diff --git a/daemon/container.go b/daemon/container.go index 37e75fe888..9263277dae 100644 --- a/daemon/container.go +++ b/daemon/container.go @@ -13,7 +13,7 @@ import ( "syscall" "time" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" "github.com/Sirupsen/logrus" "github.com/docker/docker/daemon/execdriver" diff --git a/daemon/container_unix.go b/daemon/container_unix.go index c5d3c01bb6..66881c6747 100644 --- a/daemon/container_unix.go +++ b/daemon/container_unix.go @@ -27,12 +27,12 @@ import ( "github.com/docker/docker/pkg/ulimit" "github.com/docker/docker/runconfig" "github.com/docker/docker/utils" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/devices" "github.com/docker/libnetwork" "github.com/docker/libnetwork/netlabel" "github.com/docker/libnetwork/options" "github.com/docker/libnetwork/types" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/devices" ) const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" diff --git a/daemon/create.go b/daemon/create.go index 6d55028b72..ced8f9edf3 100644 --- a/daemon/create.go +++ b/daemon/create.go @@ -11,7 +11,7 @@ import ( "github.com/docker/docker/pkg/parsers" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/runconfig" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" ) func (daemon *Daemon) ContainerCreate(name string, config *runconfig.Config, hostConfig *runconfig.HostConfig) (string, []string, error) { diff --git a/daemon/daemon.go b/daemon/daemon.go index 8f3b272389..15744c71a5 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go @@ -35,8 +35,8 @@ import ( "github.com/docker/docker/registry" "github.com/docker/docker/runconfig" "github.com/docker/docker/trust" - "github.com/docker/libcontainer/netlink" "github.com/docker/libnetwork" + "github.com/opencontainers/runc/libcontainer/netlink" ) var ( diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index 7370b50db5..49ee833215 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -24,12 +24,12 @@ import ( "github.com/docker/docker/utils" volumedrivers "github.com/docker/docker/volume/drivers" "github.com/docker/docker/volume/local" - "github.com/docker/libcontainer/label" "github.com/docker/libnetwork" nwapi "github.com/docker/libnetwork/api" nwconfig "github.com/docker/libnetwork/config" "github.com/docker/libnetwork/netlabel" "github.com/docker/libnetwork/options" + "github.com/opencontainers/runc/libcontainer/label" ) func (daemon *Daemon) Changes(container *Container) ([]archive.Change, error) { diff --git a/daemon/execdriver/driver.go b/daemon/execdriver/driver.go index 128d3ea10b..d5f4aa98d1 100644 --- a/daemon/execdriver/driver.go +++ b/daemon/execdriver/driver.go @@ -8,8 +8,8 @@ import ( // TODO Windows: Factor out ulimit "github.com/docker/docker/pkg/ulimit" - "github.com/docker/libcontainer" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer" + "github.com/opencontainers/runc/libcontainer/configs" ) // Context is a generic key value pair that allows diff --git a/daemon/execdriver/driver_linux.go b/daemon/execdriver/driver_linux.go index ad7eb30225..484c5f5ebe 100644 --- a/daemon/execdriver/driver_linux.go +++ b/daemon/execdriver/driver_linux.go @@ -10,9 +10,9 @@ import ( "time" "github.com/docker/docker/daemon/execdriver/native/template" - "github.com/docker/libcontainer" - "github.com/docker/libcontainer/cgroups/fs" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer" + "github.com/opencontainers/runc/libcontainer/cgroups/fs" + "github.com/opencontainers/runc/libcontainer/configs" ) func InitContainer(c *Command) *configs.Config { diff --git a/daemon/execdriver/lxc/driver.go b/daemon/execdriver/lxc/driver.go index 692b9f356f..73e96e4cd7 100644 --- a/daemon/execdriver/lxc/driver.go +++ b/daemon/execdriver/lxc/driver.go @@ -25,12 +25,12 @@ import ( sysinfo "github.com/docker/docker/pkg/system" "github.com/docker/docker/pkg/term" "github.com/docker/docker/pkg/version" - "github.com/docker/libcontainer" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/system" - "github.com/docker/libcontainer/user" "github.com/kr/pty" + "github.com/opencontainers/runc/libcontainer" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/user" "github.com/vishvananda/netns" ) diff --git a/daemon/execdriver/lxc/lxc_init_linux.go b/daemon/execdriver/lxc/lxc_init_linux.go index fb89ac6a0a..c63a0cbba0 100644 --- a/daemon/execdriver/lxc/lxc_init_linux.go +++ b/daemon/execdriver/lxc/lxc_init_linux.go @@ -5,7 +5,7 @@ package lxc import ( "fmt" - "github.com/docker/libcontainer/utils" + "github.com/opencontainers/runc/libcontainer/utils" ) func finalizeNamespace(args *InitArgs) error { diff --git a/daemon/execdriver/lxc/lxc_template.go b/daemon/execdriver/lxc/lxc_template.go index b70178a251..75c453e4c8 100644 --- a/daemon/execdriver/lxc/lxc_template.go +++ b/daemon/execdriver/lxc/lxc_template.go @@ -12,7 +12,7 @@ import ( "github.com/docker/docker/daemon/execdriver" nativeTemplate "github.com/docker/docker/daemon/execdriver/native/template" "github.com/docker/docker/pkg/stringutils" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" ) const LxcTemplate = ` diff --git a/daemon/execdriver/lxc/lxc_template_unit_test.go b/daemon/execdriver/lxc/lxc_template_unit_test.go index 904fa120a8..2d4dba5c7f 100644 --- a/daemon/execdriver/lxc/lxc_template_unit_test.go +++ b/daemon/execdriver/lxc/lxc_template_unit_test.go @@ -15,7 +15,7 @@ import ( "github.com/docker/docker/daemon/execdriver" nativeTemplate "github.com/docker/docker/daemon/execdriver/native/template" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs" "github.com/syndtr/gocapability/capability" ) diff --git a/vendor/src/github.com/docker/libcontainer/apparmor/gen.go b/daemon/execdriver/native/apparmor.go similarity index 64% rename from vendor/src/github.com/docker/libcontainer/apparmor/gen.go rename to daemon/execdriver/native/apparmor.go index 653bf34d39..894b2d489a 100644 --- a/vendor/src/github.com/docker/libcontainer/apparmor/gen.go +++ b/daemon/execdriver/native/apparmor.go @@ -1,11 +1,20 @@ // +build linux -package apparmor +package native import ( + "fmt" "io" "os" + "os/exec" + "path" "text/template" + + "github.com/opencontainers/runc/libcontainer/apparmor" +) + +const ( + apparmorProfilePath = "/etc/apparmor.d/docker" ) type data struct { @@ -81,3 +90,35 @@ func abstractionsExists() bool { _, err := os.Stat("/etc/apparmor.d/abstractions/base") return err == nil } + +func installApparmorProfile() error { + if !apparmor.IsEnabled() { + return nil + } + + // Make sure /etc/apparmor.d exists + if err := os.MkdirAll(path.Dir(apparmorProfilePath), 0755); err != nil { + return err + } + + f, err := os.OpenFile(apparmorProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) + if err != nil { + return err + } + if err := generateProfile(f); err != nil { + f.Close() + return err + } + f.Close() + + cmd := exec.Command("/sbin/apparmor_parser", "-r", "-W", "docker") + // to use the parser directly we have to make sure we are in the correct + // dir with the profile + cmd.Dir = "/etc/apparmor.d" + + output, err := cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("Error loading docker apparmor profile: %s (%s)", err, output) + } + return nil +} diff --git a/daemon/execdriver/native/create.go b/daemon/execdriver/native/create.go index 61b8e9cd7e..0f0a6a12dc 100644 --- a/daemon/execdriver/native/create.go +++ b/daemon/execdriver/native/create.go @@ -10,10 +10,10 @@ import ( "syscall" "github.com/docker/docker/daemon/execdriver" - "github.com/docker/libcontainer/apparmor" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/devices" - "github.com/docker/libcontainer/utils" + "github.com/opencontainers/runc/libcontainer/apparmor" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/devices" + "github.com/opencontainers/runc/libcontainer/utils" ) // createContainer populates and configures the container type with the diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go index 2017a9c65c..7e13c267ef 100644 --- a/daemon/execdriver/native/driver.go +++ b/daemon/execdriver/native/driver.go @@ -20,12 +20,11 @@ import ( "github.com/docker/docker/pkg/reexec" sysinfo "github.com/docker/docker/pkg/system" "github.com/docker/docker/pkg/term" - "github.com/docker/libcontainer" - "github.com/docker/libcontainer/apparmor" - "github.com/docker/libcontainer/cgroups/systemd" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/system" - "github.com/docker/libcontainer/utils" + "github.com/opencontainers/runc/libcontainer" + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/utils" ) const ( @@ -52,7 +51,7 @@ func NewDriver(root, initPath string, options []string) (*driver, error) { return nil, err } // native driver root is at docker_root/execdriver/native. Put apparmor at docker_root - if err := apparmor.InstallDefaultProfile(); err != nil { + if err := installApparmorProfile(); err != nil { return nil, err } diff --git a/daemon/execdriver/native/exec.go b/daemon/execdriver/native/exec.go index a9b0e79384..47f812ed22 100644 --- a/daemon/execdriver/native/exec.go +++ b/daemon/execdriver/native/exec.go @@ -9,9 +9,9 @@ import ( "syscall" "github.com/docker/docker/daemon/execdriver" - "github.com/docker/libcontainer" - _ "github.com/docker/libcontainer/nsenter" - "github.com/docker/libcontainer/utils" + "github.com/opencontainers/runc/libcontainer" + _ "github.com/opencontainers/runc/libcontainer/nsenter" + "github.com/opencontainers/runc/libcontainer/utils" ) // TODO(vishh): Add support for running in privileged mode. diff --git a/daemon/execdriver/native/init.go b/daemon/execdriver/native/init.go index 2a6cd26dab..307b5b1b80 100644 --- a/daemon/execdriver/native/init.go +++ b/daemon/execdriver/native/init.go @@ -8,7 +8,7 @@ import ( "runtime" "github.com/docker/docker/pkg/reexec" - "github.com/docker/libcontainer" + "github.com/opencontainers/runc/libcontainer" ) func init() { diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go index 5e3fab7517..7352101dd4 100644 --- a/daemon/execdriver/native/template/default_template.go +++ b/daemon/execdriver/native/template/default_template.go @@ -3,8 +3,8 @@ package template import ( "syscall" - "github.com/docker/libcontainer/apparmor" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/apparmor" + "github.com/opencontainers/runc/libcontainer/configs" ) const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV diff --git a/daemon/graphdriver/aufs/aufs.go b/daemon/graphdriver/aufs/aufs.go index 1d208d54fc..893801a364 100644 --- a/daemon/graphdriver/aufs/aufs.go +++ b/daemon/graphdriver/aufs/aufs.go @@ -40,7 +40,7 @@ import ( "github.com/docker/docker/pkg/directory" mountpk "github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/stringid" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" ) var ( diff --git a/daemon/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go index 1db971e54d..a0f05330d6 100644 --- a/daemon/graphdriver/devmapper/deviceset.go +++ b/daemon/graphdriver/devmapper/deviceset.go @@ -23,7 +23,7 @@ import ( "github.com/docker/docker/pkg/devicemapper" "github.com/docker/docker/pkg/parsers" "github.com/docker/docker/pkg/units" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" ) var ( diff --git a/daemon/graphdriver/overlay/overlay.go b/daemon/graphdriver/overlay/overlay.go index 6fdaaf1e7a..9cde62ae96 100644 --- a/daemon/graphdriver/overlay/overlay.go +++ b/daemon/graphdriver/overlay/overlay.go @@ -16,7 +16,7 @@ import ( "github.com/docker/docker/daemon/graphdriver" "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/chrootarchive" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" ) // This is a small wrapper over the NaiveDiffWriter that lets us have a custom diff --git a/daemon/graphdriver/vfs/driver.go b/daemon/graphdriver/vfs/driver.go index 652b3063cb..d2e71dc9c8 100644 --- a/daemon/graphdriver/vfs/driver.go +++ b/daemon/graphdriver/vfs/driver.go @@ -10,7 +10,7 @@ import ( "github.com/docker/docker/daemon/graphdriver" "github.com/docker/docker/pkg/chrootarchive" "github.com/docker/docker/pkg/system" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" ) func init() { diff --git a/daemon/graphdriver/zfs/zfs.go b/daemon/graphdriver/zfs/zfs.go index 287a530d0c..3d4ed8fe4e 100644 --- a/daemon/graphdriver/zfs/zfs.go +++ b/daemon/graphdriver/zfs/zfs.go @@ -17,8 +17,8 @@ import ( "github.com/docker/docker/daemon/graphdriver" "github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/parsers" - "github.com/docker/libcontainer/label" zfs "github.com/mistifyio/go-zfs" + "github.com/opencontainers/runc/libcontainer/label" ) type ZfsOptions struct { diff --git a/daemon/stats.go b/daemon/stats.go index a444c6027b..c507962436 100644 --- a/daemon/stats.go +++ b/daemon/stats.go @@ -6,8 +6,8 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/daemon/execdriver" - "github.com/docker/libcontainer" "github.com/docker/libnetwork/sandbox" + "github.com/opencontainers/runc/libcontainer" ) type ContainerStatsConfig struct { diff --git a/daemon/stats_collector_unix.go b/daemon/stats_collector_unix.go index 7d571a428d..73b6a87257 100644 --- a/daemon/stats_collector_unix.go +++ b/daemon/stats_collector_unix.go @@ -14,7 +14,7 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/daemon/execdriver" "github.com/docker/docker/pkg/pubsub" - "github.com/docker/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/system" ) // newStatsCollector returns a new statsCollector that collections diff --git a/daemon/stats_linux.go b/daemon/stats_linux.go index 9db3f17fe7..8c1b087349 100644 --- a/daemon/stats_linux.go +++ b/daemon/stats_linux.go @@ -2,8 +2,8 @@ package daemon import ( "github.com/docker/docker/api/types" - "github.com/docker/libcontainer" - "github.com/docker/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer" + "github.com/opencontainers/runc/libcontainer/cgroups" ) // convertStatsToAPITypes converts the libcontainer.Stats to the api specific diff --git a/daemon/stats_windows.go b/daemon/stats_windows.go index 13d0d59162..c79eb6401d 100644 --- a/daemon/stats_windows.go +++ b/daemon/stats_windows.go @@ -2,7 +2,7 @@ package daemon import ( "github.com/docker/docker/api/types" - "github.com/docker/libcontainer" + "github.com/opencontainers/runc/libcontainer" ) // convertStatsToAPITypes converts the libcontainer.Stats to the api specific diff --git a/daemon/utils_unix.go b/daemon/utils_unix.go index 6b871b1503..042544e43a 100644 --- a/daemon/utils_unix.go +++ b/daemon/utils_unix.go @@ -8,7 +8,7 @@ import ( "strings" "github.com/docker/docker/runconfig" - "github.com/docker/libcontainer/selinux" + "github.com/opencontainers/runc/libcontainer/selinux" ) func selinuxSetDisabled() { diff --git a/daemon/volumes.go b/daemon/volumes.go index aae84b92b2..cca28225ca 100644 --- a/daemon/volumes.go +++ b/daemon/volumes.go @@ -13,7 +13,7 @@ import ( "github.com/docker/docker/runconfig" "github.com/docker/docker/volume" "github.com/docker/docker/volume/local" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" ) type mountPoint struct { diff --git a/hack/vendor.sh b/hack/vendor.sh index 798a3f2792..3d65d7ce33 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -36,7 +36,7 @@ clone git github.com/hashicorp/consul v0.5.2 # get distribution packages clone git github.com/docker/distribution 419bbc2da637d9b2a812be78ef8436df7caac70d -clone git github.com/docker/libcontainer v2.2.1 +clone git github.com/opencontainers/runc v0.0.1 # libcontainer # libcontainer deps (see src/github.com/docker/libcontainer/update-vendor.sh) clone git github.com/coreos/go-systemd v2 clone git github.com/godbus/dbus v2 diff --git a/integration-cli/requirements_unix.go b/integration-cli/requirements_unix.go index e961f64611..bfb6f9773c 100644 --- a/integration-cli/requirements_unix.go +++ b/integration-cli/requirements_unix.go @@ -6,7 +6,7 @@ import ( "io/ioutil" "path" - "github.com/docker/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/cgroups" ) var ( diff --git a/pkg/homedir/homedir.go b/pkg/homedir/homedir.go index 61137a8f5d..8154e83f0c 100644 --- a/pkg/homedir/homedir.go +++ b/pkg/homedir/homedir.go @@ -4,7 +4,7 @@ import ( "os" "runtime" - "github.com/docker/libcontainer/user" + "github.com/opencontainers/runc/libcontainer/user" ) // Key returns the env var name for the user's home dir based on diff --git a/pkg/sockets/unix_socket.go b/pkg/sockets/unix_socket.go index 0536382c8f..fde11f5fd0 100644 --- a/pkg/sockets/unix_socket.go +++ b/pkg/sockets/unix_socket.go @@ -11,7 +11,7 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/pkg/listenbuffer" - "github.com/docker/libcontainer/user" + "github.com/opencontainers/runc/libcontainer/user" ) func NewUnixSocket(path, group string, activate <-chan struct{}) (net.Listener, error) { diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go index e9d6b3d0a0..f864dcddab 100644 --- a/pkg/sysinfo/sysinfo_linux.go +++ b/pkg/sysinfo/sysinfo_linux.go @@ -7,7 +7,7 @@ import ( "strings" "github.com/Sirupsen/logrus" - "github.com/docker/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/cgroups" ) // New returns a new SysInfo, using the filesystem to detect which features the kernel supports. diff --git a/vendor/src/github.com/docker/libcontainer/.gitignore b/vendor/src/github.com/docker/libcontainer/.gitignore deleted file mode 100644 index 2e3f79b4eb..0000000000 --- a/vendor/src/github.com/docker/libcontainer/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -bundles -nsinit/nsinit -vendor/pkg diff --git a/vendor/src/github.com/docker/libcontainer/CONTRIBUTING.md b/vendor/src/github.com/docker/libcontainer/CONTRIBUTING.md deleted file mode 100644 index 667cc5a63f..0000000000 --- a/vendor/src/github.com/docker/libcontainer/CONTRIBUTING.md +++ /dev/null @@ -1,257 +0,0 @@ -# The libcontainer Contributors' Guide - -Want to hack on libcontainer? Awesome! Here are instructions to get you -started. They are probably not perfect, please let us know if anything -feels wrong or incomplete. - -## Reporting Issues - -When reporting [issues](https://github.com/docker/libcontainer/issues) -on GitHub please include your host OS (Ubuntu 12.04, Fedora 19, etc), -the output of `uname -a`. Please include the steps required to reproduce -the problem if possible and applicable. -This information will help us review and fix your issue faster. - -## Development Environment - -### Requirements - -For best results, use a Linux development environment. -The following packages are required to compile libcontainer natively. - -- Golang 1.3 -- GCC -- git -- cgutils - -You can develop on OSX, but you are limited to Dockerfile-based builds only. - -### Building libcontainer from Dockerfile - - make all - -This is the easiest way of building libcontainer. -As this build is done using Docker, you can even run this from [OSX](https://github.com/boot2docker/boot2docker) - -### Testing changes with "nsinit" - - make sh - -This will create an container that runs `nsinit exec sh` on a busybox rootfs with the configuration from ['minimal.json'](https://github.com/docker/libcontainer/blob/master/sample_configs/minimal.json). -Like the previous command, you can run this on OSX too! - -### Building libcontainer directly - -> Note: You should add the `vendor` directory to your GOPATH to use the vendored libraries - - ./update-vendor.sh - go get -d ./... - make direct-build - # Run the tests - make direct-test-short | egrep --color 'FAIL|$' - # Run all the test - make direct-test | egrep --color 'FAIL|$' - -### Testing Changes with "nsinit" directly - -To test a change: - - # Install nsinit - make direct-install - - # Optional, add a docker0 bridge - ip link add docker0 type bridge - ifconfig docker0 172.17.0.1/16 up - - mkdir testfs - curl -sSL https://github.com/jpetazzo/docker-busybox/raw/buildroot-2014.02/rootfs.tar | tar -xC testfs - cd testfs - cp container.json - nsinit exec sh - -## Contribution Guidelines - -### Pull requests are always welcome - -We are always thrilled to receive pull requests, and do our best to -process them as fast as possible. Not sure if that typo is worth a pull -request? Do it! We will appreciate it. - -If your pull request is not accepted on the first try, don't be -discouraged! If there's a problem with the implementation, hopefully you -received feedback on what to improve. - -We're trying very hard to keep libcontainer lean and focused. We don't want it -to do everything for everybody. This means that we might decide against -incorporating a new feature. However, there might be a way to implement -that feature *on top of* libcontainer. - -### Discuss your design on the mailing list - -We recommend discussing your plans [on the mailing -list](https://groups.google.com/forum/?fromgroups#!forum/libcontainer) -before starting to code - especially for more ambitious contributions. -This gives other contributors a chance to point you in the right -direction, give feedback on your design, and maybe point out if someone -else is working on the same thing. - -### Create issues... - -Any significant improvement should be documented as [a GitHub -issue](https://github.com/docker/libcontainer/issues) before anybody -starts working on it. - -### ...but check for existing issues first! - -Please take a moment to check that an issue doesn't already exist -documenting your bug report or improvement proposal. If it does, it -never hurts to add a quick "+1" or "I have this problem too". This will -help prioritize the most common problems and requests. - -### Conventions - -Fork the repo and make changes on your fork in a feature branch: - -- If it's a bugfix branch, name it XXX-something where XXX is the number of the - issue -- If it's a feature branch, create an enhancement issue to announce your - intentions, and name it XXX-something where XXX is the number of the issue. - -Submit unit tests for your changes. Go has a great test framework built in; use -it! Take a look at existing tests for inspiration. Run the full test suite on -your branch before submitting a pull request. - -Update the documentation when creating or modifying features. Test -your documentation changes for clarity, concision, and correctness, as -well as a clean documentation build. See ``docs/README.md`` for more -information on building the docs and how docs get released. - -Write clean code. Universally formatted code promotes ease of writing, reading, -and maintenance. Always run `gofmt -s -w file.go` on each changed file before -committing your changes. Most editors have plugins that do this automatically. - -Pull requests descriptions should be as clear as possible and include a -reference to all the issues that they address. - -Pull requests must not contain commits from other users or branches. - -Commit messages must start with a capitalized and short summary (max. 50 -chars) written in the imperative, followed by an optional, more detailed -explanatory text which is separated from the summary by an empty line. - -Code review comments may be added to your pull request. Discuss, then make the -suggested modifications and push additional commits to your feature branch. Be -sure to post a comment after pushing. The new commits will show up in the pull -request automatically, but the reviewers will not be notified unless you -comment. - -Before the pull request is merged, make sure that you squash your commits into -logical units of work using `git rebase -i` and `git push -f`. After every -commit the test suite should be passing. Include documentation changes in the -same commit so that a revert would remove all traces of the feature or fix. - -Commits that fix or close an issue should include a reference like `Closes #XXX` -or `Fixes #XXX`, which will automatically close the issue when merged. - -### Testing - -Make sure you include suitable tests, preferably unit tests, in your pull request -and that all the tests pass. - -*Instructions for running tests to be added.* - -### Merge approval - -libcontainer maintainers use LGTM (looks good to me) in comments on the code review -to indicate acceptance. - -A change requires LGTMs from at lease two maintainers. One of those must come from -a maintainer of the component affected. For example, if a change affects `netlink/` -and `security`, it needs at least one LGTM from a maintainer of each. Maintainers -only need one LGTM as presumably they LGTM their own change. - -For more details see [MAINTAINERS.md](MAINTAINERS.md) - -### Sign your work - -The sign-off is a simple line at the end of the explanation for the -patch, which certifies that you wrote it or otherwise have the right to -pass it on as an open-source patch. The rules are pretty simple: if you -can certify the below (from -[developercertificate.org](http://developercertificate.org/)): - -``` -Developer Certificate of Origin -Version 1.1 - -Copyright (C) 2004, 2006 The Linux Foundation and its contributors. -660 York Street, Suite 102, -San Francisco, CA 94110 USA - -Everyone is permitted to copy and distribute verbatim copies of this -license document, but changing it is not allowed. - - -Developer's Certificate of Origin 1.1 - -By making a contribution to this project, I certify that: - -(a) The contribution was created in whole or in part by me and I - have the right to submit it under the open source license - indicated in the file; or - -(b) The contribution is based upon previous work that, to the best - of my knowledge, is covered under an appropriate open source - license and I have the right under that license to submit that - work with modifications, whether created in whole or in part - by me, under the same open source license (unless I am - permitted to submit under a different license), as indicated - in the file; or - -(c) The contribution was provided directly to me by some other - person who certified (a), (b) or (c) and I have not modified - it. - -(d) I understand and agree that this project and the contribution - are public and that a record of the contribution (including all - personal information I submit with it, including my sign-off) is - maintained indefinitely and may be redistributed consistent with - this project or the