kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #7109 from crosbymichael/update-libcontainer-july4

Browse source 
Update libcontainer to cf45d141db69ce11dcccac178e5
This commit is contained in:
Victor Vieux 2014-07-18 18:40:34 -07:00
commit ccbaf4bc6e
16 changed files with 80 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hack/vendor.sh
View file

@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
clone git github.com/godbus/dbus v1
clone git github.com/coreos/go-systemd v2
clone git github.com/docker/libcontainer be85764f109c3f0f62cd2a5c8be9af7a599798cf
clone git github.com/docker/libcontainer cf45d141db69ce11dcccac178e5607a385609e15

26
vendor/src/github.com/docker/libcontainer/.travis.yml vendored
View file

@ -1,22 +1,30 @@
language: go
go: 1.3
# let us have pretty experimental Docker-based Travis workers
sudo: false
env:
- TRAVIS_GLOBAL_WTF=1
- GOOS=linux GOARCH=amd64
- GOOS=linux GOARCH=386
- GOOS=linux GOARCH=arm
- GOOS=darwin GOARCH=amd64
- GOOS=darwin GOARCH=386
- GOOS=freebsd GOARCH=amd64
- _GOOS=linux _GOARCH=amd64
# - _GOOS=linux _GOARCH=386 # Travis can't currently do 32bit cgo... (see https://travis-ci.org/tianon/libcontainer/jobs/30126518#L168)
# - _GOOS=linux _GOARCH=arm # see https://github.com/moovweb/gvm/issues/22
install:
- mkdir -pv "${GOPATH%%:*}/src/github.com/docker" && [ -d "${GOPATH%%:*}/src/github.com/docker/libcontainer" ] || ln -sv "$(readlink -f .)" "${GOPATH%%:*}/src/github.com/docker/libcontainer"
- if [ -z "$TRAVIS_GLOBAL_WTF" ]; then
export CGO_ENABLED=1;
gvm cross "$_GOOS" "$_GOARCH";
export GOOS="$_GOOS" GOARCH="$_GOARCH";
fi
- if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go env; fi
- go get -d -v ./...
- go get -d -v github.com/dotcloud/docker # just to be sure
- DOCKER_PATH="${GOPATH%%:*}/src/github.com/dotcloud/docker"
- sed -i 's!dotcloud/docker!docker/libcontainer!' "$DOCKER_PATH/hack/make/.validate"
- if [ "$TRAVIS_GLOBAL_WTF" ]; then
export DOCKER_PATH="${GOPATH%%:*}/src/github.com/dotcloud/docker";
mkdir -p "$DOCKER_PATH/hack/make";
( cd "$DOCKER_PATH/hack/make" && wget -c 'https://raw.githubusercontent.com/dotcloud/docker/master/hack/make/'{.validate,validate-dco,validate-gofmt} );
sed -i 's!dotcloud/docker!docker/libcontainer!' "$DOCKER_PATH/hack/make/.validate";
fi
script:
- if [ "$TRAVIS_GLOBAL_WTF" ]; then bash "$DOCKER_PATH/hack/make/validate-dco"; fi

2
vendor/src/github.com/docker/libcontainer/apparmor/apparmor.go vendored
View file

@ -1,4 +1,4 @@
// +build apparmor,linux,amd64
// +build apparmor,linux
package apparmor

2
vendor/src/github.com/docker/libcontainer/apparmor/apparmor_disabled.go vendored
View file

@ -1,4 +1,4 @@
// +build !apparmor !linux !amd64
// +build !apparmor !linux
package apparmor

8
vendor/src/github.com/docker/libcontainer/container.go vendored
View file

@ -21,6 +21,14 @@ type Container interface {
// Returns the current config of the container.
Config() *Config
// Start a process inside the container. Returns the PID of the new process (in the caller process's namespace) and a channel that will return the exit status of the process whenever it dies.
//
// Errors: container no longer exists,
// config is invalid,
// container is paused,
// system error.
Start(*ProcessConfig) (pid int, exitChan chan int, err error)
// Destroys the container after killing all running processes.
//
// Any event registrations are removed before the container is destroyed.

