Commit 81ca5995 authored by Shengjing Zhu's avatar Shengjing Zhu

New upstream version 0.0~git20190226.7d11b49

parent be8051d3
language: go
go:
- 1.7.x
- tip
install:
- go get -t ./...
- go get -u github.com/vbatts/git-validation
- go get -u github.com/kunalkushwaha/ltag
before_script:
- pushd ..; git clone https://github.com/containerd/project; popd
script:
- DCO_VERBOSITY=-q ../project/script/validate/dco
- ../project/script/validate/fileheader ../project/
- go test -v -race -covermode=atomic -coverprofile=coverage.txt ./...
after_success:
- bash <(curl -s https://codecov.io/bash)
# go-runc
[![Build Status](https://travis-ci.org/containerd/go-runc.svg?branch=master)](https://travis-ci.org/containerd/go-runc)
[![codecov](https://codecov.io/gh/containerd/go-runc/branch/master/graph/badge.svg)](https://codecov.io/gh/containerd/go-runc)
This is a package for consuming the [runc](https://github.com/opencontainers/runc) binary in your Go applications.
It tries to expose all the settings and features of the runc CLI. If there is something missing then add it, its opensource!
......@@ -12,3 +12,14 @@ or greater.
## Docs
Docs can be found at [godoc.org](https://godoc.org/github.com/containerd/go-runc).
## Project details
The go-runc is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
As a containerd sub-project, you will find the:
* [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
* [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
* and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
information in our [`containerd/project`](https://github.com/containerd/project) repository.
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import (
"context"
"os"
"os/exec"
"syscall"
)
......@@ -15,6 +32,7 @@ func (r *Runc) command(context context.Context, args ...string) *exec.Cmd {
cmd.SysProcAttr = &syscall.SysProcAttr{
Setpgid: r.Setpgid,
}
cmd.Env = os.Environ()
if r.PdeathSignal != 0 {
cmd.SysProcAttr.Pdeathsig = r.PdeathSignal
}
......
// +build !linux
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import (
"context"
"os"
"os/exec"
)
......@@ -12,5 +29,7 @@ func (r *Runc) command(context context.Context, args ...string) *exec.Cmd {
if command == "" {
command = DefaultCommand
}
return exec.CommandContext(context, command, append(r.args(), args...)...)
cmd := exec.CommandContext(context, command, append(r.args(), args...)...)
cmd.Env = os.Environ()
return cmd
}
// +build !windows
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import (
......@@ -27,14 +45,15 @@ func NewConsoleSocket(path string) (*Socket, error) {
return nil, err
}
return &Socket{
l: l,
l: l,
}, nil
}
// NewTempConsoleSocket returns a temp console socket for use with a container
// On Close(), the socket is deleted
func NewTempConsoleSocket() (*Socket, error) {
dir, err := ioutil.TempDir("", "pty")
runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
dir, err := ioutil.TempDir(runtimeDir, "pty")
if err != nil {
return nil, err
}
......@@ -50,6 +69,11 @@ func NewTempConsoleSocket() (*Socket, error) {
if err != nil {
return nil, err
}
if runtimeDir != "" {
if err := os.Chmod(abs, 0755|os.ModeSticky); err != nil {
return nil, err
}
}
return &Socket{
l: l,
rmdir: true,
......
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import (
"errors"
"os"
"testing"
)
func TestTempConsole(t *testing.T) {
if err := os.Setenv("XDG_RUNTIME_DIR", ""); err != nil {
t.Fatalf("failed to clear the XDG_RUNTIME_DIR env: %v", err)
}
c, path := testSocketWithCorrectStickyBitMode(t, 0)
ensureSocketCleanup(t, c, path)
}
func TestTempConsoleWithXdgRuntimeDir(t *testing.T) {
tmpDir := "/tmp/foo"
if err := os.Setenv("XDG_RUNTIME_DIR", tmpDir); err != nil {
t.Fatal(err)
}
if err := os.MkdirAll(tmpDir, 0755); err != nil {
t.Fatal(err)
}
c, path := testSocketWithCorrectStickyBitMode(t, os.ModeSticky)
ensureSocketCleanup(t, c, path)
if err := os.RemoveAll(tmpDir); err != nil {
t.Fatal(err)
}
}
func testSocketWithCorrectStickyBitMode(t *testing.T, expectedMode os.FileMode) (*Socket, string) {
c, err := NewTempConsoleSocket()
if err != nil {
t.Fatal(err)
}
path := c.Path()
if _, err := os.Stat(path); err != nil {
info, err := os.Stat(path)
if err != nil {
t.Fatal(err)
}
if (info.Mode() & os.ModeSticky) != expectedMode {
t.Fatal(errors.New("socket has incorrect mode"))
}
return c, path
}
func ensureSocketCleanup(t *testing.T, c *Socket, path string) {
if err := c.Close(); err != nil {
t.Fatal(err)
}
......
