utam0k
29cf869c68
Add the handly script for kind and youki
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-05-07 06:03:00 +00:00
utam0k
ec2f58d4b2
Add easy way to test with K8s
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-05-06 12:03:36 +00:00
Eric Fang
b51cf1ab25
Implement `thiserror` for libcontainer - Part 1 ( #1876 )
...
* introduced libcontainer error
Signed-off-by: yihuaf <yihuaf@unkies.org>
* implemented syscall error
Signed-off-by: yihuaf <yihuaf@unkies.org>
* implemented namespace error
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Implemented rest of the thiserror for process, syscall, namespace and etc.
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Fix libcgroup error
Signed-off-by: yihuaf <yihuaf@unkies.org>
* remove dead code
Signed-off-by: yihuaf <yihuaf@unkies.org>
* fix dead code
Signed-off-by: yihuaf <yihuaf@unkies.org>
---------
Signed-off-by: yihuaf <yihuaf@unkies.org>
2023-05-04 10:47:45 +09:00
Kris Nóva
bef32e083f
Introduce seccomp feature for libcontainer with musl ( #1484 )
...
* Introduce seccomp feature for libcontainer with musl
Signed-off-by: Kris Nóva <kris@nivenly.com>
* remove mystery merge conflict
Signed-off-by: Eric Fang <yihuaf@unkies.org>
---------
Signed-off-by: Kris Nóva <kris@nivenly.com>
Signed-off-by: Eric Fang <yihuaf@unkies.org>
Co-authored-by: Eric Fang <yihuaf@unkies.org>
2023-03-23 10:57:51 -07:00
utam0k
cf382cfc51
with_executors
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-03-11 10:47:33 +09:00
utam0k
c9a69e4525
libcontainer: Make the workloads injectable
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-03-11 10:37:16 +09:00
utam0k
72313bd5a8
fix the warns from cargo clippy
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-02-12 20:15:56 +09:00
Thomas Schubart
138c671402
Avoid panic when using wasm handler
...
Signed-off-by: Thomas Schubart <24721048+Furisto@users.noreply.github.com>
2022-12-25 20:48:27 +01:00
Yashodhan Joshi
ccf92b39f2
Add unit tests, refactor functions as per review
...
Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com>
2022-11-28 11:43:46 +05:30
Yashodhan Joshi
88e7430b8b
generate error if the process executable in config does not exist or has incorrect permissions
...
Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com>
2022-11-15 11:11:40 +05:30
Yashodhan Joshi
c6b8b819ec
Make handling of exec containers slightly more idiomatic
...
Rather than drilling down RawFd from tenant to init_process,
this instead adds an enum in ContainerArgs, containing RawFd
2022-10-07 11:59:17 +05:30
higuruchi
8df40c62c5
add domainname test
...
Signed-off-by: higuruchi <fumiya2324@gmail.com>
2022-09-26 09:14:37 +00:00
higuruchi
7b7a45a79a
Support domainname
...
Signed-off-by: higuruchi <fumiya2324@gmail.com>
2022-09-26 05:18:13 +00:00
utam0k
3de7458dc1
fix conflicts.
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2022-09-01 21:11:07 +09:00
utam0k
dacc73773f
wip.
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2022-09-01 21:06:21 +09:00
utam0k
c81a8dc613
How many times in my life do I have to repeat forgetting close?
...
Signed-off-by: utam0k <k0ma@utam0k.jp>
2022-05-06 09:32:51 +09:00
Furisto
c9f3f2fcab
Fix clippy warnings
...
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
2022-03-02 22:24:14 +01:00
Furisto
39c93dbda6
Ensure that close_range is not blocked by seccomp
...
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
2022-03-01 23:18:26 +01:00
Furisto
3ac8675a1e
Use close_range when possible
...
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
2022-02-28 22:25:30 +01:00
Adrian Reber
94bcd0053c
Fix off-by-one error
...
0..2 does not include 2. Change it to 0..3 to include 2.
Signed-off-by: Adrian Reber <areber@redhat.com>
2022-02-24 14:36:21 +00:00
Hugo Wang
62a10c66ad
adding HOME into envs when init containers ( #681 )
...
* WIP: adding HOME into envs when init containers
Signed-off-by: Hugo Wang <w@mitnk.com>
2022-02-08 23:19:06 +01:00
Furisto
c0bdf3d003
Support umask
...
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
2022-01-27 22:43:07 +01:00
utam0k
60dc453e19
Merge pull request #632 from Furisto/setsid
...
Always call setsid
2022-01-26 08:43:46 +09:00
Thomas Schubart
1b810d43e8
Merge pull request #548 from Furisto/wasm-wasmer
...
Suppport executing wasm workloads with wasmer
2022-01-24 16:16:28 +01:00
Furisto
b329103f06
Always call setsid
...
Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
2022-01-22 18:45:56 +01:00
Adrian Reber
07a87ebfa8
Use /dev/null inside of the container
...
If stdin, stdout or stderr are redirected to /dev/null they need to be
pointed to /dev/null in the container. This is necessary for
checkpointing as CRIU cannot checkpoint processes using devices outside
of the container.
Signed-off-by: Adrian Reber <areber@redhat.com>
2022-01-22 09:39:10 +00:00
Furisto
7e84ac5d6c
Incorporate review feedback
2022-01-19 23:24:18 +01:00
Furisto
956efa1c03
Harmonize executors
2022-01-04 15:20:42 +01:00
Furisto
5951d0ca86
Clippy & Formatting
2022-01-04 15:20:42 +01:00
Furisto
9dbcab5788
Implement executor and default handler
2022-01-04 15:20:42 +01:00
Furisto
d6e563078e
Minimal wasm implementation
2022-01-04 15:20:42 +01:00
Emanuele Aina
6ba0efdff9
style(spelling): Spellcheck the libcontainer crate
...
Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
2022-01-03 22:06:03 +01:00
utam0k
a8dfdd21a9
Merge branch 'main' of ssh://github.com/containers/youki into feature/config
2021-11-11 21:55:24 +09:00
tommady
b10abdef99
address comment, use bail instead of Err(anyhow)
2021-10-31 07:31:32 +00:00
utam0k
d68cf57b8b
introduce the youki original config.
2021-10-31 16:23:03 +09:00
tommady
fe085cb8a3
modify syscall test into beauty
2021-10-30 17:05:56 +00:00
tommady
d35fb3ceb9
increate the code coverage of src process part2 ( #436 )
...
* adding test_sync_seccomp
* remove redundant code from test_sync_seccomp
* using unwrap_err in test_sync_seccomp
* address comment, add a join to wait spawn thread finished
* adding test_masked_path
* fix lints and integration test for linux_masked_paths
* cannot reproduce the integration failure on local, try to fix test1
* adding quote attempting 2
* attempting 3 figuring out it is about the mount function behavior
* attempting 4 modify input param type
* attempting 5 replace back mount read only dir
* attempting 6 replace back the dev/null mount
* attempting 7 replace syscall linux bail with anyhow
* attempting 8 syscall linux anyhow with context
* syscall linux change to use anyhow then the error can be downcast_ref
* fix return error lints
* address comment, separate a big testcase into pieces
2021-10-29 12:12:20 +02:00
tommady
777a77458a
Merge branch 'main' into 279-increate-the-code-coverage-of-src-process
2021-10-23 14:40:38 +00:00
Furisto
9b7d2707e0
Fix ambigious names by renaming crate to libcontainer
2021-10-22 21:58:11 +02:00