Commit graph

427 commits

Author SHA1 Message Date
Tianon Gravi
c54bc4ca04 Remove "root" and "" special cases in libcontainer
These are unnecessary since the user package handles these cases properly already (as evidenced by the LXC backend not having these special cases).

I also updated the errors returned to match the other libcontainer error messages in this same file.

Also, switching from Setresuid to Setuid directly isn't a problem, because the "setuid" system call will automatically do that if our own effective UID is root currently: (from `man 2 setuid`)

    setuid() sets the effective user ID of the calling process.  If the
    effective UID of the caller is root, the real UID and saved set-user-
    ID are also set.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-28 16:46:03 -06:00
Michael Crosby
5479a8e86f Merge pull request #5412 from vmarmol/add-blkio-test
Adding a test for blkio stats.
2014-04-28 12:50:20 -07:00
Michael Crosby
9e0eab6aed Merge pull request #5394 from vmarmol/add-croup-memory-stats
Add memory usage and max usage stats.
2014-04-28 12:44:34 -07:00
Victor Marmol
a49cc7f252 Adding a test for blkio stats.
Also adds a test utility we can use for other cgroup tests.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-26 07:29:13 +00:00
unclejack
3a8c935a4d Merge pull request #5411 from crosbymichael/lockdown
Update default restrictions for exec drivers
2014-04-26 03:27:56 +03:00
Victor Marmol
38d7599ca3 Add memory usage and max usage stats.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-25 02:51:28 +00:00
Victor Marmol
bcfc527abb Separating cgroup Memory and MemoryReservation.
This will allow for these to be set independently. Keep the current Docker behavior where Memory and MemoryReservation are set to the value of Memory.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-24 11:09:38 -07:00
Michael Crosby
76a06effef Ignore isnot exists errors for proc paths
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
2ecea22c8c Update init for new apparmor import path
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
bd7c140c01 Update container.json and readme
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
e40bde54a5 Move capabilities into security pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
454751e768 Move mounts into types.go
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
824ee83816 Move rest of console functions to pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
a77846506b Refactor mounts into pkg to make changes easier
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
323ea01c18 Move console into its own package
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
cc900b9db8 Mount over dev and only copy allowed nodes in
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
ef923907df No not mount sysfs by default for non privilged containers
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
3d546f20db Add restrictions to proc in libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:19 -07:00
Michael Crosby
b5434b5d7f Move apparmor into security sub dir
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:19 -07:00
Rohit Jnagal
7ff609f95d Add support for cpu hardcapping to cgroups.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-24 14:43:02 +00:00
Solomon Hykes
c5b6f20d56 Fix Go formatting in beam and dockerscript
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 16:16:29 -07:00
Solomon Hykes
1df27fa300 pkg/dockerscript: add MAINTAINERS file
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
be7d4c5b8c beam/examples/beamsh: 'chdir' changes the current directory
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
1794406033 beam/examples/beamsh: 'exec' can communicate with its child via beam.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
9598cba7c0 beam/examples/beamsh: use beam.Router to simplify 'multiprint' and fix job passthrough
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
d1528caaac beam: new routing functions Route.KeyEquals, Route.KeyIncludes, Route.NoKey
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
df3bbb2875 beam/examples/beamsh: use beam.Router to simplify 'trace'
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
1dbb699e6a beam/examples/beamsh: move builtins to a separate file for readability
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
4a8dc511e2 beam/examples/beamsh: simplify commands by always creating and sending stdout and stderr for them
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
5b977c60ce beam/examples/beamsh: use beam.Router to simplify 'logger'
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
83a19e4f1d beam/examples/beamsh: use beam.Router to simplify the 'stdio' command
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
36231f23a3 beam: Router can route beam messages with a convenient set of rules and handlers
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
992a3f9c96 beam/examples/beamsh: move example scripts to scripts/
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Alexander Larsson
cd911b83ce beam: Fix double close of fds in SendUnix
Instead of calling syscall.Close() on the fds in sendUnix() we call
Close() on the *os.File in Send(). Otherwise the fd will be closed, but
the *os.File will continue to live, and when it is finalized the
fd will be closed (which by then may be reused and can be anything).

This also adds a note to Send() the the file is closed.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-04-22 15:50:22 -07:00
Solomon Hykes
8104b14a8d beam: more unit tests
This adds testing to SendConn.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
0e093988bf beam/examples/beamsh: add scripts to reproduce various bugs
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
69e180cae7 beam/examples/beamsh: fix 'print' to be pass-through
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
ae0b194839 beam/examples/beamsh: rename 'log' to 'logger' to avoid conflict with stdout/stderr
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
c92abca6c7 beam/examples/beamsh: 'prompt' asks the user for a value and sends it.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
5220dbeffd beam/examples/beamsh: commands are messages.
Commands in the pipeline should either implement or pass-through command messages.

This amounts to a proof-of-concept implementation of the "pipeline"
design of Docker plugins.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
2edf4802d8 beam/examples/beamsh: cosmetic fix in Fatalf
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
c27c56ca37 beam: replace SendPair() with the simpler SendConn()
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
e92f305c1c beam/examples/beamsh: miniserver.ds demo
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
9c5fdb249f beam: improve the API with Sender/Receiver interfaces and utilities: Copy/SendPipe/SendPair
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Alexander Larsson
071e5e5a65 beam: Make extracted Fds CloseOnExec
Grab forklock to make sure no forks accidentally inherit the new fds
before they are made CLOEXEC There is a slight race condition between
ReadMsgUnix returns and when we grap the lock, so this is not
perfect. Unfortunately There is no way to pass MSG_CMSG_CLOEXEC to
recvmsg() nor any way to implement non-blocking i/o in go, so this is
hard to fix.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-04-22 15:50:21 -07:00
Solomon Hykes
f534839c8b beam/examples/beamsh: add a few example dockerscripts
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
7958f295e8 beam/examples/beamsh: simplify code by using sendWPipe utility
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
f7971cfc1e beam/examples/beamsh: move code around for readability
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
11c2feae5b beam/examples/beamsh: 'exec' adds 'fromcmd' field to its output
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
b27e7baa02 beam/examples/beamsh: simple 'log' command tees streams to a local directory
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00