandbox, we now add 2
annotations for the container type (Infrastructure or not) and the
sandbox name. This will allow VM based container runtimes to handle
2 things:

- Decide if they need to create a pod VM or not.
- Keep track of which pod ID runs in a given VM, so that they
  know to which sandbox they have to add containers.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-11-29 10:24:33 +01:00
Mrunal Patel
d6dfd0bf23 Merge pull request #211 from runcom/seccomp-take-1
Add support for Seccomp
2016-11-28 14:48:00 -08:00
Antonio Murdaca
78ee03a8fc
add seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-28 22:05:34 +01:00
Mrunal Patel
1bd0ba8516 Merge pull request #216 from mrunalp/skip_vendor_lint
Skip lint on vendored code
2016-11-28 12:48:16 -08:00
Mrunal Patel
b53a315c35 Skip lint on vendored code
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-28 12:32:49 -08:00
Mrunal Patel
b6f1b027eb Merge pull request #213 from runcom/bump-runtime-tools
*: bump opencontainers/runtime-tools
2016-11-24 08:29:43 -08:00
Mrunal Patel
d12c4b68ac Merge pull request #212 from runcom/execsync-fix
execsync: return proper error description
2016-11-24 08:28:45 -08:00
Mrunal Patel
19b11293f6 Merge pull request #206 from Crazykev/add-sysctls
Add support for sysctls
2016-11-24 08:07:35 -08:00
Mrunal Patel
46c1e95929 Merge pull request #214 from runcom/bump-golang-dockerfile
Dockerfile: bump to golang 1.7.3
2016-11-24 08:04:56 -08:00
Antonio Murdaca
cd85d49ff3
Dockerfile: bump to golang 1.7.3
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 13:47:49 +01:00
HaoZhang
bdd817d002 add test for sysctls
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-24 20:32:33 +08:00
Antonio Murdaca
70481bc5af
*: bump opencontainers/runtime-tools
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 12:26:18 +01:00
Antonio Murdaca
cbe2a68ce5
execsync: return proper error description
The gprc execsync client call doesn't populate `ExecSyncResponse` on
error at all. You just get an error.
This patch modifies the code to include command's streams, exit code
and error direcly into the error. `ocic` will then print useful
infomation in the cli, otherwise it won't.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 12:11:04 +01:00
HaoZhang
d1e1b7c183 pass sysctls down to oci runtime
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-24 16:29:37 +08:00
Mrunal Patel
2e3ad167bb Merge pull request #207 from runcom/refactor-actions
split files under server/
2016-11-22 14:53:06 -08:00
Antonio Murdaca
ebe2ea0dba
server: split sandboxes actions
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 23:23:01 +01:00
Antonio Murdaca
4447207cf1
server: split images actions
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 23:05:37 +01:00
Antonio Murdaca
61bb04c87c
server: split containers actions
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-22 18:38:05 +01:00
Antonio Murdaca
5c94544fb8 Merge pull request #203 from mrunalp/exec_sync
Exec sync
2016-11-21 23:22:20 +01:00
Mrunal Patel
3e415d0c2f Add test for exec sync
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-21 13:16:36 -08:00
Mrunal Patel
78ecdcd298 Add support for timeout
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-21 13:16:32 -08:00
Antonio Murdaca
c06e627a55 Merge pull request #204 from intelsdi-x/runtimeStatus
Add runtime status compliant with CRI
2016-11-21 12:02:41 +01:00
Jacek J. Łakis
0289858d21 Add runtime status commpliant with CRI
Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
2016-11-21 10:19:03 +01:00
Mrunal Patel
83779764f4 Merge pull request #205 from mrunalp/add_owner
Add feiskyer as an OWNER
2016-11-18 14:12:57 -08:00
Mrunal Patel
56b2f799ec Add feiskyer as an OWNER
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-18 09:05:14 -08:00
Mrunal Patel
5c1adcbf6a Add client implementation for exec sync
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-17 16:42:08 -08:00
Mrunal Patel
52e789c44b Add server implementation for exec sync
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-17 16:41:44 -08:00
Mrunal Patel
b12a508e4e Add method to exec a command sync in a container
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-17 16:40:52 -08:00
Antonio Murdaca
920acd2f37 Merge pull request #199 from mrunalp/update_api
Update to the latest upstream API
2016-11-17 17:09:50 +01:00
Mrunal Patel
b62a150151 Update to the latest upstream API
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-16 17:20:37 -08:00
Mrunal Patel
9540eb9d2b Merge pull request #196 from Crazykev/fix-time-display
fix ocic time display
2016-11-16 12:17:47 -08:00
Crazykev
82a01cbdda fix ocic time display
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-11-16 15:36:32 +08:00
Mrunal Patel
e790094f23 Merge pull request #194 from sameo/master
Conmon fixes
2016-11-15 09:47:13 -08:00
Antonio Murdaca
8aba231708 Merge pull request #195 from mrunalp/syslog
Add syslog support
2016-11-15 14:39:04 +01:00
Samuel Ortiz
5bbef5fc88 oci: Pass the bundle and pid file paths to conmon
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-11-15 14:11:47 +01:00
Samuel Ortiz
b14bae4869 conmon: Add --bundle and --pidfile command line options
We need to be able pass both the bundle path and the pid file
paths to conmon from ocid.
The former is mandatory when creating an OCI container:

https://github.com/opencontainers/runtime-spec/blob/master/runtime.md#create

And it makes sense to provide a full path for the latter as the
current hardcoded relative path may lead to errors if e.g. the
runtime chdir() before creating the PID file.

In both cases we try to create default reasonable values when
they are left empty by the caller.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-11-15 14:11:42 +01:00
Antonio Murdaca
a9412d9156 Merge pull request #193 from intelsdi-x/fix_versioning
version: remove checking gRPC version
2016-11-15 09:47:55 +01:00
Jacek J. Łakis
85f7ebfb48 version: Fix parsing for gRPC version
Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
2016-11-15 09:26:11 +01:00
Mrunal Patel
562f8ca684 Add syslog support
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-14 16:02:03 -08:00
Mrunal Patel
8d275cebb9 Merge pull request #192 from feiskyer/timestamps
Set timestamps to nanoseconds
2016-11-14 09:33:01 -08:00
Pengfei Ni
bbfcf62a0f Set timestamps to nanosecond.
CRI requires all timestamps in nanosends instead of seconds.

Signed-off-by: Pengfei Ni <feiskyer@gmail.com>
2016-11-14 14:26:06 +08:00
Antonio Murdaca
02ec8754f5 Merge pull request #169 from cyphar/make-configurable
server: make more things configurable
2016-11-10 14:55:29 +01:00