Commit graph

693 commits

Author SHA1 Message Date
Michael Crosby
e1c7abe890 Add the rest of the caps so that they are retained in privilged mode
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-19 16:43:31 +00:00
Alexandr Morozov
72d1e40c4a Check uid ranges
Fixes #5647
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
2014-05-18 20:49:08 +04:00
Victor Vieux
a0070f0c17 add support for CAP_FOWNER
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-05-17 01:16:07 +00:00
Victor Marmol
92614928ce Make libcontainer's CapabilitiesMask into a []string (Capabilities).
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-05-17 00:44:10 +00:00
Michael Crosby
62c3183fc8 Merge pull request #5833 from ActiveState/fix_nsinit_env_panic
fix panic when passing empty environment
2014-05-16 12:03:26 -07:00
Sridhar Ratnakumar
d787f2731e fix panic when passing empty environment
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
2014-05-16 11:55:34 -07:00
Victor Marmol
01d10d6f13 Merge pull request #5810 from vmarmol/drop-caps
Change libcontainer to drop all capabilities by default.
2014-05-16 11:51:41 -07:00
Bernerd Schaefer
6a1d76bc7b nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-05-16 13:48:41 +02:00
Bernerd Schaefer
00e1adfead nsinit.Init() restores parent death signal before exec
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-05-16 13:48:41 +02:00
Victor Marmol
9d6875d19d Change libcontainer to drop all capabilities by default. Only keeps
those that were specified in the config. This commit also explicitly
adds a set of capabilities that we were silently not dropping and were
assumed by the tests.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-05-16 00:57:58 +00:00
lalyos
ad35d522db Fixes 5370 infinite/maxLoopCount loop for relative symlinks
use path.IsAbs() instead of checking if first char is '/'

Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
2014-05-16 01:03:11 +02:00
lalyos
b51c366bfc Defend against infinite loop when following symlinks
ideally it should never reach it, but there was already multiple issues with infinite loop
at following symlinks. this fixes hanging unit tests

Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
2014-05-16 00:47:20 +02:00
lalyos
8b77a5b7ae Adding test case for symlink causes infinit loop, reproduces: dotcloud#5370
normally symlinks are created as either
ln -s /path/existing /path/new-name
or
cd /path && ln -s ./existing new-name

but one can create it this way
cd /path && ln -s existing new-name

this drives FollowSymlinkInScope into infinite loop

Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
2014-05-16 00:47:20 +02:00
Bernerd Schaefer
002aa8fc20 Add GetParentDeathSignal() to pkg/system
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-05-15 10:17:44 +02:00
Michael Crosby
b22d10e3c5 Remove the cgroups maintainer file
We don't need this because it is covered by the libcontainer MAINTAINERS
file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-14 16:01:45 -07:00
Michael Crosby
3b7a19def6 Move cgroups package into libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-14 15:21:44 -07:00
Bernerd Schaefer
2bc34036b9 Setup standard /dev symlinks
After copying allowed device nodes, set up "/dev/fd", "/dev/stdin",
"/dev/stdout", and "/dev/stderr" symlinks.

Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
[rebased by @crosbymichael]
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-14 13:59:13 -07:00
Guillaume J. Charmes
17a1f470ae Merge pull request #5783 from LK4D4/fix_duplicate_ip_allocation_#5729
Fix duplicate ip allocation
2014-05-14 13:32:27 -07:00
Victor Vieux
bc22c9948c Merge pull request #5756 from crosbymichael/move-units-to-pkg
Move duration and size to units pkg
2014-05-14 11:36:14 -07:00
Michael Crosby
432e42e715 Merge pull request #5791 from bernerdschaefer/nsinit-exec-forwards-signals
"nsinit exec ..." forwards signals to container
2014-05-14 11:05:27 -07:00
Victor Vieux
3bf1b562e3 Merge pull request #5781 from creack/remove_bind_console
Remove the bind mount for dev/console which override the mknod/label
2014-05-14 10:57:21 -07:00
Bernerd Schaefer
830c2d7fa3 "nsinit exec ..." forwards signals to container
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
2014-05-14 11:01:02 +02:00
Alexandr Morozov
5128feb690 Refactoring collections/orderedintset and benchmarks for it
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
2014-05-14 06:04:12 +04:00
Michael Crosby
3de15bda7e Copy parents cpus and mems for cpuset
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-13 18:01:31 -07:00
Guillaume J. Charmes
ae85dd5458
Remove the bind mount for dev/console which override the mknod/label
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-05-13 11:59:27 -07:00
Michael Crosby
ea7647099f Add MAINTAINERS file to symlink pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-13 11:27:24 -07:00
Michael Crosby
ca040b1a37 Update code to handle new path to Follow Symlink func
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-13 10:54:08 -07:00
Michael Crosby
dcf81f95fd Move Follow symlink to pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-13 10:35:57 -07:00
Alexander Larsson
b7c7b851dc libcontainer: Ensure bind mount target files are inside rootfs
Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-05-13 10:24:52 -07:00
unclejack
f1eabe436a Merge pull request #5655 from alexlarsson/mount-run-dir
Always mount a /run tmpfs in the container
2014-05-13 11:51:14 +03:00
Michael Crosby
d33b4655c4 Move duration and size to units pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-12 17:05:07 -07:00
Alexander Larsson
905795ece6 Always mount a /run tmpfs in the container
All modern distros set up /run to be a tmpfs, see for instance:
https://wiki.debian.org/ReleaseGoals/RunDirectory

Its a very useful place to store pid-files, sockets and other things
that only live at runtime and that should not be stored in the image.

This is also useful when running systemd inside a container, as it
will try to mount /run if not already mounted, which will fail for
non-privileged container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-05-12 21:41:04 +02:00
Michael Crosby
30a40de205 Merge pull request #5748 from crosbymichael/libcontainer-bindmounts
libcontainer: Create dirs/files as needed for bind mounts
2014-05-12 12:27:18 -07:00
Michael Crosby
cc678a7078 Remove newline char in error message
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-12 12:24:30 -07:00
Vishnu Kannan
fee1bbd79e Correct a comment in libcontainer Mount Namespace setup.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-05-12 19:01:36 +00:00
Alexander Larsson
70ef53f25e libcontainer: Create dirs/files as needed for bind mounts
If you specify a bind mount in a place that doesn't have a file yet we
create that (and parent directories). This is needed because otherwise
you can't use volumes like e.g. /dev/log, as that gets covered by the
/dev tmpfs mounts.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-05-12 09:57:15 +02:00
Guillaume J. Charmes
62bfef59f7
Use int64 instead of int
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-05-11 06:23:53 -07:00
Solomon Hykes
2af030ab57 beam/data: Message.GetOne() returns the last value set at a key
This is a convenience for callers which are only interested in one value
per key. Similar to how HTTP headers allow multiple keys per value, but
are often used to store and retrieve only one value.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-05-09 17:01:27 -07:00
Solomon Hykes
0aeff69e59 Fix stdin handling in engine.Sender and engine.Receiver
This introduces a superficial change to the Beam API:

* `beam.SendPipe` is renamed to the more accurate `beam.SendRPipe`
* `beam.SendWPipe` is introduced as a mirror to `SendRPipe`

There is no other change in the beam API.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-05-09 15:39:55 -07:00
Michael Crosby
7673e3c589 Merge pull request #5673 from tianon/kcore-error
Update restrict.Restrict to both show the error message when failing to mount /dev/null over /proc/kcore, and to ignore "not exists" errors while doing so (for when CONFIG_PROC_KCORE=n in the kernel)
2014-05-08 10:20:19 -07:00
Michael Crosby
718154b3b6 Merge pull request #5535 from vmarmol/add-maintainers-cgroup
Adding Rohit Jnagal and Victor Marmol to pkg/cgroups maintainers.
2014-05-08 09:48:31 -07:00
Tianon Gravi
d60301edb8 Update restrict.Restrict to both show the error message when failing to mount /dev/null over /proc/kcore, and to ignore "not exists" errors while doing so (for when CONFIG_PROC_KCORE=n in the kernel)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-05-08 01:03:45 -06:00
Victor Vieux
77098d5b5b use tabwriter to display usage in mflag
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-05-06 21:31:21 +00:00
Michael Crosby
5c12a27838 Merge pull request #5631 from vmarmol/cpuacct-usage
Export cpuacct CPU usage in total cores over the sampled period.
2014-05-06 11:47:55 -07:00
Victor Marmol
543e60eb60 Export cpuacct CPU usage in total cores over the sampled period.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-05-06 16:56:39 +00:00
Michael Crosby
818648ff9f Merge pull request #5630 from rjnagal/libcontainer-fixes
Check supplied hostname before using it.
2014-05-06 09:49:52 -07:00
Michael Crosby
7e3a1b6521 Merge pull request #5629 from vmarmol/fix-systemd-softlimit
Remove support for MemoryReservation in systemd systems.
2014-05-06 09:48:33 -07:00
Victor Marmol
69d43b2674 Remove support for MemoryReservation in systemd systems. This has been
deperecated since systemd 208.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-05-06 15:53:38 +00:00
cyphar
14f65ab83b pkg: networkfs: etchosts: fixed tests
This patch fixes the fact that the tests for pkg/networkfs/etchosts
couldn't build due to syntax errors.

