Update api branch with master changes

MAINTAINERS

@@ -3,4 +3,5 @@ Rohit Jnagal <[email protected]> (@rjnagal)
 Victor Marmol <[email protected]> (@vmarmol)
 Mrunal Patel <[email protected]> (@mrunalp)
 Alexandr Morozov <[email protected]> (@LK4D4)
+Daniel, Dao Quang Minh <[email protected]> (@dqminh)
 update-vendor.sh: Tianon Gravi <[email protected]> (@tianon)

Makefile

@@ -12,7 +12,6 @@ sh:
 GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune -o -wholename ./.git -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u)
 
 direct-test:
-	go get github.com/golang/glog &&		\
 	go test $(TEST_TAGS) -cover -v $(GO_PACKAGES)
 
 direct-test-short:

apparmor/apparmor.go

@@ -24,7 +24,6 @@ func ApplyProfile(name string) error {
 	if name == "" {
 		return nil
 	}
-
 	cName := C.CString(name)
 	defer C.free(unsafe.Pointer(cName))
 

cgroups/fs/apply_raw.go

@@ -1,11 +1,11 @@
 package fs
 
 import (
-	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
+	"sync"
 
 	"github.com/docker/libcontainer/cgroups"
 	"github.com/docker/libcontainer/configs"
@@ -40,20 +40,31 @@ type Manager struct {
 }
 
 // The absolute path to the root of the cgroup hierarchies.
+var cgroupRootLock sync.Mutex
 var cgroupRoot string
 
-// TODO(vmarmol): Report error here, we'll probably need to wait for the new API.
-func init() {
+// Gets the cgroupRoot.
+func getCgroupRoot() (string, error) {
+	cgroupRootLock.Lock()
+	defer cgroupRootLock.Unlock()
+
+	if cgroupRoot != "" {
+		return cgroupRoot, nil
+	}
+
 	// we can pick any subsystem to find the root
 	cpuRoot, err := cgroups.FindCgroupMountpoint("cpu")
 	if err != nil {
-		return
+		return "", err
 	}
-	cgroupRoot = filepath.Dir(cpuRoot)
+	root := filepath.Dir(cpuRoot)
 
-	if _, err := os.Stat(cgroupRoot); err != nil {
-		return
+	if _, err := os.Stat(root); err != nil {
+		return "", err
 	}
+
+	cgroupRoot = root
+	return cgroupRoot, nil
 }
 
 type data struct {
@@ -172,8 +183,9 @@ func (m *Manager) GetPids() ([]int, error) {
 }
 
 func getCgroupData(c *configs.Cgroup, pid int) (*data, error) {
-	if cgroupRoot == "" {
-		return nil, fmt.Errorf("failed to find the cgroup root")
+	root, err := getCgroupRoot()
+	if err != nil {
+		return nil, err
 	}
 
 	cgroup := c.Name
@@ -182,7 +194,7 @@ func getCgroupData(c *configs.Cgroup, pid int) (*data, error) {
 	}
 
 	return &data{
-		root:   cgroupRoot,
+		root:   root,
 		cgroup: cgroup,
 		c:      c,
 		pid:    pid,

cgroups/systemd/apply_systemd.go

@@ -30,9 +30,10 @@ type subsystem interface {
 }
 
 var (
-	connLock              sync.Mutex
-	theConn               *systemd.Conn
-	hasStartTransientUnit bool
+	connLock                        sync.Mutex
+	theConn                         *systemd.Conn
+	hasStartTransientUnit           bool
+	hasTransientDefaultDependencies bool
 )
 
 func newProp(name string, units interface{}) systemd.Property {
@@ -66,6 +67,18 @@ func UseSystemd() bool {
 			if dbusError, ok := err.(dbus.Error); ok {
 				if dbusError.Name == "org.freedesktop.DBus.Error.UnknownMethod" {
 					hasStartTransientUnit = false
+					return hasStartTransientUnit
+				}
+			}
+		}
+
+		// Assume StartTransientUnit on a scope allows DefaultDependencies
+		hasTransientDefaultDependencies = true
+		ddf := newProp("DefaultDependencies", false)
+		if _, err := theConn.StartTransientUnit("docker-systemd-test-default-dependencies.scope", "replace", ddf); err != nil {
+			if dbusError, ok := err.(dbus.Error); ok {
+				if dbusError.Name == "org.freedesktop.DBus.Error.PropertyReadOnly" {
+					hasTransientDefaultDependencies = false
 				}
 			}
 		}
@@ -108,6 +121,11 @@ func (m *Manager) Apply(pid int) error {
 		newProp("CPUAccounting", true),
 		newProp("BlockIOAccounting", true))
 