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import "time"
......
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
type Event struct {
......
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import (
"io"
"os"
"os/exec"
"github.com/pkg/errors"
"golang.org/x/sys/unix"
)
type IO interface {
......@@ -21,49 +34,22 @@ type StartCloser interface {
CloseAfterStart() error
}
// NewPipeIO creates pipe pairs to be used with runc
func NewPipeIO(uid, gid int) (i IO, err error) {
var pipes []*pipe
// cleanup in case of an error
defer func() {
if err != nil {
for _, p := range pipes {
p.Close()
}
}
}()
stdin, err := newPipe()
if err != nil {
return nil, err
}
pipes = append(pipes, stdin)
if err = unix.Fchown(int(stdin.r.Fd()), uid, gid); err != nil {
return nil, errors.Wrap(err, "failed to chown stdin")
}
// IOOpt sets I/O creation options
type IOOpt func(*IOOption)
stdout, err := newPipe()
if err != nil {
return nil, err
}
pipes = append(pipes, stdout)
if err = unix.Fchown(int(stdout.w.Fd()), uid, gid); err != nil {
return nil, errors.Wrap(err, "failed to chown stdout")
}
// IOOption holds I/O creation options
type IOOption struct {
OpenStdin bool
OpenStdout bool
OpenStderr bool
}
stderr, err := newPipe()
if err != nil {
return nil, err
func defaultIOOption() *IOOption {
return &IOOption{
OpenStdin: true,
OpenStdout: true,
OpenStderr: true,
}
pipes = append(pipes, stderr)
if err = unix.Fchown(int(stderr.w.Fd()), uid, gid); err != nil {
return nil, errors.Wrap(err, "failed to chown stderr")
}
return &pipeIO{
in: stdin,
out: stdout,
err: stderr,
}, nil
}
func newPipe() (*pipe, error) {
......@@ -83,9 +69,9 @@ type pipe struct {
}
func (p *pipe) Close() error {
err := p.r.Close()
if werr := p.w.Close(); err == nil {
err = werr
err := p.w.Close()
if rerr := p.r.Close(); err == nil {
err = rerr
}
return err
}
......@@ -97,14 +83,23 @@ type pipeIO struct {
}
func (i *pipeIO) Stdin() io.WriteCloser {
if i.in == nil {
return nil
}
return i.in.w
}
func (i *pipeIO) Stdout() io.ReadCloser {
if i.out == nil {
return nil
}
return i.out.r
}
func (i *pipeIO) Stderr() io.ReadCloser {
if i.err == nil {
return nil
}
return i.err.r
}
......@@ -115,28 +110,38 @@ func (i *pipeIO) Close() error {
i.out,
i.err,
} {
if cerr := v.Close(); err == nil {
err = cerr
if v != nil {
if cerr := v.Close(); err == nil {
err = cerr
}
}
}
return err
}
func (i *pipeIO) CloseAfterStart() error {
for _, f := range []*os.File{
i.out.w,
i.err.w,
for _, f := range []*pipe{
i.out,
i.err,
} {
f.Close()
if f != nil {
f.w.Close()
}
}
return nil
}
// Set sets the io to the exec.Cmd
func (i *pipeIO) Set(cmd *exec.Cmd) {
cmd.Stdin = i.in.r
cmd.Stdout = i.out.w
cmd.Stderr = i.err.w
if i.in != nil {
cmd.Stdin = i.in.r
}
if i.out != nil {
cmd.Stdout = i.out.w
}
if i.err != nil {
cmd.Stderr = i.err.w
}
}
func NewSTDIO() (IO, error) {
......
