| tag | ca5c93d2cb87f023f14668f0f1ef004d234e3f33 | |
|---|---|---|
| tagger | Alexander Morozov <lk4d4@docker.com> | Thu Jul 16 18:18:35 2015 |
| object | 2598484b97994f61781e4f40b9782e0809e4e2c2 |
runc/libcontainer release Most notable changes are about mounting cgroups inside container. Changes(from docker/libcontainer v2.2.1 https://github.com/docker/libcontainer/releases/tag/v2.2.1): * Fix handling name= cgroups * Tests for mounting cgroups * Substract bindmount path from cgroup dir * Add cgroup mount in the recommended config * Correct tmpfs mount for cgroup * Fix error when memory cgroup not mounted * the data type should be int8 for ppc64le * Remove deserialization tests. * Add oom-kill-disable support for systemd * Fixing test step for memory swappiness * Remove sample configs from libcontainer * Rename SystemProperties to Sysctl and make it available in the runc config * Treat -1 as default value for memory swappiness. * Remove apparmor profile generation from libcontainer * Fix build tags * libcontainer: user: update tests for GetAdditionalGroups * libcontainer: user: fix GetAdditionalGroupsPath to match API * Windows: Factor out seccomp * checkpoint/restore commands support 'file-locks' option. * Windows: Factor out CloseExecFrom * Allow hyphen in "id" (based on `cwd` pathname) * libcontainer: gofmt pass * Fix panic in seccomp test on error * Remove nsinit from libcontainer README.md
| commit | 2598484b97994f61781e4f40b9782e0809e4e2c2 | [log] [tgz] |
|---|---|---|
| author | Mrunal Patel <mrunal@me.com> | Thu Jul 16 17:49:13 2015 |
| committer | Mrunal Patel <mrunal@me.com> | Thu Jul 16 17:49:13 2015 |
| tree | 2e93be213ac588f488e230f993757b8afd71fc07 | |
| parent | 48ac2222e55f24344e6a0ae2b81aa645528e9ac9 [diff] | |
| parent | f6eb19c0d5fce32824eefaee5835bdd713a39afe [diff] |
Merge pull request #130 from LK4D4/cgroups_mount_fix Cgroups mount fix
runc is a CLI tool for spawning and running containers according to the OCF specification.
Currently runc is an implementation of the OCF specification. We are currently sprinting to have a v1 of the spec out within a quick timeframe of a few weeks, ~July 2015, so the runc config format will be constantly changing until the spec is finalized. However, we encourage you to try out the tool and give feedback.
How does runc integrate with the Open Container Format? runc depends on the types specified in the specs repository. Whenever the specification is updated and ready to be versioned runc will update it's dependency on the specs repository and support the update spec.
# create a 'github.com/opencontainers' in your GOPATH/src cd github.com/opencontainers git clone https://github.com/opencontainers/runc cd runc make sudo make install
To run a container that you received just execute runc with the JSON format as the argument or have a config.json file in the current working directory.
runc / $ ps PID USER COMMAND 1 daemon sh 5 daemon sh / $
Below is a sample config.json configuration file. It assumes that the file-system is found in a directory called rootfs and there is a user named daemon defined within that file-system.
{ "version": "pre-draft", "platform": { "os": "linux", "arch": "amd64" }, "process": { "terminal": true, "user": { "uid": 0, "gid": 0, "additionalGids": null }, "args": [ "sh" ], "env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm" ], "cwd": "" }, "root": { "path": "rootfs", "readonly": true }, "hostname": "shell", "mounts": [ { "type": "proc", "source": "proc", "destination": "/proc", "options": "" }, { "type": "tmpfs", "source": "tmpfs", "destination": "/dev", "options": "nosuid,strictatime,mode=755,size=65536k" }, { "type": "devpts", "source": "devpts", "destination": "/dev/pts", "options": "nosuid,noexec,newinstance,ptmxmode=0666,mode=0620,gid=5" }, { "type": "tmpfs", "source": "shm", "destination": "/dev/shm", "options": "nosuid,noexec,nodev,mode=1777,size=65536k" }, { "type": "mqueue", "source": "mqueue", "destination": "/dev/mqueue", "options": "nosuid,noexec,nodev" }, { "type": "sysfs", "source": "sysfs", "destination": "/sys", "options": "nosuid,noexec,nodev" }, { "type": "cgroup", "source": "cgroup", "destination": "/sys/fs/cgroup", "options": "nosuid,noexec,nodev,relatime,ro" } ], "linux": { "uidMapping": null, "gidMapping": null, "rlimits": null, "systemProperties": null, "resources": { "disableOOMKiller": false, "memory": { "limit": 0, "reservation": 0, "swap": 0, "kernel": 0, "swappiness": -1 }, "cpu": { "shares": 0, "quota": 0, "period": 0, "realtimeRuntime": 0, "realtimePeriod": 0, "cpus": "", "mems": "" }, "blockIO": { "blkioWeight": 0, "blkioWeightDevice": "", "blkioThrottleReadBpsDevice": "", "blkioThrottleWriteBpsDevice": "", "blkioThrottleReadIopsDevice": "", "blkioThrottleWriteIopsDevice": "" }, "hugepageLimits": null, "network": { "classId": "", "priorities": null } }, "namespaces": [ { "type": "process", "path": "" }, { "type": "network", "path": "" }, { "type": "ipc", "path": "" }, { "type": "uts", "path": "" }, { "type": "mount", "path": "" } ], "capabilities": [ "AUDIT_WRITE", "KILL", "NET_BIND_SERVICE" ], "devices": [ "null", "random", "full", "tty", "zero", "urandom" ] } }
To test using Docker's busybox image follow these steps:
docker and download the busybox image: docker pull busyboxdocker export $(docker create busybox) > busybox.tarmkdir rootfs tar -C rootfs -xf busybox.tar
config.json using the example from above. Modify the user property to be root.runc and you should be placed into a shell where you can run ps:$ runc
/ # ps
PID USER COMMAND
1 root sh
9 root ps
[Unit] Description=Minecraft Build Server Documentation=http://minecraft.net After=network.target [Service] CPUQuota=200% MemoryLimit=1536M ExecStart=/usr/local/bin/runc Restart=on-failure WorkingDirectory=/containers/minecraftbuild [Install] WantedBy=multi-user.target