+	if hasTransientDefaultDependencies {
+		properties = append(properties,
+			newProp("DefaultDependencies", false))
+	}
+
 	if c.Memory != 0 {
 		properties = append(properties,
 			newProp("MemoryLimit", uint64(c.Memory)))
@@ -128,14 +146,12 @@ func (m *Manager) Apply(pid int) error {
 		return err
 	}
 
-	if !c.AllowAllDevices {
-		if err := joinDevices(c, pid); err != nil {
-			return err
-		}
+	if err := joinDevices(c, pid); err != nil {
+		return err
 	}
 
 	// -1 disables memorySwap
-	if c.MemorySwap >= 0 && (c.Memory != 0 || c.MemorySwap > 0) {
+	if c.MemorySwap >= 0 && c.Memory != 0 {
 		if err := joinMemory(c, pid); err != nil {
 			return err
 		}
@@ -290,16 +306,16 @@ func joinDevices(c *configs.Cgroup, pid int) error {
 		return err
 	}
 
-	if err := writeFile(path, "devices.deny", "a"); err != nil {
-		return err
+	if !c.AllowAllDevices {
+		if err := writeFile(path, "devices.deny", "a"); err != nil {
+			return err
+		}
 	}
-
 	for _, dev := range c.AllowedDevices {
 		if err := writeFile(path, "devices.allow", dev.CgroupString()); err != nil {
 			return err
 		}
 	}
-
 	return nil
 }
 

configs/config_test.go

@@ -162,7 +162,7 @@ func TestHostUIDNoUSERNS(t *testing.T) {
 		t.Fatal(err)
 	}
 	if uid != 0 {
-		t.Fatal("expected uid 0 with no USERNS but received %d", uid)
+		t.Fatalf("expected uid 0 with no USERNS but received %d", uid)
 	}
 }
 
@@ -182,7 +182,7 @@ func TestHostUIDWithUSERNS(t *testing.T) {
 		t.Fatal(err)
 	}
 	if uid != 1000 {
-		t.Fatal("expected uid 1000 with no USERNS but received %d", uid)
+		t.Fatalf("expected uid 1000 with no USERNS but received %d", uid)
 	}
 }
 
@@ -195,7 +195,7 @@ func TestHostGIDNoUSERNS(t *testing.T) {
 		t.Fatal(err)
 	}
 	if uid != 0 {
-		t.Fatal("expected gid 0 with no USERNS but received %d", uid)
+		t.Fatalf("expected gid 0 with no USERNS but received %d", uid)
 	}
 }
 
@@ -215,6 +215,6 @@ func TestHostGIDWithUSERNS(t *testing.T) {
 		t.Fatal(err)
 	}
 	if uid != 1000 {
-		t.Fatal("expected gid 1000 with no USERNS but received %d", uid)
+		t.Fatalf("expected gid 1000 with no USERNS but received %d", uid)
 	}
 }

docs/man/nsinit.1.md

@@ -0,0 +1,38 @@
+% nsinit User Manual
+% docker/libcontainer
+% JAN 2015
+
+NAME:
+   nsinit - A low-level utility for managing containers.
+	    It is used to spawn new containers or join existing containers.
+
+USAGE:
+   nsinit [global options] command [command options] [arguments...]
+
+VERSION:
+   0.1
+
+COMMANDS:
+	config	display the container configuration 
+	exec	execute a new command inside a container
+	init	runs the init process inside the namespace
+	oom	display oom notifications for a container
+	pause	pause the container's processes
+	stats	display statistics for the container
+	unpause	unpause the container's processes
+	help, h	shows a list of commands or help for one command
+
+EXAMPLES:
+
+Get the <container_id> of an already running docker container.
+`sudo docker ps` will return the list of all the running containers.
+
+take the <container_id> (e.g. 4addb0b2d307) and go to its config directory
+`/var/lib/docker/execdriver/native/4addb0b2d307` and here you can run the nsinit
+command line utility.
+
+e.g. `nsinit exec /bin/bash` will start a shell on the already running container.
+
+# HISTORY
+Jan 2015, Originally compiled by Shishir Mahajan (shishir dot mahajan at redhat dot com)
+based on nsinit source material and internal work.	

