Tianon Gravi
c54bc4ca04
Remove "root" and "" special cases in libcontainer
...
These are unnecessary since the user package handles these cases properly already (as evidenced by the LXC backend not having these special cases).
I also updated the errors returned to match the other libcontainer error messages in this same file.
Also, switching from Setresuid to Setuid directly isn't a problem, because the "setuid" system call will automatically do that if our own effective UID is root currently: (from `man 2 setuid`)
setuid() sets the effective user ID of the calling process. If the
effective UID of the caller is root, the real UID and saved set-user-
ID are also set.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-28 16:46:03 -06:00
Michael Crosby
5479a8e86f
Merge pull request #5412 from vmarmol/add-blkio-test
...
Adding a test for blkio stats.
2014-04-28 12:50:20 -07:00
Michael Crosby
9e0eab6aed
Merge pull request #5394 from vmarmol/add-croup-memory-stats
...
Add memory usage and max usage stats.
2014-04-28 12:44:34 -07:00
Victor Marmol
a49cc7f252
Adding a test for blkio stats.
...
Also adds a test utility we can use for other cgroup tests.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-26 07:29:13 +00:00
unclejack
3a8c935a4d
Merge pull request #5411 from crosbymichael/lockdown
...
Update default restrictions for exec drivers
2014-04-26 03:27:56 +03:00
Victor Marmol
38d7599ca3
Add memory usage and max usage stats.
...
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-25 02:51:28 +00:00
Victor Marmol
bcfc527abb
Separating cgroup Memory and MemoryReservation.
...
This will allow for these to be set independently. Keep the current Docker behavior where Memory and MemoryReservation are set to the value of Memory.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-24 11:09:38 -07:00
Michael Crosby
76a06effef
Ignore isnot exists errors for proc paths
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
2ecea22c8c
Update init for new apparmor import path
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
bd7c140c01
Update container.json and readme
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
e40bde54a5
Move capabilities into security pkg
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
454751e768
Move mounts into types.go
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
824ee83816
Move rest of console functions to pkg
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
a77846506b
Refactor mounts into pkg to make changes easier
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
323ea01c18
Move console into its own package
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
cc900b9db8
Mount over dev and only copy allowed nodes in
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
ef923907df
No not mount sysfs by default for non privilged containers
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
3d546f20db
Add restrictions to proc in libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:19 -07:00
Michael Crosby
b5434b5d7f
Move apparmor into security sub dir
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:19 -07:00
Rohit Jnagal
7ff609f95d
Add support for cpu hardcapping to cgroups.
...
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-24 14:43:02 +00:00
Solomon Hykes
c5b6f20d56
Fix Go formatting in beam and dockerscript
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 16:16:29 -07:00
Solomon Hykes
1df27fa300
pkg/dockerscript: add MAINTAINERS file
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
be7d4c5b8c
beam/examples/beamsh: 'chdir' changes the current directory
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
1794406033
beam/examples/beamsh: 'exec' can communicate with its child via beam.
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
9598cba7c0
beam/examples/beamsh: use beam.Router to simplify 'multiprint' and fix job passthrough
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
d1528caaac
beam: new routing functions Route.KeyEquals, Route.KeyIncludes, Route.NoKey
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
df3bbb2875
beam/examples/beamsh: use beam.Router to simplify 'trace'
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
1dbb699e6a
beam/examples/beamsh: move builtins to a separate file for readability
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
4a8dc511e2
beam/examples/beamsh: simplify commands by always creating and sending stdout and stderr for them
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
5b977c60ce
beam/examples/beamsh: use beam.Router to simplify 'logger'
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
83a19e4f1d
beam/examples/beamsh: use beam.Router to simplify the 'stdio' command
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
36231f23a3
beam: Router can route beam messages with a convenient set of rules and handlers
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
992a3f9c96
beam/examples/beamsh: move example scripts to scripts/
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Alexander Larsson
cd911b83ce
beam: Fix double close of fds in SendUnix
...
Instead of calling syscall.Close() on the fds in sendUnix() we call
Close() on the *os.File in Send(). Otherwise the fd will be closed, but
the *os.File will continue to live, and when it is finalized the
fd will be closed (which by then may be reused and can be anything).
This also adds a note to Send() the the file is closed.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-04-22 15:50:22 -07:00
Solomon Hykes
8104b14a8d
beam: more unit tests
...
This adds testing to SendConn.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
0e093988bf
beam/examples/beamsh: add scripts to reproduce various bugs
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
69e180cae7
beam/examples/beamsh: fix 'print' to be pass-through
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
ae0b194839
beam/examples/beamsh: rename 'log' to 'logger' to avoid conflict with stdout/stderr
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
c92abca6c7
beam/examples/beamsh: 'prompt' asks the user for a value and sends it.
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
5220dbeffd
beam/examples/beamsh: commands are messages.
...
Commands in the pipeline should either implement or pass-through command messages.
This amounts to a proof-of-concept implementation of the "pipeline"
design of Docker plugins.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
2edf4802d8
beam/examples/beamsh: cosmetic fix in Fatalf
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
c27c56ca37
beam: replace SendPair() with the simpler SendConn()
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
e92f305c1c
beam/examples/beamsh: miniserver.ds demo
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
9c5fdb249f
beam: improve the API with Sender/Receiver interfaces and utilities: Copy/SendPipe/SendPair
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Alexander Larsson
071e5e5a65
beam: Make extracted Fds CloseOnExec
...
Grab forklock to make sure no forks accidentally inherit the new fds
before they are made CLOEXEC There is a slight race condition between
ReadMsgUnix returns and when we grap the lock, so this is not
perfect. Unfortunately There is no way to pass MSG_CMSG_CLOEXEC to
recvmsg() nor any way to implement non-blocking i/o in go, so this is
hard to fix.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-04-22 15:50:21 -07:00
Solomon Hykes
f534839c8b
beam/examples/beamsh: add a few example dockerscripts
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
7958f295e8
beam/examples/beamsh: simplify code by using sendWPipe utility
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
f7971cfc1e
beam/examples/beamsh: move code around for readability
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
11c2feae5b
beam/examples/beamsh: 'exec' adds 'fromcmd' field to its output
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
b27e7baa02
beam/examples/beamsh: simple 'log' command tees streams to a local directory
...
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00