├── .ci ├── ci-build.sh ├── ci-common.sh ├── ci-configure.sh ├── ci-go-static-checks.sh ├── ci-pre-checks.sh ├── ci-setup.sh └── ci-teardown.sh ├── .gitignore ├── .pullapprove.yml ├── .travis.yml ├── .ycm_extra_conf.py ├── AUTHORS ├── CONTRIBUTING.md ├── DESIGN.rst ├── Doxyfile ├── LICENSE ├── Makefile.am ├── README ├── README-original.rst ├── README.rst ├── autogen.sh ├── commit_id.fmt ├── configure.ac ├── data ├── cc-agent.service ├── cc-agent.target ├── cc-bootchart.conf ├── cc-oci-runtime.sh.in ├── config.json.in ├── genfile.sh ├── hypervisor.args.in ├── kernel-cmdline ├── make-bundle-dir.sh ├── obs-packaging │ ├── README.rst │ └── cc-oci-runtime │ │ ├── README.md │ │ ├── _service-template │ │ ├── cc-oci-runtime.dsc-template │ │ ├── cc-oci-runtime.spec-template │ │ ├── debian.changelog │ │ ├── debian.compat │ │ ├── debian.control-template │ │ ├── debian.postinst │ │ ├── debian.rules │ │ ├── debian.series │ │ ├── update_commit_id.patch-template │ │ └── update_runtime.sh ├── run-bats.sh.in └── vm.json.in ├── documentation ├── DAX.png ├── Get-Bootchart-metrics.md ├── Installing-Clear-Containers-on-Centos-7.md ├── Installing-Clear-Containers-on-ClearLinux.md ├── Installing-Clear-Containers-on-Fedora.md ├── Installing-Clear-Containers-on-RHEL.md ├── Installing-Clear-Containers-on-Ubuntu.md ├── Quickstart-Clear-Containers-in-a-Ubuntu-VM.md ├── architecture-diagrams.odp ├── architecture.md ├── create.png ├── docker-cc.png ├── high-level-overview.png ├── network.png ├── overall-architecture.png ├── qemu.png └── shim.png ├── installation ├── curl-autoconf-archive.sh ├── install_clear_image.sh ├── install_clear_kernel.sh ├── installation-setup.sh └── rhel-setup.sh ├── packages.json ├── proxy ├── LICENSE ├── README.md ├── api │ ├── api.go │ ├── client.go │ ├── common_test.go │ ├── fdpassing.go │ ├── fdpassing_test.go │ ├── protocol.go │ └── protocol_test.go ├── cc-proxy.service.in ├── cc-proxy.socket.in ├── fdleak_test.go ├── protocol.go ├── protocol_test.go ├── proxy.go ├── proxy_test.go ├── selinux │ ├── Makefile │ ├── README.md │ ├── cc-proxy.fc │ ├── cc-proxy.if │ └── cc-proxy.te ├── socket_activation.go ├── syscall.go └── vm.go ├── shim ├── LICENSE ├── README.md ├── log.c ├── log.h ├── shim.c ├── shim.h ├── utils.c └── utils.h ├── src ├── annotation.c ├── annotation.h ├── command.c ├── command.h ├── commands │ ├── checkpoint.c │ ├── create.c │ ├── delete.c │ ├── events.c │ ├── exec.c │ ├── help.c │ ├── kill.c │ ├── list.c │ ├── pause.c │ ├── ps.c │ ├── restore.c │ ├── resume.c │ ├── run.c │ ├── start.c │ ├── state.c │ ├── stop.c │ ├── update.c │ └── version.c ├── common.h ├── events.c ├── events.h ├── hypervisor.c ├── hypervisor.h ├── json.c ├── json.h ├── logging.c ├── logging.h ├── main.c ├── mount.c ├── mount.h ├── namespace.c ├── namespace.h ├── netlink.c ├── netlink.h ├── network.c ├── network.h ├── networking.c ├── networking.h ├── oci-config.c ├── oci-config.h ├── oci.c ├── oci.h ├── pod.c ├── pod.h ├── priv.c ├── priv.h ├── process.c ├── process.h ├── proxy.c ├── proxy.h ├── runtime.c ├── runtime.h ├── semver.c ├── semver.h ├── spec_handler.c ├── spec_handler.h ├── spec_handlers │ ├── annotations.c │ ├── hooks.c │ ├── linux.c │ ├── mounts.c │ ├── platform.c │ ├── process.c │ ├── root.c │ └── vm.c ├── state.c ├── state.h ├── util.c └── util.h ├── tests ├── annotation_test.c ├── data │ ├── annotations-empty.json │ ├── annotations-null-value.json │ ├── annotations.json │ ├── container_redis.json │ ├── empty.json │ ├── hooks-no-args.json │ ├── hooks-no-env.json │ ├── hooks-no-path.json │ ├── hooks-unknown.json │ ├── hooks.json │ ├── invalid-embedded-nulls.json │ ├── invalid-extra-comma.json │ ├── invalid-missing-close-brace.json │ ├── linux-invalid-namespace-type.json │ ├── linux-namespaces-no-path.json │ ├── linux-namespaces-with-paths.json │ ├── linux-no-cgroupsPath.json │ ├── linux-no-namespaces.json │ ├── linux.json │ ├── mounts-no-destination.json │ ├── mounts-no-options.json │ ├── mounts-no-source.json │ ├── mounts-no-type.json │ ├── mounts.json │ ├── newline.json │ ├── node.json │ ├── non-json.json │ ├── passwd │ ├── platform-invalid-arch.json │ ├── platform-invalid-os.json │ ├── platform-no-arch.json │ ├── platform-no-os.json │ ├── platform-unexpected-arch.json │ ├── platform-unexpected-os.json │ ├── platform.json │ ├── policy.json │ ├── process-invalid-relative-cwd.json │ ├── process-no-args-cwd.json │ ├── process-no-consolesize.json │ ├── process-no-cwd.json │ ├── process.json │ ├── root-no-path.json │ ├── root-no-readonly.json │ ├── root-path-enoent.json │ ├── root-path-invalid.json │ ├── root-path-wrong-type.json │ ├── root-readonly-false.json │ ├── root.json │ ├── sandbox_config.json │ ├── state-mounts-no-mount-destination.json │ ├── state-mounts-no-mount-directory_created.json │ ├── state-no-annotations.json │ ├── state-no-bundlePath.json │ ├── state-no-commsPath.json │ ├── state-no-console-path.json │ ├── state-no-console-socket.json │ ├── state-no-console.json │ ├── state-no-id.json │ ├── state-no-mounts.json │ ├── state-no-ociVersion.json │ ├── state-no-processPath.json │ ├── state-no-proxy-ctlSocket.json │ ├── state-no-proxy-ioSocket.json │ ├── state-no-proxy.json │ ├── state-no-vm-object.json │ ├── state-no-vm-pid.json │ ├── state.json │ ├── vm-no-image.json │ ├── vm-no-kernel-parameters.json │ ├── vm-no-kernel-path.json │ ├── vm-no-parameters.json │ ├── vm-no-path.json │ └── vm.json ├── functional │ ├── README │ ├── README.rst │ ├── common.bash.in │ ├── data │ │ ├── config-minimal-cc-oci.json.in │ │ ├── exec.json │ │ └── exec_false.json │ ├── exec.bats │ ├── help.bats │ ├── kill.bats │ ├── pause.bats │ ├── run-functional-tests.sh.in │ ├── start.bats │ ├── state.bats │ └── version.bats ├── helpers │ └── test-campaign.sh ├── hypervisor_test.c ├── integration │ ├── README.md │ ├── cri-o │ │ └── container.bats │ ├── docker │ │ ├── Dockerfiles │ │ │ ├── Dockerfile.nginx │ │ │ └── README.md │ │ ├── attach.bats │ │ ├── build.bats │ │ ├── commit.bats │ │ ├── cp.bats │ │ ├── create.bats │ │ ├── dns.bats │ │ ├── env.bats │ │ ├── exec.bats │ │ ├── exit-code.bats │ │ ├── export.bats │ │ ├── info.bats │ │ ├── inspect.bats │ │ ├── kill.bats │ │ ├── load.bats │ │ ├── logs.bats │ │ ├── mtu.bats │ │ ├── network.bats │ │ ├── port.bats │ │ ├── restart.bats │ │ ├── run.bats │ │ ├── swarm.bats │ │ ├── tag.bats │ │ ├── terminal.bats │ │ ├── user.bats │ │ └── volume.bats │ └── docker_images │ │ ├── README │ │ └── popular-containers-images.bats ├── json_test.c ├── lib │ ├── send_results.sh.in │ ├── test-common.bash.in │ └── test-crio.bats.in ├── logging_test.c ├── metrics │ ├── README.md │ ├── collect_mem_consmd.sh │ ├── density │ │ ├── docker_cpu_usage.sh.in │ │ └── docker_memory_usage.sh.in │ ├── map_mem.sh │ ├── network │ │ ├── README.md │ │ ├── dockerfile_image │ │ │ ├── Dockerfile │ │ │ └── README.md │ │ ├── lib │ │ │ └── network-test-common.bash │ │ ├── network-latency.sh │ │ ├── network-metrics-cpu-consumption.sh.in │ │ ├── network-metrics-iperf3.sh │ │ ├── network-metrics-memory-pss-1g.sh.in │ │ ├── network-metrics-memory-pss.sh.in │ │ ├── network-metrics-memory-rss-1g.sh.in │ │ ├── network-metrics-nuttcp.sh │ │ ├── network-metrics.sh │ │ └── network-nginx-ab-benchmark.sh │ ├── run_docker_metrics │ ├── run_docker_metrics.dat │ ├── smem_monitor.sh │ └── workload_time │ │ ├── cor_create_time.sh.in │ │ ├── docker_shutdown.sh │ │ ├── docker_workload_time.sh │ │ ├── docker_workload_time_stress.sh │ │ ├── kernel_boot_time.sh │ │ └── kernel_boot_time_stress.sh ├── mount_test.c ├── namespace_test.c ├── network_test.c ├── oci-config_test.c ├── oci_test.c ├── pod_test.c ├── priv_test.c ├── process_test.c ├── proxy_test.c ├── runtime_test.c ├── semver_test.c ├── spec_handler_test.c ├── spec_handlers │ ├── annotations_test.c │ ├── hooks_test.c │ ├── linux_test.c │ ├── mounts_test.c │ ├── platform_test.c │ ├── process_test.c │ ├── root_test.c │ └── vm_test.c ├── state_test.c ├── test_common.c ├── test_common.h └── util_test.c ├── vendor └── github.com │ ├── containers │ └── virtcontainers │ │ ├── LICENSE │ │ ├── README.md │ │ └── hyperstart │ │ ├── hyperstart.go │ │ └── mock │ │ ├── hyperstart.go │ │ ├── misc.go │ │ └── rand.go │ ├── davecgh │ └── go-spew │ │ └── spew │ │ ├── bypass.go │ │ ├── bypasssafe.go │ │ ├── common.go │ │ ├── config.go │ │ ├── doc.go │ │ ├── dump.go │ │ ├── format.go │ │ └── spew.go │ ├── golang │ └── glog │ │ ├── LICENSE │ │ ├── README │ │ ├── glog.go │ │ └── glog_file.go │ ├── hyperhq │ └── runv │ │ ├── LICENSE │ │ ├── NOTICE │ │ ├── README.md │ │ └── hyperstart │ │ └── api │ │ └── json │ │ ├── constants.go │ │ ├── spec.go │ │ └── types.go │ ├── pmezard │ └── go-difflib │ │ └── difflib │ │ └── difflib.go │ └── stretchr │ └── testify │ └── assert │ ├── assertion_forward.go │ ├── assertion_forward.go.tmpl │ ├── assertions.go │ ├── doc.go │ ├── errors.go │ ├── forward_assertions.go │ └── http_assertions.go └── versions.txt /.ci/ci-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2016 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | 20 | set -e -x 21 | 22 | source $(dirname "$0")/ci-configure.sh 23 | 24 | (cd "$ci_build_dir" \ 25 | && make -j5 CFLAGS="-Werror -Wno-error=pedantic" \ 26 | && sudo make install \ 27 | && make check) 28 | 29 | $(dirname "$0")/ci-go-static-checks.sh 30 | -------------------------------------------------------------------------------- /.ci/ci-pre-checks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2017 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | 20 | #--------------------------------------------------------------------- 21 | # Description: Perform basic checks on the branch before attempting 22 | # to run the build and test suites. If this script fails, the CI run 23 | # will be aborted. 24 | #--------------------------------------------------------------------- 25 | 26 | if [ "$TRAVIS" = true ] 27 | then 28 | repo="github.com/clearcontainers/tests/cmd/checkcommits" 29 | go get -d "$repo" 30 | (cd "$GOPATH/src/$repo" && make) 31 | checkcommits \ 32 | --need-fixes \ 33 | --need-sign-offs \ 34 | --body-length 72 \ 35 | --subject-length 75 \ 36 | --verbose 37 | fi 38 | -------------------------------------------------------------------------------- /.ci/ci-teardown.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2016 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | 20 | set -e 21 | 22 | source $(dirname "$0")/ci-common.sh 23 | 24 | [ "$SEMAPHORE_THREAD_RESULT" = "passed" ] && exit 0 25 | 26 | printf "=== Build failed ===\n" 27 | 28 | cd "$ci_build_dir" 29 | 30 | for f in test-suite.log $(ls *_test*.log) 31 | do 32 | printf "\n=== Log file: '$f' ===\n\n" 33 | cat "$f" 34 | done 35 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | *.a 3 | .deps 4 | .dirstamp 5 | .*.swp 6 | *.gcda 7 | *.gcno 8 | *.la 9 | *.lo 10 | *.log 11 | *.o 12 | *.trs 13 | aclocal.m4 14 | autom4te.cache 15 | CLEAR-CONTAINERS.img 16 | cloud-init 17 | cc-oci-runtime 18 | cc-oci-runtime-*-coverage/ 19 | cc-oci-runtime-*-coverage.info 20 | cc-oci-runtime-*.tar.xz 21 | /cc-proxy 22 | cc-shim 23 | commit_id 24 | compile 25 | /config.* 26 | configure 27 | CONTAINER-KERNEL 28 | cscope.files 29 | cscope.in.out 30 | cscope.po.out 31 | cscope.out 32 | cscope.out.in 33 | cscope.out.po 34 | data/cc-oci-runtime.sh 35 | data/run-bats.sh 36 | data/config.json 37 | data/hypervisor.args 38 | data/vm.json 39 | depcomp 40 | GPATH 41 | GRTAGS 42 | GTAGS 43 | install-sh 44 | libtool 45 | ltmain.sh 46 | m4/ 47 | Makefile 48 | Makefile.in 49 | missing 50 | __pycache__/ 51 | /proxy/cc-proxy.service 52 | /proxy/cc-proxy.socket 53 | QEMU-LITE 54 | stamp-h1 55 | *_test 56 | TAGS 57 | tags 58 | test-driver 59 | tests/functional/common.bash 60 | tests/functional/data/config-minimal-cc-oci.json 61 | tests/helpers/test_logs/ 62 | tests/metrics/dmesglog.* 63 | tests/metrics/workloadTime.* 64 | tests/metrics/results/ 65 | tests/metrics/workload_time/cor_create_time.sh 66 | tests/metrics/density/docker_cpu_usage.sh 67 | tests/metrics/density/docker_memory_usage.sh 68 | data/dockerFiles/Dockerfile.fedora 69 | data/dockerFiles/Dockerfile.ubuntu 70 | tests/lib/test-common.bash 71 | tests/functional/run-functional-tests.sh 72 | tests/integration/docker/test.sh 73 | data/obs-packaging/linux-container/wd/debian/config 74 | data/obs-packaging/linux-container/linux-container_* 75 | data/obs-packaging/linux-container/linux-*.tar.xz 76 | data/obs-packaging/linux-container/linux-container.spec 77 | data/obs-packaging/linux-container/wd/debian/patches/*.patch 78 | data/obs-packaging/linux-container/wd/net 79 | data/obs-packaging/clear-containers-image/clear-*-containers.img.xz 80 | data/obs-packaging/clear-containers-image/wd/debian/rules 81 | data/obs-packaging/clear-containers-image/clear-containers-image.spec 82 | data/obs-packaging/clear-containers-image/clear-containers-image_* 83 | home\:clearlinux* 84 | -------------------------------------------------------------------------------- /.pullapprove.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | 3 | requirements: 4 | signed_off_by: 5 | required: true 6 | 7 | # Disallow approval of PRs still under development 8 | always_pending: 9 | title_regex: 'WIP' 10 | labels: 11 | - do-not-merge 12 | - on-hold 13 | - wip 14 | explanation: 'Work in progress - do not merge' 15 | 16 | group_defaults: 17 | approve_by_comment: 18 | enabled: true 19 | approve_regex: '^(LGTM|lgtm|Approved|\+1|:\+1:)' 20 | reject_regex: '^(Rejected|-1|:-1:)' 21 | reset_on_push: 22 | enabled: false 23 | reset_on_reopened: 24 | enabled: false 25 | author_approval: 26 | ignored: true 27 | 28 | groups: 29 | code-reviewers: 30 | required: 2 31 | teams: 32 | - clear-containers-intel 33 | qa: 34 | required: 0 35 | users: 36 | - chavafg 37 | - gabyct 38 | approve_by_comment: 39 | enabled: true 40 | approve_regex: '^qa-passed' 41 | reject_regex: '^qa-failed' 42 | 43 | docs-team: 44 | conditions: 45 | files: 46 | include: 47 | - "documentation/*" 48 | - "*.md" 49 | - "*.rst" 50 | exclude: 51 | - "vendor/*" 52 | required: 1 53 | users: 54 | - rcaballeromx 55 | - mltullis 56 | - iphutch 57 | approve_by_comment: 58 | enabled: true 59 | approve_regex: '^docs-passed' 60 | reject_regex: '^docs-failed' 61 | -------------------------------------------------------------------------------- /.ycm_extra_conf.py: -------------------------------------------------------------------------------- 1 | # This file is part of cc-oci-runtime. 2 | # 3 | # Copyright (C) 2016 Intel Corporation 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; either version 2 8 | # of the License, or (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 18 | # MA 02110-1301, USA. 19 | # 20 | 21 | import os 22 | import subprocess 23 | import ycm_core 24 | 25 | # FIXME: should generate this list as it comes from configure.ac 26 | pkgs = [ 27 | 'check', 28 | 'gio-unix-2.0', 29 | 'glib-2.0', 30 | 'json-glib-1.0', 31 | 'uuid', 32 | ] 33 | 34 | # Generic. 35 | flags = [ 36 | '-Wall', 37 | '-Wextra', 38 | '-Werror', 39 | '-pthread', 40 | '-DUSE_CLANG_COMPLETER', 41 | ] 42 | 43 | # Tell YCM where to find local headers. 44 | # 45 | # XXX: Spaces after flags are *NOT* allowed!! 46 | flags += [ 47 | '-I.', 48 | '-Isrc/', 49 | '-Itests/', 50 | ] 51 | 52 | # Add includes for dependent packages. 53 | for pkg in pkgs: 54 | includes = subprocess.check_output( 55 | ['pkg-config', '--cflags', pkg], 56 | universal_newlines=True 57 | ) 58 | includes = includes.strip().split(' ') 59 | flags += includes 60 | 61 | 62 | # YCM calls this function for each file to determine which compiler 63 | # flags to use. 64 | # 65 | # (We treat all files identically). 66 | def FlagsForFile(filename): 67 | return {'flags': flags, 'do_cache': True} 68 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | James O. D. Hunt 2 | Julio Montes 3 | Jose Carlos Venegas Munoz 4 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | README.rst -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ``cc-oci-runtime`` 2 | ================== 3 | 4 | ---- 5 | 6 | Project now in maintenance mode 7 | ------------------------------- 8 | 9 | .. warning:: 10 | 11 | Now that the `next-generation runtime 12 | `_ has been `released 13 | `_, this 14 | project is now in maintenance mode. 15 | 16 | All users are encouraged to switch to the new ``cc-runtime`` runtime. 17 | Installation and upgrade information is available on `the new runtime's wiki 18 | `_. 19 | 20 | To see the original project ``README``, click 21 | `here `_. 22 | 23 | ---- 24 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2016 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | # 20 | 21 | set -e 22 | 23 | export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig 24 | 25 | mkdir -p m4/ 26 | 27 | autoreconf --force --install --symlink --warnings=all 28 | 29 | args="\ 30 | --sysconfdir=/etc \ 31 | --localstatedir=/var \ 32 | --prefix=/usr \ 33 | --disable-valgrind-sgcheck" 34 | 35 | set -x 36 | ./configure $args "$@" 37 | make clean 38 | -------------------------------------------------------------------------------- /commit_id.fmt: -------------------------------------------------------------------------------- 1 | c0d481bb7e72e27394c708df5ed970338cd9392f 2 | -------------------------------------------------------------------------------- /data/cc-agent.