open source license(s) involved. -``` - -then you just add a line to every git commit message: - - Docker-DCO-1.1-Signed-off-by: Joe Smith (github: github_handle) - -using your real name (sorry, no pseudonyms or anonymous contributions.) - -One way to automate this, is customise your get ``commit.template`` by adding -a ``prepare-commit-msg`` hook to your libcontainer checkout: - -``` -curl -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/docker/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg -``` - -* Note: the above script expects to find your GitHub user name in ``git config --get github.user`` - -#### Small patch exception - -There are several exceptions to the signing requirement. Currently these are: - -* Your patch fixes spelling or grammar errors. -* Your patch is a single line change to documentation contained in the - `docs` directory. -* Your patch fixes Markdown formatting or syntax errors in the - documentation contained in the `docs` directory. - -If you have any questions, please refer to the FAQ in the [docs](to be written) - -### How can I become a maintainer? - -* Step 1: learn the component inside out -* Step 2: make yourself useful by contributing code, bugfixes, support etc. -* Step 3: volunteer on the irc channel (#libcontainer@freenode) - -Don't forget: being a maintainer is a time investment. Make sure you will have time to make yourself available. -You don't have to be a maintainer to make a difference on the project! - diff --git a/vendor/src/github.com/docker/libcontainer/Dockerfile b/vendor/src/github.com/docker/libcontainer/Dockerfile deleted file mode 100644 index a885498896..0000000000 --- a/vendor/src/github.com/docker/libcontainer/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM golang:1.4 - -RUN echo "deb http://ftp.us.debian.org/debian testing main contrib" >> /etc/apt/sources.list -RUN apt-get update && apt-get install -y iptables criu=1.5.2-1 && rm -rf /var/lib/apt/lists/* - -RUN go get golang.org/x/tools/cmd/cover - -ENV GOPATH $GOPATH:/go/src/github.com/docker/libcontainer/vendor -RUN go get github.com/docker/docker/pkg/term - -# setup a playground for us to spawn containers in -RUN mkdir /busybox && \ - curl -sSL 'https://github.com/jpetazzo/docker-busybox/raw/buildroot-2014.11/rootfs.tar' | tar -xC /busybox - -RUN curl -sSL https://raw.githubusercontent.com/docker/docker/master/hack/dind -o /dind && \ - chmod +x /dind - -COPY . /go/src/github.com/docker/libcontainer -WORKDIR /go/src/github.com/docker/libcontainer -RUN cp sample_configs/minimal.json /busybox/container.json - -RUN make direct-install - -ENTRYPOINT ["/dind"] -CMD ["make", "direct-test"] diff --git a/vendor/src/github.com/docker/libcontainer/LICENSE b/vendor/src/github.com/docker/libcontainer/LICENSE deleted file mode 100644 index 27448585ad..0000000000 --- a/vendor/src/github.com/docker/libcontainer/LICENSE +++ /dev/null @@ -1,191 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - Copyright 2014 Docker, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/src/github.com/docker/libcontainer/MAINTAINERS b/vendor/src/github.com/docker/libcontainer/MAINTAINERS deleted file mode 100644 index cea3500f2b..0000000000 --- a/vendor/src/github.com/docker/libcontainer/MAINTAINERS +++ /dev/null @@ -1,7 +0,0 @@ -Michael Crosby (@crosbymichael) -Rohit Jnagal (@rjnagal) -Victor Marmol (@vmarmol) -Mrunal Patel (@mrunalp) -Alexandr Morozov (@LK4D4) -Daniel, Dao Quang Minh (@dqminh) -update-vendor.sh: Tianon Gravi (@tianon) diff --git a/vendor/src/github.com/docker/libcontainer/MAINTAINERS_GUIDE.md b/vendor/src/github.com/docker/libcontainer/MAINTAINERS_GUIDE.md deleted file mode 100644 index 2ac9ca21f4..0000000000 --- a/vendor/src/github.com/docker/libcontainer/MAINTAINERS_GUIDE.md +++ /dev/null @@ -1,99 +0,0 @@ -# The libcontainer Maintainers' Guide - -## Introduction - -Dear maintainer. Thank you for investing the time and energy to help -make libcontainer as useful as possible. Maintaining a project is difficult, -sometimes unrewarding work. Sure, you will get to contribute cool -features to the project. But most of your time will be spent reviewing, -cleaning up, documenting, answering questions, justifying design -decisions - while everyone has all the fun! But remember - the quality -of the maintainers work is what distinguishes the good projects from the -great. So please be proud of your work, even the unglamourous parts, -and encourage a culture of appreciation and respect for *every* aspect -of improving the project - not just the hot new features. - -This document is a manual for maintainers old and new. It explains what -is expected of maintainers, how they should work, and what tools are -available to them. - -This is a living document - if you see something out of date or missing, -speak up! - -## What are a maintainer's responsibility? - -It is every maintainer's responsibility to: - -* 1) Expose a clear roadmap for improving their component. -* 2) Deliver prompt feedback and decisions on pull requests. -* 3) Be available to anyone with questions, bug reports, criticism etc. - on their component. This includes IRC, GitHub requests and the mailing - list. -* 4) Make sure their component respects the philosophy, design and - roadmap of the project. - -## How are decisions made? - -Short answer: with pull requests to the libcontainer repository. - -libcontainer is an open-source project with an open design philosophy. This -means that the repository is the source of truth for EVERY aspect of the -project, including its philosophy, design, roadmap and APIs. *If it's -part of the project, it's in the repo. It's in the repo, it's part of -the project.* - -As a result, all decisions can be expressed as changes to the -repository. An implementation change is a change to the source code. An -API change is a change to the API specification. A philosophy change is -a change to the philosophy manifesto. And so on. - -All decisions affecting libcontainer, big and small, follow the same 3 steps: - -* Step 1: Open a pull request. Anyone can do this. - -* Step 2: Discuss the pull request. Anyone can do this. - -* Step 3: Accept (`LGTM`) or refuse a pull request. The relevant maintainers do -this (see below "Who decides what?") - - -## Who decides what? - -All decisions are pull requests, and the relevant maintainers make -decisions by accepting or refusing the pull request. Review and acceptance -by anyone is denoted by adding a comment in the pull request: `LGTM`. -However, only currently listed `MAINTAINERS` are counted towards the required -two LGTMs. - -libcontainer follows the timeless, highly efficient and totally unfair system -known as [Benevolent dictator for life](http://en.wikipedia.org/wiki/Benevolent_Dictator_for_Life), with Michael Crosby in the role of BDFL. -This means that all decisions are made by default by Michael. Since making -every decision himself would be highly un-scalable, in practice decisions -are spread across multiple maintainers. - -The relevant maintainers for a pull request can be worked out in two steps: - -* Step 1: Determine the subdirectories affected by the pull request. This - might be `netlink/` and `security/`, or any other part of the repo. - -* Step 2: Find the `MAINTAINERS` file which affects this directory. If the - directory itself does not have a `MAINTAINERS` file, work your way up - the repo hierarchy until you find one. - -### I'm a maintainer, and I'm going on holiday - -Please let your co-maintainers and other contributors know by raising a pull -request that comments out your `MAINTAINERS` file entry using a `#`. - -### I'm a maintainer, should I make pull requests too? - -Yes. Nobody should ever push to master directly. All changes should be -made through a pull request. - -### Who assigns maintainers? - -Michael has final `LGTM` approval for all pull requests to `MAINTAINERS` files. - -### How is this process changed? - -Just like everything else: by making a pull request :) diff --git a/vendor/src/github.com/docker/libcontainer/Makefile b/vendor/src/github.com/docker/libcontainer/Makefile deleted file mode 100644 index 1a2e23e048..0000000000 --- a/vendor/src/github.com/docker/libcontainer/Makefile +++ /dev/null @@ -1,33 +0,0 @@ - -all: - docker build -t dockercore/libcontainer . - -test: - # we need NET_ADMIN for the netlink tests and SYS_ADMIN for mounting - docker run --rm -it --privileged dockercore/libcontainer - -sh: - docker run --rm -it --privileged -w /busybox dockercore/libcontainer nsinit exec sh - -GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune -o -wholename ./.git -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u) - -direct-test: - go test $(TEST_TAGS) -cover -v $(GO_PACKAGES) - -direct-test-short: - go test $(TEST_TAGS) -cover -test.short -v $(GO_PACKAGES) - -direct-build: - go build -v $(GO_PACKAGES) - -direct-install: - go install -v $(GO_PACKAGES) - -local: - go test -v - -validate: - hack/validate.sh - -binary: all - docker run --rm --privileged -v $(CURDIR)/bundles:/go/bin dockercore/libcontainer make direct-install diff --git a/vendor/src/github.com/docker/libcontainer/NOTICE b/vendor/src/github.com/docker/libcontainer/NOTICE deleted file mode 100644 index dc9129878c..0000000000 --- a/vendor/src/github.com/docker/libcontainer/NOTICE +++ /dev/null @@ -1,16 +0,0 @@ -libcontainer -Copyright 2012-2015 Docker, Inc. - -This product includes software developed at Docker, Inc. (http://www.docker.com). - -The following is courtesy of our legal counsel: - - -Use and transfer of Docker may be subject to certain restrictions by the -United States and other governments. -It is your responsibility to ensure that your use and/or transfer does not -violate applicable laws. - -For more information, please see http://www.bis.doc.gov - -See also http://www.apache.org/dev/crypto.html and/or seek legal counsel. diff --git a/vendor/src/github.com/docker/libcontainer/PRINCIPLES.md b/vendor/src/github.com/docker/libcontainer/PRINCIPLES.md deleted file mode 100644 index 0560642102..0000000000 --- a/vendor/src/github.com/docker/libcontainer/PRINCIPLES.md +++ /dev/null @@ -1,19 +0,0 @@ -# libcontainer Principles - -In the design and development of libcontainer we try to follow these principles: - -(Work in progress) - -* Don't try to replace every tool. Instead, be an ingredient to improve them. -* Less code is better. -* Fewer components are better. Do you really need to add one more class? -* 50 lines of straightforward, readable code is better than 10 lines of magic that nobody can understand. -* Don't do later what you can do now. "//TODO: refactor" is not acceptable in new code. -* When hesitating between two options, choose the one that is easier to reverse. -* "No" is temporary; "Yes" is forever. If you're not sure about a new feature, say no. You can change your mind later. -* Containers must be portable to the greatest possible number of machines. Be suspicious of any change which makes machines less interchangeable. -* The fewer moving parts in a container, the better. -* Don't merge it unless you document it. -* Don't document it unless you can keep it up-to-date. -* Don't merge it unless you test it! -* Everyone's problem is slightly different. Focus on the part that is the same for everyone, and solve that. diff --git a/vendor/src/github.com/docker/libcontainer/ROADMAP.md b/vendor/src/github.com/docker/libcontainer/ROADMAP.md deleted file mode 100644 index f59035351a..0000000000 --- a/vendor/src/github.com/docker/libcontainer/ROADMAP.md +++ /dev/null @@ -1,20 +0,0 @@ -# libcontainer: what's next? - -This document is a high-level overview of where we want to take libcontainer next. -It is a curated selection of planned improvements which are either important, difficult, or both. - -For a more complete view of planned and requested improvements, see [the Github issues](https://github.com/docker/libcontainer/issues). - -To suggest changes to the roadmap, including additions, please write the change as if it were already in effect, and make a pull request. - -## Broader kernel support - -Our goal is to make libcontainer run everywhere, but currently libcontainer requires Linux version 3.8 or higher. If you’re deploying new machines for the purpose of running libcontainer, this is a fairly easy requirement to meet. However, if you’re adding libcontainer to an existing deployment, you may not have the flexibility to update and patch the kernel. - -## Cross-architecture support - -Our goal is to make libcontainer run everywhere. Recently libcontainer has -expanded from its initial support for x86_64 systems to include POWER (ppc64 -little and big endian variants), IBM System z (s390x 64-bit), and ARM. We plan -to continue expanding architecture support such that libcontainer containers -can be created and used on more architectures. diff --git a/vendor/src/github.com/docker/libcontainer/apparmor/setup.go b/vendor/src/github.com/docker/libcontainer/apparmor/setup.go deleted file mode 100644 index 2df21268e0..0000000000 --- a/vendor/src/github.com/docker/libcontainer/apparmor/setup.go +++ /dev/null @@ -1,46 +0,0 @@ -// +build linux - -package apparmor - -import ( - "fmt" - "os" - "os/exec" - "path" -) - -const ( - DefaultProfilePath = "/etc/apparmor.d/docker" -) - -func InstallDefaultProfile() error { - if !IsEnabled() { - return nil - } - - // Make sure /etc/apparmor.d exists - if err := os.MkdirAll(path.Dir(DefaultProfilePath), 0755); err != nil { - return err - } - - f, err := os.OpenFile(DefaultProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) - if err != nil { - return err - } - if err := generateProfile(f); err != nil { - f.Close() - return err - } - f.Close() - - cmd := exec.Command("/sbin/apparmor_parser", "-r", "-W", "docker") - // to use the parser directly we have to make sure we are in the correct - // dir with the profile - cmd.Dir = "/etc/apparmor.d" - - output, err := cmd.CombinedOutput() - if err != nil { - return fmt.Errorf("Error loading docker apparmor profile: %s (%s)", err, output) - } - return nil -} diff --git a/vendor/src/github.com/docker/libcontainer/update-vendor.sh b/vendor/src/github.com/docker/libcontainer/update-vendor.sh deleted file mode 100755 index 69ed4cde9e..0000000000 --- a/vendor/src/github.com/docker/libcontainer/update-vendor.