// +build !windows
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import (
"github.com/pkg/errors"
"golang.org/x/sys/unix"
)
// NewPipeIO creates pipe pairs to be used with runc
func NewPipeIO(uid, gid int, opts ...IOOpt) (i IO, err error) {
option := defaultIOOption()
for _, o := range opts {
o(option)
}
var (
pipes []*pipe
stdin, stdout, stderr *pipe
)
// cleanup in case of an error
defer func() {
if err != nil {
for _, p := range pipes {
p.Close()
}
}
}()
if option.OpenStdin {
if stdin, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdin)
if err = unix.Fchown(int(stdin.r.Fd()), uid, gid); err != nil {
return nil, errors.Wrap(err, "failed to chown stdin")
}
}
if option.OpenStdout {
if stdout, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdout)
if err = unix.Fchown(int(stdout.w.Fd()), uid, gid); err != nil {
return nil, errors.Wrap(err, "failed to chown stdout")
}
}
if option.OpenStderr {
if stderr, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stderr)
if err = unix.Fchown(int(stderr.w.Fd()), uid, gid); err != nil {
return nil, errors.Wrap(err, "failed to chown stderr")
}
}
return &pipeIO{
in: stdin,
out: stdout,
err: stderr,
}, nil
}
// +build windows
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
// NewPipeIO creates pipe pairs to be used with runc
func NewPipeIO(opts ...IOOpt) (i IO, err error) {
option := defaultIOOption()
for _, o := range opts {
o(option)
}
var (
pipes []*pipe
stdin, stdout, stderr *pipe
)
// cleanup in case of an error
defer func() {
if err != nil {
for _, p := range pipes {
p.Close()
}
}
}()
if option.OpenStdin {
if stdin, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdin)
}
if option.OpenStdout {
if stdout, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdout)
}
if option.OpenStderr {
if stderr, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stderr)
}
return &pipeIO{
in: stdin,
out: stdout,
err: stderr,
}, nil
}
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import (
......
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runc
import (
......@@ -21,6 +37,15 @@ import (
// Format is the type of log formatting options avaliable
type Format string
// TopBody represents the structured data of the full ps output
type TopResults struct {
// Processes running in the container, where each is process is an array of values corresponding to the headers
Processes [][]string `json:"Processes"`
// Headers are the names of the columns
Headers []string `json:"Headers"`
}
const (
none Format = ""
JSON Format = "json"
......@@ -41,6 +66,7 @@ type Runc struct {
Setpgid bool
Criu string
SystemdCgroup bool
Rootless *bool // nil stands for "auto"
}
// List returns all containers created inside the provided runc root directory
......@@ -183,7 +209,7 @@ func (o *ExecOpts) args() (out []string, err error) {
// Exec executres and additional process inside the container based on a full
// OCI Process specification
func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts *ExecOpts) error {
f, err := ioutil.TempFile("", "runc-process")
f, err := ioutil.TempFile(os.Getenv("XDG_RUNTIME_DIR"), "runc-process")
if err != nil {
return err
}
......@@ -379,6 +405,20 @@ func (r *Runc) Ps(context context.Context, id string) ([]int, error) {
return pids, nil
}
// Top lists all the processes inside the container returning the full ps data
func (r *Runc) Top(context context.Context, id string, psOptions string) (*TopResults, error) {
data, err := cmdOutput(r.command(context, "ps", "--format", "table", id, psOptions), true)
if err != nil {
return nil, fmt.Errorf("%s: %s", err, data)
}
topResults, err := ParsePSOutput(data)
if err != nil {
return nil, fmt.Errorf("%s: ", err)
}
return topResults, nil
}
type CheckpointOpts struct {
// ImagePath is the path for saving the criu image file
ImagePath string
......@@ -473,10 +513,11 @@ type RestoreOpts struct {
CheckpointOpts
IO
Detach bool
PidFile string
NoSubreaper bool
NoPivot bool
Detach bool
PidFile string
NoSubreaper bool
NoPivot bool
ConsoleSocket ConsoleSocket
}
func (o *RestoreOpts) args() ([]string, error) {
......@@ -491,6 +532,9 @@ func (o *RestoreOpts) args() ([]string, error) {
}
out = append(out, "--pid-file", abs)
}
if o.ConsoleSocket != nil {
out = append(out, "--console-socket", o.ConsoleSocket.Path())
}
if o.NoPivot {
out = append(out, "--no-pivot")
}
......@@ -564,9 +608,8 @@ func parseVersion(data []byte) (Version, error) {
var v Version
parts := strings.Split(strings.TrimSpace(string(data)), "\n")
if len(parts) != 3 {
return v, ErrParseRuncVersion
return v, nil
}
for i, p := range []struct {
dest *string
split string
......@@ -612,6 +655,10 @@ func (r *Runc) args() (out []string) {
if r.SystemdCgroup {
out = append(out, "--systemd-cgroup")
}
if r.Rootless != nil {
// nil stands for "auto" (differs from explicit "false")
out = append(out, "--rootless="+strconv.FormatBool(*r.Rootless))
}
return out
}
......
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/