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Clear Container Agent 3 | 4 | [Service] 5 | StandardOutput=tty 6 | Type=simple 7 | ExecStart=/bin/hyperstart 8 | ExecStop=/bin/sync ; /usr/bin/systemctl --force poweroff 9 | FailureAction=poweroff 10 | -------------------------------------------------------------------------------- /data/cc-agent.target: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Clear Containers Agent Target 3 | Requires=basic.target 4 | Requires=cc-agent.service 5 | Conflicts=rescue.service rescue.target 6 | After=basic.target rescue.service rescue.target 7 | AllowIsolate=yes 8 | -------------------------------------------------------------------------------- /data/cc-bootchart.conf: -------------------------------------------------------------------------------- 1 | [Bootchart] 2 | Samples=120 3 | Frequency=200 4 | ScaleX=2600 5 | ControlGroup=yes 6 | Filter=no 7 | PerCPU=yes 8 | Output=/tmp/hyper/shared/run 9 | -------------------------------------------------------------------------------- /data/genfile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | in_file="${1}" 4 | out_file="${2}" 5 | SED="$(which sed)" 6 | if [ $? -ne 0 ]; then 7 | SED=/bin/sed 8 | fi 9 | 10 | ${SED} \ 11 | -e 's|@bindir@|'"${bindir}"'|g' \ 12 | -e 's|@srcdir@|'"${srcdir}"'|g' \ 13 | -e 's|@libexecdir@|'"${libexecdir}"'|' \ 14 | -e 's|@localstatedir@|'"${localstatedir}"'|g' \ 15 | -e 's|@BUNDLE_TEST_PATH@|'"${BUNDLE_TEST_PATH}"'|g' \ 16 | -e 's|@CMDLINE@|'"${CMDLINE}"'|g' \ 17 | -e 's|@CONTAINER_KERNEL@|'"${CONTAINER_KERNEL}"'|g' \ 18 | -e 's|@CONTAINERS_IMG@|'"${CONTAINERS_IMG}"'|g' \ 19 | -e 's|@DEFAULTSDIR@|'"${DEFAULTSDIR}"'|g' \ 20 | -e 's|@PACKAGE_NAME@|'"${PACKAGE_NAME}"'|g' \ 21 | -e 's|@QEMU_PATH@|'"${QEMU_PATH}"'|g' \ 22 | -e 's|@BATS_PATH@|'"${BATS_PATH}"'|g' \ 23 | -e 's|@ROOTFS_PATH@|'"${ROOTFS_PATH}"'|g' \ 24 | -e 's|@SYSCONFDIR@|'"${SYSCONFDIR}"'|g' \ 25 | -e 's|@DOCKER_FEDORA_VERSION@|'"${DOCKER_FEDORA_VERSION}"'|g' \ 26 | -e 's|@DOCKER_ENGINE_FEDORA_VERSION@|'"${DOCKER_ENGINE_FEDORA_VERSION}"'|g' \ 27 | -e 's|@DOCKER_UBUNTU_VERSION@|'"${DOCKER_UBUNTU_VERSION}"'|g' \ 28 | -e 's|@DOCKER_ENGINE_UBUNTU_VERSION@|'"${DOCKER_ENGINE_UBUNTU_VERSION}"'|g' \ 29 | -e 's|@CRIO_CACHE@|'"${CRIO_CACHE}"'|g' \ 30 | -e 's|@ABS_BUILDDIR@|'"${abs_builddir}"'|g' \ 31 | "${in_file}" > "${out_file}" 32 | -------------------------------------------------------------------------------- /data/hypervisor.args.in: -------------------------------------------------------------------------------- 1 | @QEMU_PATH@ 2 | -name 3 | @NAME@ 4 | -machine 5 | pc-lite,accel=kvm,kernel_irqchip,nvdimm 6 | -device 7 | nvdimm,memdev=mem0,id=nv0 8 | -object 9 | memory-backend-file,id=mem0,mem-path=@IMAGE@,size=@SIZE@ 10 | -m 11 | 2G,slots=2,maxmem=3G 12 | -kernel 13 | @KERNEL@ 14 | -append 15 | @KERNEL_PARAMS@ @KERNEL_NET_PARAMS@ 16 | -smp 17 | 2,sockets=1,cores=2,threads=1 18 | -cpu 19 | host 20 | -rtc 21 | base=utc,driftfix=slew 22 | -no-user-config 23 | -nodefaults 24 | -global 25 | kvm-pit.lost_tick_policy=discard 26 | -device 27 | virtio-serial-pci,id=virtio-serial0 28 | -device 29 | virtconsole,chardev=charconsole0,id=console0 30 | -chardev 31 | @CONSOLE_DEVICE@ 32 | -chardev 33 | # used to determine when hypervisor has started running and when it has stopped. 34 | @PROCESS_SOCKET@ 35 | #hyperstart ctl serial port 36 | -chardev 37 | socket,id=charch0,path=@AGENT_CTL_SOCKET@,server,nowait 38 | -device 39 | virtserialport,bus=virtio-serial0.0,nr=1,chardev=charch0,id=channel0,name=sh.hyper.channel.0 40 | #hyperstart tty_serial port 41 | -chardev 42 | socket,id=charch1,path=@AGENT_TTY_SOCKET@,server,nowait 43 | -device 44 | virtserialport,bus=virtio-serial0.0,nr=2,chardev=charch1,id=channel1,name=sh.hyper.channel.1 45 | -uuid 46 | @UUID@ 47 | -qmp 48 | unix:@COMMS_SOCKET@,server,nowait 49 | -nographic 50 | -vga 51 | none 52 | -------------------------------------------------------------------------------- /data/kernel-cmdline: -------------------------------------------------------------------------------- 1 | root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=cc-agent.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false cryptomgr.notests net.ifnames=0 2 | -------------------------------------------------------------------------------- /data/obs-packaging/README.rst: -------------------------------------------------------------------------------- 1 | .. contents:: 2 | .. sectnum:: 3 | 4 | Intel® Clear Containers OBS specification files 5 | ############################################### 6 | 7 | The `Clear Containers`_ packages are available via `Open Build Service`_ 8 | to allow interested parties the opportunity to try out the technology even 9 | if they are not using `Clear Linux` directly. 10 | 11 | When the `cc-oci-runtime`_ or any of its components are updated, we release a 12 | new package or set of packages. 13 | 14 | This repo only contains the `OBS`_ sources to build the `cc-oci-runtime`_ and the remaining 15 | items are under: https://github.com/clearcontainers/packaging 16 | 17 | Visit our repository at: 18 | 19 | - http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/ 20 | 21 | Components needed to run Intel® Clear Containers 2.x 22 | ==================================================== 23 | 24 | * `cc-oci-runtime`_: The Clear Containers runtime. 25 | * `clear-containers-image`_: The mini-OS required to run Clear 26 | Containers. 27 | * `clear-containers-selinux`_: The SELinux policy module needed to 28 | run Clear Containers in environments with SELinux enabled. 29 | * `kernel`_: The patches to build an optimized Linux kernel required to run Clear 30 | Containers 31 | * `qemu-lite`_: The optimized version of the QEMU hypervisor. 32 | 33 | .. _`Clear Containers`: https://clearlinux.org/features/intel%C2%AE-clear-containers 34 | 35 | .. _`Clear Linux`: https://clearlinux.org 36 | 37 | .. _`cc-oci-runtime`: https://github.com/01org/cc-oci-runtime 38 | 39 | .. _`Open Build Service`: http://openbuildservice.org/ 40 | 41 | .. _`OBS`: http://openbuildservice.org/ 42 | 43 | .. _`qemu-lite`: https://github.com/01org/qemu-lite/tree/qemu-2.7-lite 44 | 45 | .. _`kernel`: https://github.com/clearcontainers/packaging/tree/master/kernel 46 | 47 | .. _`clear-containers-image`: https://download.clearlinux.org/current/ 48 | 49 | .. _`clear-containers-selinux`: https://github.com/clearcontainers/proxy/tree/master/selinux 50 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/README.md: -------------------------------------------------------------------------------- 1 | # cc-oci-runtime 2 | 3 | This directory contains the sources to create rpm specfiles and debian source 4 | control files to create ``cc-oci-runtime`` The runtime of Intel® Clear 5 | Containers. 6 | 7 | With these files we generated Fedora and Ubuntu packages for this component. 8 | 9 | ``./update_runtime.sh [VERSION]`` 10 | 11 | The ``VERSION`` parameter is optional. The parameter can be a tag, a branch, 12 | or a GIT hash. 13 | 14 | If the ``VERSION`` parameter is not specified, the top-level ``configure.ac`` 15 | file will determine its value automatically. 16 | 17 | This script will update the sources to create ``cc-oci-runtime`` packages. 18 | 19 | * cc-oci-runtime.dsc 20 | * cc-oci-runtime.spec 21 | 22 | Open Build Service 23 | ------------------ 24 | 25 | The script has two OBS related variables. Using them, the CI can push changes 26 | to the [OBS website] (https://build.opensuse.org/). 27 | 28 | The variables with their default values are as follows: 29 | 30 | * ``OBS_PUSH`` default ``false`` 31 | * ``OBS_RUNTIME_REPO`` default ``home:clearlinux:preview:clear-containers-staging/cc-oci-runtime`` 32 | 33 | To push your changes and trigger a new build of the runtime to the OBS repo, 34 | set the variables in the environment running the script before calling 35 | ``update_runtime.sh`` as follows: 36 | 37 | ```bash 38 | export OBS_PUSH=true 39 | export OBS_RUNTIME_REPO=home:patux:clear-containers-2.1/cc-oci-runtime 40 | 41 | ./update_runtime.sh [VERSION] 42 | ``` 43 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/_service-template: -------------------------------------------------------------------------------- 1 | 2 | 3 | git 4 | https://github.com/01org/cc-oci-runtime.git 5 | .git 6 | cc-oci-runtime 7 | @PARENT_TAG@+git.%h 8 | @VERSION@ 9 | 10 | 11 | *.tar* 12 | gz 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/cc-oci-runtime.dsc-template: -------------------------------------------------------------------------------- 1 | Format: 3.0 (quilt) 2 | Source: cc-oci-runtime 3 | Version: @VERSION@ 4 | Section: devel 5 | Priority: optional 6 | Maintainer: clearlinux.org team 7 | Build-Depends: debhelper (>= 9), cpio, pkg-config, flex, bison, libaudit-dev, bc, python-dev, gawk, autoconf, automake, libtool, libglib2.0-dev, libglib2.0-0, m4, libjson-glib-1.0-0, libjson-glib-dev, valgrind, uuid-dev, check, bats, qemu-lite, clear-containers-image, linux-container, libmnl-dev, libsystemd-dev, golang-go, autoconf-archive 8 | Standards-Version: 3.9.6 9 | Homepage: https://clearlinux.org/features/clear-containers 10 | DEBTRANSFORM-RELEASE: 1 11 | 12 | Package: cc-oci-runtime 13 | Architecture: amd64 14 | Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, qemu-lite (>=@qemu_lite_version@), clear-containers-image (>=@cc_image_version@), linux-container (>=@linux_container_version@) 15 | Description: An Open Containers Initiative (OCI) "runtime" that launches an Intel VT-x secured Clear Containers 2.1 hypervisor, rather than a standard Linux container. 16 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/debian.compat: -------------------------------------------------------------------------------- 1 | 9 2 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/debian.control-template: -------------------------------------------------------------------------------- 1 | Source: cc-oci-runtime 2 | Section: devel 3 | Priority: optional 4 | Maintainer: clearlinux.org team 5 | Build-Depends: debhelper (>= 9), cpio, pkg-config, flex, bison, libaudit-dev, bc, python-dev, gawk, autoconf, automake, libtool, libglib2.0-dev, libglib2.0-0, m4, libjson-glib-1.0-0, libjson-glib-dev, valgrind, uuid-dev, check, bats, qemu-lite, clear-containers-image, linux-container, libmnl-dev, libsystemd-dev, golang-go, autoconf-archive 6 | Standards-Version: 3.9.6 7 | Homepage: https://clearlinux.org/features/clear-containers 8 | 9 | Package: cc-oci-runtime 10 | Architecture: amd64 11 | Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, qemu-lite, clear-containers-image, linux-container 12 | Description: 13 | An Open Containers Initiative (OCI) "runtime" that launches an Intel VT-x secured Clear Containers 2.1 hypervisor, rather than a standard Linux container. 14 | 15 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/debian.postinst: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Restart the cc-proxy socket if running 4 | /bin/systemctl enable cc-proxy.socket 5 | /bin/systemctl daemon-reload 6 | /bin/systemctl restart cc-proxy 7 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/debian.rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | include /usr/share/dpkg/default.mk 3 | export LANG=C 4 | %: 5 | dh $@ 6 | 7 | override_dh_auto_configure: 8 | sh ./autogen.sh --disable-static \ 9 | --disable-cppcheck \ 10 | --disable-tests \ 11 | --disable-valgrind-memcheck \ 12 | --disable-functional-tests \ 13 | --disable-docker-tests \ 14 | --disable-crio-tests \ 15 | --with-cc-kernel=/usr/share/clear-containers/vmlinux.container \ 16 | --with-cc-image=/usr/share/clear-containers/clear-containers.img \ 17 | --with-cc-image-systemdsystemunitdir=/usr/lib/systemd/system \ 18 | --with-systemdsystemunitdir=/usr/lib/systemd/system \ 19 | --enable-autogopath 20 | 21 | override_dh_auto_build: 22 | make V=1 23 | 24 | override_dh_auto_clean: 25 | 26 | override_dh_auto_install: 27 | dh_auto_install 28 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/debian.series: -------------------------------------------------------------------------------- 1 | update_commit_id.patch 2 | -------------------------------------------------------------------------------- /data/obs-packaging/cc-oci-runtime/update_commit_id.patch-template: -------------------------------------------------------------------------------- 1 | --- a/commit_id.fmt 2 | +++ b/commit_id.fmt 3 | @@ -1 +1 @@ 4 | -$Format:%H$ 5 | +@HASH_TAG@ 6 | -------------------------------------------------------------------------------- /data/run-bats.sh.in: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2016 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | # 20 | 21 | # This script can be used to run bats functional test without lose network 22 | # configuration. 23 | # 24 | # See https://github.com/01org/cc-oci-runtime/issues/93 25 | cmd="@BATS_PATH@" 26 | #Networking is not configured using non-root user 27 | #run bats functional tests with network namespace unshared 28 | [ $(id -u) -eq 0 ] && cmd="unshare -n $cmd -t" 29 | eval "$cmd" $@ 30 | -------------------------------------------------------------------------------- /data/vm.json.in: -------------------------------------------------------------------------------- 1 | { 2 | "vm": { 3 | "path": "@QEMU_PATH@", 4 | "image": "@CONTAINERS_IMG@", 5 | "kernel": { 6 | "path": "@CONTAINER_KERNEL@", 7 | "parameters": "@CMDLINE@" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /documentation/DAX.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/DAX.png -------------------------------------------------------------------------------- /documentation/Installing-Clear-Containers-on-Centos-7.md: -------------------------------------------------------------------------------- 1 | # Install the Intel® Clear Containers runtime on Centos 7.0 2 | 3 | ## Required Setup 4 | 5 | The installation requires the current user to run sudo without specifying a password. Verify this with the following commands: 6 | 7 | ``` 8 | $ su - 9 | # echo "$some_user ALL=(ALL:ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo) 10 | $ exit 11 | 12 | ``` 13 | 14 | ## Installation steps 15 | 16 | 1. Ensure the system packages are up-to-date with the command: 17 | 18 | ``` 19 | $ sudo yum -y update 20 | 21 | ``` 22 | 2. Install Git: 23 | 24 | ``` 25 | sudo yum install -y git 26 | 27 | ``` 28 | 3. Create the installation directory and clone the repository with the following commands: 29 | 30 | ``` 31 | $ mkdir -p $HOME/go/src/github/01org 32 | $ cd $HOME/go/src/github/01org 33 | $ git clone https://github.com/01org/cc-oci-runtime.git 34 | $ cd cc-oci-runtime 35 | 36 | ``` 37 | 4. Run the installation script rhel-setup.sh: 38 | 39 | ``` 40 | $ ./installation/rhel-setup.sh 41 | 42 | ``` 43 | 44 | ## Verify the installation was successful 45 | 46 | 1. Check the `cc-oci-runtime` version with the following command: 47 | 48 | ``` 49 | $ cc-oci-runtime --version 50 | 51 | ``` 52 | 53 | 2. Run an example with the following command: 54 | 55 | ``` 56 | $ sudo docker run -ti fedora bash 57 | 58 | ``` 59 | -------------------------------------------------------------------------------- /documentation/Installing-Clear-Containers-on-ClearLinux.md: -------------------------------------------------------------------------------- 1 | # Install the Clear Containers runtime on Clear Linux 2 | 3 | ## Introduction 4 | 5 | Clear Containers 2.1 is available in Clear Linux since version **13310**. 6 | Run `swupd` command to ensure the host is using the latest Clear Linux Version. 7 | 8 | ``` 9 | $ sudo swupd update 10 | ``` 11 | 12 | ## Install the Clear Containers bundle 13 | 14 | ``` 15 | $ sudo swupd bundle-add containers-virt 16 | ``` 17 | 18 | ## Restart the docker systemd service 19 | 20 | Docker on Clear Linux provides a `docker.service` service file to start the `docker` daemon. 