mirror/ youki
1
0
Fork 0
mirror of https://github.com/containers/youki synced 2024-05-18 13:36:14 +02:00
Code Issues
3,726 Commits 5 Branches 10 Tags 59 MiB
Commit Graph

39 Commits

Author SHA1 Message Date
utam0k 29cf869c68
Add the handly script for kind and youki 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2023-05-07 06:03:00 +00:00
utam0k ec2f58d4b2
Add easy way to test with K8s 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2023-05-06 12:03:36 +00:00
Eric Fang b51cf1ab25
Implement `thiserror` for libcontainer - Part 1 (#1876) 
* introduced libcontainer error

Signed-off-by: yihuaf <yihuaf@unkies.org>

* implemented syscall error

Signed-off-by: yihuaf <yihuaf@unkies.org>

* implemented namespace error

Signed-off-by: yihuaf <yihuaf@unkies.org>

* Implemented rest of the thiserror for process, syscall, namespace and etc.

Signed-off-by: yihuaf <yihuaf@unkies.org>

* Fix libcgroup error

Signed-off-by: yihuaf <yihuaf@unkies.org>

* remove dead code

Signed-off-by: yihuaf <yihuaf@unkies.org>

* fix dead code

Signed-off-by: yihuaf <yihuaf@unkies.org>

---------

Signed-off-by: yihuaf <yihuaf@unkies.org>
 2023-05-04 10:47:45 +09:00
Kris Nóva bef32e083f
Introduce seccomp feature for libcontainer with musl (#1484) 
* Introduce seccomp feature for libcontainer with musl

Signed-off-by: Kris Nóva <kris@nivenly.com>

* remove mystery merge conflict

Signed-off-by: Eric Fang <yihuaf@unkies.org>

---------

Signed-off-by: Kris Nóva <kris@nivenly.com>
Signed-off-by: Eric Fang <yihuaf@unkies.org>
Co-authored-by: Eric Fang <yihuaf@unkies.org>
 2023-03-23 10:57:51 -07:00
utam0k cf382cfc51
with_executors 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2023-03-11 10:47:33 +09:00
utam0k c9a69e4525
libcontainer: Make the workloads injectable 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2023-03-11 10:37:16 +09:00
utam0k 72313bd5a8
fix the warns from cargo clippy 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2023-02-12 20:15:56 +09:00
Thomas Schubart 138c671402 Avoid panic when using wasm handler 
Signed-off-by: Thomas Schubart <24721048+Furisto@users.noreply.github.com>
 2022-12-25 20:48:27 +01:00
Yashodhan Joshi ccf92b39f2 Add unit tests, refactor functions as per review 
Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com>
 2022-11-28 11:43:46 +05:30
Yashodhan Joshi 88e7430b8b generate error if the process executable in config does not exist or has incorrect permissions 
Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com>
 2022-11-15 11:11:40 +05:30
Yashodhan Joshi c6b8b819ec Make handling of exec containers slightly more idiomatic 
Rather than drilling down RawFd from tenant to init_process,
this instead adds an enum in ContainerArgs, containing RawFd
 2022-10-07 11:59:17 +05:30
higuruchi 8df40c62c5 add domainname test 
Signed-off-by: higuruchi <fumiya2324@gmail.com>
 2022-09-26 09:14:37 +00:00
higuruchi 7b7a45a79a Support domainname 
Signed-off-by: higuruchi <fumiya2324@gmail.com>
 2022-09-26 05:18:13 +00:00
utam0k 3de7458dc1
fix conflicts. 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2022-09-01 21:11:07 +09:00
utam0k dacc73773f
wip. 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2022-09-01 21:06:21 +09:00
utam0k c81a8dc613
How many times in my life do I have to repeat forgetting close? 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2022-05-06 09:32:51 +09:00
Furisto c9f3f2fcab
Fix clippy warnings 
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
 2022-03-02 22:24:14 +01:00
Furisto 39c93dbda6
Ensure that close_range is not blocked by seccomp 
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
 2022-03-01 23:18:26 +01:00
Furisto 3ac8675a1e
Use close_range when possible 
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
 2022-02-28 22:25:30 +01:00
Adrian Reber 94bcd0053c
Fix off-by-one error 
0..2 does not include 2. Change it to 0..3 to include 2.