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env bash -set -e - -cd "$(dirname "$BASH_SOURCE")" - -# Downloads dependencies into vendor/ directory -mkdir -p vendor -cd vendor - -clone() { - vcs=$1 - pkg=$2 - rev=$3 - - pkg_url=https://$pkg - target_dir=src/$pkg - - echo -n "$pkg @ $rev: " - - if [ -d $target_dir ]; then - echo -n 'rm old, ' - rm -fr $target_dir - fi - - echo -n 'clone, ' - case $vcs in - git) - git clone --quiet --no-checkout $pkg_url $target_dir - ( cd $target_dir && git reset --quiet --hard $rev ) - ;; - hg) - hg clone --quiet --updaterev $rev $pkg_url $target_dir - ;; - esac - - echo -n 'rm VCS, ' - ( cd $target_dir && rm -rf .{git,hg} ) - - echo done -} - -# the following lines are in sorted order, FYI -clone git github.com/codegangsta/cli 1.1.0 -clone git github.com/coreos/go-systemd v2 -clone git github.com/godbus/dbus v2 -clone git github.com/Sirupsen/logrus v0.7.3 -clone git github.com/syndtr/gocapability 8e4cdcb -clone git github.com/golang/protobuf 655cdfa588ea - -# intentionally not vendoring Docker itself... that'd be a circle :) diff --git a/vendor/src/github.com/docker/libcontainer/README.md b/vendor/src/github.com/opencontainers/runc/libcontainer/README.md similarity index 61% rename from vendor/src/github.com/docker/libcontainer/README.md rename to vendor/src/github.com/opencontainers/runc/libcontainer/README.md index 26bb82dde1..a0742fe02f 100644 --- a/vendor/src/github.com/docker/libcontainer/README.md +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/README.md @@ -1,5 +1,3 @@ -## libcontainer - reference implementation for containers [![Build Status](https://jenkins.dockerproject.org/buildStatus/icon?job=Libcontainer%20Master)](https://jenkins.dockerproject.org/job/Libcontainer%20Master/) - Libcontainer provides a native Go implementation for creating containers with namespaces, cgroups, capabilities, and filesystem access controls. It allows you to manage the lifecycle of the container performing additional operations @@ -135,40 +133,6 @@ container.Resume() ``` -#### nsinit - -`nsinit` is a cli application which demonstrates the use of libcontainer. -It is able to spawn new containers or join existing containers. A root -filesystem must be provided for use along with a container configuration file. - -To build `nsinit`, run `make binary`. It will save the binary into -`bundles/nsinit`. - -To use `nsinit`, cd into a Linux rootfs and copy a `container.json` file into -the directory with your specified configuration. Environment, networking, -and different capabilities for the container are specified in this file. -The configuration is used for each process executed inside the container. - -See the `sample_configs` folder for examples of what the container configuration should look like. - -To execute `/bin/bash` in the current directory as a container just run the following **as root**: -```bash -nsinit exec --tty /bin/bash -``` - -If you wish to spawn another process inside the container while your -current bash session is running, run the same command again to -get another bash shell (or change the command). If the original -process (PID 1) dies, all other processes spawned inside the container -will be killed and the namespace will be removed. - -You can identify if a process is running in a container by -looking to see if `state.json` is in the root of the directory. - -You may also specify an alternate root place where -the `container.json` file is read and where the `state.json` file will be saved. - - #### Checkpoint & Restore libcontainer now integrates [CRIU](http://criu.org/) for checkpointing and restoring containers. @@ -180,39 +144,9 @@ If you don't already have `criu` installed, you can build it from source, follo [online instructions](http://criu.org/Installation). `criu` is also installed in the docker image generated when building libcontainer with docker. -To try an example with `nsinit`, open two terminals to the same busybox directory. -In the first terminal, run a command like this one: -```bash -nsinit exec -- sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' -``` - -You should see logs printing to the terminal every second. Now, in the second terminal, run: -```bash -nsinit checkpoint --image-path=/tmp/criu -``` - -The logs in your first terminal will stop and the process will exit. Finally, in the second -terminal, run the restore command: -```bash -nsinit restore --image-path=/tmp/criu -``` - -The process will resume counting where it left off and printing to the new terminal window. - - -#### Future -See the [roadmap](ROADMAP.md). ## Copyright and license Code and documentation copyright 2014 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons. -## Hacking on libcontainer - -First of all, please familiarise yourself with the [libcontainer Principles](PRINCIPLES.md). - -If you're a *contributor* or aspiring contributor, you should read the [Contributors' Guide](CONTRIBUTING.md). - -If you're a *maintainer* or aspiring maintainer, you should read the [Maintainers' Guide](MAINTAINERS_GUIDE.md) and -"How can I become a maintainer?" in the Contributors' Guide. diff --git a/vendor/src/github.com/docker/libcontainer/SPEC.md b/vendor/src/github.com/opencontainers/runc/libcontainer/SPEC.md similarity index 100% rename from vendor/src/github.com/docker/libcontainer/SPEC.md rename to vendor/src/github.com/opencontainers/runc/libcontainer/SPEC.md diff --git a/vendor/src/github.com/docker/libcontainer/apparmor/apparmor.go b/vendor/src/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go similarity index 81% rename from vendor/src/github.com/docker/libcontainer/apparmor/apparmor.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go index 18cedf6a19..22c17f5272 100644 --- a/vendor/src/github.com/docker/libcontainer/apparmor/apparmor.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go @@ -12,6 +12,7 @@ import ( "unsafe" ) +// IsEnabled returns true if apparmor is enabled for the host. func IsEnabled() bool { if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" { if _, err = os.Stat("/sbin/apparmor_parser"); err == nil { @@ -22,13 +23,14 @@ func IsEnabled() bool { return false } +// ApplyProfile will apply the profile with the specified name to the process after +// the next exec. func ApplyProfile(name string) error { if name == "" { return nil } cName := C.CString(name) defer C.free(unsafe.Pointer(cName)) - if _, err := C.aa_change_onexec(cName); err != nil { return err } diff --git a/vendor/src/github.com/docker/libcontainer/apparmor/apparmor_disabled.go b/vendor/src/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/apparmor/apparmor_disabled.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go diff --git a/vendor/src/github.com/docker/libcontainer/capabilities_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/capabilities_linux.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/capabilities_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/capabilities_linux.go diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go similarity index 95% rename from vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go index ec9c39dac7..a08e905caa 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go @@ -5,7 +5,7 @@ package cgroups import ( "fmt" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs" ) type Manager interface { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/cgroups_unsupported.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/cgroups_unsupported.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/cgroups/cgroups_unsupported.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/cgroups_unsupported.go diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go similarity index 94% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go index b272182b99..3d099d869c 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go @@ -11,8 +11,8 @@ import ( "strconv" "sync" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) var ( @@ -29,7 +29,7 @@ var ( "perf_event": &PerfEventGroup{}, "freezer": &FreezerGroup{}, } - CgroupProcesses = "cgroup.procs" + CgroupProcesses = "cgroup.procs" HugePageSizes, _ = cgroups.GetHugePageSize() ) @@ -304,6 +304,10 @@ func removePath(p string, err error) error { func CheckCpushares(path string, c int64) error { var cpuShares int64 + if c == 0 { + return nil + } + fd, err := os.Open(filepath.Join(path, "cpu.shares")) if err != nil { return err @@ -314,12 +318,11 @@ func CheckCpushares(path string, c int64) error { if err != nil && err != io.EOF { return err } - if c != 0 { - if c > cpuShares { - return fmt.Errorf("The maximum allowed cpu-shares is %d", cpuShares) - } else if c < cpuShares { - return fmt.Errorf("The minimum allowed cpu-shares is %d", cpuShares) - } + + if c > cpuShares { + return fmt.Errorf("The maximum allowed cpu-shares is %d", cpuShares) + } else if c < cpuShares { + return fmt.Errorf("The minimum allowed cpu-shares is %d", cpuShares) } return nil diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/blkio.go similarity index 98% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/blkio.go index eadee1bae7..3b9405542d 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/blkio.go @@ -10,8 +10,8 @@ import ( "strconv" "strings" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type BlkioGroup struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpu.go similarity index 94% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpu.go index 1cea0189af..5afd5b8d13 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpu.go @@ -8,8 +8,8 @@ import ( "path/filepath" "strconv" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type CpuGroup struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuacct.go similarity index 94% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuacct.go index 1c324cbb13..4ff4fefea3 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuacct.go @@ -9,9 +9,9 @@ import ( "strconv" "strings" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/system" ) const ( diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go similarity index 83% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go index a84506fd98..b6c04b0c49 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go @@ -9,8 +9,8 @@ import ( "path/filepath" "strconv" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type CpusetGroup struct { @@ -21,7 +21,6 @@ func (s *CpusetGroup) Apply(d *data) error { if err != nil && !cgroups.IsNotFound(err) { return err } - return s.ApplyDir(dir, d.c, d.pid) } @@ -31,13 +30,11 @@ func (s *CpusetGroup) Set(path string, cgroup *configs.Cgroup) error { return err } } - if cgroup.CpusetMems != "" { if err := writeFile(path, "cpuset.mems", cgroup.CpusetMems); err != nil { return err } } - return nil } @@ -55,10 +52,13 @@ func (s *CpusetGroup) ApplyDir(dir string, cgroup *configs.Cgroup, pid int) erro if dir == "" { return nil } - if err := s.ensureParent(dir); err != nil { + root, err := getCgroupRoot() + if err != nil { + return err + } + if err := s.ensureParent(dir, root); err != nil { return err } - // because we are not using d.join we need to place the pid into the procs file // unlike the other subsystems if err := writeFile(dir, "cgroup.procs", strconv.Itoa(pid)); err != nil { @@ -84,22 +84,17 @@ func (s *CpusetGroup) getSubsystemSettings(parent string) (cpus []byte, mems []b return cpus, mems, nil } -// ensureParent ensures that the parent directory of current is created -// with the proper cpus and mems files copied from it's parent if the values -// are a file with a new line char -func (s *CpusetGroup) ensureParent(current string) error { +// ensureParent makes sure that the parent directory of current is created +// and populated with the proper cpus and mems files copied from +// it's parent. +func (s *CpusetGroup) ensureParent(current, root string) error { parent := filepath.Dir(current) - - if _, err := os.Stat(parent); err != nil { - if !os.IsNotExist(err) { - return err - } - - if err := s.ensureParent(parent); err != nil { - return err - } + if filepath.Clean(parent) == root { + return nil + } + if err := s.ensureParent(parent, root); err != nil { + return err } - if err := os.MkdirAll(current, 0755); err != nil && !os.IsExist(err) { return err } diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/devices.