github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

bump(github.com/opencontainers/runc): 595bea022f077a9e17d7473b34fbaf1adaed9e43

Browse Source
This commit is contained in:
ravisantoshgudimetla 2018-02-20 14:07:00 -05:00
parent c7414323d8
commit c33be7354f
8 changed files with 135 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
Godeps/Godeps.json generated
View File

@ -2355,83 +2355,83 @@
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/apparmor",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups/fs",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups/systemd",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/configs",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/configs/validate",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/criurpc",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/intelrdt",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/keys",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/mount",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/seccomp",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/stacktrace",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/system",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/user",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runc/libcontainer/utils",
"Comment": "v1.0.0-rc4-197-gd5b4a3e",
"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db"
"Comment": "v1.0.0-rc4-221-g595bea02",
"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43"
},
{
"ImportPath": "github.com/opencontainers/runtime-spec/specs-go",

3
vendor/github.com/opencontainers/runc/libcontainer/capabilities_linux.go generated vendored
View File

@ -4,7 +4,6 @@ package libcontainer
import (
"fmt"
"os"
"strings"
"github.com/opencontainers/runc/libcontainer/configs"
@ -72,7 +71,7 @@ func newContainerCapList(capConfig *configs.Capabilities) (*containerCapabilitie
}
ambient = append(ambient, v)
}
pid, err := capability.NewPid(os.Getpid())
pid, err := capability.NewPid(0)
if err != nil {
return nil, err
}

5
vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go generated vendored
View File

@ -395,7 +395,7 @@ func joinCgroups(c *configs.Cgroup, pid int) error {
// systemd represents slice hierarchy using `-`, so we need to follow suit when
// generating the path of slice. Essentially, test-a-b.slice becomes
// test.slice/test-a.slice/test-a-b.slice.
// /test.slice/test-a.slice/test-a-b.slice.
func ExpandSlice(slice string) (string, error) {
suffix := ".slice"
// Name has to end with ".slice", but can't be just ".slice".
@ -421,10 +421,9 @@ func ExpandSlice(slice string) (string, error) {
}
// Append the component to the path and to the prefix.
path += prefix + component + suffix + "/"
path += "/" + prefix + component + suffix
prefix += component + "-"
}
return path, nil
}

76
vendor/github.com/opencontainers/runc/libcontainer/container_linux.go generated vendored
View File

@ -5,6 +5,7 @@ package libcontainer
import (
"bytes"
"encoding/json"
"errors"
"fmt"
"io"
"io/ioutil"
@ -267,20 +268,71 @@ func (c *linuxContainer) Exec() error {
func (c *linuxContainer) exec() error {
path := filepath.Join(c.root, execFifoFilename)
f, err := os.OpenFile(path, os.O_RDONLY, 0)
if err != nil {
return newSystemErrorWithCause(err, "open exec fifo for reading")
fifoOpen := make(chan struct{})
select {
case <-awaitProcessExit(c.initProcess.pid(), fifoOpen):
return errors.New("container process is already dead")
case result := <-awaitFifoOpen(path):
close(fifoOpen)
if result.err != nil {
return result.err
}
f := result.file
defer f.Close()
data, err := ioutil.ReadAll(f)
if err := readFromExecFifo(f); err != nil {
return err
}
return os.Remove(path)
}
}
func readFromExecFifo(execFifo io.Reader) error {
data, err := ioutil.ReadAll(execFifo)
if err != nil {
return err
}
if len(data) > 0 {
os.Remove(path)
if len(data) <= 0 {
return fmt.Errorf("cannot start an already running container")
}
return nil
}
return fmt.Errorf("cannot start an already running container")
func awaitProcessExit(pid int, exit <-chan struct{}) <-chan struct{} {
isDead := make(chan struct{})
go func() {
for {
select {
case <-exit:
return
case <-time.After(time.Millisecond * 100):
stat, err := system.Stat(pid)
if err != nil || stat.State == system.Zombie {
close(isDead)
return
}
}
}
}()
return isDead
}
func awaitFifoOpen(path string) <-chan openResult {
fifoOpened := make(chan openResult)
go func() {
f, err := os.OpenFile(path, os.O_RDONLY, 0)
if err != nil {
fifoOpened <- openResult{err: newSystemErrorWithCause(err, "open exec fifo for reading")}
return
}
fifoOpened <- openResult{file: f}
}()
return fifoOpened
}
type openResult struct {
file *os.File
err error
}
func (c *linuxContainer) start(process *Process, isInit bool) error {
@ -308,11 +360,13 @@ func (c *linuxContainer) start(process *Process, isInit bool) error {
c.initProcessStartTime = state.InitProcessStartTime
if c.config.Hooks != nil {
bundle, annotations := utils.Annotations(c.config.Labels)
s := configs.HookState{
Version: c.config.Version,
ID: c.id,
Pid: parent.pid(),
Bundle: utils.SearchLabels(c.config.Labels, "bundle"),
Bundle: bundle,
Annotations: annotations,
}
for i, hook := range c.config.Hooks.Poststart {
if err := hook.Run(s); err != nil {
@ -1436,11 +1490,13 @@ func (c *linuxContainer) criuNotifications(resp *criurpc.CriuResp, process *Proc
}
case notify.GetScript() == "setup-namespaces":
if c.config.Hooks != nil {
bundle, annotations := utils.Annotations(c.config.Labels)
s := configs.HookState{
Version: c.config.Version,
ID: c.id,
Pid: int(notify.GetPid()),
Bundle: utils.SearchLabels(c.config.Labels, "bundle"),
Bundle: bundle,
Annotations: annotations,
}
for i, hook := range c.config.Hooks.Prestart {
if err := hook.Run(s); err != nil {
@ -1748,7 +1804,7 @@ func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Na
// The following only applies if we are root.
if !c.config.Rootless {
// check if we have CAP_SETGID to setgroup properly
pid, err := capability.NewPid(os.Getpid())
pid, err := capability.NewPid(0)
if err != nil {
return nil, err
}