17
vendor/src/github.com/docker/libcontainer/mount/init.go vendored
View file

@ -26,7 +26,7 @@ type mount struct {
// InitializeMountNamespace sets up the devices, mount points, and filesystems for use inside a
// new mount namespace.
func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig) error {
func InitializeMountNamespace(rootfs, console string, sysReadonly bool, mountConfig *MountConfig) error {
var (
err error
flag = syscall.MS_PRIVATE
@ -40,7 +40,7 @@ func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig)
if err := syscall.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {
return fmt.Errorf("mouting %s as bind %s", rootfs, err)
}
if err := mountSystem(rootfs, mountConfig); err != nil {
if err := mountSystem(rootfs, sysReadonly, mountConfig); err != nil {
return fmt.Errorf("mount system %s", err)
}
if err := setupBindmounts(rootfs, mountConfig); err != nil {
@ -81,8 +81,8 @@ func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig)
// mountSystem sets up linux specific system mounts like sys, proc, shm, and devpts
// inside the mount namespace
func mountSystem(rootfs string, mountConfig *MountConfig) error {
for _, m := range newSystemMounts(rootfs, mountConfig.MountLabel, mountConfig.Mounts) {
func mountSystem(rootfs string, sysReadonly bool, mountConfig *MountConfig) error {
for _, m := range newSystemMounts(rootfs, mountConfig.MountLabel, sysReadonly, mountConfig.Mounts) {
if err := os.MkdirAll(m.path, 0755); err != nil && !os.IsExist(err) {
return fmt.Errorf("mkdirall %s %s", m.path, err)
}
@ -192,14 +192,19 @@ func setupBindmounts(rootfs string, mountConfig *MountConfig) error {
// TODO: this is crappy right now and should be cleaned up with a better way of handling system and
// standard bind mounts allowing them to be more dynamic
func newSystemMounts(rootfs, mountLabel string, mounts Mounts) []mount {
func newSystemMounts(rootfs, mountLabel string, sysReadonly bool, mounts Mounts) []mount {
systemMounts := []mount{
{source: "proc", path: filepath.Join(rootfs, "proc"), device: "proc", flags: defaultMountFlags},
{source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags},
{source: "tmpfs", path: filepath.Join(rootfs, "dev"), device: "tmpfs", flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, data: label.FormatMountLabel("mode=755", mountLabel)},
{source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1777,size=65536k", mountLabel)},
{source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)},
}
sysMountFlags := defaultMountFlags
if sysReadonly {
sysMountFlags |= syscall.MS_RDONLY
}
systemMounts = append(systemMounts, mount{source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: sysMountFlags})
return systemMounts
}

3
vendor/src/github.com/docker/libcontainer/namespaces/init.go vendored
View file

@ -76,6 +76,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
if err := mount.InitializeMountNamespace(rootfs,
consolePath,
container.RestrictSys,
(*mount.MountConfig)(container.MountConfig)); err != nil {
return fmt.Errorf("setup mount namespace %s", err)
}
@ -98,7 +99,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
// TODO: (crosbymichael) make this configurable at the Config level
if container.RestrictSys {
if err := restrict.Restrict("proc/sys", "proc/sysrq-trigger", "proc/irq", "proc/bus", "sys"); err != nil {
if err := restrict.Restrict("proc/sys", "proc/sysrq-trigger", "proc/irq", "proc/bus"); err != nil {
return err
}
}

5
vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go vendored
View file

@ -1,11 +1,8 @@
// +build amd64
package netlink
import (
"encoding/binary"
"fmt"
"math/rand"
"net"
"sync/atomic"
"syscall"
@ -951,7 +948,7 @@ func setBridgeMacAddress(s int, name string) error {
copy(ifr.IfrnName[:], name)
for i := 0; i < 6; i++ {
ifr.IfruHwaddr.Data[i] = int8(rand.Intn(255))
ifr.IfruHwaddr.Data[i] = randIfrDataByte()
}
ifr.IfruHwaddr.Data[0] &^= 0x1 // clear multicast bit

9
vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_arm.go vendored Normal file
View file

@ -0,0 +1,9 @@
package netlink
import (
"math/rand"
)
func randIfrDataByte() uint8 {
return uint8(rand.Intn(255))
}

11
vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_notarm.go vendored Normal file
View file

@ -0,0 +1,11 @@
// +build !arm
package netlink
import (
"math/rand"
)
func randIfrDataByte() int8 {
return int8(rand.Intn(255))
}

2
vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go vendored
View file

@ -1,4 +1,4 @@
// +build !linux !amd64
// +build !linux
package netlink

2
vendor/src/github.com/docker/libcontainer/selinux/selinux.go vendored
View file

@ -1,3 +1,5 @@
// +build linux
package selinux
import (

5
vendor/src/github.com/docker/libcontainer/selinux/selinux_test.go vendored
View file

@ -1,9 +1,12 @@
// +build linux
package selinux_test
import (
"github.com/docker/libcontainer/selinux"
"os"
"testing"
"github.com/docker/libcontainer/selinux"
)
func testSetfilecon(t *testing.T) {

2
vendor/src/github.com/docker/libcontainer/system/setns_linux.go vendored
View file

@ -11,7 +11,9 @@ import (
// We need different setns values for the different platforms and arch
// We are declaring the macro here because the SETNS syscall does not exist in th stdlib
var setNsMap = map[string]uintptr{
"linux/386": 346,
"linux/amd64": 308,
"linux/arm": 374,
}
func Setns(fd uintptr, flags uintptr) error {

3
vendor/src/github.com/docker/libcontainer/system/sysconfig.go vendored
View file

@ -4,10 +4,9 @@ package system
/*
#include <unistd.h>
int get_hz(void) { return sysconf(_SC_CLK_TCK); }
*/
import "C"
func GetClockTicks() int {
return int(C.get_hz())
return int(C.sysconf(C._SC_CLK_TCK))
}

8
vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go vendored Normal file
View file

@ -0,0 +1,8 @@
// +build linux,!cgo
package system
func GetClockTicks() int {
// TODO figure out a better alternative for platforms where we're missing cgo
return 100
}