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
2014-05-07 00:42:22 +10:00
Bryan Murphy
53f38a14cd add linked containers to hosts file
Docker-DCO-1.1-Signed-off-by: Bryan Murphy <bmurphy1976@gmail.com> (github: bmurphy1976)

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Tested-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-05-05 19:40:27 -07:00
Guillaume J. Charmes
0b15944cb0 Merge pull request #5354 from alexlarsson/cgroups-systemd-fixes
cgroups: Update systemd to match fs backend
2014-05-05 16:00:56 -07:00
Victor Vieux
3744452ecf add resolvconf
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-05-05 22:55:32 +00:00
Victor Vieux
a1a029f6d7 add etchosts
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-05-05 22:43:38 +00:00
Michael Crosby
2165a4993b Merge pull request #5602 from crosbymichael/libcontainer-enable
Improve libcontainer namespace and cap format
2014-05-05 13:50:08 -07:00
Michael Crosby
99be235332 Merge pull request #5400 from bmatsuo/5398-fix-pkg/graphdb-osx 2014-05-05 13:41:43 -07:00
Michael Crosby
db5f6b4aa0 Improve libcontainer namespace and cap format
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-05 12:34:21 -07:00
Rohit Jnagal
412324cfbe Check supplied hostname before using it.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-05-05 18:12:25 +00:00
Alexander Larsson
5b094530c0 cgroups: Update systemd to match fs backend
This updates systemd.Apply to match the fs backend by:
* Always join blockio controller (for stats)
* Support CpusetCpus
* Support MemorySwap

Also, it removes the generic UnitProperties in favour of a single
option to set the slice.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-05-05 20:06:44 +02:00
Michael Crosby
3a1f0dedc7 Merge pull request #5556 from crosbymichael/no-restrict-lxc
Don't restrict lxc because of apparmor
2014-05-02 17:20:27 -07:00
Guillaume J. Charmes
a7ccbfd5f1
Month devpts before mounting subdirs
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-05-02 13:55:45 -07:00
Michael Crosby
59fe77bfa6 Don't restrict lxc because of apparmor
We don't have the flexibility to do extra things with lxc because it is
a black box and most fo the magic happens before we get a chance to
interact with it in dockerinit.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-02 11:14:24 -07:00
Guillaume J. Charmes
1c5a3123cc Merge pull request #5529 from crosbymichael/restrict-proc
Mount /proc and /sys read-only, except in privileged containers
2014-05-02 10:52:53 -07:00
Michael Crosby
76fa7d588a Apply apparmor before restrictions
There is not need for the remount hack, we use aa_change_onexec so the
apparmor profile is not applied until we exec the users app.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-01 19:09:12 -07:00
Victor Marmol
71e3757174 Adding Rohit Jnagal and Victor Marmol to pkg/libcontainer maintainers.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-05-01 15:51:38 -07:00
Victor Marmol
91b5fe8502 Adding Rohit Jnagal and Victor Marmol to pkg/cgroups maintainers.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-05-01 15:48:16 -07:00
Michael Crosby
24e0df8136 Fix /proc/kcore mount of /dev/null
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-01 15:26:58 -07:00
Michael Crosby
3f74bdd93f Mount attr and task as rw for selinux support
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-01 15:26:58 -07:00
Michael Crosby
f5139233b9 Update restrictions for better handling of mounts
This also cleans up some of the left over restriction paths code from
before.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-01 15:26:58 -07:00
Michael Crosby
83982e8b1d Update to enable cross compile
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-01 15:26:58 -07:00
Jérôme Petazzoni
1c4202a614 Mount /proc and /sys read-only, except in privileged containers.
It has been pointed out that some files in /proc and /sys can be used
to break out of containers. However, if those filesystems are mounted
read-only, most of the known exploits are mitigated, since they rely
on writing some file in those filesystems.