21 | The daemon will use `runc` or `cc-oci-runtime` depending on the environment: 22 | 23 | 24 | If you are running Clear Linux on baremetal or on a VM with Nested Virtualization activated, `docker` will use `cc-oci-runtime` as the default runtime. If you are running Clear Linux on a VM without Nested Virtualization, `docker` will use `runc` as the default runtime. It is not necessary to configure Docker to use `cc-oci-runtime` manually since docker itself will automatically use this runtime on systems that support it. 25 | 26 | *Note: to check which runtime your system is using, run:* 27 | ``` 28 | sudo docker info | grep Runtime 29 | ``` 30 | 31 | Restart `docker` service: 32 | ``` 33 | $ sudo systemctl restart docker 34 | ``` 35 | 36 | ## Run a Clear Container 37 | You are now ready to run Clear Containers. For example: 38 | 39 | ``` 40 | $ sudo docker run -ti fedora bash 41 | ``` 42 | -------------------------------------------------------------------------------- /documentation/Installing-Clear-Containers-on-RHEL.md: -------------------------------------------------------------------------------- 1 | # Install the Intel® Clear Containers runtime on RHEL 7.3 2 | 3 | ## Required Setup 4 | 5 | The installation requires the current user to run sudo without specifying a password. Verify this with the following commands: 6 | 7 | ``` 8 | $ su - 9 | # echo "$some_user ALL=(ALL:ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo) 10 | $ exit 11 | 12 | ``` 13 | 14 | ## Installation steps 15 | 16 | 1. Ensure the system packages are up-to-date with the command: 17 | 18 | ``` 19 | $ sudo yum -y update 20 | 21 | ``` 22 | 2. Install Git: 23 | 24 | ``` 25 | sudo yum install -y git 26 | 27 | ``` 28 | 3. Create the installation directory and clone the repository with the following commands: 29 | 30 | ``` 31 | $ mkdir -p $HOME/go/src/github/01org 32 | $ cd $HOME/go/src/github/01org 33 | $ git clone https://github.com/01org/cc-oci-runtime.git 34 | $ cd cc-oci-runtime 35 | 36 | ``` 37 | 4. Run the installation script rhel-setup.sh: 38 | 39 | ``` 40 | $ ./installation/rhel-setup.sh 41 | 42 | ``` 43 | 44 | ## Verify the installation was successful 45 | 46 | 1. Check the `cc-oci-runtime` version with the following command: 47 | 48 | ``` 49 | $ cc-oci-runtime --version 50 | 51 | ``` 52 | 53 | 2. Run an example with the following command: 54 | 55 | ``` 56 | $ sudo docker run -ti fedora bash 57 | 58 | ``` 59 | -------------------------------------------------------------------------------- /documentation/architecture-diagrams.odp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/architecture-diagrams.odp -------------------------------------------------------------------------------- /documentation/create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/create.png -------------------------------------------------------------------------------- /documentation/docker-cc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/docker-cc.png -------------------------------------------------------------------------------- /documentation/high-level-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/high-level-overview.png -------------------------------------------------------------------------------- /documentation/network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/network.png -------------------------------------------------------------------------------- /documentation/overall-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/overall-architecture.png -------------------------------------------------------------------------------- /documentation/qemu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/qemu.png -------------------------------------------------------------------------------- /documentation/shim.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/documentation/shim.png -------------------------------------------------------------------------------- /installation/curl-autoconf-archive.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of cc-oci-runtime. 4 | # 5 | # Copyright (C) 2017 Intel Corporation 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | 21 | # Description: This script downloads and installs the autoconf-archive macros 22 | # necessary to configure this project. This is invoked for distro builds where 23 | # the necessary package is not available to install, and is also useful to 24 | # hand run under certain circumstances. 25 | # Should be run from the top level directory 26 | # 27 | 28 | # autoconf-archive url 29 | autoconf_archive_url="http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4" 30 | mkdir -p m4/ 31 | # curl the required autoconf archive files into the correct place 32 | curl -L "${autoconf_archive_url}/ax_code_coverage.m4" -o m4/ax_code_coverage.m4 33 | curl -L "${autoconf_archive_url}/ax_valgrind_check.m4" -o m4/ax_valgrind_check.m4 34 | -------------------------------------------------------------------------------- /installation/install_clear_image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2017 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | 20 | 21 | set -x 22 | set -e 23 | 24 | if [ "$#" -ne 2 ]; then 25 | echo "Usage: $0 CLEAR_RELEASE PATH" 26 | echo " Install the clear rootfs image from clear CLEAR_RELEASE in PATH." 27 | exit 1 28 | fi 29 | 30 | clear_release="$1" 31 | install_path="$2" 32 | image=clear-${clear_release}-containers.img 33 | cc_img_link_name="clear-containers.img" 34 | base_url="https://download.clearlinux.org/releases/${clear_release}/clear" 35 | tmpdir=$(mktemp -d -t $(basename $0).XXXXXXXXXXX) || exit 1 36 | pushd $tmpdir 37 | 38 | echo "Download clear containers image" 39 | curl -LO "${base_url}/${image}.xz" 40 | 41 | echo "Validate clear containers image checksum" 42 | curl -LO "${base_url}/${image}.xz-SHA512SUMS" 43 | sha512sum -c ${image}.xz-SHA512SUMS 44 | 45 | echo "Extract clear containers image" 46 | unxz ${image}.xz 47 | 48 | sudo mkdir -p ${install_path} 49 | echo "Install clear containers image" 50 | sudo install -D --owner root --group root --mode 0755 ${image} ${install_path}/${image} 51 | 52 | echo -e "Create symbolic link ${install_path}/${cc_img_link_name}" 53 | sudo ln -fs ${install_path}/${image} ${install_path}/${cc_img_link_name} 54 | 55 | # clean up 56 | rm -f ${image} ${image}.xz-SHA512SUMS 57 | popd 58 | -------------------------------------------------------------------------------- /packages.json: -------------------------------------------------------------------------------- 1 | { 2 | "github.com/davecgh/go-spew": { 3 | "url": "https://github.com/davecgh/go-spew.git", 4 | "version": "6d212800", 5 | "license": "ISC" 6 | }, 7 | "github.com/golang/glog": { 8 | "url": "https://github.com/golang/glog.git", 9 | "version": "23def4e6c14b4da8ac2ed8007337bc5eb5007998", 10 | "license": "Apache 2.0" 11 | }, 12 | "github.com/hyperhq/runv": { 13 | "url": "https://github.com/hyperhq/runv.git", 14 | "version": "28d48ac6", 15 | "license": "Apache v2.0" 16 | }, 17 | "github.com/pmezard/go-difflib": { 18 | "url": "https://github.com/pmezard/go-difflib.git", 19 | "version": "792786c7", 20 | "license": "BSD" 21 | }, 22 | "github.com/containers/virtcontainers": { 23 | "url": "https://github.com/containers/virtcontainers.git", 24 | "version": "v0.2.3", 25 | "license": "Apache 2.0" 26 | }, 27 | "github.com/stretchr/testify": { 28 | "url": "https://github.com/stretchr/testify.git", 29 | "version": "976c720a", 30 | "license": "MIT" 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /proxy/api/common_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package api 16 | 17 | import ( 18 | "net" 19 | "os" 20 | "syscall" 21 | ) 22 | 23 | func socketpair() (*net.UnixConn, *net.UnixConn, error) { 24 | fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) 25 | if err != nil { 26 | return nil, nil, err 27 | } 28 | 29 | // First end 30 | f0 := os.NewFile(uintptr(fds[0]), "") 31 | // os.NewFile() dups the fd and we're responsible for closing it 32 | defer f0.Close() 33 | c0, err := net.FileConn(f0) 34 | if err != nil { 35 | return nil, nil, err 36 | } 37 | 38 | // Second end 39 | f1 := os.NewFile(uintptr(fds[1]), "") 40 | defer f1.Close() 41 | c1, err := net.FileConn(f1) 42 | if err != nil { 43 | return nil, nil, err 44 | } 45 | 46 | return c0.(*net.UnixConn), c1.(*net.UnixConn), nil 47 | } 48 | -------------------------------------------------------------------------------- /proxy/api/fdpassing_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package api 16 | 17 | import ( 18 | "os" 19 | "testing" 20 | 21 | "github.com/stretchr/testify/assert" 22 | ) 23 | 24 | // Ensure the message we send along with the fd is only a single byte 25 | func TestTagLength(t *testing.T) { 26 | assert.Equal(t, 1, len(fileTagMsg)) 27 | } 28 | 29 | func TestFdPassing(t *testing.T) { 30 | reader, writer, err := os.Pipe() 31 | assert.Nil(t, err) 32 | 33 | // Passes the reader end of the pipe fd through a AF_UNIX connection 34 | // and recreate an os.File from the received fd 35 | c0, c1, err := socketpair() 36 | assert.Nil(t, err) 37 | 38 | err = WriteFd(c0, int(reader.Fd())) 39 | assert.Nil(t, err) 40 | 41 | newFd, err := ReadFd(c1) 42 | assert.Nil(t, err) 43 | assert.NotEqual(t, newFd, -1) 44 | 45 | newReader := os.NewFile(uintptr(newFd), "") 46 | 47 | // write into the pipe and check reading from newReader gives the 48 | // expected result 49 | var data = []byte("foo") 50 | 51 | n, err := writer.Write(data) 52 | assert.Nil(t, err) 53 | assert.Equal(t, n, len(data)) 54 | 55 | buf := make([]byte, 512) 56 | n, err = newReader.Read(buf) 57 | assert.Nil(t, err) 58 | assert.Equal(t, n, len(data)) 59 | assert.Equal(t, data, buf[:n]) 60 | 61 | // cleanup 62 | reader.Close() 63 | writer.Close() 64 | c0.Close() 65 | c1.Close() 66 | newReader.Close() 67 | } 68 | -------------------------------------------------------------------------------- /proxy/api/protocol_test.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package api 16 | 17 | import ( 18 | "testing" 19 | 20 | "github.com/stretchr/testify/assert" 21 | ) 22 | 23 | func TestHeaderValidate(t *testing.T) { 24 | tests := []struct { 25 | hdr header 26 | valid bool 27 | }{ 28 | { 29 | hdr: header{length: 64}, 30 | valid: true, 31 | }, 32 | { 33 | hdr: header{length: maxPayloadLength + 1}, 34 | valid: false, 35 | }, 36 | { 37 | hdr: header{length: 64, flags: 0x1}, 38 | valid: false, 39 | }, 40 | } 41 | 42 | for i := range tests { 43 | test := &tests[i] 44 | err := test.hdr.validate() 45 | assert.Equal(t, test.valid, err == nil) 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /proxy/cc-proxy.service.in: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Clear Containers Proxy 3 | Documentation=https://github.com/01org/cc-oci-runtime/proxy 4 | 5 | [Service] 6 | ExecStart=@libexecdir@/cc-proxy 7 | LimitNOFILE=infinity 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /proxy/cc-proxy.socket.in: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Clear Containers Proxy Socket 3 | Documentation=https://github.com/01org/cc-oci-runtime/proxy 4 | PartOf=cc-proxy.service 5 | 6 | [Socket] 7 | ListenStream=@localstatedir@/run/cc-oci-runtime/proxy.sock 8 | DirectoryMode=0770 9 | SocketMode=0660 10 | 11 | [Install] 12 | WantedBy=sockets.target 13 | -------------------------------------------------------------------------------- /proxy/selinux/Makefile: -------------------------------------------------------------------------------- 1 | TARGETS?= cc-proxy 2 | MODULES?=${TARGETS:=.pp.bz2} 3 | 4 | all: ${TARGETS:=.pp.bz2} 5 | 6 | %.pp.bz2: %.pp 7 | @echo Compressing $^ -\ $@ 8 | bzip2 -9 $^ 9 | 10 | %.pp: %.te 11 | make -f /usr/share/selinux/devel/Makefile $@ 12 | 13 | clean: 14 | rm -f *~ *.tc *.pp *.pp.bz2 15 | rm -rf tmp 16 | -------------------------------------------------------------------------------- /proxy/selinux/README.md: -------------------------------------------------------------------------------- 1 | # Clear Containers SELinux module 2 | 3 | SELinux module to allow Clear Containers to run 4 | 5 | ## Install 6 | 7 | Run the following commands as root 8 | 9 | Create the module 10 | 11 | ``` 12 | dnf install selinux-policy-devel rpm-build 13 | make 14 | ``` 15 | 16 | Fix /run/cc-oci-runtime/proxy.sock 17 | 18 | ``` 19 | # restorecon -R -v /run/cc-oci-runtime/proxy.sock 20 | ``` 21 | 22 | Insert selinux module 23 | 24 | ``` 25 | # semodule -X 300 -i cc-proxy.pp.bz2 26 | ``` 27 | 28 | Start proxy-socket: 29 | 30 | ``` 31 | # systemctl start cc-proxy.socket 32 | ``` 33 | 34 | Check status on proxy-socket: 35 | 36 | ``` 37 | # systemctl status cc-proxy.socket 38 | ● cc-proxy.socket - Clear Containers Proxy Socket 39 | Loaded: loaded (/usr/lib/systemd/system/cc-proxy.socket; disabled; vendor preset: disabled) 40 | Active: active (listening) since Tue 2017-01-17 14:36:36 CST; 8min ago 41 | Docs: https://github.com/01org/cc-oci-runtime/proxy 42 | Listen: /var/run/cc-oci-runtime/proxy.sock (Stream) 43 | 44 | Jan 17 14:36:36 foo.bar systemd[1]: Listening on Clear Containers Proxy Socket. 45 | Jan 17 14:36:45 foo.bar systemd[1]: Listening on Clear Containers Proxy Socket. 46 | Jan 17 14:44:39 foo.bar systemd[1]: Listening on Clear Containers Proxy Socket. 47 | ``` 48 | 49 | References: 50 | * [https://github.com/01org/cc-oci-runtime/issues/519#issuecomment-273294907](https://github.com/01org/cc-oci-runtime/issues/519#issuecomment-273294907) 51 | * [https://lvrabec-selinux.rhcloud.com/2015/07/07/how-to-create-selinux-product-policy/](https://lvrabec-selinux.rhcloud.com/2015/07/07/how-to-create-selinux-product-policy/) 52 | * [https://github.com/mgrepl/docker-selinux](https://github.com/mgrepl/docker-selinux) 53 | -------------------------------------------------------------------------------- /proxy/selinux/cc-proxy.fc: -------------------------------------------------------------------------------- 1 | # 2 | -------------------------------------------------------------------------------- /proxy/selinux/cc-proxy.if: -------------------------------------------------------------------------------- 1 | ## 2 | cc-proxy service. 3 | -------------------------------------------------------------------------------- /proxy/selinux/cc-proxy.te: -------------------------------------------------------------------------------- 1 | module cc-proxy 1.0; 2 | 3 | require { 4 | type init_t; 5 | type unconfined_service_t; 6 | class unix_stream_socket { bind create listen setopt }; 7 | } 8 | 9 | #============= init_t ============== 10 | 11 | allow init_t unconfined_service_t:unix_stream_socket { listen bind create setopt }; 12 | 13 | -------------------------------------------------------------------------------- /proxy/socket_activation.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import ( 18 | "os" 19 | "strconv" 20 | "syscall" 21 | ) 22 | 23 | const ( 24 | listenFdsStart = 3 25 | ) 26 | 27 | func listenFds() []*os.File { 28 | pid, err := strconv.Atoi(os.Getenv("LISTEN_PID")) 29 | if err != nil || pid != os.Getpid() { 30 | return nil 31 | } 32 | 33 | nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS")) 34 | if err != nil || nfds == 0 { 35 | return nil 36 | } 37 | 38 | files := []*os.File(nil) 39 | for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ { 40 | syscall.CloseOnExec(fd) 41 | files = append(files, os.NewFile(uintptr(fd), "")) 42 | } 43 | 44 | return files 45 | } 46 | -------------------------------------------------------------------------------- /proxy/syscall.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import ( 18 | "net" 19 | "os" 20 | "syscall" 21 | ) 22 | 23 | // Socketpair wraps the eponymous syscall but gives go friendly objects instead 24 | // of the raw file descriptors. 25 | func Socketpair() (*net.UnixConn, *net.UnixConn, error) { 26 | fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0) 27 | if err != nil { 28 | return nil, nil, err 29 | } 30 | 31 | // First end 32 | f0 := os.NewFile(uintptr(fds[0]), "") 33 | // os.NewFile() dups the fd and we're responsible for closing it 34 | defer f0.Close() 35 | c0, err := net.FileConn(f0) 36 | if err != nil { 37 | return nil, nil, err 38 | } 39 | 40 | // Second end 41 | f1 := os.NewFile(uintptr(fds[1]), "") 42 | defer f1.Close() 43 | c1, err := net.FileConn(f1) 44 | if err != nil { 45 | return nil, nil, err 46 | } 47 | 48 | return c0.(*net.UnixConn), c1.(*net.UnixConn), nil 49 | } 50 | -------------------------------------------------------------------------------- /shim/README.md: -------------------------------------------------------------------------------- 1 | # `cc-shim` 2 | 3 | `cc-shim` is a process spawned by the runtime per container workload. The runtime 4 | provides the pid of the cc-shim process to containerd-shim on OCI create command. 5 | 6 | Usage: 7 | cc-shim --container-id $(container_id) --proxy-sock-fd $(proxy_socket_fd) \ 8 | --proxy-io-fd $(io-fd) --seq-no $(io-seq-no) --err-seq-no $(err-seq-no) 9 | 10 | Here the $(proxy_socket_fd) is the socket fd opened by the runtime for connecting 11 | to the proxy control socket, $(io-fd) is a per exec I/O file descriptor passed by 12 | the proxy to the runtime, $(io-seq-no) is the sequence number passed by the proxy 13 | to the runtime, and (err-seq-no) is the seqence number of the error stream is the 14 | stderr has be directed to some other location. 15 | 16 | `cc-shim` forwards all signals to the cc-proxy process to be handled by the agent 17 | in the VM. 18 | 19 | The shim forwards any input received from containerd-shim to cc-proxy and 20 | writes any data received from the proxy on the I/O file descriptor to stdout/stderr 21 | which is picked up by containerd-shim. 22 | 23 | TODO: 24 | The shim should capture the exit status of the container and exit with that exit code. 25 | -------------------------------------------------------------------------------- /shim/log.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #define _GNU_SOURCE 16 | #include 17 | #include 18 | #include 19 | 20 | #include "log.h" 21 | 22 | static bool debug; 23 | 24 | /*! 25 | * Setup logging. 26 | * 27 | * \param _debug Bool for logging debug output. 