Commit graph

315 commits

Author SHA1 Message Date
Dan Walsh
cd12a4acfe Can't use SELinux separation when sharing the host pid/ipc namespace
SELinux will cause breakage when sharing these namespaces.  For example it
will block processes inside of the container from looking at the hosts /proc
in hosts Pid Namespace.  It will also block all access to semaphores and
shared memory defined outside of the pod.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-07 07:28:12 -04:00
Antonio Murdaca
fbcd609644 Merge pull request #109 from mrunalp/get_sb
Refactor to use helper method to get sandbox from request
2016-10-07 09:44:00 +02:00
Antonio Murdaca
31ad011fc4 Merge pull request #108 from mrunalp/ctr_state_fixes
Container state fixes
2016-10-07 09:42:38 +02:00
Mrunal Patel
d7e72cb3a2 Refactor to use helper method get sandbox object
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 15:34:05 -07:00
Mrunal Patel
ec0b27fffc Add a helper method to get sandbox from request
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 15:34:05 -07:00
Mrunal Patel
77afd34a27 Container state fixes
Move Container State constants to oci package
and fixup where strings were used instead of
the status constants

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 15:16:21 -07:00
Antonio Murdaca
9b42de99d1 Merge pull request #106 from mrunalp/get_ctr
Refactor to use helper for getting Container
2016-10-06 23:34:06 +02:00
Mrunal Patel
f6a12b865c Refactor to use new helper method to get Container
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 12:49:59 -07:00
Mrunal Patel
a56cbb4117 Add a helper to get container from request
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 12:49:04 -07:00
Mrunal Patel
027aaf15b7 Merge pull request #100 from rhatdan/selinux
Selinux
2016-10-06 12:28:12 -07:00
Antonio Murdaca
138b8cce54 Merge pull request #105 from mrunalp/ctr_create_cleanup
Cleanup container directory and state on creation failure
2016-10-06 20:20:13 +02:00
Dan Walsh
be77b841fa Add SELinux support to OCID
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-06 14:13:06 -04:00
Mrunal Patel
0321870568 Cleanup container directory and state on creation failure
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-06 11:12:39 -07:00
Antonio Murdaca
080394d3c3 Merge pull request #104 from mikebrow/make-install-dep-change
remove install dependencies so they don't build
2016-10-06 18:57:57 +02:00
Mike Brown
7d3cf31c51 remove install dependencies so they don't build
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-10-06 11:32:31 -05:00
Mrunal Patel
f273a10240 Merge pull request #103 from mikebrow/path-to-runc
small amount of error checking and help for path to the runtime
2016-10-06 09:32:11 -07:00
Mike Brown
609d7630ca small amount of error checking and help for path to the runtime
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-10-06 11:14:54 -05:00
Mrunal Patel
c2e9f31491 Merge pull request #99 from mikebrow/add-installtools-toreadme
mention the need to add install tools
2016-10-05 20:16:11 -07:00
Mrunal Patel
308cc4a3b5 Update vendor to use libcontainer/label
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-05 21:58:10 -04:00
Mrunal Patel
fa7945193d Merge pull request #98 from mikebrow/makefile-issue-on-ubuntu
fixes issue with ubuntu build
2016-10-05 18:11:12 -07:00
Mike Brown
18df9788de mention the need to add install tools
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-10-05 20:05:35 -05:00
Mike Brown
cddafb00b3 fixes issue with ubuntu build
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-10-05 19:55:07 -05:00
Antonio Murdaca
a5da8a4d1e Merge pull request #97 from mrunalp/ctr_dir_id
Use container ID as the directory name
2016-10-05 23:02:25 +02:00
Antonio Murdaca
5d16d7f883 Merge pull request #96 from mrunalp/ctr_short_ids
Add support for short IDs for containers
2016-10-05 23:00:52 +02:00
Mrunal Patel
e82426fa8f Use container ID as the directory name
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-05 12:18:56 -07:00
Mrunal Patel
869f85e4bb Add support for specifying container short IDs
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-05 11:55:45 -07:00
Mrunal Patel
edba913f67 Track container IDs in index
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-05 11:31:41 -07:00
Antonio Murdaca