This does not replace security modules (like SELinux or AppArmor), it
is just another layer of security. Likewise, it doesn't mean that the
other mitigations (shadowing parts of /proc or /sys with bind mounts)
are useless. Those measures are still useful. As such, the shadowing
of /proc/kcore is still enabled with both LXC and native drivers.

Special care has to be taken with /proc/1/attr, which still needs to
be mounted read-write in order to enable the AppArmor profile. It is
bind-mounted from a private read-write mount of procfs.

All that enforcement is done in dockerinit. The code doing the real
work is in libcontainer. The init function for the LXC driver calls
the function from libcontainer to avoid code duplication.

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
2014-05-01 15:26:58 -07:00
Victor Vieux
de191e8632 skip apparmor with dind
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-05-01 22:22:08 +00:00
Eiichi Tsukata
cac0cea03f drop CAP_SYSLOG capability
Kernel capabilities for privileged syslog operations are currently splitted into
CAP_SYS_ADMIN and CAP_SYSLOG since the following commit:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce6ada35bdf710d16582cc4869c26722547e6f11

This patch drops CAP_SYSLOG to prevent containers from messing with
host's syslog (e.g. `dmesg -c` clears up host's printk ring buffer).

Closes #5491

Docker-DCO-1.1-Signed-off-by: Eiichi Tsukata <devel@etsukata.com> (github: Etsukata)
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-01 11:43:55 -07:00
Guillaume J. Charmes
fe4a25546a Merge pull request #5515 from crosbymichael/refactor-libcontainer2
Remove CommandFactory and NsInit interface
2014-05-01 11:41:54 -07:00
Alexander Larsson
24f9187a04 beam: Add simple framing system for UnixConn
This is needed for Send/Recieve to correctly handle borders between
the messages.