28 | */ 29 | void shim_log_init(bool _debug) 30 | { 31 | int syslog_options = (LOG_PID | LOG_NOWAIT); 32 | 33 | debug = _debug; 34 | openlog(0, syslog_options, LOG_USER); 35 | } 36 | 37 | /*! 38 | * Log to syslog. 39 | * 40 | * \param priority Syslog priority. 41 | * \param func Function at call site. 42 | * \param line_number Call site line number. 43 | * \param format Format and arguments to log. 44 | */ 45 | void shim_log(int priority, const char *func, int line_number, const char *format, ...) 46 | { 47 | va_list vargs; 48 | char *buf; 49 | 50 | if (! (format && func)) { 51 | return; 52 | } 53 | 54 | if (priority < LOG_EMERG || priority > LOG_DEBUG) { 55 | return; 56 | } 57 | 58 | if (priority == LOG_DEBUG && !debug) { 59 | return; 60 | } 61 | 62 | va_start(vargs, format); 63 | if (vasprintf(&buf, format, vargs) == -1) { 64 | va_end(vargs); 65 | return; 66 | } 67 | 68 | if (priority <= LOG_ERR) { 69 | fprintf(stderr, "%s:%d:%s\n", func, line_number, buf); 70 | } 71 | 72 | syslog(priority, "%s:%d:%s", func, line_number, buf); 73 | va_end(vargs); 74 | free(buf); 75 | } 76 | -------------------------------------------------------------------------------- /shim/log.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #pragma once 16 | 17 | #include 18 | #include 19 | 20 | void shim_log_init(bool debug); 21 | 22 | void shim_log(int priority, 23 | const char *func, 24 | int line_number, 25 | const char *format, ...); 26 | 27 | /* 28 | * Acceptable values for priority: 29 | * 30 | * LOG_EMERG system is unusable -> 0 31 | * LOG_ALERT action must be taken immediately -> 1 32 | * LOG_CRITICAL critical conditions 33 | * LOG_ERR error conditions 34 | * LOG_WARNING warning conditions 35 | * LOG_NOTICE normal, but significant, condition 36 | * LOG_INFO informational message 37 | * LOG_DEBUG debug-level message -> 7 38 | */ 39 | 40 | #define shim_debug(...) shim_log(LOG_DEBUG, __func__, __LINE__, __VA_ARGS__) 41 | #define shim_info(...) shim_log(LOG_INFO, __func__, __LINE__, __VA_ARGS__) 42 | #define shim_warning(...) shim_log(LOG_WARNING, __func__, __LINE__, __VA_ARGS__) 43 | #define shim_error(...) shim_log(LOG_ERR, __func__, __LINE__, __VA_ARGS__) 44 | #define shim_critical(...) shim_log(LOG_CRITICAL, __func__, __LINE__, __VA_ARGS__) 45 | #define shim_alert(...) shim_log(LOG_ALERT, __func__, __LINE__, __VA_ARGS__) 46 | #define shim_emerg(...) shim_log(LOG_EMERG, __func__, __LINE__, __VA_ARGS__) 47 | -------------------------------------------------------------------------------- /shim/shim.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | 17 | /* The shim would be handling fixed number of predefined fds. 18 | * This would be signal fd, stdin fd, proxy socket fd and an I/O 19 | * fd passed by the runtime 20 | */ 21 | #define MAX_POLL_FDS 4 22 | 23 | struct cc_shim { 24 | char *container_id; 25 | int proxy_sock_fd; 26 | int proxy_io_fd; 27 | uint64_t io_seq_no; 28 | uint64_t err_seq_no; 29 | bool exiting; 30 | bool initial_workload; 31 | }; 32 | 33 | /* 34 | * control message format 35 | * | ctrl id | length | payload (length-8) | 36 | * | . . . . | . . . . | . . . . . . . . . . . . | 37 | * 0 4 8 length 38 | */ 39 | #define CONTROL_HEADER_SIZE 8 40 | #define CONTROL_HEADER_LENGTH_OFFSET 4 41 | 42 | /* 43 | * stream message format 44 | * | stream sequence | length | payload (length-12) | 45 | * | . . . . . . . . | . . . . | . . . . . . . . . . . . | 46 | * 0 8 12 length 47 | */ 48 | #define STREAM_HEADER_SIZE 12 49 | #define STREAM_HEADER_LENGTH_OFFSET 8 50 | 51 | #define PROXY_CTL_HEADER_SIZE 8 52 | #define PROXY_CTL_HEADER_LENGTH_OFFSET 0 53 | 54 | /* 55 | * Hyperstart is limited to sending this number of bytes to 56 | * a client. 57 | * 58 | * (This value can be determined by inspecting the hyperstart 59 | * source where hyper_event_ops->wbuf_size is set). 60 | */ 61 | #define HYPERSTART_MAX_RECV_BYTES 10240 62 | 63 | -------------------------------------------------------------------------------- /shim/utils.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #pragma once 16 | 17 | #include 18 | 19 | extern int shim_signal_table[]; 20 | 21 | bool set_fd_nonblocking(int fd); 22 | void set_big_endian_32(uint8_t *buf, uint32_t val); 23 | uint32_t get_big_endian_32(const uint8_t *buf); 24 | void set_big_endian_64(uint8_t *buf, uint64_t val); 25 | uint64_t get_big_endian_64(const uint8_t *buf); 26 | -------------------------------------------------------------------------------- /src/annotation.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "annotation.h" 22 | #include "common.h" 23 | 24 | /*! 25 | * Free the specified annotation. 26 | * 27 | * \param a \ref oci_cfg_annotation. 28 | */ 29 | private void 30 | cc_oci_annotation_free (struct oci_cfg_annotation *a) { 31 | if (! a) { 32 | return; 33 | } 34 | 35 | g_free_if_set (a->key); 36 | g_free_if_set (a->value); 37 | 38 | g_free (a); 39 | } 40 | 41 | /*! 42 | * Free all annotations. 43 | * 44 | * \param annotations List of \ref oci_cfg_annotation. 45 | */ 46 | void 47 | cc_oci_annotations_free_all (GSList *annotations) { 48 | if (! annotations) { 49 | return; 50 | } 51 | 52 | g_slist_free_full (annotations, 53 | (GDestroyNotify)cc_oci_annotation_free); 54 | } 55 | 56 | /*! 57 | * Convert the list of annotations to a JSON object. 58 | * 59 | * \param config \ref cc_oci_config. 60 | * 61 | * \return \c JsonObject 62 | */ 63 | JsonObject * 64 | cc_oci_annotations_to_json (const struct cc_oci_config *config) 65 | { 66 | JsonObject *obj = NULL; 67 | GSList *l; 68 | 69 | obj = json_object_new (); 70 | 71 | for (l = config->oci.annotations; l && l->data; l = g_slist_next (l)) { 72 | struct oci_cfg_annotation *a = (struct oci_cfg_annotation *)l->data; 73 | 74 | json_object_set_string_member(obj, a->key, a->value); 75 | } 76 | 77 | return obj; 78 | } 79 | 80 | -------------------------------------------------------------------------------- /src/annotation.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_ANNOTATION_H 22 | #define _CC_OCI_ANNOTATION_H 23 | 24 | #include 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | #include "util.h" 31 | #include "oci.h" 32 | 33 | void cc_oci_annotations_free_all (GSList *annotations); 34 | JsonObject *cc_oci_annotations_to_json (const struct cc_oci_config *config); 35 | 36 | #endif /* _CC_OCI_ANNOTATION_H */ 37 | -------------------------------------------------------------------------------- /src/commands/checkpoint.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | #include "state.h" 23 | 24 | static gboolean 25 | handler_checkpoint (const struct subcommand *sub, 26 | struct cc_oci_config *config, 27 | int argc, char *argv[]) 28 | { 29 | gboolean ret = true; 30 | 31 | g_assert (sub); 32 | g_assert (config); 33 | 34 | if (handle_default_usage (argc, argv, sub->name, 35 | &ret, 1, NULL)) { 36 | return ret; 37 | } 38 | 39 | if (! cc_oci_state_file_exists(config)) { 40 | g_warning ("state file does not exist for container %s", 41 | config->optarg_container_id); 42 | ret = false; 43 | } 44 | 45 | return ret; 46 | } 47 | 48 | struct subcommand command_checkpoint = 49 | { 50 | .name = "checkpoint", 51 | .handler = handler_checkpoint, 52 | .description = "checkpoint a running container", 53 | }; 54 | -------------------------------------------------------------------------------- /src/commands/delete.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | 23 | struct subcommand command_delete = 24 | { 25 | .name = "delete", 26 | 27 | /* delete is what the OCI spec calls stop */ 28 | .handler = handle_command_stop, 29 | .description = "delete resources held by a container", 30 | }; 31 | -------------------------------------------------------------------------------- /src/commands/help.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | 23 | static void 24 | usage (void) 25 | { 26 | struct subcommand **sub; 27 | g_print ("Usage:\n"); 28 | g_print ("%s [global options] [command] [command options]\n", 29 | PACKAGE_NAME); 30 | g_print ("\n"); 31 | g_print ("Supported commands:\n"); 32 | for (sub = subcommands; (*sub) && (*sub)->name; sub++) { 33 | if ((*sub)->description ){ 34 | g_print ("\t%-15s %8s\n", (*sub)->name,(*sub)->description); 35 | } 36 | } 37 | 38 | } 39 | 40 | static gboolean 41 | handler_help (const struct subcommand *sub, 42 | struct cc_oci_config *config, 43 | int argc, char *argv[]) 44 | { 45 | (void)sub; 46 | (void)config; 47 | 48 | usage (); 49 | return true; 50 | } 51 | 52 | struct subcommand command_help = 53 | { 54 | .name = "help", 55 | .handler = handler_help, 56 | .description = "show this help", 57 | }; 58 | -------------------------------------------------------------------------------- /src/commands/list.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | 23 | static char *format; 24 | static gboolean show_all; 25 | 26 | static GOptionEntry options_list[] = 27 | { 28 | { 29 | "all", 'a', G_OPTION_FLAG_NONE, 30 | G_OPTION_ARG_NONE, &show_all, 31 | "display all output", NULL 32 | }, 33 | { 34 | "format", 'f', G_OPTION_FLAG_NONE, 35 | G_OPTION_ARG_STRING, &format, 36 | "change output format", NULL 37 | }, 38 | 39 | {NULL} 40 | }; 41 | 42 | static gboolean 43 | handler_list (const struct subcommand *sub, 44 | struct cc_oci_config *config, 45 | int argc, char *argv[]) 46 | { 47 | gboolean ret; 48 | 49 | g_assert (sub); 50 | g_assert (config); 51 | 52 | ret = cc_oci_list (config, format ? format : "table", show_all); 53 | 54 | g_free_if_set (format); 55 | 56 | return ret; 57 | } 58 | 59 | struct subcommand command_list = 60 | { 61 | .name = "list", 62 | .options = options_list, 63 | .handler = handler_list, 64 | .description = "list all container details", 65 | }; 66 | -------------------------------------------------------------------------------- /src/commands/pause.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | 23 | static gboolean 24 | handler_pause (const struct subcommand *sub, 25 | struct cc_oci_config *config, 26 | int argc, char *argv[]) 27 | { 28 | g_assert (sub); 29 | g_assert (config); 30 | 31 | return handle_command_toggle (sub, config, argc, argv, true); 32 | } 33 | 34 | struct subcommand command_pause = 35 | { 36 | .name = "pause", 37 | .handler = handler_pause, 38 | .description = "pause all the tasks inside a container", 39 | }; 40 | -------------------------------------------------------------------------------- /src/commands/ps.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | #include "state.h" 23 | 24 | 25 | static gboolean 26 | handler_ps (const struct subcommand *sub, 27 | struct cc_oci_config *config, 28 | int argc, char *argv[]) 29 | { 30 | gboolean ret; 31 | 32 | g_assert (sub); 33 | g_assert (config); 34 | 35 | if (handle_default_usage (argc, argv, sub->name, 36 | &ret, 1, "")) { 37 | return ret; 38 | } 39 | 40 | config->optarg_container_id = argv[0]; 41 | 42 | if (! cc_oci_state_file_exists(config)) { 43 | g_warning ("state file does not exist for container %s", 44 | config->optarg_container_id); 45 | return false; 46 | } 47 | 48 | //FIXME: implement ps, run ps inside the VM ? 49 | 50 | return true; 51 | } 52 | 53 | struct subcommand command_ps = 54 | { 55 | .name = "ps", 56 | .handler = handler_ps, 57 | .description = "display the processes running inside a container", 58 | }; 59 | -------------------------------------------------------------------------------- /src/commands/restore.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | #include "state.h" 23 | 24 | static gboolean 25 | handler_restore (const struct subcommand *sub, 26 | struct cc_oci_config *config, 27 | int argc, char *argv[]) 28 | { 29 | gboolean ret = true; 30 | 31 | g_assert (sub); 32 | g_assert (config); 33 | 34 | if (handle_default_usage (argc, argv, sub->name, 35 | &ret, 1, NULL)) { 36 | return ret; 37 | } 38 | 39 | if (! cc_oci_state_file_exists(config)) { 40 | g_warning ("state file does not exist for container %s", 41 | config->optarg_container_id); 42 | ret = false; 43 | } 44 | 45 | return ret; 46 | } 47 | 48 | struct subcommand command_restore = 49 | { 50 | .name = "restore", 51 | .handler = handler_restore, 52 | .description = "restore a container from a previous checkpoint", 53 | }; 54 | -------------------------------------------------------------------------------- /src/commands/resume.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | 23 | static gboolean 24 | handler_resume (const struct subcommand *sub, 25 | struct cc_oci_config *config, 26 | int argc, char *argv[]) 27 | { 28 | g_assert (sub); 29 | g_assert (config); 30 | 31 | return handle_command_toggle (sub, config, argc, argv, false); 32 | } 33 | 34 | struct subcommand command_resume = 35 | { 36 | .name = "resume", 37 | .handler = handler_resume, 38 | .description = "resume a previously paused container", 39 | }; 40 | -------------------------------------------------------------------------------- /src/commands/state.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | #include "state.h" 23 | #include "runtime.h" 24 | 25 | static gboolean 26 | handler_state (const struct subcommand *sub, 27 | struct cc_oci_config *config, 28 | int argc, char *argv[]) 29 | { 30 | gchar* contents; 31 | gsize length; 32 | GError* error = NULL; 33 | gboolean ret; 34 | 35 | g_assert (sub); 36 | g_assert (config); 37 | 38 | if (handle_default_usage (argc, argv, sub->name, 39 | &ret, 1, NULL)) { 40 | return ret; 41 | } 42 | 43 | /* Used to allow us to find the state file */ 44 | config->optarg_container_id = argv[0]; 45 | 46 | g_debug ("state container_id='%s'", config->optarg_container_id); 47 | 48 | if (! cc_oci_runtime_path_get (config)) { 49 | return false; 50 | } 51 | 52 | if (! cc_oci_state_file_get (config)) { 53 | return false; 54 | } 55 | 56 | ret = g_file_get_contents (config->state.state_file_path, 57 | &contents, 58 | &length, 59 | &error); 60 | 61 | if (! ret) { 62 | g_critical ("failed to read state file %s: %s", 63 | config->state.state_file_path, 64 | error->message); 65 | g_error_free (error); 66 | return false; 67 | } 68 | 69 | g_print("%s\n", contents); 70 | g_free (contents); 71 | 72 | return true; 73 | } 74 | 75 | struct subcommand command_state = 76 | { 77 | .name = "state", 78 | .handler = handler_state, 79 | .description = "shows the state of a container", 80 | }; 81 | -------------------------------------------------------------------------------- /src/commands/stop.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | 23 | struct subcommand command_stop = 24 | { 25 | .name = "stop", 26 | .handler = handle_command_stop, 27 | .description = "destroy a container", 28 | }; 29 | -------------------------------------------------------------------------------- /src/commands/update.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | #include "state.h" 23 | 24 | static gboolean 25 | handler_update (const struct subcommand *sub, 26 | struct cc_oci_config *config, 27 | int argc, char *argv[]) 28 | { 29 | gboolean ret = true; 30 | 31 | g_assert (sub); 32 | g_assert (config); 33 | 34 | if (handle_default_usage (argc, argv, sub->name, 35 | &ret, 1, NULL)) { 36 | return ret; 37 | } 38 | 39 | /* Used to allow us to find the state file */ 40 | config->optarg_container_id = argv[0]; 41 | 42 | if (! cc_oci_state_file_exists(config)) { 43 | g_warning ("state file does not exist for container %s", 44 | config->optarg_container_id); 45 | ret = false; 46 | } 47 | 48 | return ret; 49 | } 50 | 51 | struct subcommand command_update = 52 | { 53 | .name = "update", 54 | .handler = handler_update, 55 | .description = "update container resource constraints", 56 | }; 57 | -------------------------------------------------------------------------------- /src/commands/version.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include "command.h" 22 | 23 | static void 24 | show_version (void) 25 | { 26 | g_print ("%s version: %s\n", PACKAGE_NAME, PACKAGE_VERSION); 27 | g_print ("spec version: %s\n", CC_OCI_SUPPORTED_SPEC_VERSION); 28 | g_print ("commit: %s\n", GIT_COMMIT); 29 | } 30 | 31 | static gboolean 32 | handler_version (const struct subcommand *sub, 33 | struct cc_oci_config *config, 34 | int argc, char *argv[]) 35 | { 36 | (void)sub; 37 | (void)config; 38 | 39 | show_version (); 40 | return true; 41 | } 42 | 43 | struct subcommand command_version = 44 | { 45 | .name = "version", 46 | .handler = handler_version, 47 | .description = "shows the program version and OCI spec supported version", 48 | }; 49 | -------------------------------------------------------------------------------- /src/common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_COMMON_H 22 | #define _CC_OCI_COMMON_H 23 | 24 | /* unhide static functions to allow all functions to be tested 25 | * by the unit test framework. 26 | */ 27 | #ifdef UNIT_TESTING 28 | #define private 29 | #else 30 | #define private static 31 | #endif 32 | 33 | #endif /* _CC_OCI_COMMON_H */ 34 | -------------------------------------------------------------------------------- /src/events.