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go similarity index 91% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/devices.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go index 32387d87f8..d621d275c0 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/devices.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go @@ -3,8 +3,8 @@ package fs import ( - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type DevicesGroup struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/freezer.go similarity index 90% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/freezer.go index 112ee04ce8..47f7439549 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/freezer.go @@ -7,8 +7,8 @@ import ( "strings" "time" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type FreezerGroup struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/fs_unsupported.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs_unsupported.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/fs_unsupported.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs_unsupported.go diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/hugetlb.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/hugetlb.go similarity index 93% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/hugetlb.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/hugetlb.go index 4b82649334..7f192a9ae2 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/hugetlb.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/hugetlb.go @@ -7,8 +7,8 @@ import ( "strconv" "strings" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type HugetlbGroup struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/memory.go similarity index 83% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/memory.go index dccdee6953..8206b1472b 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/memory.go @@ -10,28 +10,40 @@ import ( "strconv" "strings" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type MemoryGroup struct { } func (s *MemoryGroup) Apply(d *data) error { - dir, err := d.join("memory") - if err != nil && !cgroups.IsNotFound(err) { + path, err := d.path("memory") + if err != nil { + if cgroups.IsNotFound(err) { + return nil + } + return err + } + if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) { + return err + } + if err := s.Set(path, d.c); err != nil { + return err + } + + // We need to join memory cgroup after set memory limits, because + // kmem.limit_in_bytes can only be set when the cgroup is empty. + _, err = d.join("memory") + if err != nil { return err } defer func() { if err != nil { - os.RemoveAll(dir) + os.RemoveAll(path) } }() - if err := s.Set(dir, d.c); err != nil { - return err - } - return nil } @@ -66,6 +78,10 @@ func (s *MemoryGroup) Set(path string, cgroup *configs.Cgroup) error { if err := writeFile(path, "memory.swappiness", strconv.FormatInt(cgroup.MemorySwappiness, 10)); err != nil { return err } + } else if cgroup.MemorySwappiness == -1 { + return nil + } else { + return fmt.Errorf("invalid value:%d. valid memory swappiness range is 0-100", cgroup.MemorySwappiness) } return nil diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/net_cls.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/net_cls.go similarity index 85% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/net_cls.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/net_cls.go index 50ca647a12..23335dd7b8 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/net_cls.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/net_cls.go @@ -1,8 +1,8 @@ package fs import ( - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type NetClsGroup struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/net_prio.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/net_prio.go similarity index 86% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/net_prio.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/net_prio.go index 62882f9f58..88f2ea8baa 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/net_prio.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/net_prio.go @@ -1,8 +1,8 @@ package fs import ( - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type NetPrioGroup struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/perf_event.go similarity index 83% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/perf_event.go index 2b34927001..30be9e5682 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/perf_event.go @@ -3,8 +3,8 @@ package fs import ( - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type PerfEventGroup struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/utils.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/utils.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/utils.go diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/stats.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/stats.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/cgroups/stats.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/stats.go diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_nosystemd.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_nosystemd.go similarity index 89% rename from vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_nosystemd.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_nosystemd.go index 9b605b3c05..fa3485f1c0 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_nosystemd.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_nosystemd.go @@ -5,8 +5,8 @@ package systemd import ( "fmt" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ) type Manager struct { diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go similarity index 92% rename from vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go index fd7f680b50..8c27f11ac3 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go @@ -13,10 +13,10 @@ import ( "time" systemd "github.com/coreos/go-systemd/dbus" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/cgroups/fs" - "github.com/docker/libcontainer/configs" "github.com/godbus/dbus" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/cgroups/fs" + "github.com/opencontainers/runc/libcontainer/configs" ) type Manager struct { @@ -188,6 +188,16 @@ func (m *Manager) Apply(pid int) error { newProp("BlockIOWeight", uint64(c.BlkioWeight))) } + // We need to set kernel memory before processes join cgroup because + // kmem.limit_in_bytes can only be set when the cgroup is empty. + // And swap memory limit needs to be set after memory limit, only + // memory limit is handled by systemd, so it's kind of ugly here. + if c.KernelMemory > 0 { + if err := setKernelMemory(c); err != nil { + return err + } + } + if _, err := theConn.StartTransientUnit(unitName, "replace", properties...); err != nil { return err } @@ -227,7 +237,7 @@ func (m *Manager) Apply(pid int) error { return err } // FIXME: Systemd does have `BlockIODeviceWeight` property, but we got problem - // using that (at least on systemd 208, see https://github.com/docker/libcontainer/pull/354), + // using that (at least on systemd 208, see https://github.com/opencontainers/runc/libcontainer/pull/354), // so use fs work around for now. if err := joinBlkio(c, pid); err != nil { return err @@ -462,6 +472,26 @@ func joinDevices(c *configs.Cgroup, pid int) error { return devices.Set(path, c) } +func setKernelMemory(c *configs.Cgroup) error { + path, err := getSubsystemPath(c, "memory") + if err != nil && !cgroups.IsNotFound(err) { + return err + } + + if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) { + return err + } + + if c.KernelMemory > 0 { + err = writeFile(path, "memory.kmem.limit_in_bytes", strconv.FormatInt(c.KernelMemory, 10)) + if err != nil { + return err + } + } + + return nil +} + func joinMemory(c *configs.Cgroup, pid int) error { path, err := getSubsystemPath(c, "memory") if err != nil && !cgroups.IsNotFound(err) { @@ -475,18 +505,21 @@ func joinMemory(c *configs.Cgroup, pid int) error { return err } } - - if c.KernelMemory > 0 { - err = writeFile(path, "memory.kmem.limit_in_bytes", strconv.FormatInt(c.KernelMemory, 10)) - if err != nil { + if c.OomKillDisable { + if err := writeFile(path, "memory.oom_control", "1"); err != nil { return err } } + if c.MemorySwappiness >= 0 && c.MemorySwappiness <= 100 { err = writeFile(path, "memory.swappiness", strconv.FormatInt(c.MemorySwappiness, 10)) if err != nil { return err } + } else if c.MemorySwappiness == -1 { + return nil + } else { + return fmt.Errorf("invalid value:%d. valid memory swappiness range is 0-100", c.MemorySwappiness) } return nil diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/utils.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/utils.go similarity index 94% rename from vendor/src/github.com/docker/libcontainer/cgroups/utils.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/utils.go index 8ab80a7f2c..f58e717fb6 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/utils.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/utils.go @@ -17,6 +17,8 @@ import ( "github.com/docker/docker/pkg/units" ) +const cgroupNamePrefix = "name=" + // https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt func FindCgroupMountpoint(subsystem string) (string, error) { f, err := os.Open("/proc/self/mountinfo") @@ -57,6 +59,7 @@ func FindCgroupMountpointDir() (string, error) { type Mount struct { Mountpoint string + Root string Subsystems []string } @@ -87,11 +90,11 @@ func GetCgroupMounts() ([]Mount, error) { res := []Mount{} for _, mount := range mounts { if mount.Fstype == "cgroup" { - m := Mount{Mountpoint: mount.Mountpoint} + m := Mount{Mountpoint: mount.Mountpoint, Root: mount.Root} for _, opt := range strings.Split(mount.VfsOpts, ",") { - if strings.HasPrefix(opt, "name=") { - m.Subsystems = append(m.Subsystems, opt) + if strings.HasPrefix(opt, cgroupNamePrefix) { + m.Subsystems = append(m.Subsystems, opt[len(cgroupNamePrefix):]) } if allMap[opt] { m.Subsystems = append(m.Subsystems, opt) @@ -186,7 +189,7 @@ func ParseCgroupFile(subsystem string, r io.Reader) (string, error) { parts := strings.Split(text, ":") for _, subs := range strings.Split(parts[1], ",") { - if subs == subsystem { + if subs == subsystem || subs == cgroupNamePrefix+subsystem { return parts[2], nil } } diff --git a/vendor/src/github.com/docker/libcontainer/configs/cgroup.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/cgroup.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/cgroup.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/cgroup.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/config.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/config.go similarity index 97% rename from vendor/src/github.com/docker/libcontainer/configs/config.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/config.go index 04ea91ffd0..83381c84c2 100644 --- a/vendor/src/github.com/docker/libcontainer/configs/config.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/config.go @@ -135,9 +135,9 @@ type Config struct { // so that these files prevent any writes. ReadonlyPaths []string `json:"readonly_paths"` - // SystemProperties is a map of properties and their values. It is the equivalent of using + // Sysctl is a map of properties and their values. It is the equivalent of using // sysctl -w my.property.name value in Linux. - SystemProperties map[string]string `json:"system_properties"` + Sysctl map[string]string `json:"sysctl"` // Seccomp allows actions to be taken whenever a syscall is made within the container. // By default, all syscalls are allowed with actions to allow, trap, kill, or return an errno diff --git a/vendor/src/github.com/docker/libcontainer/configs/config_unix.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/config_unix.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/config_unix.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/config_unix.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/device.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/device.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/device.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/device.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/device_defaults.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/device_defaults.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/device_defaults.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/device_defaults.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/hugepage_limit.