The framing uses a single 32bit uint32 length for each frame, of which
the high bit is used to indicate whether the message contains a file
descriptor or not. This is enough to separate out each message sent
and to decide to which message each file descriptors belongs, even
though multiple Sends may be coalesced into a single read, and/or one
Send can be split into multiple writes.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-05-01 11:06:01 -07:00
Michael Crosby
d0bee79394 Remove container.json from readme
No need to duplicate this information when we already have a
container.json file in the root of libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 18:52:15 -07:00
Michael Crosby
da0d6dbd7b Make native driver use Exec func with different CreateCommand
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 18:49:24 -07:00
Michael Crosby
aa9705f832 Fix execin with environment and Enabled support
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 18:24:47 -07:00
Michael Crosby
60e4276f5a Integrate new structure into docker's native driver
This duplicates some of the Exec code but I think it it worth it because
the native driver is more straight forward and does not have the
complexity have handling the type issues for now.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 18:20:01 -07:00
Michael Crosby
176c49d7a9 Remove command factory and NsInit interface from libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 17:55:15 -07:00
Michael Crosby
b6b0dfdba7 Export more functions from libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 17:18:07 -07:00
Michael Crosby
aecb9c39ab Split term files to make it easier to manage
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 17:04:24 -07:00
Michael Crosby
a3e96abb5a Export syncpipe fields
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 17:02:45 -07:00
Guillaume J. Charmes
26ac05c8bc Merge pull request #5511 from crosbymichael/refactor-libcontainer
Refactor: remove statewriter type and all callback for process start
2014-04-30 16:50:57 -07:00
Guillaume J. Charmes
be013c7820 Merge pull request #5512 from crosbymichael/set-freezer
Add ability to set cgroups freezer
2014-04-30 16:50:01 -07:00
Michael Crosby
5f6fda8cfd Add ability to set cgroups freezer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 16:07:12 -07:00
Michael Crosby
f110401437 Remove statewriter interface, export more libcontainer funcs
This temp. expands the Exec method's signature but adds a more robust
way to know when the container's process is actually released and begins
to run.  The network interfaces are not guaranteed to be up yet but this
provides a more accurate view with a single callback at this time.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 15:52:40 -07:00
Michael Crosby
cd8cec854b Export SetupUser
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 15:27:59 -07:00
Michael Crosby
162dafbcd5 Remove logger from nsinit struct
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 15:24:18 -07:00
Michael Crosby
bfedf247a4 Merge pull request #5498 from tianon/better-apparmor-missing-error 2014-04-30 15:16:43 -07:00
Guillaume J. Charmes
2a711d16e0 Merge pull request #5448 from crosbymichael/selinux-defaults
Add selinux label support for processes and mount
2014-04-30 14:14:39 -07:00
Michael Crosby
2fc5bed61d Merge pull request #5506 from crosbymichael/add-system-maintainer
Add system maintainers
2014-04-30 14:14:21 -07:00
Michael Crosby
e88ef454b7 Merge pull request #5464 from tianon/close-leftover-fds 2014-04-30 12:27:52 -07:00
Michael Crosby
6203d8b462 Add system maintainers
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-30 12:01:06 -07:00
Bryan Matsuo
99284a24e7 FIXES #5398: pkg/graphdb build only dependent on cgo tag
Docker-DCO-1.1-Signed-off-by: Bryan Matsuo <bryan.matsuo@gmail.com> (github: bmatsuo)
2014-04-30 11:57:10 -06:00
Tianon Gravi
defecac279 Fix various MAINTAINERS format inconsistencies
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-30 11:22:11 -06:00
Alexander Larsson
e802b69146 beam: Add more tests to unix_test.go
These are failing, and indicate things that need to be fixed.  The
primarily problem is the lack of framing between beam messages.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
[solomon@docker.com: rebased on master]
Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-04-30 02:10:09 -07:00
Tianon Gravi
a1a9baf926 Update pkg/apparmor to provide a better error message when apparmor_parser cannot be found
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-29 23:19:21 -06:00
Tianon Gravi
d5d62ff955 Close extraneous file descriptors in containers
Without this patch, containers inherit the open file descriptors of the daemon, so my "exec 42>&2" allows us to "echo >&42 some nasty error with some bad advice" directly into the daemon log. :)

Also, "hack/dind" was already doing this due to issues caused by the inheritance, so I'm removing that hack too since this patch obsoletes it by generalizing it for all containers.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-29 16:45:28 -06:00
Michael Crosby
bf59e67232 Merge pull request #5476 from rjnagal/libcontainer-fixes
Cleanup cgroups on Set failures
2014-04-29 12:27:31 -07:00
Rohit Jnagal
070747a213 Cleanup existing controllers when cleanup fails mid-way.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-29 18:59:20 +00:00
Michael Crosby
0c7143b323 Add mountlabel to dev
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-29 03:41:44 -07:00
Michael Crosby
46e05ed2d9 Update process labels to be set at create not start
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-29 03:40:05 -07:00
Dan Walsh
12934ef3a4 Fix SELinux errors caused by multi-threading
Occasionally the selinux_test program will fail because we are setting file
context based on the Process ID but not the TID.  THis change will always
use the TID to set SELinux labels.

Docker-DCO-1.1-Signed-off-by: Daniel Walsh <dwalsh@redhat.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: crosbymichael)
2014-04-29 03:40:05 -07:00
Dan Walsh
b7942ec2ca This patch reworks the SELinux patch to be only run on demand by the daemon
Added --selinux-enable switch to daemon to enable SELinux labeling.

The daemon will now generate a new unique random SELinux label when a
container starts, and remove it when the container is removed.   The MCS
labels will be stored in the daemon memory.  The labels of containers will
be stored in the container.json file.

When the daemon restarts on boot or if done by an admin, it will read all containers json files and reserve the MCS labels.

