github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
635 Commits 3 Branches 2 Tags 112 MiB
57f37ca66e
Commit Graph

88 Commits

Author SHA1 Message Date
Lantao Liu
57f37ca66e Print full container spec for debugging. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-13 23:36:12 +00:00
Lantao Liu
e41b6d3c24 Refactor container io code 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-10 21:03:29 +00:00
Lantao Liu
c4931c8409 Keep stdin open instead of opening when use it. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-09 09:28:30 +00:00
Lantao Liu
2433ae7539
Merge pull request #393 from abhi/labels 
Adding kube pod and container labels to containerd
 2017-11-07 23:39:20 -08:00
abhi
cd5886d647 Adding kube pod and container labels to containerd 
Currently we have the pod and container labels part of
containerd metadata extensions. However for third party users
like cadvisor that depend on standard kube labels will need
to be aware of the way metadata is stored in containerd to
fetch the labels.

Signed-off-by: abhi <abhi@docker.com>
 2017-11-07 22:19:19 -08:00
Lantao Liu
6f97764171 Add comment for #398. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 20:54:50 +00:00
Justin Cormack
913836474b Remove comment about whether other paths should be read only with ro root 
Since https://github.com/moby/moby/pull/35344 we clarified that this behaviour
was a mistake, and the read only flag should just apply to the actual rootfs,
so it corresponds to the OCI read-only option. Other mounts may be able to be
adjusted by re-specifying them or other means but this is unrelated.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-06 14:21:16 +00:00
Lantao Liu
25fdf72692 Add image load. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 21:51:04 +00:00
Lantao Liu
5e74cba0f0 Add log of generated id for debugging. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 00:11:16 +00:00
Lantao Liu
acc3f74d5c Also unpack image during creation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-26 17:57:53 +00:00
Yanqiang Miao
c65921b16a Get the mountInfo by 'LookupMount' in containerd 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-12 11:09:24 +08:00
Lantao Liu
bde8b0517e Update kubernetes and containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-11 06:16:19 +00:00
Lantao Liu
23b8330b44 Merge pull request #322 from miaoyq/fix-314 
Update kubernetes version to the PR#52395 and support `unconfined` apparmor
 2017-10-04 10:49:56 -07:00
Yanqiang Miao
9f656cdda4 Support unconfined apparmor 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-04 09:50:27 +08:00
Lantao Liu
a81a47bf9b Fix update container resources 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-03 06:03:39 +00:00
Mike Brown
d8a3c6b018 adds support for configuring the containerd runtime engine 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-26 20:22:51 -05:00
Lantao Liu
cd57d063c5 Add systemd cgroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-26 06:44:30 +00:00
Lantao Liu
4231473df3 Address comments 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:44 +00:00
Lantao Liu
21233b22be Check seccomp enable and add unit test for seccomp/apparmor. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:26 +00:00
Lantao Liu
dd967cde8c Improve apparmor and selinux support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-22 20:46:31 +00:00
Mike Brown
78a925f57b vendor for new seccomp helpers 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:37:50 -05:00
Mike Brown
c0a2d152d9 adds seccomp support 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:22:11 -05:00
Lantao Liu
9015b6ec68 Merge pull request #209 from Random-Liu/checkpoint-recovery 
Checkpoint recovery
 2017-09-21 11:32:49 -07:00
Lantao Liu
cc1b0b6709 Add restart recovery logic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 17:59:46 +00:00
Lantao Liu
90d6e44c22 Merge pull request #267 from Random-Liu/fix-apparmor 
Fix apparmor empty case.
 2017-09-20 21:53:28 -07:00
Lantao Liu
dd3421c3c7 Fix apparmor empty case. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 04:07:39 +00:00
yanxuean
e1a7a0ea76 Switch to containerd extension 
fix #251