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/hugepage_limit.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/hugepage_limit.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/hugepage_limit.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/interface_priority_map.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/interface_priority_map.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/interface_priority_map.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/interface_priority_map.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/mount.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/mount.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/mount.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/mount.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/namespaces.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/namespaces.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/namespaces_syscall.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/namespaces_syscall.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/namespaces_syscall_unsupported.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall_unsupported.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/namespaces_syscall_unsupported.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall_unsupported.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/namespaces_unix.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces_unix.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/namespaces_unix.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces_unix.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/namespaces_windows.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces_windows.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/namespaces_windows.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/namespaces_windows.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/network.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/network.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/configs/network.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/network.go diff --git a/vendor/src/github.com/docker/libcontainer/configs/validate/config.go b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/validate/config.go similarity index 97% rename from vendor/src/github.com/docker/libcontainer/configs/validate/config.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/configs/validate/config.go index 98926dd26e..848a67c343 100644 --- a/vendor/src/github.com/docker/libcontainer/configs/validate/config.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/configs/validate/config.go @@ -5,7 +5,7 @@ import ( "os" "path/filepath" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs" ) type Validator interface { diff --git a/vendor/src/github.com/docker/libcontainer/console.go b/vendor/src/github.com/opencontainers/runc/libcontainer/console.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/console.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/console.go diff --git a/vendor/src/github.com/docker/libcontainer/console_freebsd.go b/vendor/src/github.com/opencontainers/runc/libcontainer/console_freebsd.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/console_freebsd.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/console_freebsd.go diff --git a/vendor/src/github.com/docker/libcontainer/console_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/console_linux.go similarity index 98% rename from vendor/src/github.com/docker/libcontainer/console_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/console_linux.go index e35ac529db..3ac6bfec8c 100644 --- a/vendor/src/github.com/docker/libcontainer/console_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/console_linux.go @@ -7,7 +7,7 @@ import ( "syscall" "unsafe" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/label" ) // newConsole returns an initalized console that can be used within a container by copying bytes diff --git a/vendor/src/github.com/docker/libcontainer/console_windows.go b/vendor/src/github.com/opencontainers/runc/libcontainer/console_windows.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/console_windows.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/console_windows.go diff --git a/vendor/src/github.com/docker/libcontainer/container.go b/vendor/src/github.com/opencontainers/runc/libcontainer/container.go similarity index 98% rename from vendor/src/github.com/docker/libcontainer/container.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/container.go index 17f2f21b5e..567fc68155 100644 --- a/vendor/src/github.com/docker/libcontainer/container.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/container.go @@ -5,7 +5,7 @@ package libcontainer import ( - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs" ) // The status of a container. diff --git a/vendor/src/github.com/docker/libcontainer/container_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go similarity index 98% rename from vendor/src/github.com/docker/libcontainer/container_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go index 215f35d38d..7d9fa71aaf 100644 --- a/vendor/src/github.com/docker/libcontainer/container_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go @@ -14,10 +14,10 @@ import ( "syscall" "github.com/Sirupsen/logrus" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/criurpc" "github.com/golang/protobuf/proto" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/criurpc" ) const stdioFdCount = 3 @@ -344,6 +344,7 @@ func (c *linuxContainer) Checkpoint(criuOpts *CriuOpts) error { LeaveRunning: proto.Bool(criuOpts.LeaveRunning), TcpEstablished: proto.Bool(criuOpts.TcpEstablished), ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), + FileLocks: proto.Bool(criuOpts.FileLocks), } // append optional criu opts, e.g., page-server and port @@ -463,6 +464,7 @@ func (c *linuxContainer) Restore(process *Process, criuOpts *CriuOpts) error { ShellJob: proto.Bool(criuOpts.ShellJob), ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), TcpEstablished: proto.Bool(criuOpts.TcpEstablished), + FileLocks: proto.Bool(criuOpts.FileLocks), }, } for _, m := range c.config.Mounts { diff --git a/vendor/src/github.com/docker/libcontainer/container_nouserns_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/container_nouserns_linux.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/container_nouserns_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/container_nouserns_linux.go diff --git a/vendor/src/github.com/docker/libcontainer/container_userns_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/container_userns_linux.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/container_userns_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/container_userns_linux.go diff --git a/vendor/src/github.com/docker/libcontainer/criu_opts.go b/vendor/src/github.com/opencontainers/runc/libcontainer/criu_opts.go similarity index 91% rename from vendor/src/github.com/docker/libcontainer/criu_opts.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/criu_opts.go index 9e9563e777..bca81672ea 100644 --- a/vendor/src/github.com/docker/libcontainer/criu_opts.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/criu_opts.go @@ -12,5 +12,6 @@ type CriuOpts struct { TcpEstablished bool // checkpoint/restore established TCP connections ExternalUnixConnections bool // allow external unix connections ShellJob bool // allow to dump and restore shell jobs + FileLocks bool // handle file locks, for safety PageServer CriuPageServerInfo // allow to dump to criu page server } diff --git a/vendor/src/github.com/docker/libcontainer/criurpc/Makefile b/vendor/src/github.com/opencontainers/runc/libcontainer/criurpc/Makefile similarity index 100% rename from vendor/src/github.com/docker/libcontainer/criurpc/Makefile rename to vendor/src/github.com/opencontainers/runc/libcontainer/criurpc/Makefile diff --git a/vendor/src/github.com/docker/libcontainer/criurpc/criurpc.pb.go b/vendor/src/github.com/opencontainers/runc/libcontainer/criurpc/criurpc.pb.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/criurpc/criurpc.pb.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/criurpc/criurpc.pb.go diff --git a/vendor/src/github.com/docker/libcontainer/criurpc/criurpc.proto b/vendor/src/github.com/opencontainers/runc/libcontainer/criurpc/criurpc.proto similarity index 100% rename from vendor/src/github.com/docker/libcontainer/criurpc/criurpc.proto rename to vendor/src/github.com/opencontainers/runc/libcontainer/criurpc/criurpc.proto diff --git a/vendor/src/github.com/docker/libcontainer/devices/devices_unix.go b/vendor/src/github.com/opencontainers/runc/libcontainer/devices/devices_unix.go similarity index 97% rename from vendor/src/github.com/docker/libcontainer/devices/devices_unix.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/devices/devices_unix.go index a4df06c3a8..c02b73e3e6 100644 --- a/vendor/src/github.com/docker/libcontainer/devices/devices_unix.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/devices/devices_unix.go @@ -10,7 +10,7 @@ import ( "path/filepath" "syscall" - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs" ) var ( diff --git a/vendor/src/github.com/docker/libcontainer/devices/devices_windows.go b/vendor/src/github.com/opencontainers/runc/libcontainer/devices/devices_windows.go similarity index 84% rename from vendor/src/github.com/docker/libcontainer/devices/devices_windows.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/devices/devices_windows.go index bd477f8c52..b2a9aa34af 100644 --- a/vendor/src/github.com/docker/libcontainer/devices/devices_windows.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/devices/devices_windows.go @@ -1,7 +1,7 @@ package devices import ( - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs" ) // TODO Windows. This can be factored out further - Devices are not supported diff --git a/vendor/src/github.com/docker/libcontainer/devices/number.go b/vendor/src/github.com/opencontainers/runc/libcontainer/devices/number.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/devices/number.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/devices/number.go diff --git a/vendor/src/github.com/docker/libcontainer/error.go b/vendor/src/github.com/opencontainers/runc/libcontainer/error.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/error.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/error.go diff --git a/vendor/src/github.com/docker/libcontainer/factory.go b/vendor/src/github.com/opencontainers/runc/libcontainer/factory.go similarity index 96% rename from vendor/src/github.com/docker/libcontainer/factory.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/factory.go index 2b3ff85d8f..f0ccb52e39 100644 --- a/vendor/src/github.com/docker/libcontainer/factory.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/factory.go @@ -1,7 +1,7 @@ package libcontainer import ( - "github.com/docker/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs" ) type Factory interface { diff --git a/vendor/src/github.com/docker/libcontainer/factory_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go similarity index 94% rename from vendor/src/github.com/docker/libcontainer/factory_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go index 26b351ace6..5eb561f698 100644 --- a/vendor/src/github.com/docker/libcontainer/factory_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go @@ -14,11 +14,11 @@ import ( "syscall" "github.com/docker/docker/pkg/mount" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/cgroups/fs" - "github.com/docker/libcontainer/cgroups/systemd" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/configs/validate" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/cgroups/fs" + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs/validate" ) const ( @@ -26,7 +26,7 @@ const ( ) var ( - idRegex = regexp.MustCompile(`^[\w_]+$`) + idRegex = regexp.MustCompile(`^[\w_-]+$`) maxIdLen = 1024 ) @@ -39,6 +39,12 @@ func InitArgs(args ...string) func(*LinuxFactory) error { if lp, err := exec.LookPath(name); err == nil { name = lp } + } else { + abs, err := filepath.Abs(name) + if err != nil { + return err + } + name = abs } l.InitPath = name l.InitArgs = append([]string{name}, args[1:]...) diff --git a/vendor/src/github.com/docker/libcontainer/generic_error.go b/vendor/src/github.com/opencontainers/runc/libcontainer/generic_error.go similarity index 95% rename from vendor/src/github.com/docker/libcontainer/generic_error.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/generic_error.go index ff4d7248da..6fbc2d75a5 100644 --- a/vendor/src/github.com/docker/libcontainer/generic_error.