A potential problem would be conflicts if you setup thousands of containers,
current scheme would handle ~500,000 containers.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: crosbymichael)
2014-04-29 03:40:05 -07:00
Michael Crosby
f0e6e135a8 Initial work on selinux patch
This has every container using the docker daemon's pid for the processes
label so it does not work correctly.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-29 03:40:05 -07:00
Michael Crosby
69d56acd45 Merge pull request #5455 from rjnagal/cgroup-stats
Add throttling stats for cpu cgroup
2014-04-28 17:53:37 -07:00
Rohit Jnagal
d724242297 Another test to check for invalid stats.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-29 00:32:05 +00:00
Rohit Jnagal
61f156d521 Add cpu throttling stats.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-29 00:18:18 +00:00
Michael Crosby
5b3f7851d8 Merge pull request #5451 from vmarmol/add-memory-stats
Adding a unit test for stats in pkg/cgroup/fs/memory.go
2014-04-28 16:38:34 -07:00
Victor Vieux
eb6a1c9f49 Merge pull request #5449 from tianon/remove-libcontainer-root-special-case
Remove "root" and "" special cases in libcontainer
2014-04-28 16:29:08 -07:00
Rohit Jnagal
c44c51e3ce Merge branch 'master' into libcontainer-fixes
Conflicts:
	pkg/libcontainer/README.md
	pkg/libcontainer/container.json

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-28 23:04:04 +00:00
Victor Marmol
76f95294a3 Adding a unit test for pkg/cgroup/fs/memory.go
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-28 22:58:25 +00:00
Tianon Gravi
d98069030d Remove "root" and "" special cases in libcontainer
These are unnecessary since the user package handles these cases properly already (as evidenced by the LXC backend not having these special cases).

I also updated the errors returned to match the other libcontainer error messages in this same file.

Also, switching from Setresuid to Setuid directly isn't a problem, because the "setuid" system call will automatically do that if our own effective UID is root currently: (from `man 2 setuid`)