Signed-off-by: Adrian Reber <areber@redhat.com>
 2022-02-24 14:36:21 +00:00
Hugo Wang 62a10c66ad
adding HOME into envs when init containers (#681) 
* WIP: adding HOME into envs when init containers

Signed-off-by: Hugo Wang <w@mitnk.com>
 2022-02-08 23:19:06 +01:00
Furisto c0bdf3d003
Support umask 
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
 2022-01-27 22:43:07 +01:00
utam0k 60dc453e19
Merge pull request #632 from Furisto/setsid 
Always call setsid
 2022-01-26 08:43:46 +09:00
Thomas Schubart 1b810d43e8
Merge pull request #548 from Furisto/wasm-wasmer 
Suppport executing wasm workloads with wasmer
 2022-01-24 16:16:28 +01:00
Furisto b329103f06
Always call setsid 
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
 2022-01-22 18:45:56 +01:00
Adrian Reber 07a87ebfa8
Use /dev/null inside of the container 
If stdin, stdout or stderr are redirected to /dev/null they need to be
pointed to /dev/null in the container. This is necessary for
checkpointing as CRIU cannot checkpoint processes using devices outside
of the container.

Signed-off-by: Adrian Reber <areber@redhat.com>
 2022-01-22 09:39:10 +00:00
Furisto 7e84ac5d6c Incorporate review feedback 2022-01-19 23:24:18 +01:00
Furisto 956efa1c03 Harmonize executors 2022-01-04 15:20:42 +01:00
Furisto 5951d0ca86 Clippy & Formatting 2022-01-04 15:20:42 +01:00
Furisto 9dbcab5788 Implement executor and default handler 2022-01-04 15:20:42 +01:00
Furisto d6e563078e Minimal wasm implementation 2022-01-04 15:20:42 +01:00
Emanuele Aina 6ba0efdff9 style(spelling): Spellcheck the libcontainer crate 
Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
 2022-01-03 22:06:03 +01:00
utam0k a8dfdd21a9
Merge branch 'main' of ssh://github.com/containers/youki into feature/config 2021-11-11 21:55:24 +09:00
tommady b10abdef99
address comment, use bail instead of Err(anyhow) 2021-10-31 07:31:32 +00:00
utam0k d68cf57b8b
introduce the youki original config. 2021-10-31 16:23:03 +09:00
tommady fe085cb8a3
modify syscall test into beauty 2021-10-30 17:05:56 +00:00
tommady d35fb3ceb9
increate the code coverage of src process part2 (#436) 
* adding test_sync_seccomp

* remove redundant code from test_sync_seccomp

* using unwrap_err in test_sync_seccomp

* address comment, add a join to wait spawn thread finished

* adding test_masked_path

* fix lints and integration test for linux_masked_paths

* cannot reproduce the integration failure on local, try to fix test1

* adding quote attempting 2

* attempting 3 figuring out it is about the mount function behavior

* attempting 4 modify input param type

* attempting 5 replace back mount read only dir

* attempting 6 replace back the dev/null mount

* attempting 7 replace syscall linux bail with anyhow

* attempting 8 syscall linux anyhow with context

* syscall linux change to use anyhow then the error can be downcast_ref

* fix return error lints

* address comment, separate a big testcase into pieces
 2021-10-29 12:12:20 +02:00
tommady 777a77458a Merge branch 'main' into 279-increate-the-code-coverage-of-src-process 2021-10-23 14:40:38 +00:00
Furisto 9b7d2707e0
Fix ambigious names by renaming crate to libcontainer 2021-10-22 21:58:11 +02:00