integration/execin_test.go

@@ -0,0 +1,132 @@
+package integration
+
+import (
+	"os"
+	"strings"
+	"syscall"
+	"testing"
+
+	"github.com/docker/libcontainer"
+)
+
+func TestExecIn(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+	rootfs, err := newRootfs()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer remove(rootfs)
+	config := newTemplateConfig(rootfs)
+	container, err := newContainer(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer container.Destroy()
+	buffers := newStdBuffers()
+	process := &libcontainer.Process{
+		Args:   []string{"sleep", "10"},
+		Env:    standardEnvironment,
+		Stdin:  buffers.Stdin,
+		Stdout: buffers.Stdout,
+		Stderr: buffers.Stderr,
+	}
+	pid1, err := container.Start(process)
+	if err != nil {
+		t.Fatal(err)
+	}
+	buffers = newStdBuffers()
+	psPid, err := container.Start(&libcontainer.Process{
+		Args:   []string{"ps"},
+		Env:    standardEnvironment,
+		Stdin:  buffers.Stdin,
+		Stdout: buffers.Stdout,
+		Stderr: buffers.Stderr,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	ps, err := os.FindProcess(psPid)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := ps.Wait(); err != nil {
+		t.Fatal(err)
+	}
+	p, err := os.FindProcess(pid1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := p.Signal(syscall.SIGKILL); err != nil {
+		t.Log(err)
+	}
+	if _, err := p.Wait(); err != nil {
+		t.Log(err)
+	}
+	out := buffers.Stdout.String()
+	if !strings.Contains(out, "sleep 10") || !strings.Contains(out, "ps") {
+		t.Fatalf("unexpected running process, output %q", out)
+	}
+}
+
+func TestExecInRlimit(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+	rootfs, err := newRootfs()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer remove(rootfs)
+	config := newTemplateConfig(rootfs)
+	container, err := newContainer(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer container.Destroy()
+	buffers := newStdBuffers()
+	process := &libcontainer.Process{
+		Args:   []string{"sleep", "10"},
+		Env:    standardEnvironment,
+		Stdin:  buffers.Stdin,
+		Stdout: buffers.Stdout,
+		Stderr: buffers.Stderr,
+	}
+	pid1, err := container.Start(process)
+	if err != nil {
+		t.Fatal(err)
+	}
+	buffers = newStdBuffers()
+	psPid, err := container.Start(&libcontainer.Process{
+		Args:   []string{"/bin/sh", "-c", "ulimit -n"},
+		Env:    standardEnvironment,
+		Stdin:  buffers.Stdin,
+		Stdout: buffers.Stdout,
+		Stderr: buffers.Stderr,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	ps, err := os.FindProcess(psPid)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := ps.Wait(); err != nil {
+		t.Fatal(err)
+	}
+	p, err := os.FindProcess(pid1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := p.Signal(syscall.SIGKILL); err != nil {
+		t.Log(err)
+	}
+	if _, err := p.Wait(); err != nil {
+		t.Log(err)
+	}
+	out := buffers.Stdout.String()
+	if limit := strings.TrimSpace(out); limit != "1024" {
+		t.Fatalf("expected rlimit to be 1024, got %s", limit)
+	}
+}

integration/init_test.go

@@ -21,6 +21,7 @@ func init() {
 	if err != nil {
 		log.Fatalf("unable to initialize for container: %s", err)
 	}
-	factory.StartInitialization(3)
-	os.Exit(1)
+	if err := factory.StartInitialization(3); err != nil {
+		log.Fatal(err)
+	}
 }