| tag | eed568ad481254fd4689ffcf0a5013f27b274b2c | |
|---|---|---|
| tagger | Alexander Morozov <lk4d4@docker.com> | Tue Aug 04 17:36:27 2015 |
| object | 072fa6fdccaba49b11ba91ad4265b1ec1043787e |
This release fixes checkpoint/restore behavior with mounted cgroups. Also it includes various minor features and bugfixes. Full list of changes: * Add signal API to Container interface * Update github.com/opecontainers/specs to 5b31bb2b7771e5074a4eb14eca432da1ca5182d6 * Don't set /proc/<PID>/setgroups to deny in Go1.5 * Add debug message when unable to execute criu * Remove reference to nsinit * Replace dind with smaller script * integration: show criu logs in a error case * tests: dump/restore a container with cgroups * Simplify and fix os.MkdirAll() usage * Change default state directory to /run/oci * Add TESTFLAGS to Makefile targets * Update README.md to correct comment about spec and user * Only add network info if NEWNET is set * Fix files not closed in mountinfo parsing function * signal: Fix leak * test: propagate the error to the caller * Swap check for systemd booted to use go-systemd method * Vendor github.com/coreos/go-systemd/util * Use /proc/self/exe as default for InitPath * Adapt code to go-systemd/dbus v3 * Update github.com/coreos/go-systemd/dbus to v3 * typo: tempory -> temporary * bring the loopback interface up * systemd integration with container runtime for supporting sd_notify protocol * Remount /sys/fs/cgroup as RO if MS_RDONLY was passed in m.Flags * Update maintainers guide * Create symlinks for merged cgroups * ct: give criu informations about cgroup mounts * Fix subsystem path with abs parent * avoid infinite loop with GCCGO
| commit | 072fa6fdccaba49b11ba91ad4265b1ec1043787e | [log] [tgz] |
|---|---|---|
| author | Alexander Morozov <lk4d4math@gmail.com> | Tue Aug 04 15:40:10 2015 |
| committer | Alexander Morozov <lk4d4math@gmail.com> | Tue Aug 04 15:40:10 2015 |
| tree | 621829ffa5d16743f66b8759c00cb35d6d6f85f4 | |
| parent | ce0a33963274c376111c2d522b33e7dff5956004 [diff] | |
| parent | a5ef75b681ea65e71ea6f72abc3eaa39fb7f73df [diff] |
Merge pull request #175 from crosbymichael/container-signal Add signal API to Container interface
runc is a CLI tool for spawning and running containers according to the OCF specification.
Currently runc is an implementation of the OCF specification. We are currently sprinting to have a v1 of the spec out within a quick timeframe of a few weeks, ~July 2015, so the runc config format will be constantly changing until the spec is finalized. However, we encourage you to try out the tool and give feedback.
How does runc integrate with the Open Container Format? runc depends on the types specified in the specs repository. Whenever the specification is updated and ready to be versioned runc will update it's dependency on the specs repository and support the update spec.
# create a 'github.com/opencontainers' in your GOPATH/src cd github.com/opencontainers git clone https://github.com/opencontainers/runc cd runc make sudo make install
To run a container that you received just execute runc with the JSON format as the argument or have a config.json file in the current working directory.
runc / $ ps PID USER COMMAND 1 daemon sh 5 daemon sh / $
Below is a sample config.json configuration file. It assumes that the file-system is found in a directory called rootfs and there is a user named daemon defined within that file-system.
{ "version": "pre-draft", "platform": { "os": "linux", "arch": "amd64" }, "process": { "terminal": true, "user": { "uid": 0, "gid": 0, "additionalGids": null }, "args": [ "sh" ], "env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm" ], "cwd": "" }, "root": { "path": "rootfs", "readonly": true }, "hostname": "shell", "mounts": [ { "type": "proc", "source": "proc", "destination": "/proc", "options": "" }, { "type": "tmpfs", "source": "tmpfs", "destination": "/dev", "options": "nosuid,strictatime,mode=755,size=65536k" }, { "type": "devpts", "source": "devpts", "destination": "/dev/pts", "options": "nosuid,noexec,newinstance,ptmxmode=0666,mode=0620,gid=5" }, { "type": "tmpfs", "source": "shm", "destination": "/dev/shm", "options": "nosuid,noexec,nodev,mode=1777,size=65536k" }, { "type": "mqueue", "source": "mqueue", "destination": "/dev/mqueue", "options": "nosuid,noexec,nodev" }, { "type": "sysfs", "source": "sysfs", "destination": "/sys", "options": "nosuid,noexec,nodev" }, { "type": "cgroup", "source": "cgroup", "destination": "/sys/fs/cgroup", "options": "nosuid,noexec,nodev,relatime,ro" } ], "linux": { "uidMapping": null, "gidMapping": null, "rlimits": null, "systemProperties": null, "resources": { "disableOOMKiller": false, "memory": { "limit": 0, "reservation": 0, "swap": 0, "kernel": 0, "swappiness": -1 }, "cpu": { "shares": 0, "quota": 0, "period": 0, "realtimeRuntime": 0, "realtimePeriod": 0, "cpus": "", "mems": "" }, "blockIO": { "blkioWeight": 0, "blkioWeightDevice": "", "blkioThrottleReadBpsDevice": "", "blkioThrottleWriteBpsDevice": "", "blkioThrottleReadIopsDevice": "", "blkioThrottleWriteIopsDevice": "" }, "hugepageLimits": null, "network": { "classId": "", "priorities": null } }, "namespaces": [ { "type": "process", "path": "" }, { "type": "network", "path": "" }, { "type": "ipc", "path": "" }, { "type": "uts", "path": "" }, { "type": "mount", "path": "" } ], "capabilities": [ "AUDIT_WRITE", "KILL", "NET_BIND_SERVICE" ], "devices": [ "null", "random", "full", "tty", "zero", "urandom" ] } }
To test using Docker's busybox image follow these steps:
docker and download the busybox image: docker pull busyboxdocker export $(docker create busybox) > busybox.tarmkdir rootfs tar -C rootfs -xf busybox.tar
config.json using the example from above. You can also generate a spec using runc spec, redirecting the output into config.jsonrunc and you should be placed into a shell where you can run ps:$ runc
/ # ps
PID USER COMMAND
1 root sh
9 root ps
[Unit] Description=Minecraft Build Server Documentation=http://minecraft.net After=network.target [Service] CPUQuota=200% MemoryLimit=1536M ExecStart=/usr/local/bin/runc Restart=on-failure WorkingDirectory=/containers/minecraftbuild [Install] WantedBy=multi-user.target