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/generic_error.go @@ -6,7 +6,7 @@ import ( "text/template" "time" - "github.com/docker/libcontainer/stacktrace" + "github.com/opencontainers/runc/libcontainer/stacktrace" ) var errorTemplate = template.Must(template.New("error").Parse(`Timestamp: {{.Timestamp}} diff --git a/vendor/src/github.com/docker/libcontainer/init_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/init_linux.go similarity index 95% rename from vendor/src/github.com/docker/libcontainer/init_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/init_linux.go index f36e354f2e..a21d1a7e6d 100644 --- a/vendor/src/github.com/docker/libcontainer/init_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/init_linux.go @@ -10,13 +10,13 @@ import ( "syscall" "github.com/Sirupsen/logrus" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/netlink" - "github.com/docker/libcontainer/seccomp" - "github.com/docker/libcontainer/system" - "github.com/docker/libcontainer/user" - "github.com/docker/libcontainer/utils" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/netlink" + "github.com/opencontainers/runc/libcontainer/seccomp" + "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/user" + "github.com/opencontainers/runc/libcontainer/utils" ) type initType string diff --git a/vendor/src/github.com/docker/libcontainer/label/label.go b/vendor/src/github.com/opencontainers/runc/libcontainer/label/label.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/label/label.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/label/label.go diff --git a/vendor/src/github.com/docker/libcontainer/label/label_selinux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/label/label_selinux.go similarity index 98% rename from vendor/src/github.com/docker/libcontainer/label/label_selinux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/label/label_selinux.go index c8fba845f2..886861a3b9 100644 --- a/vendor/src/github.com/docker/libcontainer/label/label_selinux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/label/label_selinux.go @@ -6,7 +6,7 @@ import ( "fmt" "strings" - "github.com/docker/libcontainer/selinux" + "github.com/opencontainers/runc/libcontainer/selinux" ) // InitLabels returns the process label and file labels to be used within diff --git a/vendor/src/github.com/docker/libcontainer/netlink/MAINTAINERS b/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/MAINTAINERS similarity index 100% rename from vendor/src/github.com/docker/libcontainer/netlink/MAINTAINERS rename to vendor/src/github.com/opencontainers/runc/libcontainer/netlink/MAINTAINERS diff --git a/vendor/src/github.com/docker/libcontainer/netlink/netlink.go b/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/netlink/netlink.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink.go diff --git a/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux.go diff --git a/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_armppc64.go b/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go similarity index 71% rename from vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_armppc64.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go index 965e0bfbc7..04135f300b 100644 --- a/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_armppc64.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go @@ -1,4 +1,4 @@ -// +build arm ppc64 ppc64le +// +build arm ppc64 package netlink diff --git a/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_notarm.go b/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go similarity index 68% rename from vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_notarm.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go index 7446279892..62380d6b8e 100644 --- a/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_notarm.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go @@ -1,4 +1,4 @@ -// +build !arm,!ppc64,!ppc64le +// +build !arm,!ppc64 package netlink diff --git a/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go b/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_unsupported.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_unsupported.go diff --git a/vendor/src/github.com/docker/libcontainer/network_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/network_linux.go similarity index 97% rename from vendor/src/github.com/docker/libcontainer/network_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/network_linux.go index b88009ffa3..fc564a0f75 100644 --- a/vendor/src/github.com/docker/libcontainer/network_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/network_linux.go @@ -10,9 +10,9 @@ import ( "strconv" "strings" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/netlink" - "github.com/docker/libcontainer/utils" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/netlink" + "github.com/opencontainers/runc/libcontainer/utils" ) var strategies = map[string]networkStrategy{ diff --git a/vendor/src/github.com/docker/libcontainer/notify_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/notify_linux.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/notify_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/notify_linux.go diff --git a/vendor/src/github.com/docker/libcontainer/nsenter/README.md b/vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/README.md similarity index 100% rename from vendor/src/github.com/docker/libcontainer/nsenter/README.md rename to vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/README.md diff --git a/vendor/src/github.com/docker/libcontainer/nsenter/nsenter.go b/vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsenter.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/nsenter/nsenter.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsenter.go diff --git a/vendor/src/github.com/docker/libcontainer/nsenter/nsenter_gccgo.go b/vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsenter_gccgo.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/nsenter/nsenter_gccgo.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsenter_gccgo.go diff --git a/vendor/src/github.com/docker/libcontainer/nsenter/nsenter_unsupported.go b/vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsenter_unsupported.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/nsenter/nsenter_unsupported.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsenter_unsupported.go diff --git a/vendor/src/github.com/docker/libcontainer/nsenter/nsexec.c b/vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c similarity index 98% rename from vendor/src/github.com/docker/libcontainer/nsenter/nsexec.c rename to vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c index d78e1691c6..cd02d00a0a 100644 --- a/vendor/src/github.com/docker/libcontainer/nsenter/nsexec.c +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c @@ -40,6 +40,9 @@ static int child_func(void *_arg) #if __GLIBC__ == 2 && __GLIBC_MINOR__ < 14 #define _GNU_SOURCE #include "syscall.h" +#if defined(__NR_setns) && !defined(SYS_setns) +#define SYS_setns __NR_setns +#endif #ifdef SYS_setns int setns(int fd, int nstype) { diff --git a/vendor/src/github.com/docker/libcontainer/process.go b/vendor/src/github.com/opencontainers/runc/libcontainer/process.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/process.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/process.go diff --git a/vendor/src/github.com/docker/libcontainer/process_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go similarity index 98% rename from vendor/src/github.com/docker/libcontainer/process_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go index 4a448c2274..ec640f27ae 100644 --- a/vendor/src/github.com/docker/libcontainer/process_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go @@ -12,8 +12,8 @@ import ( "strconv" "syscall" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/system" ) type parentProcess interface { diff --git a/vendor/src/github.com/docker/libcontainer/restored_process.go b/vendor/src/github.com/opencontainers/runc/libcontainer/restored_process.go similarity index 97% rename from vendor/src/github.com/docker/libcontainer/restored_process.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/restored_process.go index 978b1a1d55..89dfa041ea 100644 --- a/vendor/src/github.com/docker/libcontainer/restored_process.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/restored_process.go @@ -6,7 +6,7 @@ import ( "fmt" "os" - "github.com/docker/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/system" ) func newRestoredProcess(pid int, fds []string) (*restoredProcess, error) { diff --git a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/rootfs_linux.go similarity index 96% rename from vendor/src/github.com/docker/libcontainer/rootfs_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/rootfs_linux.go index 0b0c3815cb..a211d8de9d 100644 --- a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/rootfs_linux.go @@ -14,9 +14,9 @@ import ( "time" "github.com/docker/docker/pkg/symlink" - "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/label" ) const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV @@ -180,17 +180,22 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error { if err != nil { return err } + relDir, err := filepath.Rel(mm.Root, dir) + if err != nil { + return err + } binds = append(binds, &configs.Mount{ Device: "bind", - Source: filepath.Join(mm.Mountpoint, dir), + Source: filepath.Join(mm.Mountpoint, relDir), Destination: filepath.Join(m.Destination, strings.Join(mm.Subsystems, ",")), - Flags: syscall.MS_BIND | syscall.MS_REC | syscall.MS_RDONLY, + Flags: syscall.MS_BIND | syscall.MS_REC | m.Flags, }) } tmpfs := &configs.Mount{ + Source: "tmpfs", Device: "tmpfs", Destination: m.Destination, - Flags: syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV, + Flags: defaultMountFlags, } if err := mountToRootfs(tmpfs, rootfs, mountLabel); err != nil { return err diff --git a/vendor/src/github.com/docker/libcontainer/seccomp/bpf.go b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/bpf.go similarity index 97% rename from vendor/src/github.com/docker/libcontainer/seccomp/bpf.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/bpf.go index a4b3bdf7a5..65908ecc8a 100644 --- a/vendor/src/github.com/docker/libcontainer/seccomp/bpf.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/bpf.go @@ -1,3 +1,5 @@ +// +build linux + package seccomp import "strings" diff --git a/vendor/src/github.com/docker/libcontainer/seccomp/context.go b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/context.go similarity index 99% rename from vendor/src/github.com/docker/libcontainer/seccomp/context.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/context.go index c8d4e73144..6d0b7c3c3b 100644 --- a/vendor/src/github.com/docker/libcontainer/seccomp/context.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/context.go @@ -1,3 +1,5 @@ +// +build linux + package seccomp import ( diff --git a/vendor/src/github.com/docker/libcontainer/seccomp/filter.go b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/filter.go similarity index 99% rename from vendor/src/github.com/docker/libcontainer/seccomp/filter.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/filter.go index 370cdf087e..658fbddd4a 100644 --- a/vendor/src/github.com/docker/libcontainer/seccomp/filter.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/filter.go @@ -1,3 +1,5 @@ +// +build linux + package seccomp import ( diff --git a/vendor/src/github.com/docker/libcontainer/seccomp/jump_amd64.go b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/seccomp/jump_amd64.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go diff --git a/vendor/src/github.com/docker/libcontainer/seccomp/seccomp.go b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_unix.go similarity index 99% rename from vendor/src/github.com/docker/libcontainer/seccomp/seccomp.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_unix.go index 78d7d85334..a68a4dcc64 100644 --- a/vendor/src/github.com/docker/libcontainer/seccomp/seccomp.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_unix.go @@ -1,3 +1,5 @@ +// +build linux + // Package seccomp provides native seccomp ( https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt ) support for go. package seccomp diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_unsupported.go b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_unsupported.go new file mode 100644 index 0000000000..821dd57c0a --- /dev/null +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_unsupported.go @@ -0,0 +1,3 @@ +// +build !linux + +package seccomp diff --git a/vendor/src/github.com/docker/libcontainer/selinux/selinux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/selinux/selinux.go similarity index 98% rename from vendor/src/github.com/docker/libcontainer/selinux/selinux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/selinux/selinux.go index 28bc405afc..2771bb50e0 100644 --- a/vendor/src/github.com/docker/libcontainer/selinux/selinux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/selinux/selinux.go @@ -16,7 +16,7 @@ import ( "syscall" "github.com/docker/docker/pkg/mount" - "github.com/docker/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/system" ) const ( @@ -34,7 +34,6 @@ const ( var ( assignRegex = regexp.MustCompile(`^([^=]+)=(.