    setuid() sets the effective user ID of the calling process.  If the
    effective UID of the caller is root, the real UID and saved set-user-
    ID are also set.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-28 16:46:03 -06:00
Michael Crosby
b386f2f558 Merge pull request #5412 from vmarmol/add-blkio-test
Adding a test for blkio stats.
2014-04-28 12:50:20 -07:00
Michael Crosby
3c5bac0348 Merge pull request #5394 from vmarmol/add-croup-memory-stats
Add memory usage and max usage stats.
2014-04-28 12:44:34 -07:00
Victor Marmol
f4055ee2a4 Adding a test for blkio stats.
Also adds a test utility we can use for other cgroup tests.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-26 07:29:13 +00:00
unclejack
44140f7909 Merge pull request #5411 from crosbymichael/lockdown
Update default restrictions for exec drivers
2014-04-26 03:27:56 +03:00
Rohit Jnagal
8cdb720d26 Updated sample config to be usable. We should change the namespace
config to not need "value" later.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-25 21:10:23 +00:00
Rohit Jnagal
24f978094d Updated sample config and README to match the default template for
native execdriver.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-25 06:02:30 +00:00
Victor Marmol
ad924959a9 Add memory usage and max usage stats.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-25 02:51:28 +00:00
Rohit Jnagal
580c2620e7 Improved README formatting.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-25 01:23:48 +00:00
Rohit Jnagal
569b234135 Add enabled option to namespaces and capabilities spec in
container.json. Although we don't yet check for enabled everywhere.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-25 01:10:11 +00:00
Rohit Jnagal
0aacca3ae6 Fix typos in nsinit logs.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-25 00:20:14 +00:00
Rohit Jnagal
14b2a9de87 Fix container.json sample to be loadable by nsinit.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-25 00:17:45 +00:00
Victor Marmol
f188b9f623 Separating cgroup Memory and MemoryReservation.
This will allow for these to be set independently. Keep the current Docker behavior where Memory and MemoryReservation are set to the value of Memory.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-24 11:09:38 -07:00
Michael Crosby
d5c9f61ecc Ignore isnot exists errors for proc paths
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
fa5cabf9fe Update init for new apparmor import path
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
2d31aeb911 Update container.json and readme
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
7a0b361066 Move capabilities into security pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
156987c118 Move mounts into types.go
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
a949d39f19 Move rest of console functions to pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
05b611574f Refactor mounts into pkg to make changes easier
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
de3d51b0a8 Move console into its own package
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
5ba1242bdc Mount over dev and only copy allowed nodes in
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
81e5026a6a No not mount sysfs by default for non privilged containers
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:20 -07:00
Michael Crosby
60a90970bc Add restrictions to proc in libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:19 -07:00
Michael Crosby
d26ea78e42 Move apparmor into security sub dir
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-24 10:35:19 -07:00
Rohit Jnagal
264dc8a46b Add support for cpu hardcapping to cgroups.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
2014-04-24 14:43:02 +00:00
Solomon Hykes
bf51f36d8f Fix Go formatting in beam and dockerscript
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 16:16:29 -07:00
Solomon Hykes
0bf2109121 pkg/dockerscript: add MAINTAINERS file
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
bc6303f15d beam/examples/beamsh: 'chdir' changes the current directory
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
6ce4d2c842 beam/examples/beamsh: 'exec' can communicate with its child via beam.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:24 -07:00
Solomon Hykes
271ba18043 beam/examples/beamsh: use beam.Router to simplify 'multiprint' and fix job passthrough
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
0d08d36bf5 beam: new routing functions Route.KeyEquals, Route.KeyIncludes, Route.NoKey
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
30424f4e3a beam/examples/beamsh: use beam.Router to simplify 'trace'
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
d3df4b5baf beam/examples/beamsh: move builtins to a separate file for readability
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
0822d67b2d beam/examples/beamsh: simplify commands by always creating and sending stdout and stderr for them
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
63fd2ec0f7 beam/examples/beamsh: use beam.Router to simplify 'logger'
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
9206b18818 beam/examples/beamsh: use beam.Router to simplify the 'stdio' command
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
8f5435e80c beam: Router can route beam messages with a convenient set of rules and handlers
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:23 -07:00
Solomon Hykes
40b4f86eab beam/examples/beamsh: move example scripts to scripts/
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Alexander Larsson
1fb0bf1b3b beam: Fix double close of fds in SendUnix
Instead of calling syscall.Close() on the fds in sendUnix() we call
Close() on the *os.File in Send(). Otherwise the fd will be closed, but
the *os.File will continue to live, and when it is finalized the
fd will be closed (which by then may be reused and can be anything).

This also adds a note to Send() the the file is closed.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-04-22 15:50:22 -07:00
Solomon Hykes
a88d8d678b beam: more unit tests
This adds testing to SendConn.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
06df94d55b beam/examples/beamsh: add scripts to reproduce various bugs
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
d0ca66dded beam/examples/beamsh: fix 'print' to be pass-through
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
b97375fc29 beam/examples/beamsh: rename 'log' to 'logger' to avoid conflict with stdout/stderr
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
a2b88b4915 beam/examples/beamsh: 'prompt' asks the user for a value and sends it.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
ed62ca5b2f beam/examples/beamsh: commands are messages.
Commands in the pipeline should either implement or pass-through command messages.