e9ab839955 Merge pull request #67 from mrunalp/getting_started
[readme] Add intructions for getting started
2016-10-05 08:15:07 +02:00
Antonio Murdaca
65b94fb028 Merge pull request #94 from mrunalp/ctr_meta
Refactor to separate container IDs from container names
2016-10-05 08:14:06 +02:00
Mrunal Patel
0482a4281a Separate container IDs from container names
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 16:57:12 -07:00
Mrunal Patel
484719c8fe Add a function to generate container id and name
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 16:15:23 -07:00
Mrunal Patel
3e19549232 Add name and id indexes for containers
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 16:00:04 -07:00
Mrunal Patel
1783342841 Increase the duplicate threshold
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 15:59:46 -07:00
Mrunal Patel
b2c383892c Add id field to container
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 14:17:15 -07:00
Mrunal Patel
d4a09fd5c8 Merge pull request #93 from cyphar/dockerless-pause-rootfs
Dockerless pause rootfs
2016-10-03 10:06:04 -07:00
Mrunal Patel
3cb2424c6f Merge pull request #92 from cyphar/more-test-debug-output
test: add more debugging output
2016-10-02 09:38:39 -07:00
Aleksa Sarai
bd9acaf584
conmon: minor fixes
This fixes a bug where --conmon wouldn't actually set the conmon binary
path, and also where we weren't setting CFLAGS while compiling conmon.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 20:11:16 +11:00
Aleksa Sarai
bac579a9e5
server: create pause rootfs manually without Docker
This lessens the Docker requirement for creating sandboxes (with the
requirement only existing for the actual image pulling that is done when
adding a container to a pod). The interface was chosen to match the
--conmon interface, so that the location of the pause binary can be
chosen by a user.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 20:11:07 +11:00
Aleksa Sarai
1313f0dd72
*: add pause binary as a build target
Take the pause binary's source code (from kubernetes/pause) and make it
part of the build setup for cri-o. This is necessary to remove the
Docker requirement for setting up the pause container, at least until
the storage API is set up so that we can make this far more flexible
(namely that we can pull the image from a registry or other transport,
even from an archive).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 19:36:39 +11:00
Aleksa Sarai
498d2d602e
test: add more debugging output
In several places, we previously didn't output the $output of the
failing command, leading to confusion when debugging. A proper fix is to
alias oci{c,d} in helpers.sh like runC does, but that can come later.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 19:13:00 +11:00
Mrunal Patel
37affbfd7a Merge pull request #88 from alobbs/fix-87
Fixes Makefile so CFLAGS/LIBS are accepted as a make parameter
2016-10-01 12:40:29 -07:00
Alvaro Lopez Ortega
54b862f86f Fixes Makefile so CFLAGS/LIBS are accepted as a make parameter
It should be possible to run make with compilation CFLAGS / LIBS
paramaters. For instance, 'make CFLAGS="-g3 -O0"'. Fixes #87

Signed-off-by: Alvaro Lopez Ortega <alvaro@gnu.org>
2016-09-30 22:15:30 -04:00
Mrunal Patel
a6f52b83dc [readme] Add intructions for getting started
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 16:20:34 -07:00
Antonio Murdaca
3697a61db9 Merge pull request #84 from mrunalp/pod_attempt
Include attempt in the pod name
2016-10-01 01:06:00 +02:00
Antonio Murdaca
e8405a4eec Merge pull request #85 from mrunalp/pod_annotations
Add annotations for pods
2016-10-01 01:05:06 +02:00
Mrunal Patel
d5a8d1bae3 Add annotations for pods
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 15:48:31 -07:00
Mrunal Patel
581c17169c Include attempt in the pod name
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 15:23:38 -07:00
Antonio Murdaca
b0e23c4a24 Merge pull request #83 from mrunalp/ctr_list_fix
Remove containers from in-memory state on pod remove
2016-09-30 22:16:37 +02:00
Mrunal Patel
23858b7ed6 Add pod list and ctr list calls to ctr lifecycle test
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 12:24:16 -07:00
Mrunal Patel
50bea08c50 Remove containers from state on pod remove
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 12:23:48 -07:00