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_EVENTS_H 22 | #define _CC_OCI_EVENTS_H 23 | 24 | gboolean 25 | show_container_stats(struct cc_oci_config *config, 26 | struct oci_state *state, int interval); 27 | #endif /* _CC_OCI_EVENTS_H */ 28 | -------------------------------------------------------------------------------- /src/hypervisor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_HYPERVISOR_H 22 | #define _CC_OCI_HYPERVISOR_H 23 | 24 | /** Name of file containing hypervisor arguments (one per line) */ 25 | #define CC_OCI_HYPERVISOR_CMDLINE_FILE "hypervisor.args" 26 | 27 | gboolean cc_oci_vm_args_get (struct cc_oci_config *config, 28 | gchar ***args, GPtrArray *hypervisor_extra_args); 29 | gboolean cc_oci_expand_cmdline (struct cc_oci_config *config, 30 | gchar **args); 31 | void cc_oci_populate_extra_args(struct cc_oci_config *config, 32 | GPtrArray *additional_args); 33 | 34 | #endif /* _CC_OCI_HYPERVISOR_H */ 35 | -------------------------------------------------------------------------------- /src/json.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_JSON_H 22 | #define _CC_OCI_JSON_H 23 | 24 | #include 25 | 26 | #include 27 | 28 | bool cc_oci_json_parse (GNode** node, const gchar* filename); 29 | 30 | #endif /* _CC_OCI_JSON_H */ 31 | -------------------------------------------------------------------------------- /src/logging.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_LOGGING_H 22 | #define _CC_OCI_LOGGING_H 23 | 24 | /** Mode for logfiles. */ 25 | #define CC_OCI_LOGFILE_MODE 0640 26 | 27 | #include "oci-config.h" 28 | 29 | /** Options to pass to cc_oci_log_handler(). */ 30 | struct cc_log_options 31 | { 32 | /* if \c true, enable debug logging, else disable it */ 33 | gboolean enable_debug; 34 | 35 | /* Full path to logfile to use. */ 36 | char *filename; 37 | 38 | /* Full path to global logfile to append to. */ 39 | char *global_logfile; 40 | 41 | /* Full path to hypervisor log dir. */ 42 | char *hypervisor_log_dir; 43 | 44 | /* If \c true, log in JSON, else ASCII. */ 45 | gboolean use_json; 46 | }; 47 | 48 | gboolean cc_oci_log_init (const struct cc_log_options *options); 49 | void cc_oci_log_free (struct cc_log_options *options); 50 | gboolean cc_oci_setup_hypervisor_logs (struct cc_oci_config *config); 51 | 52 | #endif /* _CC_OCI_LOGGING_H */ 53 | -------------------------------------------------------------------------------- /src/namespace.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_NAMESPACE_H 22 | #define _CC_OCI_NAMESPACE_H 23 | 24 | void cc_oci_ns_free (struct oci_cfg_namespace *ns); 25 | gboolean cc_oci_ns_setup (struct cc_oci_config *config); 26 | const char *cc_oci_ns_to_str (enum oci_namespace ns); 27 | enum oci_namespace cc_oci_str_to_ns (const char *str); 28 | JsonArray * 29 | cc_oci_ns_to_json (const struct cc_oci_config *config); 30 | gboolean cc_oci_ns_join(struct oci_cfg_namespace *ns); 31 | 32 | #endif /* _CC_OCI_NAMESPACE_H */ 33 | -------------------------------------------------------------------------------- /src/netlink.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_NETLINK_H 22 | #define _CC_OCI_NETLINK_H 23 | 24 | #include "oci.h" 25 | 26 | struct netlink_handle { 27 | guint seq; 28 | struct mnl_socket *nl; 29 | }; 30 | 31 | struct netlink_handle * netlink_init(void); 32 | 33 | void netlink_close(struct netlink_handle *const hndl); 34 | 35 | gboolean netlink_link_enable(struct netlink_handle *const hndl, 36 | const gchar *const interface, gboolean enable); 37 | 38 | gboolean netlink_link_add_bridge(struct netlink_handle *const hndl, 39 | const gchar *const name); 40 | 41 | gboolean netlink_link_set_master(struct netlink_handle *const hndl, 42 | guint dev, guint master); 43 | 44 | gboolean netlink_link_set_addr(struct netlink_handle *const hndl, 45 | const gchar *const interface, gulong size, 46 | const guchar *const hwaddr); 47 | 48 | gboolean netlink_get_routes(struct cc_oci_config *config, 49 | struct netlink_handle *const hndl, 50 | guchar family); 51 | 52 | #endif /* _CC_OCI_NETLINK_H */ 53 | -------------------------------------------------------------------------------- /src/network.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_NETWORK_H 22 | #define _CC_OCI_NETWORK_H 23 | 24 | gboolean cc_oci_vm_pause (const gchar *socket_path, GPid pid); 25 | gboolean cc_oci_vm_resume (const gchar *socket_path, GPid pid); 26 | 27 | #endif /* _CC_OCI_NETWORK_H */ 28 | -------------------------------------------------------------------------------- /src/networking.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_NETWORKING_H 22 | #define _CC_OCI_NETWORKING_H 23 | 24 | #include "netlink.h" 25 | 26 | void cc_oci_net_interface_free (struct cc_oci_net_if_cfg *if_cfg); 27 | 28 | void cc_oci_net_ipv4_route_free(struct cc_oci_net_ipv4_route *route); 29 | 30 | gboolean cc_oci_network_create(const struct cc_oci_config *const config, 31 | struct netlink_handle *hndl); 32 | 33 | gchar * cc_net_get_ip_address(const gint family, const void *const sin_addr); 34 | 35 | 36 | gboolean cc_oci_network_discover(struct cc_oci_config *const config, 37 | struct netlink_handle *hndl); 38 | 39 | #endif /* _CC_OCI_NETWORKING_H */ 40 | -------------------------------------------------------------------------------- /src/oci-config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_CONFIG_H 22 | #define _CC_OCI_CONFIG_H 23 | 24 | #include "spec_handler.h" 25 | 26 | gchar *cc_oci_config_file_path (const char *bundle_path); 27 | struct cc_oci_config *cc_oci_config_create (void); 28 | void cc_oci_config_free (struct cc_oci_config *config); 29 | 30 | gboolean 31 | cc_oci_config_check (const struct cc_oci_config *config); 32 | 33 | void cc_oci_hook_free (struct oci_cfg_hook *h); 34 | 35 | gboolean 36 | cc_oci_process_config (GNode* root, struct cc_oci_config* config, 37 | struct spec_handler** spec_handlers); 38 | #endif /* _CC_OCI_CONFIG_H */ 39 | -------------------------------------------------------------------------------- /src/pod.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_POD_H 22 | #define _CC_POD_H 23 | 24 | #include 25 | 26 | #include 27 | 28 | #include "util.h" 29 | #include "oci.h" 30 | 31 | int cc_pod_handle_annotations(struct cc_oci_config *config, struct oci_cfg_annotation *annotation); 32 | struct cc_oci_mount *cc_pod_mount_point(struct cc_oci_config *config); 33 | void cc_pod_free (struct cc_pod *pod); 34 | gboolean cc_pod_container_create (struct cc_oci_config *config); 35 | gboolean cc_pod_container_start (struct cc_oci_config *config); 36 | const gchar *cc_pod_container_id(const struct cc_oci_config *config); 37 | gboolean cc_pod_is_pod_sandbox(const struct cc_oci_config *config); 38 | gboolean cc_pod_is_pod_container(const struct cc_oci_config *config); 39 | gboolean cc_pod_is_vm(const struct cc_oci_config *config); 40 | 41 | #endif /* _CC_POD_H */ 42 | -------------------------------------------------------------------------------- /src/priv.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_PRIV_H 22 | #define _CC_OCI_PRIV_H 23 | 24 | #include "command.h" 25 | 26 | gint 27 | cc_oci_get_priv_level (int argc, 28 | char *argv[], 29 | struct subcommand *sub, 30 | struct cc_oci_config *config); 31 | 32 | #endif /* _CC_OCI_PRIV_H */ 33 | -------------------------------------------------------------------------------- /src/process.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_PROCESS_H 22 | #define _CC_OCI_PROCESS_H 23 | 24 | gboolean cc_oci_vm_launch (struct cc_oci_config *config); 25 | 26 | gboolean cc_run_hooks(GSList* hooks, const gchar* state_file_path, 27 | gboolean stop_on_failure); 28 | 29 | gboolean cc_oci_vm_connect (struct cc_oci_config *config); 30 | 31 | gboolean cc_shim_launch (struct cc_oci_config *config, 32 | int *child_err_fd, 33 | int *shim_args_fd, 34 | int *shim_socket_fd, 35 | gboolean initial_workload); 36 | 37 | GSocketConnection *cc_oci_socket_connection_from_fd (int fd); 38 | 39 | #endif /* _CC_OCI_PROCESS_H */ 40 | -------------------------------------------------------------------------------- /src/runtime.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_RUNTIME_H 22 | #define _CC_OCI_RUNTIME_H 23 | 24 | #include 25 | 26 | gboolean cc_oci_runtime_path_get (struct cc_oci_config *config); 27 | gboolean cc_oci_runtime_dir_setup (struct cc_oci_config *config); 28 | gboolean cc_oci_runtime_dir_delete (struct cc_oci_config *config); 29 | 30 | #endif /* _CC_OCI_RUNTIME_H */ 31 | -------------------------------------------------------------------------------- /src/semver.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_SEMVER_H 22 | #define _CC_OCI_SEMVER_H 23 | 24 | #include 25 | 26 | gint cc_oci_semver_cmp (const char *version_a, const char *version_b); 27 | gboolean cc_oci_string_is_numeric (const char *str); 28 | 29 | #endif /* _CC_OCI_SEMVER_H */ 30 | -------------------------------------------------------------------------------- /src/spec_handler.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_SPEC_HANDLER_H 22 | #define _CC_OCI_SPEC_HANDLER_H 23 | 24 | #include 25 | 26 | #include 27 | 28 | #include "oci.h" 29 | 30 | /** A spec-handler is a handler for each section 31 | * of config.json (spec file), spec-handler is used 32 | * to fill up struct cc_oci_config 33 | */ 34 | struct spec_handler { 35 | /*! Name of spec-handler (required) */ 36 | char name[LINE_MAX]; 37 | 38 | /*! Function that will be called to handle spec sections (required) */ 39 | bool (*handle_section)(GNode*, struct cc_oci_config*); 40 | }; 41 | 42 | extern struct spec_handler annotations_spec_handler; 43 | extern struct spec_handler hooks_spec_handler; 44 | extern struct spec_handler mounts_spec_handler; 45 | extern struct spec_handler platform_spec_handler; 46 | extern struct spec_handler process_spec_handler; 47 | extern struct spec_handler root_spec_handler; 48 | extern struct spec_handler vm_spec_handler; 49 | extern struct spec_handler linux_spec_handler; 50 | 51 | gboolean get_spec_vm_from_cfg_file (struct cc_oci_config* config); 52 | 53 | #endif /* _CC_OCI_SPEC_HANDLER_H */ 54 | -------------------------------------------------------------------------------- /src/state.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _CC_OCI_STATE_H 22 | #define _CC_OCI_STATE_H 23 | 24 | gboolean cc_oci_state_file_get (struct cc_oci_config *config); 25 | struct oci_state *cc_oci_state_file_read (const char *file); 26 | void cc_oci_state_free (struct oci_state *state); 27 | gboolean cc_oci_state_file_create (struct cc_oci_config *config, 28 | const char *created_timestamp); 29 | gboolean cc_oci_state_file_delete (const struct cc_oci_config *config); 30 | gboolean cc_oci_state_file_exists (struct cc_oci_config *config); 31 | const char *cc_oci_status_to_str (enum oci_status status); 32 | enum oci_status cc_oci_str_to_status (const char *str); 33 | int cc_oci_status_length (void); 34 | 35 | #endif /* _CC_OCI_STATE_H */ 36 | -------------------------------------------------------------------------------- /tests/data/annotations-empty.json: -------------------------------------------------------------------------------- 1 | { 2 | "annotations" : { 3 | } 4 | } 5 | -------------------------------------------------------------------------------- /tests/data/annotations-null-value.json: -------------------------------------------------------------------------------- 1 | { 2 | "annotations" : { 3 | "." : "" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /tests/data/annotations.json: -------------------------------------------------------------------------------- 1 | { 2 | "annotations" : { 3 | "key1" : "value1", 4 | "key2" : "value2", 5 | "key three": "a value", 6 | "4th key": "", 7 | "key 5": "" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/data/container_redis.json: -------------------------------------------------------------------------------- 1 | { 2 | "metadata": { 3 | "name": "podsandbox1-redis" 4 | }, 5 | "image": { 6 | "image": "docker://redis:3.2.3" 7 | }, 8 | "args": [ 9 | "docker-entrypoint.sh", 10 | "redis-server" 11 | ], 12 | "working_dir": "/data", 13 | "envs": [ 14 | { 15 | "key": "PATH", 16 | "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 17 | }, 18 | { 19 | "key": "TERM", 20 | "value": "xterm" 21 | }, 22 | { 23 | "key": "REDIS_VERSION", 24 | "value": "3.2.3" 25 | }, 26 | { 27 | "key": "REDIS_DOWNLOAD_URL", 28 | "value": "http://download.redis.io/releases/redis-3.2.3.tar.gz" 29 | }, 30 | { 31 | "key": "REDIS_DOWNLOAD_SHA1", 32 | "value": "92d6d93ef2efc91e595c8bf578bf72baff397507" 33 | } 34 | ], 35 | "labels": { 36 | "tier": "backend" 37 | }, 38 | "annotations": { 39 | "pod": "podsandbox1" 40 | }, 41 | "readonly_rootfs": false, 42 | "log_path": "container.log", 43 | "stdin": false, 44 | "stdin_once": false, 45 | "tty": false, 46 | "linux": { 47 | "resources": { 48 | "cpu_period": 10000, 49 | "cpu_quota": 20000, 50 | "cpu_shares": 512, 51 | "memory_limit_in_bytes": 88000000, 52 | "oom_score_adj": 30 53 | }, 54 | "capabilities": { 55 | "add_capabilities": [ 56 | "sys_admin" 57 | ] 58 | }, 59 | "user": { 60 | "uid": 0, 61 | "gid": 0 62 | } 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /tests/data/empty.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/cc-oci-runtime/c0d481bb7e72e27394c708df5ed970338cd9392f/tests/data/empty.json -------------------------------------------------------------------------------- /tests/data/hooks-no-args.json: -------------------------------------------------------------------------------- 1 | { 2 | "hooks" : { 3 | "prestart": [ 4 | { 5 | "path": "/usr/bin/fix-mounts", 6 | "env": [ "key1=value1"] 7 | }, 8 | { 9 | "path": "/usr/bin/setup-network" 10 | } 11 | ] 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/data/hooks-no-env.json: -------------------------------------------------------------------------------- 1 | { 2 | "hooks" : { 3 | "prestart": [ 4 | { 5 | "path": "/usr/bin/fix-mounts", 6 | "args": ["fix-mounts", "arg1", "arg2"] 7 | }, 8 | { 9 | "path": "/usr/bin/setup-network" 10 | } 11 | ] 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/data/hooks-no-path.json: -------------------------------------------------------------------------------- 1 | { 2 | "hooks" : { 3 | "prestart": [ 4 | { 5 | "args": ["fix-mounts", "arg1", "arg2"], 6 | "env": [ "key1=value1"] 7 | }, 8 | { 9 | "path": "/usr/bin/setup-network" 10 | } 11 | ] 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/data/hooks-unknown.json: -------------------------------------------------------------------------------- 1 | { 2 | "hooks" : { 3 | "unknown": [ 4 | { 5 | "path": "/usr/sbin/cleanup.sh", 6 | "args": ["cleanup.sh", "-f"] 7 | } 8 | ] 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tests/data/hooks.json: -------------------------------------------------------------------------------- 1 | { 2 | "hooks" : { 3 | "prestart": [ 4 | { 5 | "path": "/usr/bin/fix-mounts", 6 | "args": ["fix-mounts", "arg1", "arg2"], 7 | "env": [ "key1=value1"] 8 | }, 9 | { 10 | "path": "/usr/bin/setup-network" 11 | } 12 | ], 13 | "poststart": [ 14 | { 15 | "path": "/usr/bin/notify-start", 16 | "timeout": 5 17 | } 18 | ], 19 | "poststop": [ 20 | { 21 | "path": "/usr/sbin/cleanup.sh", 22 | "args": ["cleanup.sh", "-f"] 23 | } 24 | ] 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /tests/data/invalid-embedded-nulls.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "terminal": true, 4 | "user": { 5 | "uid": 0, 6 | "gid": 0 7 | }, 8 | "args": [ 9 | "sh", 10 | "-c" 11 | ], 12 | "cwd": "/" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /tests/data/invalid-extra-comma.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "terminal": true, 4 | "user": { 5 | "uid": 0, 6 | "gid": 0 7 | }, 8 | "args": [ 9 | "sh", 10 | "-c" 11 | ], 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/data/invalid-missing-close-brace.