8
vendor/github.com/opencontainers/runc/libcontainer/process_linux.go generated vendored
View File

@ -341,11 +341,13 @@ func (p *initProcess) start() error {
}
if p.config.Config.Hooks != nil {
bundle, annotations := utils.Annotations(p.container.config.Labels)
s := configs.HookState{
Version: p.container.config.Version,
ID: p.container.id,
Pid: p.pid(),
Bundle: utils.SearchLabels(p.config.Config.Labels, "bundle"),
Bundle: bundle,
Annotations: annotations,
}
for i, hook := range p.config.Config.Hooks.Prestart {
if err := hook.Run(s); err != nil {
@ -370,11 +372,13 @@ func (p *initProcess) start() error {
}
}
if p.config.Config.Hooks != nil {
bundle, annotations := utils.Annotations(p.container.config.Labels)
s := configs.HookState{
Version: p.container.config.Version,
ID: p.container.id,
Pid: p.pid(),
Bundle: utils.SearchLabels(p.config.Config.Labels, "bundle"),
Bundle: bundle,
Annotations: annotations,
}
for i, hook := range p.config.Config.Hooks.Prestart {
if err := hook.Run(s); err != nil {

8
vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go generated vendored
View File

@ -100,8 +100,10 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) {
if config.NoPivotRoot {
err = msMoveRoot(config.Rootfs)
} else {
} else if config.Namespaces.Contains(configs.NEWNS) {
err = pivotRoot(config.Rootfs)
} else {
err = chroot(config.Rootfs)
}
if err != nil {
return newSystemErrorWithCause(err, "jailing process inside rootfs")
@ -702,6 +704,10 @@ func msMoveRoot(rootfs string) error {
if err := unix.Mount(rootfs, "/", "", unix.MS_MOVE, ""); err != nil {
return err
}
return chroot(rootfs)
}
func chroot(rootfs string) error {
if err := unix.Chroot("."); err != nil {
return err
}

5
vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go generated vendored
View File

@ -65,14 +65,9 @@ func (l *linuxStandardInit) Init() error {
}
label.Init()
// prepareRootfs() can be executed only for a new mount namespace.
if l.config.Config.Namespaces.Contains(configs.NEWNS) {
if err := prepareRootfs(l.pipe, l.config); err != nil {
return err
}
}
// Set up the console. This has to be done *before* we finalize the rootfs,
// but *after* we've given the user the chance to set up all of the mounts
// they wanted.

4
vendor/github.com/opencontainers/runc/libcontainer/state_linux.go generated vendored
View File

@ -63,10 +63,12 @@ func destroy(c *linuxContainer) error {
func runPoststopHooks(c *linuxContainer) error {
if c.config.Hooks != nil {
bundle, annotations := utils.Annotations(c.config.Labels)
s := configs.HookState{
Version: c.config.Version,
ID: c.id,
Bundle: utils.SearchLabels(c.config.Labels, "bundle"),
Bundle: bundle,
Annotations: annotations,
}
for _, hook := range c.config.Hooks.Poststop {
if err := hook.Run(s); err != nil {