This amounts to a proof-of-concept implementation of the "pipeline"
design of Docker plugins.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
2f4b8b7e8d beam/examples/beamsh: cosmetic fix in Fatalf
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:22 -07:00
Solomon Hykes
4f92ffb500 beam: replace SendPair() with the simpler SendConn()
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
5833e78887 beam/examples/beamsh: miniserver.ds demo
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
70d3262161 beam: improve the API with Sender/Receiver interfaces and utilities: Copy/SendPipe/SendPair
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Alexander Larsson
b0228d94be beam: Make extracted Fds CloseOnExec
Grab forklock to make sure no forks accidentally inherit the new fds
before they are made CLOEXEC There is a slight race condition between
ReadMsgUnix returns and when we grap the lock, so this is not
perfect. Unfortunately There is no way to pass MSG_CMSG_CLOEXEC to
recvmsg() nor any way to implement non-blocking i/o in go, so this is
hard to fix.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-04-22 15:50:21 -07:00
Solomon Hykes
207e604bad beam/examples/beamsh: add a few example dockerscripts
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
29ddf2be1e beam/examples/beamsh: simplify code by using sendWPipe utility
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
1dc449e11d beam/examples/beamsh: move code around for readability
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
3a2b31a30b beam/examples/beamsh: 'exec' adds 'fromcmd' field to its output
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
7534f7a34b beam/examples/beamsh: simple 'log' command tees streams to a local directory
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:21 -07:00
Solomon Hykes
4f5b94d369 beam/examples/beamsh: 'render' and 'beamsh -x'
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
4ebe7aab91 beam/examples/beamsh: run commands in an implicit context of pre-loaded 'plugins'
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
cd85af06fe beam/examples/beamsh: convenience commands 'devnull', 'echo' and 'stdio'
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
6d9cdbf24f beam/examples/beamsh: 'emit' supports key=value syntax to compose arbitrary objects
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
2b81fb8424 dockerscript: '=' is not a special character
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
6e0a156d90 beam/examples/beamsh: support for background commands with '&' terminator
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
08686f1d21 beam/data: Message.Parse creates a message from shell-style 'key=value' arguments
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
ffe19414b1 dockerscript: support '#' line comments
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
e1c8dbba97 beam/examples/beamsh: scripts can be passed as filenames
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
222fc87ade beam/examples/beamsh: remote communication over beam (experimental).
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:20 -07:00
Solomon Hykes
371f6fc63d beam/examples/beamsh: 'in' chdirs to a directory. 'pass' does simple passthrough
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
6d5c75a224 beam/examples/beamsh: 'beamsend' command serializes all messages and sends them over a network connection
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
5ddf673851 beam/examples/beamsh: 'exec' command correctly closes stdout and stderr when the process exists
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
e512fef425 beam/examples/beamsh: don't print discarded messages in Devnull
This avoids false alarms when process exits without printing. Devnull
doesn't require synchronization.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
34c5724b89 beam/examples/beamsh: more useful debugging
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
a5bc75d406 beam/data: expose EncodeString for convenience access to the underlying netstring primitive
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
fb1af1f0bc beam/examples/beamsh: utility function 'fileToConn'
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
74b90c25d9 beam/examples/beamsh: 'connect' command
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
dff9854305 beam/examples/beamsh: 'exec' and 'listen' commands
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:19 -07:00
Solomon Hykes
3686d50429 beam/examples/beamsh: prettier devnull
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
c9b8e0fcac beam/data: prettier Message.Pretty()
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
d7a2ae8e13 beam/examples/beamsh: prettier 'trace' command
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
eca6fecb59 beam/data: convenience Message.Pretty() function
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
d4920b3fff beam/examples/beamsh: basic implementation of the pipeline design, with static handlers for now.
In the pipeline design, several beam commands can be run concurrently,
with their respective inputs and outputs connected in such a way that
beam messages flow from the first to last. This is similar to the way
a unix shell executes commands in a pipeline: instead of STDIN and
STDOUT, each beam command has a "BEAMIN" and "BEAMOUT".

Since beam allows for richer communication than plain byte streams, beam
pipelines can express more powerful computation, while retaining the
fundamental elegance and ease of use of unix-style composition.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
ec288895e5 beam/examples/beamsh: better debugging messages
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
ab2010cfd3 beam/examples/beamsh: simple 'exec' command
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
5689792171 beam/examples/beamsh: catch introspection calls from jobs for proper nesting
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
bcd31405cf beam: fix FD leaks in SendPipe
This fixes file descriptor leaks in the SendPipe function.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:18 -07:00
Solomon Hykes
1737063904 beam: more hooks for interactive debugging
This inserts low-level hooks for interactive step-by-step debugging.
Hooks are triggered by setting the *TEST* environment variable.

This is particularly useful for tracking down file descriptor leaks,
double-closing, or other issues which are difficult to debug with
the usual toolbox.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:17 -07:00
Solomon Hykes
6072dec9e7 beam/examples/beamsh: first try at nested execution
The "wiring" is broken because engine does not keep a reference for handling introspection calls.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:17 -07:00
Solomon Hykes
8697490740 beam/examples/beamsh: fix a bug in the log command
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:17 -07:00
Solomon Hykes
488fe61354 beam/data: convenience Message.Get
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-04-22 15:50:17 -07:00