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "terminal": true, 4 | "user": { 5 | "uid": 0, 6 | "gid": 0 7 | }, 8 | "args": [ 9 | "sh", 10 | "-c" 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /tests/data/linux-invalid-namespace-type.json: -------------------------------------------------------------------------------- 1 | { 2 | "linux" : { 3 | "namespaces" : [ 4 | { 5 | "type" : "cgroup" 6 | }, 7 | { 8 | "type" : "ipc" 9 | }, 10 | { 11 | "type" : "mount" 12 | }, 13 | { 14 | "type" : "network" 15 | }, 16 | { 17 | "type" : "pid" 18 | }, 19 | { 20 | "type" : "user" 21 | }, 22 | { 23 | "type" : "I am an invalid namespace type" 24 | }, 25 | { 26 | "type" : "uts" 27 | } 28 | ] 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /tests/data/linux-namespaces-no-path.json: -------------------------------------------------------------------------------- 1 | { 2 | "linux" : { 3 | "namespaces" : [ 4 | { 5 | "type" : "cgroup" 6 | }, 7 | { 8 | "type" : "ipc" 9 | }, 10 | { 11 | "type" : "mount" 12 | }, 13 | { 14 | "type" : "network" 15 | }, 16 | { 17 | "type" : "pid" 18 | }, 19 | { 20 | "type" : "user" 21 | }, 22 | { 23 | "type" : "uts" 24 | } 25 | ] 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /tests/data/linux-namespaces-with-paths.json: -------------------------------------------------------------------------------- 1 | { 2 | "linux" : { 3 | "namespaces" : [ 4 | { 5 | "type" : "cgroup", 6 | "path" : "/proc/1/ns/cgroup" 7 | }, 8 | { 9 | "type" : "ipc" 10 | }, 11 | { 12 | "type" : "mount" 13 | }, 14 | { 15 | "type" : "network", 16 | "path" : "" 17 | }, 18 | { 19 | "type" : "pid" 20 | }, 21 | { 22 | "type" : "user", 23 | "path" : "/" 24 | }, 25 | { 26 | "type" : "uts" 27 | } 28 | ] 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /tests/data/linux-no-cgroupsPath.json: -------------------------------------------------------------------------------- 1 | { 2 | "linux" : { 3 | "namespaces": [] 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /tests/data/linux-no-namespaces.json: -------------------------------------------------------------------------------- 1 | { 2 | "linux" : { 3 | } 4 | } 5 | -------------------------------------------------------------------------------- /tests/data/linux.json: -------------------------------------------------------------------------------- 1 | { 2 | "linux" : { 3 | "namespaces": [], 4 | "cgroupsPath": "/mycontainer/" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/mounts-no-destination.json: -------------------------------------------------------------------------------- 1 | { 2 | "mounts": [ 3 | { 4 | "type": "sysfs", 5 | "source": "sysfs", 6 | "options": [ 7 | "nosuid", 8 | "noexec", 9 | "nodev", 10 | "ro" 11 | ] 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /tests/data/mounts-no-options.json: -------------------------------------------------------------------------------- 1 | { 2 | "mounts": [ 3 | { 4 | "destination": "/sys", 5 | "type": "sysfs", 6 | "source": "sysfs" 7 | } 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /tests/data/mounts-no-source.json: -------------------------------------------------------------------------------- 1 | { 2 | "mounts": [ 3 | { 4 | "destination": "/sys", 5 | "type": "sysfs", 6 | "options": [ 7 | "nosuid", 8 | "noexec", 9 | "nodev", 10 | "ro" 11 | ] 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /tests/data/mounts-no-type.json: -------------------------------------------------------------------------------- 1 | { 2 | "mounts": [ 3 | { 4 | "destination": "/sys", 5 | "source": "sysfs", 6 | "options": [ 7 | "nosuid", 8 | "noexec", 9 | "nodev", 10 | "ro" 11 | ] 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /tests/data/mounts.json: -------------------------------------------------------------------------------- 1 | { 2 | "mounts": [ 3 | { 4 | "destination": "/sys", 5 | "type": "sysfs", 6 | "source": "sysfs", 7 | "options": [ 8 | "nosuid", 9 | "noexec", 10 | "nodev", 11 | "ro" 12 | ] 13 | }, 14 | { 15 | "destination": "/tmp", 16 | "type": "type", 17 | "source": "/213/acb/xy", 18 | "options": [ 19 | "nosuid", 20 | "noexec", 21 | "nodev", 22 | "ro" 23 | ] 24 | }, 25 | { 26 | "destination": "/tmp", 27 | "type": "type", 28 | "source": "/dev/tty", 29 | "options": [ 30 | "nosuid", 31 | "noexec", 32 | "nodev", 33 | "ro" 34 | ] 35 | }, 36 | { 37 | "destination": "/tmp/321/tmp", 38 | "type": "type", 39 | "source": "/dev/tty", 40 | "options": [ 41 | "nosuid", 42 | "noexec", 43 | "nodev", 44 | "ro" 45 | ] 46 | }, 47 | { 48 | "destination": "tmp/321/tmp", 49 | "type": "type", 50 | "source": "/dev/tty", 51 | "options": [ 52 | "nosuid", 53 | "noexec", 54 | "nodev", 55 | "ro" 56 | ] 57 | } 58 | ] 59 | } 60 | -------------------------------------------------------------------------------- /tests/data/newline.json: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /tests/data/node.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "terminal": true, 4 | "user": { 5 | "uid": 0, 6 | "gid": 0 7 | }, 8 | "args": [ 9 | "sh", 10 | "-c" 11 | ], 12 | "cwd": "/", 13 | "int": 566, 14 | "double": 55.55 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /tests/data/non-json.json: -------------------------------------------------------------------------------- 1 | hello world. 2 | -------------------------------------------------------------------------------- /tests/data/passwd: -------------------------------------------------------------------------------- 1 | root:x:0:0:root:/root:/bin/bash 2 | daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin 3 | mongodb:x:129:65534::/var/lib/mongodb:/bin/false 4 | redis:x:130:141::/var/lib/redis:/bin/false 5 | -------------------------------------------------------------------------------- /tests/data/platform-invalid-arch.json: -------------------------------------------------------------------------------- 1 | { 2 | "platform": { 3 | "os": "linux", 4 | "arch": "an invalid architecture" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/platform-invalid-os.json: -------------------------------------------------------------------------------- 1 | { 2 | "platform": { 3 | "os": "an invalid operating system name", 4 | "arch": "amd64" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/platform-no-arch.json: -------------------------------------------------------------------------------- 1 | { 2 | "platform": { 3 | "os": "linux" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /tests/data/platform-no-os.json: -------------------------------------------------------------------------------- 1 | { 2 | "platform": { 3 | "arch": "amd64" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /tests/data/platform-unexpected-arch.json: -------------------------------------------------------------------------------- 1 | { 2 | "platform": { 3 | "os": "linux", 4 | "arch": "386" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/platform-unexpected-os.json: -------------------------------------------------------------------------------- 1 | { 2 | "platform": { 3 | "os": "plan9", 4 | "arch": "amd64" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/platform.json: -------------------------------------------------------------------------------- 1 | { 2 | "platform": { 3 | "os": "linux", 4 | "arch": "amd64" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "default": [ 3 | { 4 | "type": "insecureAcceptAnything" 5 | } 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /tests/data/process-invalid-relative-cwd.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "consoleSize": { 4 | "height": 15, 5 | "width": 15 6 | }, 7 | "terminal": true, 8 | "user": { 9 | "uid": 0, 10 | "gid": 0 11 | }, 12 | "args": [ 13 | "sh" 14 | ], 15 | "env": [ 16 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 17 | "TERM=xterm" 18 | ], 19 | "cwd": "../../tmp" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /tests/data/process-no-args-cwd.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "consoleSize": { 4 | "height": 15, 5 | "width": 15 6 | }, 7 | "terminal": true, 8 | "user": { 9 | "uid": 0, 10 | "gid": 0 11 | }, 12 | "env": [ 13 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 14 | "TERM=xterm" 15 | ], 16 | "cwd": "/" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /tests/data/process-no-consolesize.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "terminal": true, 4 | "user": { 5 | "uid": 0, 6 | "gid": 0 7 | }, 8 | "args": [ 9 | "sh" 10 | ], 11 | "env": [ 12 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 13 | "TERM=xterm" 14 | ], 15 | "cwd": "/" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /tests/data/process-no-cwd.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "consoleSize": { 4 | "height": 15, 5 | "width": 15 6 | }, 7 | "terminal": true, 8 | "user": { 9 | "uid": 0, 10 | "gid": 0 11 | }, 12 | "args": [ 13 | "sh" 14 | ], 15 | "env": [ 16 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 17 | "TERM=xterm" 18 | ] 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /tests/data/process.json: -------------------------------------------------------------------------------- 1 | { 2 | "process": { 3 | "consoleSize": { 4 | "height": 15, 5 | "width": 15 6 | }, 7 | "terminal": true, 8 | "user": { 9 | "uid": 0, 10 | "gid": 0 11 | }, 12 | "args": [ 13 | "sh" 14 | ], 15 | "env": [ 16 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 17 | "TERM=xterm" 18 | ], 19 | "cwd": "/" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /tests/data/root-no-path.json: -------------------------------------------------------------------------------- 1 | { 2 | "root": { 3 | "readonly": true 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /tests/data/root-no-readonly.json: -------------------------------------------------------------------------------- 1 | { 2 | "root": { 3 | "path": "ROOTFS" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /tests/data/root-path-enoent.json: -------------------------------------------------------------------------------- 1 | { 2 | "root": { 3 | "path": "/does/not/exist/I/hope", 4 | "readonly": true 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/root-path-invalid.json: -------------------------------------------------------------------------------- 1 | { 2 | "root": { 3 | "path": "this is not a path I hope", 4 | "readonly": true 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/root-path-wrong-type.json: -------------------------------------------------------------------------------- 1 | { 2 | "root": { 3 | "path": "ROOTFILE", 4 | "readonly": true 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/root-readonly-false.json: -------------------------------------------------------------------------------- 1 | { 2 | "root": { 3 | "path": "ROOTFS", 4 | "readonly": false 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/root.json: -------------------------------------------------------------------------------- 1 | { 2 | "root": { 3 | "path": "ROOTFS", 4 | "readonly": true 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/sandbox_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "metadata": { 3 | "name": "podsandbox1", 4 | "uid": "redhat-test-ocid", 5 | "namespace": "redhat.test.ocid", 6 | "attempt": 1 7 | }, 8 | "hostname": "ocic_host", 9 | "log_directory": ".", 10 | "dns_options": { 11 | "servers": [ 12 | "server1.redhat.com", 13 | "server2.redhat.com" 14 | ], 15 | "searches": [ 16 | "8.8.8.8" 17 | ] 18 | }, 19 | "port_mappings": [ 20 | { 21 | "name": "port_map1", 22 | "protocol": 1, 23 | "container_port": 80, 24 | "host_port": 4888, 25 | "host_ip": "192.168.0.33" 26 | }, 27 | { 28 | "name": "port_map2", 29 | "protocol": 2, 30 | "container_port": 81, 31 | "host_port": 4889, 32 | "host_ip": "192.168.0.33" 33 | } 34 | ], 35 | "resources": { 36 | "cpu": { 37 | "limits": 3, 38 | "requests": 2 39 | }, 40 | "memory": { 41 | "limits": 50000000, 42 | "requests": 2000000 43 | } 44 | }, 45 | "labels": { 46 | "group": "test" 47 | }, 48 | "annotations": { 49 | "owner": "hmeng", 50 | "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", 51 | "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , 52 | "security.alpha.kubernetes.io/seccomp/pod": "unconfined" 53 | }, 54 | "linux": { 55 | "cgroup_parent": "/ocid-podsandbox1", 56 | "security_context": { 57 | "namespace_options": { 58 | "host_network": false, 59 | "host_pid": false, 60 | "host_ipc": false 61 | } 62 | } 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /tests/data/state-mounts-no-mount-destination.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "workloadDir": "/run/cc-oci-runtime/foo/workload", 9 | "status" : "running", 10 | "created" : "2016-05-18T17:02:55.250085Z", 11 | "console" : { 12 | "path" : "/run/cc-oci-runtime/test/console.sock", 13 | "socket" : true 14 | }, 15 | "mounts" : [ 16 | { 17 | "directory_created" : "/tmp/tmp" 18 | } 19 | ], 20 | "vm" : { 21 | "pid" : 999, 22 | "image_path" : "/path/to/clear-containers.img", 23 | "workload_path" : "/tmp/bundle//.containerexec", 24 | "kernel_path" : "/path/to/vmlinux", 25 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 26 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 27 | }, 28 | "proxy" : { 29 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock", 30 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tests/data/state-mounts-no-mount-directory_created.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "workloadDir": "/run/cc-oci-runtime/foo/workload", 9 | "status" : "running", 10 | "created" : "2016-05-18T17:02:55.250085Z", 11 | "console" : { 12 | "path" : "/run/cc-oci-runtime/test/console.sock", 13 | "socket" : true 14 | }, 15 | "mounts" : [ 16 | { 17 | "destination" : "/tmp/tmp/" 18 | } 19 | ], 20 | "vm" : { 21 | "pid" : 999, 22 | "image_path" : "/path/to/clear-containers.img", 23 | "workload_path" : "/tmp/bundle//.containerexec", 24 | "kernel_path" : "/path/to/vmlinux", 25 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 26 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 27 | }, 28 | "proxy" : { 29 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock", 30 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tests/data/state-no-annotations.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "workloadDir": "/run/cc-oci-runtime/foo/workload", 9 | "status" : "running", 10 | "created" : "2016-05-18T17:02:55.250085Z", 11 | "console" : { 12 | "path" : "/run/cc-oci-runtime/test/console.sock", 13 | "socket" : true 14 | }, 15 | 16 | "vm" : { 17 | "pid" : 999, 18 | "image_path" : "/path/to/clear-containers.img", 19 | "workload_path" : "/tmp/bundle//.containerexec", 20 | "kernel_path" : "/path/to/vmlinux", 21 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 22 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 23 | }, 24 | "proxy" : { 25 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock", 26 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /tests/data/state-no-bundlePath.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock" 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/state-no-commsPath.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/" 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/state-no-console-path.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "status" : "running", 8 | "created" : "2016-05-18T17:02:55.250085Z", 9 | "console" : { 10 | "socket" : true 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tests/data/state-no-console-socket.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "status" : "running", 8 | "created" : "2016-05-18T17:02:55.250085Z", 9 | "console" : { 10 | "path" : "/run/cc-oci-runtime/test/console.sock" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tests/data/state-no-console.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "status" : "running", 8 | "created" : "2016-05-18T17:02:55.250085Z" 9 | } 10 | -------------------------------------------------------------------------------- /tests/data/state-no-id.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "pid" : 9127, 4 | "bundlePath" : "/tmp/bundle/", 5 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock" 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/state-no-mounts.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "workloadDir": "/run/cc-oci-runtime/foo/workload", 9 | "status" : "running", 10 | "created" : "2016-05-18T17:02:55.250085Z", 11 | "console" : { 12 | "path" : "/run/cc-oci-runtime/test/console.sock", 13 | "socket" : true 14 | }, 15 | "annotations" : { 16 | "key1" : "value1", 17 | "key2" : "value2" 18 | }, 19 | "vm" : { 20 | "pid" : 999, 21 | "image_path" : "/path/to/clear-containers.img", 22 | "workload_path" : "/tmp/bundle//.containerexec", 23 | "kernel_path" : "/path/to/vmlinux", 24 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 25 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 26 | }, 27 | "proxy" : { 28 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock", 29 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /tests/data/state-no-ociVersion.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "foo", 3 | "pid" : 9127, 4 | "bundlePath" : "/tmp/bundle/", 5 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock" 6 | } 7 | -------------------------------------------------------------------------------- /tests/data/state-no-processPath.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "status" : "running", 8 | "created" : "2016-05-18T17:02:55.250085Z", 9 | "console" : { 10 | "path" : "/run/cc-oci-runtime/test/console.sock", 11 | "socket" : true 12 | }, 13 | "annotations" : { 14 | "key1" : "value1", 15 | "key2" : "value2" 16 | }, 17 | "vm" : { 18 | "pid" : 999, 19 | "image_path" : "/path/to/clear-containers.img", 20 | "workload_path" : "/tmp/bundle//.containerexec", 21 | "kernel_path" : "/path/to/vmlinux", 22 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 23 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 24 | }, 25 | "proxy" : { 26 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock", 27 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /tests/data/state-no-proxy-ctlSocket.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "status" : "running", 9 | "created" : "2016-05-18T17:02:55.250085Z", 10 | "console" : { 11 | "path" : "/run/cc-oci-runtime/test/console.sock", 12 | "socket" : true 13 | }, 14 | "annotations" : { 15 | "key1" : "value1", 16 | "key2" : "value2" 17 | }, 18 | "mounts" : [ 19 | { 20 | "destination" : "/tmp/tmp/", 21 | "directory_created" : "/tmp/tmp" 22 | } 23 | ], 24 | "vm" : { 25 | "pid" : 999, 26 | "image_path" : "/path/to/clear-containers.img", 27 | "workload_path" : "/tmp/bundle//.containerexec", 28 | "kernel_path" : "/path/to/vmlinux", 29 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 30 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 31 | }, 32 | "proxy" : { 33 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /tests/data/state-no-proxy-ioSocket.