Tags: sithembiso/runc
Tags
Merge pull request opencontainers#336 from hqhq/hq_parent_cgroup_systemd systemd: support cgroup parent with specified slice
Release v0.0.5 It includes next changes: * godeps: update go-systemd to v4 and godbus/dbus to v3 * libcontainer: configs: extend unsupported os * Fix comment to be consistent with the code * Userns container in containers * static binary \o/ * adding support for --bundle -b to start, restore, and spec; fixes issue opencontainers#310 * Add seccomp trace support * Change my email address * Fix race setting process opts * Integrate poststart hooks with spec * Add Poststart hook to libcontainer config * Validate process configuration for runc exec * Add some comments about cgroup * Refactor cgroupData * Rename parent and data * Windows: Refactor Container interface * Add more context around some error cases * Docker needs to know whether the user requested a relabel * README.md: fix description for runc with systemd * Windows: Refactor state struct * Windows: Tidy libcontainer\devices * Fixes build tags on cgroups\fs\*.go * Windows: Refactor configs/cgroup.go * Windows: Factor down criu_opts * Add the conversion of architectures for seccomp config * Fixing typo in the comment for exit * Remove naked return * Remove fatalf function; unused. * libcontainer/SPEC.md: fix /dev/stdio symlinks * Correct intuition for setupDev * Unify behavior for memory cgroup * Cgroup set order for systemd * Use array instead of map for cgroup subsystems * Add Name() to cgroup subsystems * Set cpuset.cpus and cpuset.mems before join the cgroup * Add ability to use json structured logging format. * Reorder checks in Walk to avoid panics * Get PIDs from cgroups recursively * Add criu related debug output * Add option to support criu manage cgroups mode for dump and restore * Validate label options * change named to names * Fix for race from error on process start * Add additional gids support * Bump up github.com/opencontainers/specs to cf8dd12 * nsexec: Align clone child stack ptr to 16 * bump docker pkgs * Fix name in MAINTAINERS list * cgroups: Add name=systemd to list of subsystems * cgroups: Add a name cgroup * Allow numeric groups for containers without /etc/group * change uid to gid in func HostGID * Adjust runc to new opencontainers/specs version * exec_test.go: Test case for rootfsPropagation="private" * exec_test.go: Test cases for rootfsPropagation=rslave * Make pivotDir rprivate * Make parent mount of container root private if it is shared. * Start parsing rootfsPropagation and make it effective * Replace config.Privatefs with config.RootPropagation * Fix reOpenDevNull * Only remount if requested flags differ from current * Run tests for all HugetlbSizes * Systemd: Join perf_event cgroup * Add memory reservation support for systemd * Check for failure on /dev/mqueue and try again without labeling * /proc and /sys do not support labeling * Update github.com/syndtr/gocapability/capability to 2c00daeb6c3b45114c80ac44119e7b8801fdd852 * Move mount methods out of configs pkg * Add version to HookState to make it json-compatible with spec State * hooks: Integrate spec hooks with libcontainer * Libcontainer: Add support for multiple architectures in Seccomp * Change mount dest after resolving symlinks * no need to use p.cmd.Process.Pid in function, use p.pid() instead. * Ignore changing /dev/null permissions if used in STDIO * script: test_Dockerfile: install criu from source * Enter existing user namespace if present * Cleanup unused func arguments * README.md: Update the config example * Fix STDIO permissions when container user not root * Fix STDIO ownership for non-tty processes * script: test_Dockerfile: update criu version * update the command usage for `runc start` * libcontainer: Allow passing mount propagation flags * close config file after loaded * simple refactor for the options of `runc spec` * update the command usage of `runc` * Update README for the CAP prefix change * Add CAP prefix for capabilities * Adjust runc to new opencontainers/specs version * Add testing docs in README * make localtest failure on removing seccomp flag * Add all support build tags for runc features * c/r: create cgroups to restore a container * mount: don't read /proc/self/cgroup many times * Rework ParseCgroupFile * Remove old netlink library * Use github.com/vishvananda/netlink for networking * Minor comments fix * Fixing checkpoint issue * Always remount for bind mount * Add Andrey Vagin as maintainer
This release fixes checkpoint/restore behavior with mounted cgroups. Also it includes various minor features and bugfixes. Full list of changes: * Add signal API to Container interface * Update github.com/opecontainers/specs to 5b31bb2 * Don't set /proc/<PID>/setgroups to deny in Go1.5 * Add debug message when unable to execute criu * Remove reference to nsinit * Replace dind with smaller script * integration: show criu logs in a error case * tests: dump/restore a container with cgroups * Simplify and fix os.MkdirAll() usage * Change default state directory to /run/oci * Add TESTFLAGS to Makefile targets * Update README.md to correct comment about spec and user * Only add network info if NEWNET is set * Fix files not closed in mountinfo parsing function * signal: Fix leak * test: propagate the error to the caller * Swap check for systemd booted to use go-systemd method * Vendor github.com/coreos/go-systemd/util * Use /proc/self/exe as default for InitPath * Adapt code to go-systemd/dbus v3 * Update github.com/coreos/go-systemd/dbus to v3 * typo: tempory -> temporary * bring the loopback interface up * systemd integration with container runtime for supporting sd_notify protocol * Remount /sys/fs/cgroup as RO if MS_RDONLY was passed in m.Flags * Update maintainers guide * Create symlinks for merged cgroups * ct: give criu informations about cgroup mounts * Fix subsystem path with abs parent * avoid infinite loop with GCCGO
runc/libcontainer release Most notable changes are about mounting cgroups inside container. Changes(from docker/libcontainer v2.2.1 https://github.com/docker/libcontainer/releases/tag/v2.2.1): * Fix handling name= cgroups * Tests for mounting cgroups * Substract bindmount path from cgroup dir * Add cgroup mount in the recommended config * Correct tmpfs mount for cgroup * Fix error when memory cgroup not mounted * the data type should be int8 for ppc64le * Remove deserialization tests. * Add oom-kill-disable support for systemd * Fixing test step for memory swappiness * Remove sample configs from libcontainer * Rename SystemProperties to Sysctl and make it available in the runc config * Treat -1 as default value for memory swappiness. * Remove apparmor profile generation from libcontainer * Fix build tags * libcontainer: user: update tests for GetAdditionalGroups * libcontainer: user: fix GetAdditionalGroupsPath to match API * Windows: Factor out seccomp * checkpoint/restore commands support 'file-locks' option. * Windows: Factor out CloseExecFrom * Allow hyphen in "id" (based on `cwd` pathname) * libcontainer: gofmt pass * Fix panic in seccomp test on error * Remove nsinit from libcontainer README.md