diff --git a/.gitignore b/.gitignore index daead67..26a1112 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/runc-aea4f21.tar.gz +SOURCES/runc-1d3ab6d.tar.gz diff --git a/.runc.metadata b/.runc.metadata index 2300756..8381c08 100644 --- a/.runc.metadata +++ b/.runc.metadata @@ -1 +1 @@ -7de652a014b59b797b937e8540e53971add71cbc SOURCES/runc-aea4f21.tar.gz +8749df85670607ff9eaa079d7974ad8dd6e84496 SOURCES/runc-1d3ab6d.tar.gz diff --git a/SOURCES/0001-Revert-Apply-cgroups-earlier.patch b/SOURCES/0001-Revert-Apply-cgroups-earlier.patch new file mode 100644 index 0000000..4ad310a --- /dev/null +++ b/SOURCES/0001-Revert-Apply-cgroups-earlier.patch @@ -0,0 +1,62 @@ +From dfb3496c174377b860b62872ce6af951364cc3ac Mon Sep 17 00:00:00 2001 +From: Lokesh Mandvekar +Date: Tue, 12 Dec 2017 13:22:42 +0530 +Subject: [PATCH] Revert "Apply cgroups earlier" + +This reverts commit 7062c7556b71188abc18d7516441ff4b03fbc1fc. +--- + libcontainer/process_linux.go | 31 ++++++++++++++----------------- + 1 file changed, 14 insertions(+), 17 deletions(-) + +diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go +index 149b1126..b8a395af 100644 +--- a/libcontainer/process_linux.go ++++ b/libcontainer/process_linux.go +@@ -272,6 +272,20 @@ func (p *initProcess) start() error { + p.process.ops = nil + return newSystemErrorWithCause(err, "starting init process command") + } ++ if _, err := io.Copy(p.parentPipe, p.bootstrapData); err != nil { ++ return newSystemErrorWithCause(err, "copying bootstrap data to pipe") ++ } ++ if err := p.execSetns(); err != nil { ++ return newSystemErrorWithCause(err, "running exec setns process for init") ++ } ++ // Save the standard descriptor names before the container process ++ // can potentially move them (e.g., via dup2()). If we don't do this now, ++ // we won't know at checkpoint time which file descriptor to look up. ++ fds, err := getPipeFds(p.pid()) ++ if err != nil { ++ return newSystemErrorWithCausef(err, "getting pipe fds for pid %d", p.pid()) ++ } ++ p.setExternalDescriptors(fds) + // Do this before syncing with child so that no children can escape the + // cgroup. We don't need to worry about not doing this and not being root + // because we'd be using the rootless cgroup manager in that case. +@@ -292,23 +306,6 @@ func (p *initProcess) start() error { + } + } + }() +- +- if _, err := io.Copy(p.parentPipe, p.bootstrapData); err != nil { +- return newSystemErrorWithCause(err, "copying bootstrap data to pipe") +- } +- +- if err := p.execSetns(); err != nil { +- return newSystemErrorWithCause(err, "running exec setns process for init") +- } +- +- // Save the standard descriptor names before the container process +- // can potentially move them (e.g., via dup2()). If we don't do this now, +- // we won't know at checkpoint time which file descriptor to look up. +- fds, err := getPipeFds(p.pid()) +- if err != nil { +- return newSystemErrorWithCausef(err, "getting pipe fds for pid %d", p.pid()) +- } +- p.setExternalDescriptors(fds) + if err := p.createNetworkInterfaces(); err != nil { + return newSystemErrorWithCause(err, "creating network interfaces") + } +-- +2.14.3 + diff --git a/SOURCES/change-default-root.patch b/SOURCES/change-default-root.patch index 6ae9207..733522d 100644 --- a/SOURCES/change-default-root.patch +++ b/SOURCES/change-default-root.patch @@ -1,22 +1,8 @@ -From e8008604cb0a1921ab416302265ed50d504696f5 Mon Sep 17 00:00:00 2001 -From: Mrunal Patel -Date: Wed, 5 Apr 2017 07:46:28 -0700 -Subject: [PATCH] Change the default --root to /run/runc-ctrs - -This avoids the unmarshalling issues with older docker-runc -Signed-off-by: Mrunal Patel ---- - list.go | 2 +- - main.go | 2 +- - man/runc-list.8.md | 2 +- - man/runc.8.md | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - diff --git a/list.go b/list.go -index c7550a2..75ee2fc 100644 +index 0313d8c..328798b 100644 --- a/list.go +++ b/list.go -@@ -46,7 +46,7 @@ var listCommand = cli.Command{ +@@ -50,7 +50,7 @@ var listCommand = cli.Command{ ArgsUsage: ` Where the given root is specified via the global option "--root" @@ -26,18 +12,23 @@ index c7550a2..75ee2fc 100644 EXAMPLE 1: To list containers created via the default "--root": diff --git a/main.go b/main.go -index 1cb8f4d..0b34488 100644 +index 4642335..d58ccb4 100644 --- a/main.go +++ b/main.go -@@ -77,7 +77,7 @@ func main() { - }, - cli.StringFlag{ - Name: "root", -- Value: "/run/runc", -+ Value: "/run/runc-ctrs", - Usage: "root directory for storage of container state (this should be located in tmpfs)", - }, - cli.StringFlag{ +@@ -62,11 +62,11 @@ func main() { + v = append(v, fmt.Sprintf("spec: %s", specs.Version)) + app.Version = strings.Join(v, "\n") + +- root := "/run/runc" ++ root := "/run/runc-ctrs" + if os.Geteuid() != 0 { + runtimeDir := os.Getenv("XDG_RUNTIME_DIR") + if runtimeDir != "" { +- root = runtimeDir + "/runc" ++ root = runtimeDir + "/runc-ctrs" + } + } + diff --git a/man/runc-list.8.md b/man/runc-list.8.md index f737424..107220e 100644 --- a/man/runc-list.8.md @@ -52,15 +43,15 @@ index f737424..107220e 100644 To list containers created via the default "--root": # runc list diff --git a/man/runc.8.md b/man/runc.8.md -index b5a8c54..c3a07fb 100644 +index 6c6d7a5..786a215 100644 --- a/man/runc.8.md +++ b/man/runc.8.md @@ -50,7 +50,7 @@ value for "bundle" is the current directory. --debug enable debug output for logging --log value set the log file path where internal debug information is written (default: "/dev/null") --log-format value set the format used by logs ('text' (default), or 'json') (default: "text") -- --root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc") -+ --root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc-ctrs") +- --root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc" or $XDG_RUNTIME_DIR/runc for rootless containers) ++ --root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc-ctrs" or $XDG_RUNTIME_DIR/runc-ctrs for rootless containers) --criu value path to the criu binary used for checkpoint and restore (default: "criu") --systemd-cgroup enable systemd cgroup support, expects cgroupsPath to be of form "slice:prefix:name" for e.g. "system.slice:runc:434234" --help, -h show help diff --git a/SPECS/runc.spec b/SPECS/runc.spec index b884acf..0081a49 100644 --- a/SPECS/runc.spec +++ b/SPECS/runc.spec @@ -30,18 +30,19 @@ %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} %global git0 https://github.com/opencontainers/runc -%global commit0 aea4f21eec795d9f5b7c7d514f568c08d58b8e58 +%global commit0 1d3ab6d668952a23498256dd385bec37f8f9fa04 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: %{repo} Version: 1.0.0 -Release: 21.rc4.dev.git%{shortcommit0}%{?dist} +Release: 23.rc4.dev.git%{shortcommit0}%{?dist} Summary: CLI for running Open Containers License: ASL 2.0 URL: http//%{provider_prefix} Source0: %{git0}/archive/%{commit0}/%{repo}-%{shortcommit0}.tar.gz Source1: 99-containers.conf Patch0: change-default-root.patch +Patch1: 0001-Revert-Apply-cgroups-earlier.patch Requires: criu Requires(pre): container-selinux >= 2:2.2-2 @@ -285,6 +286,14 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath} %endif %changelog +* Tue Dec 12 2017 Lokesh Mandvekar - 1.0.0-23.rc4.git1d3ab6d +- Resolves: #1524654 + +* Sun Dec 10 2017 Dan Walsh - 1.0.0-22.rc4.git1d3ab6d +- Many Stability fixes +- Many fixes for rootless containers +- Many fixes for static builds + * Thu Nov 09 2017 Lokesh Mandvekar - 1.0.0-21.rc4.dev.gitaea4f21 - enable debuginfo and include -buildmode=pie for go build