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "status" : "running", 9 | "created" : "2016-05-18T17:02:55.250085Z", 10 | "console" : { 11 | "path" : "/run/cc-oci-runtime/test/console.sock", 12 | "socket" : true 13 | }, 14 | "annotations" : { 15 | "key1" : "value1", 16 | "key2" : "value2" 17 | }, 18 | "mounts" : [ 19 | { 20 | "destination" : "/tmp/tmp/", 21 | "directory_created" : "/tmp/tmp" 22 | } 23 | ], 24 | "vm" : { 25 | "pid" : 999, 26 | "image_path" : "/path/to/clear-containers.img", 27 | "workload_path" : "/tmp/bundle//.containerexec", 28 | "kernel_path" : "/path/to/vmlinux", 29 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 30 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 31 | }, 32 | "proxy" : { 33 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /tests/data/state-no-proxy.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "status" : "running", 9 | "created" : "2016-05-18T17:02:55.250085Z", 10 | "console" : { 11 | "path" : "/run/cc-oci-runtime/test/console.sock", 12 | "socket" : true 13 | }, 14 | "annotations" : { 15 | "key1" : "value1", 16 | "key2" : "value2" 17 | }, 18 | "mounts" : [ 19 | { 20 | "destination" : "/tmp/tmp/", 21 | "directory_created" : "/tmp/tmp" 22 | } 23 | ], 24 | "vm" : { 25 | "pid" : 999, 26 | "image_path" : "/path/to/clear-containers.img", 27 | "workload_path" : "/tmp/bundle//.containerexec", 28 | "kernel_path" : "/path/to/vmlinux", 29 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 30 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tests/data/state-no-vm-object.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "status" : "running", 8 | "created" : "2016-05-18T17:02:55.250085Z", 9 | "console" : { 10 | "path" : "/run/cc-oci-runtime/test/console.sock", 11 | "socket" : true 12 | }, 13 | "proxy" : { 14 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock", 15 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /tests/data/state-no-vm-pid.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "status" : "running", 9 | "created" : "2016-05-18T17:02:55.250085Z", 10 | "console" : { 11 | "path" : "/run/cc-oci-runtime/test/console.sock", 12 | "socket" : true 13 | }, 14 | "annotations" : { 15 | "key1" : "value1", 16 | "key2" : "value2" 17 | }, 18 | "mounts" : [ 19 | { 20 | "destination" : "/tmp/tmp/", 21 | "directory_created" : "/tmp/tmp" 22 | } 23 | ], 24 | "vm" : { 25 | "image_path" : "/path/to/clear-containers.img", 26 | "workload_path" : "/tmp/bundle//.containerexec", 27 | "kernel_path" : "/path/to/vmlinux", 28 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 29 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 30 | }, 31 | "proxy" : { 32 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock", 33 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /tests/data/state.json: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion" : "0.4.0", 3 | "id" : "foo", 4 | "pid" : 9127, 5 | "bundlePath" : "/tmp/bundle/", 6 | "commsPath" : "/run/cc-oci-runtime/foo/hypervisor.sock", 7 | "processPath": "/run/cc-oci-runtime/foo/process.sock", 8 | "workloadDir": "/run/cc-oci-runtime/foo/workload", 9 | "status" : "running", 10 | "created" : "2016-05-18T17:02:55.250085Z", 11 | "console" : { 12 | "path" : "/run/cc-oci-runtime/test/console.sock", 13 | "socket" : true 14 | }, 15 | "annotations" : { 16 | "key1" : "value1", 17 | "key2" : "value2" 18 | }, 19 | "mounts" : [ 20 | { 21 | "destination" : "/tmp/tmp/", 22 | "directory_created" : "/tmp/tmp" 23 | } 24 | ], 25 | "vm" : { 26 | "pid" : 999, 27 | "image_path" : "/path/to/clear-containers.img", 28 | "workload_path" : "/tmp/bundle//.containerexec", 29 | "kernel_path" : "/path/to/vmlinux", 30 | "hypervisor_path" : "/path/to/qemu-system-x86_64", 31 | "kernel_params" : "root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug init=/usr/lib/systemd/systemd systemd.unit=container.target iommu=off quiet systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket systemd.show_status=false" 32 | }, 33 | "proxy" : { 34 | "ctlSocket" : "/run/cc-oci-runtime/container/ga-ctl.sock", 35 | "ioSocket" : "/run/cc-oci-runtime/container/ga-tty.sock" 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /tests/data/vm-no-image.json: -------------------------------------------------------------------------------- 1 | { 2 | "vm": { 3 | "path": "QEMU-LITE", 4 | "kernel": { 5 | "path": "CONTAINER-KERNEL", 6 | "parameters": "root=/dev/pmem0p1" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/data/vm-no-kernel-parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "vm": { 3 | "path": "QEMU-LITE", 4 | "image": "CLEAR-CONTAINERS.img", 5 | "kernel": { 6 | "path": "CONTAINER-KERNEL" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/data/vm-no-kernel-path.json: -------------------------------------------------------------------------------- 1 | { 2 | "vm": { 3 | "path": "QEMU-LITE", 4 | "image": "CLEAR-CONTAINERS.img", 5 | "kernel": { 6 | "parameters": "root=/dev/pmem0p1" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/data/vm-no-parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "vm": { 3 | "path": "QEMU-LITE", 4 | "image": "CLEAR-CONTAINERS.img", 5 | "kernel": { 6 | "path": "CONTAINER-KERNEL" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/data/vm-no-path.json: -------------------------------------------------------------------------------- 1 | { 2 | "vm": { 3 | "image": "CLEAR-CONTAINERS.img", 4 | "kernel": { 5 | "path": "CONTAINER-KERNEL", 6 | "parameters": "root=/dev/pmem0p1" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/data/vm.json: -------------------------------------------------------------------------------- 1 | { 2 | "vm": { 3 | "path": "QEMU-LITE", 4 | "image": "CLEAR-CONTAINERS.img", 5 | "kernel": { 6 | "path": "CONTAINER-KERNEL", 7 | "parameters": "root=/dev/pmem0p1" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tests/functional/README: -------------------------------------------------------------------------------- 1 | README.rst -------------------------------------------------------------------------------- /tests/functional/data/config-minimal-cc-oci.json.in: -------------------------------------------------------------------------------- 1 | { 2 | "ociVersion": "0.6.0", 3 | "platform": { 4 | "os": "linux", 5 | "arch": "amd64" 6 | }, 7 | "process": { 8 | "consoleSize": { 9 | "height": 15, 10 | "width": 15 11 | }, 12 | "terminal": false, 13 | "user": { 14 | "uid": 0, 15 | "gid": 0 16 | }, 17 | "args": [ 18 | "CMD" 19 | ], 20 | "env": [ 21 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 22 | "TERM=xterm" 23 | ], 24 | "cwd": "/" 25 | }, 26 | "root": { 27 | "path": "@ROOTFS_PATH@", 28 | "readonly": true 29 | }, 30 | "hostname": "shell", 31 | "mounts": [], 32 | "namespaces": [ 33 | {"type":"mount"}, 34 | {"type":"network"}, 35 | {"type":"uts"}, 36 | {"type":"pid"}, 37 | {"type":"ipc"} 38 | ], 39 | "hooks": { 40 | "prestart": [ 41 | { 42 | "path": "/bin/echo", 43 | "args": ["/bin/echo", "this", "is", "a", "test"], 44 | "env": [ "key1=value1"] 45 | }, 46 | { 47 | "path": "/bin/ls" 48 | } 49 | ], 50 | "poststart": [ 51 | { 52 | "path": "/bin/ls", 53 | "timeout": 5 54 | } 55 | ], 56 | "poststop": [ 57 | { 58 | "path": "/bin/echo", 59 | "args": ["/bin/echo", "other", "test"] 60 | } 61 | ] 62 | }, 63 | "vm": { 64 | "path": "@QEMU_PATH@", 65 | "image": "@CONTAINERS_IMG@", 66 | "kernel": { 67 | "path": "@CONTAINER_KERNEL@", 68 | "parameters": "@CMDLINE@" 69 | } 70 | } 71 | 72 | } 73 | -------------------------------------------------------------------------------- /tests/functional/data/exec.json: -------------------------------------------------------------------------------- 1 | {"terminal":false,"user":{"uid":0,"gid":0},"args":["sh"],"env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"cwd":"/","capabilities":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"exec":true,"runtimeArgs":null,"noPivotRoot":false,"checkpoint":"","rootUID":0,"rootGID":0} 2 | -------------------------------------------------------------------------------- /tests/functional/data/exec_false.json: -------------------------------------------------------------------------------- 1 | {"terminal":false,"user":{"uid":0,"gid":0},"args":["false"],"env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"cwd":"/","capabilities":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"exec":true,"runtimeArgs":null,"noPivotRoot":false,"checkpoint":"","rootUID":0,"rootGID":0} 2 | -------------------------------------------------------------------------------- /tests/functional/run-functional-tests.sh.in: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2017 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | # 20 | 21 | set -e 22 | export PROXY_SOCKET_PATH="$(mktemp -d --suffix=-cor-test)/proxy.sock" 23 | export SHIM_PATH="@ABS_BUILDDIR@/cc-shim" 24 | echo 'Running a new instance of cc-proxy' 25 | @ABS_BUILDDIR@/cc-proxy -socket-path="${PROXY_SOCKET_PATH}" & 26 | p=$! 27 | sleep 1 28 | bash @ABS_BUILDDIR@/data/run-bats.sh @ABS_BUILDDIR@/tests/functional/ 29 | functional_tests_exit_code="$?" 30 | echo 'killing cc-proxy instance' 31 | kill -9 $p 2> /dev/null 32 | rm -f ${PROXY_SOCKET_PATH} 33 | exit "$functional_tests_exit_code" 34 | -------------------------------------------------------------------------------- /tests/functional/start.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2016 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | # 20 | 21 | load common 22 | 23 | function setup() { 24 | setup_common 25 | #Start use Clear Containers 26 | check_ccontainers 27 | #Default timeout for cor commands 28 | COR_TIMEOUT=5 29 | container_id="tests_id" 30 | } 31 | 32 | function teardown() { 33 | cleanup_common 34 | } 35 | 36 | @test "start without container id" { 37 | run $COR start 38 | [ "$status" -ne 0 ] 39 | [[ "${output}" == "Usage: start " ]] 40 | } 41 | 42 | @test "start with invalid container id" { 43 | run $COR start FOO 44 | [ "$status" -ne 0 ] 45 | [[ "${output}" =~ "failed to parse json file:" ]] 46 | } 47 | 48 | @test "run without params" { 49 | run $COR run 50 | [ "$status" -ne 0 ] 51 | [[ "${output}" == "Usage: run " ]] 52 | } 53 | 54 | @test "run detach pid file" { 55 | workload_cmd "sh" 56 | 57 | # 'run' runs in background since it will 58 | # update the state file once shim ends 59 | cmd="$COR run -d --pid-file ${COR_ROOT_DIR}/pid --bundle $BUNDLE_DIR $container_id" 60 | run_cmd "$cmd" "0" "$COR_TIMEOUT" 61 | sleep 2 62 | [ -f "${COR_ROOT_DIR}/pid" ] 63 | 64 | cmd="$COR kill $container_id" 65 | run_cmd "$cmd" "0" "$COR_TIMEOUT" 66 | testcontainer "$container_id" "killed" 67 | 68 | cmd="$COR delete $container_id" 69 | run_cmd "$cmd" "0" "$COR_TIMEOUT" 70 | verify_runtime_dirs "$container_id" "deleted" 71 | } 72 | -------------------------------------------------------------------------------- /tests/functional/version.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # This file is part of cc-oci-runtime. 3 | # 4 | # Copyright (C) 2016 Intel Corporation 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | # 20 | 21 | load common 22 | 23 | function setup() { 24 | version_regex="([0-9]|\.|-|[a-z])+" 25 | commit_regex="([0-9]|[a-z])+" 26 | setup_common 27 | } 28 | 29 | function teardown() { 30 | cleanup_common 31 | } 32 | 33 | @test "cor -v" { 34 | run $COR -v 35 | [ "$status" -eq 0 ] 36 | echo "${lines[0]}" | grep -P "cc-oci-runtime\s+version:\s+$version_regex" 37 | echo "${lines[1]}" | grep -P "spec\s+version:\s+$version_regex" 38 | echo "${lines[2]}" | grep -P "commit:\s+$commit_regex" 39 | } 40 | 41 | @test "cor --version" { 42 | run $COR --version 43 | [ "$status" -eq 0 ] 44 | echo "${lines[0]}" | grep -P "cc-oci-runtime\s+version:\s+$version_regex" 45 | echo "${lines[1]}" | grep -P "spec\s+version:\s+$version_regex" 46 | echo "${lines[2]}" | grep -P "commit:\s+$commit_regex" 47 | } 48 | 49 | @test "cor version" { 50 | run $COR version 51 | [ "$status" -eq 0 ] 52 | echo "${lines[0]}" | grep -P "cc-oci-runtime\s+version:\s+$version_regex" 53 | echo "${lines[1]}" | grep -P "spec\s+version:\s+$version_regex" 54 | echo "${lines[2]}" | grep -P "commit:\s+$commit_regex" 55 | } 56 | -------------------------------------------------------------------------------- /tests/integration/README.md: -------------------------------------------------------------------------------- 1 | ## cc-oci-runtime integration tests 2 | 3 | ### Docker 4 | 5 | 1. Enable the Docker integration tests: 6 | 7 | ``` 8 | ./autogen.sh --enable-docker-tests 9 | ``` 10 | 11 | 2. Run the Docker integration tests: 12 | 13 | ``` 14 | sudo -E make docker-tests 15 | ``` 16 | 17 | ### CRI-O 18 | 19 | 1. Enable the CRI-O integration tests: 20 | 21 | ``` 22 | ./autogen.sh --enable-crio-tests 23 | ``` 24 | 25 | 2. Run the CRI-O integration tests: 26 | 27 | ``` 28 | sudo -E make crio-tests 29 | ``` 30 | -------------------------------------------------------------------------------- /tests/integration/cri-o/container.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2017 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 23 | TESTDATA="${BATS_TEST_DIRNAME}/../../data/" 24 | 25 | setup() { 26 | source $SRC/test-crio.bats 27 | } 28 | 29 | function teardown() { 30 | cleanup_test 31 | } 32 | 33 | @test "CRI-O redis container start and remove" { 34 | start_ocid 35 | run ocic pod run --config "$TESTDATA"/sandbox_config.json 36 | echo "$output" 37 | [ "$status" -eq 0 ] 38 | pod_id="$output" 39 | run ocic ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" 40 | echo "$output" 41 | [ "$status" -eq 0 ] 42 | ctr_id="$output" 43 | run ocic ctr start --id "$ctr_id" 44 | echo "$output" 45 | [ "$status" -eq 0 ] 46 | run ocic ctr remove --id "$ctr_id" 47 | echo "$output" 48 | [ "$status" -eq 0 ] 49 | run ocic pod stop --id "$pod_id" 50 | echo "$output" 51 | [ "$status" -eq 0 ] 52 | run ocic pod remove --id "$pod_id" 53 | echo "$output" 54 | [ "$status" -eq 0 ] 55 | cleanup_ctrs 56 | cleanup_pods 57 | stop_ocid 58 | } 59 | -------------------------------------------------------------------------------- /tests/integration/docker/Dockerfiles/README.md: -------------------------------------------------------------------------------- 1 | # NGINX image for Intel® Clear Containers swarm tests 2 | 3 | In order to build the nginx image which is used in our swarm tests, 4 | follow these steps: 5 | 6 | 1. Build the nginx image with the following command: 7 | 8 | ``` 9 | $ docker build -t $name -f Dockerfile.nginx . 10 | ``` 11 | 12 | 2. Verify the nginx image with the following command: 13 | 14 | ``` 15 | $ docker run -ti $name bash 16 | 17 | ``` 18 | -------------------------------------------------------------------------------- /tests/integration/docker/attach.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2017 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | @test "Check attach functionality" { 33 | container=$(random_name) 34 | $DOCKER_EXE run --name $container -d ubuntu bash -c "sleep 5 && echo 'Hello, World'" 35 | $DOCKER_EXE attach $container > result_file 36 | grep 'Hello, World' result_file 37 | $DOCKER_EXE rm -f $container 38 | } 39 | 40 | teardown() { 41 | rm result_file 42 | check_no_processes_up 43 | } 44 | -------------------------------------------------------------------------------- /tests/integration/docker/build.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2017 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 23 | IMG_NAME="ccbuildtests" 24 | 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown () { 33 | echo "teardown:" 34 | $DOCKER_EXE rmi $IMG_NAME 35 | check_no_processes_up 36 | } 37 | 38 | @test "docker build env vars" { 39 | var_value="test_env_vars" 40 | 41 | run $DOCKER_EXE build -t "${IMG_NAME}" - < $testfile 43 | $DOCKER_EXE cp $testfile $container:/root/ 44 | $DOCKER_EXE exec -i $container bash -c "ls /root/$(basename $testfile)" 45 | $DOCKER_EXE exec -i $container bash -c "[ -s /etc/resolv.conf ]" 46 | rm -f $testfile 47 | $DOCKER_EXE rm -f $container 48 | } 49 | 50 | teardown() { 51 | check_no_processes_up 52 | } 53 | -------------------------------------------------------------------------------- /tests/integration/docker/create.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Create a container" { 37 | container=$(random_name) 38 | $DOCKER_EXE create -ti --name $container busybox true 39 | $DOCKER_EXE ps -a | grep $container 40 | $DOCKER_EXE rm -f $container 41 | } 42 | 43 | @test "Create network" { 44 | $DOCKER_EXE network ls 45 | $DOCKER_EXE network create -d bridge my-bridge-network 46 | $DOCKER_EXE network ls | grep "my-bridge-network" 47 | $DOCKER_EXE network rm my-bridge-network 48 | } 49 | -------------------------------------------------------------------------------- /tests/integration/docker/env.