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-09-21 00:15:10 +08:00
Lantao Liu
437131299b Merge pull request #230 from miaoyq/ensure-mount-shared-slave 
Ensure the mount point is propagated
 2017-09-19 00:56:27 -07:00
Yanqiang Miao
49eb38a5d4 Ensure the mount point is propagated 
mount with `rshared`, the host path should be shared.
mount with `rslave`, the host pash should be shared or slave.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-19 14:21:21 +08:00
Lantao Liu
06a305d7ea Merge pull request #255 from Random-Liu/use-config-in-service 
Use config in service.
 2017-09-17 22:37:06 -07:00
Lantao Liu
8a03d551da Merge pull request #252 from abhinandanpb/rshared 
Setting rootfs mount propagation if the mount type is rshared/shared
 2017-09-17 12:23:39 -07:00
Abhinandan Prativadi
abba4e22f6 Setting rootfspropagation if the mount type shared or slave 
This is needed by runc to mount volume for containers that expect
biderectional file updates or host to container updates.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-17 09:59:45 -07:00
Lantao Liu
71b0d0a043 Use config in service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-17 06:46:40 +00:00
Lantao Liu
cd27050425 Add image volume support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-15 11:25:55 +01:00
Ian Campbell
e0079125d2 Move resolveSymbolicLink to OS package and stub out for tests 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-15 11:25:45 +01:00
Lantao Liu
1fadb5e573 Follow symlink for mount host path. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-12 07:12:03 +00:00
Lantao Liu
6cd0f77c4e Create host path is mount source does not exist. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-12 00:58:34 +00:00
Lantao Liu
0bfcdd39ab Remove /run mount for backward compatibility with docker. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 07:34:00 +00:00
Lantao Liu
3e4b4234c6 Merge pull request #218 from miaoyq/fixes-185 
Update kubernetes version and support mount propagation
 2017-09-06 21:03:56 -07:00
Yanqiang Miao
9da460ec0a Support mount propagation 
fixex #185

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-07 08:58:20 +08:00
Lantao Liu
34319e025f Merge pull request #221 from ijc/writeable-rootfs-snapshot 
Always use a writeable snapshot as the rootfs.
 2017-09-06 15:10:28 -07:00
Ian Campbell
0161764ef5 Always use a writeable snapshot as the rootfs. 
This will be made readonly by runc based on spec.Root.Readonly (which we
already set correctly) but defering until then gives runc the chance to make
any missing mount points as it processes the spec.Mount array.

This is necessary because many container images lack mount points for things
like the /etc/hosts which we want to overbind. This is not noticed with e.g.
Docker because it automatically creates an additional layer containing those.
This is something we may want to do here as well eventually but for now using a
writeable snapshot is both necessary and sufficient.

The same does not apply to the sandbox since we never modify its rootfs or want
to mount anything in it etc, add a comment to clarify.

Fixes #220.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-06 22:20:14 +01:00
Lantao Liu
e06c2c59e0 Merge pull request #179 from Random-Liu/checkpoint-container-status 
Checkpoint container status onto disk.
 2017-09-06 13:51:38 -07:00
Lantao Liu
8569fa366e Merge pull request #215 from Random-Liu/add-capability-all 
Add "ALL" capabilities support.
 2017-09-05 18:14:36 -07:00
Lantao Liu
d02ecc4673 Add "ALL" capabilities support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 00:05:08 +00:00
Ian Campbell
1dea8fdfc4 Handle environment variables which containe spaces 
This avoids errors such as:

    spec: invalid environment variable "JAVA_OPTS=-Djava.security.egd=file:/dev/urandom"

use SplitN(2) to get the envvar name and value while allowing the value to
contain `=`.

Add some variables to the test data which have one or more `=` in the value.
Since this makes the resulting list of variables to check rather long split the
check in two and check the container config and image config derived values
independently.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-05 23:06:07 +01:00
Mike Brown
4f442de959 adds support for AppArmor 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-01 18:08:34 -05:00
Yanqiang Miao
0c3304e006 Support selinux options/label 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-31 19:20:12 +08:00
Lantao Liu
ac4f238f48 Cleanup image operations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:52:09 +00:00
Lantao Liu
130aa5ac0d Checkpoint container status onto disk. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:41:52 +00:00