*)$`) - spaceRegex = regexp.MustCompile(`^([^=]+) (.*)$`) mcsList = make(map[string]bool) selinuxfs = "unknown" selinuxEnabled = false // Stores whether selinux is currently enabled @@ -269,10 +268,6 @@ func mcsDelete(mcs string) { mcsList[mcs] = false } -func mcsExists(mcs string) bool { - return mcsList[mcs] -} - func IntToMcs(id int, catRange uint32) string { var ( SETSIZE = int(catRange) diff --git a/vendor/src/github.com/docker/libcontainer/setns_init_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/setns_init_linux.go similarity index 81% rename from vendor/src/github.com/docker/libcontainer/setns_init_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/setns_init_linux.go index f77219d27a..334d3e25cd 100644 --- a/vendor/src/github.com/docker/libcontainer/setns_init_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/setns_init_linux.go @@ -5,9 +5,9 @@ package libcontainer import ( "os" - "github.com/docker/libcontainer/apparmor" - "github.com/docker/libcontainer/label" - "github.com/docker/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/apparmor" + "github.com/opencontainers/runc/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/system" ) // linuxSetnsInit performs the container's initialization for running a new process diff --git a/vendor/src/github.com/docker/libcontainer/stacktrace/capture.go b/vendor/src/github.com/opencontainers/runc/libcontainer/stacktrace/capture.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/stacktrace/capture.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/stacktrace/capture.go diff --git a/vendor/src/github.com/docker/libcontainer/stacktrace/frame.go b/vendor/src/github.com/opencontainers/runc/libcontainer/stacktrace/frame.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/stacktrace/frame.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/stacktrace/frame.go diff --git a/vendor/src/github.com/docker/libcontainer/stacktrace/stacktrace.go b/vendor/src/github.com/opencontainers/runc/libcontainer/stacktrace/stacktrace.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/stacktrace/stacktrace.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/stacktrace/stacktrace.go diff --git a/vendor/src/github.com/docker/libcontainer/standard_init_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/standard_init_linux.go similarity index 90% rename from vendor/src/github.com/docker/libcontainer/standard_init_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/standard_init_linux.go index 445c1fa29c..b399aa5d1f 100644 --- a/vendor/src/github.com/docker/libcontainer/standard_init_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/standard_init_linux.go @@ -6,10 +6,10 @@ import ( "os" "syscall" - "github.com/docker/libcontainer/apparmor" - "github.com/docker/libcontainer/configs" - "github.com/docker/libcontainer/label" - "github.com/docker/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/apparmor" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/label" + "github.com/opencontainers/runc/libcontainer/system" ) type linuxStandardInit struct { @@ -65,7 +65,7 @@ func (l *linuxStandardInit) Init() error { return err } - for key, value := range l.config.Config.SystemProperties { + for key, value := range l.config.Config.Sysctl { if err := writeSystemProperty(key, value); err != nil { return err } diff --git a/vendor/src/github.com/docker/libcontainer/stats.go b/vendor/src/github.com/opencontainers/runc/libcontainer/stats.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/stats.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/stats.go diff --git a/vendor/src/github.com/docker/libcontainer/stats_freebsd.go b/vendor/src/github.com/opencontainers/runc/libcontainer/stats_freebsd.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/stats_freebsd.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/stats_freebsd.go diff --git a/vendor/src/github.com/docker/libcontainer/stats_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/stats_linux.go similarity index 63% rename from vendor/src/github.com/docker/libcontainer/stats_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/stats_linux.go index 8ce96978cb..c629dc67de 100644 --- a/vendor/src/github.com/docker/libcontainer/stats_linux.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/stats_linux.go @@ -1,6 +1,6 @@ package libcontainer -import "github.com/docker/libcontainer/cgroups" +import "github.com/opencontainers/runc/libcontainer/cgroups" type Stats struct { Interfaces []*NetworkInterface diff --git a/vendor/src/github.com/docker/libcontainer/stats_windows.go b/vendor/src/github.com/opencontainers/runc/libcontainer/stats_windows.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/stats_windows.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/stats_windows.go diff --git a/vendor/src/github.com/docker/libcontainer/system/linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/linux.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/system/linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/linux.go diff --git a/vendor/src/github.com/docker/libcontainer/system/proc.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/proc.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/system/proc.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/proc.go diff --git a/vendor/src/github.com/docker/libcontainer/system/setns_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/setns_linux.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/system/setns_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/setns_linux.go diff --git a/vendor/src/github.com/docker/libcontainer/system/syscall_linux_386.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/syscall_linux_386.go similarity index 99% rename from vendor/src/github.com/docker/libcontainer/system/syscall_linux_386.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/syscall_linux_386.go index 2fcbf21309..c990065189 100644 --- a/vendor/src/github.com/docker/libcontainer/system/syscall_linux_386.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/system/syscall_linux_386.go @@ -1,4 +1,5 @@ // +build linux,386 + package system import ( diff --git a/vendor/src/github.com/docker/libcontainer/system/syscall_linux_64.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/syscall_linux_64.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/system/syscall_linux_64.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/syscall_linux_64.go diff --git a/vendor/src/github.com/docker/libcontainer/system/syscall_linux_arm.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/syscall_linux_arm.go similarity index 99% rename from vendor/src/github.com/docker/libcontainer/system/syscall_linux_arm.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/syscall_linux_arm.go index 7d8cda9d00..3f780f312b 100644 --- a/vendor/src/github.com/docker/libcontainer/system/syscall_linux_arm.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/system/syscall_linux_arm.go @@ -1,4 +1,5 @@ // +build linux,arm + package system import ( diff --git a/vendor/src/github.com/docker/libcontainer/system/sysconfig.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/sysconfig.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/system/sysconfig.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/sysconfig.go diff --git a/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/sysconfig_notcgo.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/sysconfig_notcgo.go diff --git a/vendor/src/github.com/docker/libcontainer/system/xattrs_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/system/xattrs_linux.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/system/xattrs_linux.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/system/xattrs_linux.go diff --git a/vendor/src/github.com/docker/libcontainer/user/MAINTAINERS b/vendor/src/github.com/opencontainers/runc/libcontainer/user/MAINTAINERS similarity index 100% rename from vendor/src/github.com/docker/libcontainer/user/MAINTAINERS rename to vendor/src/github.com/opencontainers/runc/libcontainer/user/MAINTAINERS diff --git a/vendor/src/github.com/docker/libcontainer/user/lookup.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/user/lookup.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup.go diff --git a/vendor/src/github.com/docker/libcontainer/user/lookup_unix.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/user/lookup_unix.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go diff --git a/vendor/src/github.com/docker/libcontainer/user/lookup_unsupported.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup_unsupported.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/user/lookup_unsupported.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/user/lookup_unsupported.go diff --git a/vendor/src/github.com/docker/libcontainer/user/user.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go similarity index 93% rename from vendor/src/github.com/docker/libcontainer/user/user.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go index 13226dbfa7..964e31bfd4 100644 --- a/vendor/src/github.com/docker/libcontainer/user/user.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go @@ -349,17 +349,12 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) ( return user, nil } -// GetAdditionalGroupsPath looks up a list of groups by name or group id -// against the group file. If a group name cannot be found, an error will be -// returned. If a group id cannot be found, it will be returned as-is. -func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int, error) { - groupReader, err := os.Open(groupPath) - if err != nil { - return nil, fmt.Errorf("Failed to open group file: %v", err) - } - defer groupReader.Close() - - groups, err := ParseGroupFilter(groupReader, func(g Group) bool { +// GetAdditionalGroups looks up a list of groups by name or group id against +// against the given /etc/group formatted data. If a group name cannot be found, +// an error will be returned. If a group id cannot be found, it will be returned +// as-is. +func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, error) { + groups, err := ParseGroupFilter(group, func(g Group) bool { for _, ag := range additionalGroups { if g.Name == ag || strconv.Itoa(g.Gid) == ag { return true @@ -405,3 +400,14 @@ func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int } return gids, nil } + +// Wrapper around GetAdditionalGroups that opens the groupPath given and gives +// it as an argument to GetAdditionalGroups. +func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int, error) { + group, err := os.Open(groupPath) + if err != nil { + return nil, fmt.Errorf("Failed to open group file: %v", err) + } + defer group.Close() + return GetAdditionalGroups(additionalGroups, group) +} diff --git a/vendor/src/github.com/docker/libcontainer/utils/utils.go b/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go similarity index 61% rename from vendor/src/github.com/docker/libcontainer/utils/utils.go rename to vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go index 26a0fb7d09..266836f55f 100644 --- a/vendor/src/github.com/docker/libcontainer/utils/utils.go +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go @@ -4,9 +4,7 @@ import ( "crypto/rand" "encoding/hex" "io" - "io/ioutil" "path/filepath" - "strconv" "syscall" ) @@ -37,30 +35,6 @@ func ResolveRootfs(uncleanRootfs string) (string, error) { return filepath.EvalSymlinks(rootfs) } -func CloseExecFrom(minFd int) error { - fdList, err := ioutil.ReadDir("/proc/self/fd") - if err != nil { - return err - } - for _, fi := range fdList { - fd, err := strconv.Atoi(fi.Name()) - if err != nil { - // ignore non-numeric file names - continue - } - - if fd < minFd { - // ignore descriptors lower than our specified minimum - continue - } - - // intentionally ignore errors from syscall.CloseOnExec - syscall.CloseOnExec(fd) - // the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall) - } - return nil -} - // ExitStatus returns the correct exit status for a process based on if it // was signaled or existed cleanly. func ExitStatus(status syscall.WaitStatus) int { diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils_unix.go b/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils_unix.go new file mode 100644 index 0000000000..408918f27d --- /dev/null +++ b/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils_unix.go @@ -0,0 +1,33 @@ +// +build !windows + +package utils + +import ( + "io/ioutil" + "strconv" + "syscall" +) + +func CloseExecFrom(minFd int) error { + fdList, err := ioutil.ReadDir("/proc/self/fd") + if err != nil { + return err + } + for _, fi := range fdList { + fd, err := strconv.Atoi(fi.Name()) + if err != nil { + // ignore non-numeric file names + continue + } + + if fd < minFd { + // ignore descriptors lower than our specified minimum + continue + } + + // intentionally ignore errors from syscall.CloseOnExec + syscall.CloseOnExec(fd) + // the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall) + } + return nil +}