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2017 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Verify LANG is not set in env" { 37 | container=$(random_name) 38 | run $DOCKER_EXE run --name $container -i ubuntu env 39 | echo "${output}" | grep -v "LANG" 40 | $DOCKER_EXE rm -f $container 41 | } 42 | 43 | @test "Check that required env variables are set" { 44 | container=$(random_name) 45 | run $DOCKER_EXE run --name $container -i ubuntu env 46 | echo "${output}" | grep "PATH" 47 | echo "${output}" | grep "HOSTNAME" 48 | echo "${output}" | grep "HOME" 49 | $DOCKER_EXE rm -f $container 50 | } 51 | -------------------------------------------------------------------------------- /tests/integration/docker/exit-code.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | # Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | exit_status=55 26 | 27 | setup() { 28 | source $SRC/test-common.bash 29 | runtime_docker 30 | kill_processes_before_start 31 | } 32 | 33 | teardown() { 34 | check_no_processes_up 35 | } 36 | 37 | @test "Exit Code from container process when running non-interactive" { 38 | container=$(random_name) 39 | run $DOCKER_EXE run --name $container ubuntu /usr/bin/perl -e "exit $exit_status" 40 | [ "${status}" -eq "$exit_status" ] 41 | $DOCKER_EXE rm -f $container 42 | } 43 | 44 | @test "Exit Code from container process when running interactive" { 45 | container=$(random_name) 46 | run $DOCKER_EXE run --name $container -ti ubuntu /usr/bin/perl -e "exit $exit_status" 47 | [ "${status}" -eq "$exit_status" ] 48 | $DOCKER_EXE rm -f $container 49 | } 50 | 51 | @test "Verifying exit code with docker ps" { 52 | container=$(random_name) 53 | run $DOCKER_EXE run --name $container -ti ubuntu bash -c "exit $exit_status" 54 | [ "${status}" -eq "$exit_status" ] 55 | run $($DOCKER_EXE ps -a | grep $container | grep "Exited ($exit_status)") 56 | $DOCKER_EXE rm -f $container 57 | } 58 | -------------------------------------------------------------------------------- /tests/integration/docker/export.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | @test "Export a container" { 33 | container=$(random_name) 34 | $DOCKER_EXE run -ti -d --name $container busybox 35 | $DOCKER_EXE export $container > latest.tar 36 | if [ ! -f latest.tar ]; then 37 | exit 1 38 | fi 39 | $DOCKER_EXE rm -f $container 40 | } 41 | 42 | teardown () { 43 | rm -rf latest.tar 44 | check_no_processes_up 45 | } 46 | -------------------------------------------------------------------------------- /tests/integration/docker/info.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Container info" { 37 | container=$(random_name) 38 | $DOCKER_EXE run -itd --name $container busybox 39 | # Checks one container is running (relies on having no previous docker 40 | # container running). 41 | $DOCKER_EXE info| grep "^ Running: 1$" 42 | # As an additional measure, make sure $container is indeed running 43 | run $DOCKER_EXE inspect --type container --format '{{ .State.Status }}' $container 44 | [ "$status" -eq 0 ] 45 | [ "$output" = "running" ] 46 | $DOCKER_EXE rm -f $container 47 | } 48 | -------------------------------------------------------------------------------- /tests/integration/docker/inspect.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Inspect a container ip address" { 37 | container=$(random_name) 38 | $DOCKER_EXE run -ti -d --name $container busybox 39 | $DOCKER_EXE inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $container 40 | $DOCKER_EXE rm -f $container 41 | } 42 | 43 | @test "Inspect a container with json format" { 44 | container=$(random_name) 45 | $DOCKER_EXE run -ti -d --name $container busybox 46 | $DOCKER_EXE inspect --format='{{json .Config}}' $container 47 | $DOCKER_EXE rm -f $container 48 | } 49 | 50 | @test "Inspect a container to get instance's log path" { 51 | container=$(random_name) 52 | $DOCKER_EXE run -ti -d --name $container busybox 53 | $DOCKER_EXE inspect --format='{{.LogPath}}' $container 54 | $DOCKER_EXE rm -f $container 55 | } 56 | -------------------------------------------------------------------------------- /tests/integration/docker/kill.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | cc_shim="/usr/libexec/cc-shim" 26 | 27 | setup() { 28 | source $SRC/test-common.bash 29 | runtime_docker 30 | kill_processes_before_start 31 | } 32 | 33 | @test "Kill a container" { 34 | container=$(random_name) 35 | $DOCKER_EXE run -d -ti --name $container busybox sh 36 | $DOCKER_EXE kill $container 37 | $DOCKER_EXE rm $container 38 | } 39 | 40 | @test "Kill container with SIGUSR1" { 41 | container=$(random_name) 42 | exit_code=15 43 | attempts=5 44 | signal=SIGUSR1 45 | $DOCKER_EXE run -dti --name $container ubuntu bash -c "trap \"exit ${exit_code}\" $signal ; while : ; do sleep 1; done" 46 | $DOCKER_EXE kill -s $signal $container 47 | # waiting kill signal 48 | for i in `seq 1 $attempts` ; do 49 | if [ "$($DOCKER_EXE ps -a | grep $container | grep Exited)" != "" ]; then 50 | break 51 | fi 52 | sleep 1 53 | done 54 | # check exit code 55 | $DOCKER_EXE ps -a | grep $container | grep "Exited (${exit_code})" 56 | $DOCKER_EXE rm $container 57 | } 58 | 59 | teardown() { 60 | check_no_processes_up 61 | } 62 | -------------------------------------------------------------------------------- /tests/integration/docker/load.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Load container" { 37 | container=$(random_name) 38 | $DOCKER_EXE run -itd --name $container busybox 39 | $DOCKER_EXE commit $container mynewimage 40 | $DOCKER_EXE save mynewimage> /tmp/mynewimage.tar 41 | $DOCKER_EXE load < /tmp/mynewimage.tar 42 | $DOCKER_EXE images | grep "mynewimage" 43 | $DOCKER_EXE rmi mynewimage 44 | $DOCKER_EXE rm -f $container 45 | } 46 | -------------------------------------------------------------------------------- /tests/integration/docker/logs.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Retrieve logs from container" { 37 | container=$(random_name) 38 | $DOCKER_EXE run -d -ti --name $container ubuntu /bin/bash -c "echo 'hello world' > file; cat file" 39 | $DOCKER_EXE logs $container 40 | $DOCKER_EXE rm -f $container 41 | } 42 | -------------------------------------------------------------------------------- /tests/integration/docker/network.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "HostName is passed to the container" { 37 | container=$(random_name) 38 | hostName=clr-container 39 | $DOCKER_EXE run --name $container -h $hostName -i ubuntu hostname | grep $hostName 40 | $DOCKER_EXE rm -f $container 41 | } 42 | 43 | @test "Verify connectivity between 2 containers" { 44 | container=$(random_name) 45 | container2=$(random_name) 46 | $DOCKER_EXE run -tid --name $container ubuntu bash 47 | ip_addr=$($DOCKER_EXE inspect --format '{{ .NetworkSettings.IPAddress }}' $container) 48 | $DOCKER_EXE run --name $container2 -i debian ping -c 1 "$ip_addr" | grep -q '1 packets received' 49 | $DOCKER_EXE rm -f $container $container2 50 | } 51 | -------------------------------------------------------------------------------- /tests/integration/docker/port.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Port a container" { 37 | container=$(random_name) 38 | $DOCKER_EXE run -tid -p 8080:8080 --name $container busybox 39 | $DOCKER_EXE port $container 8080/tcp 40 | $DOCKER_EXE rm -f $container 41 | } 42 | -------------------------------------------------------------------------------- /tests/integration/docker/restart.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Restart a container" { 37 | container=$(random_name) 38 | $DOCKER_EXE run -ti -d --name $container busybox 39 | $DOCKER_EXE ps -a | grep "Up" 40 | $DOCKER_EXE stop $container 41 | $DOCKER_EXE ps -a | grep "Exited" 42 | $DOCKER_EXE restart $container 43 | $DOCKER_EXE ps -a | grep "Up" 44 | $DOCKER_EXE rm -f $container 45 | } 46 | -------------------------------------------------------------------------------- /tests/integration/docker/tag.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | #Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | 26 | setup() { 27 | source $SRC/test-common.bash 28 | runtime_docker 29 | kill_processes_before_start 30 | } 31 | 32 | teardown() { 33 | check_no_processes_up 34 | } 35 | 36 | @test "Tag a container" { 37 | container=$(random_name) 38 | $DOCKER_EXE run --name $container -i busybox true 39 | $DOCKER_EXE tag busybox "container1" 40 | $DOCKER_EXE images | grep "container1" 41 | $DOCKER_EXE rmi "container1" 42 | $DOCKER_EXE rm -f $container 43 | } 44 | -------------------------------------------------------------------------------- /tests/integration/docker/terminal.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | # *-*- Mode: sh; sh-basic-offset: 8; indent-tabs-mode: nil -*-* 3 | 4 | # This file is part of cc-oci-runtime. 5 | # 6 | # Copyright (C) 2016 Intel Corporation 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | 22 | # Based on docker commands 23 | 24 | SRC="${BATS_TEST_DIRNAME}/../../lib/" 25 | term_var="TERM=.*" 26 | tty_dev="/dev/pts/.*" 27 | 28 | setup() { 29 | source $SRC/test-common.bash 30 | runtime_docker 31 | kill_processes_before_start 32 | } 33 | 34 | teardown() { 35 | check_no_processes_up 36 | } 37 | 38 | @test "TERM env variable is set when allocating a tty" { 39 | container=$(random_name) 40 | $DOCKER_EXE run --name $container -t ubuntu env | grep -q "$term_var" 41 | $DOCKER_EXE rm -f $container 42 | } 43 | 44 | @test "TERM env variable is not set when not allocating a tty" { 45 | container=$(random_name) 46 | run bash -c "$DOCKER_EXE run --name $container ubuntu env | grep -q $term_var" 47 | # Expecting RC=1 from the grep command since 48 | # the TERM env variable should not exist. 49 | [ "${status}" -eq 1 ] 50 | $DOCKER_EXE rm -f $container 51 | } 52 | 53 | @test "Check that pseudo tty is setup properly when allocating a tty" { 54 | container=$(random_name) 55 | run $DOCKER_EXE run --name $container -ti ubuntu tty 56 | echo "${output}" | grep "$tty_dev" 57 | $DOCKER_EXE rm -f $container 58 | } 59 | -------------------------------------------------------------------------------- /tests/integration/docker_images/README: -------------------------------------------------------------------------------- 1 | # Testing the most popular docker images from docker hub 2 | 3 | To run these tests you just do 4 | 5 | bats popular-containers-images.bats 6 | 7 | In order to run all these tests you need a minimum of 8GB 8 | -------------------------------------------------------------------------------- /tests/metrics/network/dockerfile_image/Dockerfile: -------------------------------------------------------------------------------- 1 | # This file is part of cc-oci-runtime. 2 | # 3 | # Copyright (C) 2017 Intel Corporation 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; either version 2 8 | # of the License, or (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | # 19 | 20 | # Usage: FROM [image name] 21 | FROM ubuntu 22 | 23 | # Ensure packages are current, then install: 24 | # 25 | # - a basic development environment 26 | # - and additional general tooling 27 | # 28 | RUN apt-get update && apt-get install -y \ 29 | build-essential \ 30 | curl \ 31 | smem \ 32 | iperf3 \ 33 | iperf 34 | 35 | # Install nuttcp (Network performance measurement tool) 36 | RUN cd $HOME && \ 37 | curl -OkL "http://nuttcp.net/nuttcp/beta/nuttcp-7.3.2.c" && \ 38 | gcc nuttcp-7.3.2.c -o nuttcp 39 | 40 | CMD ["/bin/bash"] 41 | -------------------------------------------------------------------------------- /tests/metrics/network/dockerfile_image/README.md: -------------------------------------------------------------------------------- 1 | # Networking image for Intel® Clear Containers performance metrics 2 | 3 | In order to build the network image with the general tooling 4 | and system dependencies which are used in our networking tests, 5 | follow these steps: 6 | 7 | 1. Building the network image with the following command: 8 | 9 | ``` 10 | $ docker build -t cc-network . 11 | ``` 12 | 13 | 2. Verify the network image with the following command: 14 | 15 | ``` 16 | $ docker run -ti cc-network bash 17 | 18 | ``` 19 | -------------------------------------------------------------------------------- /tests/metrics/network/network-latency.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of cc-oci-runtime. 4 | # 5 | # Copyright (C) 2017 Intel Corporation 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | # 21 | # Description: 22 | # This will measure latency when we do a ping 23 | # from one container to another (docker <-> docker) 24 | 25 | SCRIPT_PATH=$(dirname "$(readlink -f "$0")") 26 | 27 | source "${SCRIPT_PATH}/../../lib/test-common.bash" 28 | source "${SCRIPT_PATH}/lib/network-test-common.bash" 29 | 30 | set -e 31 | 32 | # This script will perform all the measurements using a local setup 33 | 34 | # Test latency docker<->docker using ping 35 | 36 | function latency { 37 | # Image name (ping installed by default) 38 | local image=busybox 39 | # Number of packets (sent) 40 | local number=10 41 | # Name of the containers 42 | local server_name="network-server" 43 | local client_name="network-client" 44 | # Arguments to run the client 45 | local extra_args="-ti --rm" 46 | 47 | setup 48 | local server_command="sleep 30" 49 | local server_address=$(start_server "$server_name" "$image" "$server_command") 50 | 51 | local client_command="ping -c ${number} ${server_address}" 52 | start_client "$extra_args" "$client_name" "$image" "$client_command" > "$result" 53 | 54 | local latency_average=$(cat $result | grep avg | tail -1 | awk '{print $4}' | cut -d '/' -f 2) 55 | echo "The average latency is : $latency_average ms" 56 | clean_environment "$server_name" 57 | } 58 | 59 | latency 60 | -------------------------------------------------------------------------------- /tests/metrics/run_docker_metrics: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source ./run_docker_metrics.dat 4 | 5 | # Verify that test-common.bash is generated. 6 | SCRIPT_PATH=$(dirname "$(readlink -f "$0")") 7 | [ -f "${SCRIPT_PATH}/../lib/test-common.bash" ] || \ 8 | { echo "Required files are not generated, please run 'sudo make metrics-tests' from top level of this repo" \ 9 | && exit 1; } 10 | 11 | 12 | RESULT_DIR="./results" 13 | 14 | if [ ! -d "$RESULT_DIR" ]; then 15 | mkdir "$RESULT_DIR" 16 | fi 17 | 18 | # complete workload : docker run --runtime $runtime -tid $image $cmd 19 | bash workload_time/docker_workload_time.sh true ubuntu runc "$TIMES" 20 | bash workload_time/docker_workload_time.sh true ubuntu cor "$TIMES" 21 | bash workload_time/docker_workload_time_stress.sh true clearlinux cor 22 | bash workload_time/docker_workload_time_stress.sh true clearlinux runc 23 | 24 | # time that cc-oci-run-time takes to create a container: 25 | bash workload_time/cor_create_time.sh "$TIMES" 26 | 27 | # time to stop container using docker: docker stop $container_id 28 | bash workload_time/docker_shutdown.sh runc "$TIMES" 29 | bash workload_time/docker_shutdown.sh cor "$TIMES" 30 | 31 | # density (CPU and Memory) 32 | bash density/docker_cpu_usage.sh "$TIMES" "$CPU_WAIT_TIME" 33 | bash density/docker_memory_usage.sh "$MEM_CONTAINERS" "$MEM_WAIT_TIME" 34 | 35 | # kernel boot time 36 | bash workload_time/kernel_boot_time.sh "$TIMES" 37 | bash workload_time/kernel_boot_time_stress.sh 38 | -------------------------------------------------------------------------------- /tests/metrics/run_docker_metrics.dat: -------------------------------------------------------------------------------- 1 | # Configuration File for running cc-oci-runtime metrics 2 | 3 | # TIMES represents the number of times a test will run. 4 | TIMES=100 5 | 6 | # MEM_CONTAINERS represents the number of containers that 7 | # will run in parallel (detached mode) to measure the memory 8 | # used by each of them. 9 | MEM_CONTAINERS=10 10 | 11 | # MEM_WAIT_TIME is the time that the containers are in sleep mode 12 | # before measuring the memory used by each of them 13 | MEM_WAIT_TIME=30m 14 | 15 | # CPU_WAIT_TIME is the time that the containers are 16 | # up before measuring the % of cpu usage 17 | # (This is the time where the workloads have been stabilized) 18 | CPU_WAIT_TIME=2m 19 | 20 | -------------------------------------------------------------------------------- /tests/metrics/smem_monitor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of cc-oci-runtime. 4 | # 5 | # Copyright (C) 2017 Intel Corporation 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | 21 | # Description of the test: 22 | # The objective of this tool is to measure the PSS average memory. 23 | 24 | set -e 25 | 26 | 27 | declare PROC=$1 28 | declare PSSLOG="pss.log" 29 | 30 | trap "echo stop to monitor;exit 0;" SIGINT SIGTERM 31 | 32 | if [ -z "$PROC" ];then 33 | echo "error: usage: $0 [process name]" 34 | exit 1; 35 | fi 36 | 37 | while [ 1 ];do 38 | mem_sum=0 39 | count=0 40 | 41 | # $6 is PSS colum in smem output 42 | data=$(smem --no-header -P "^$PROC" | awk '{print $6}') 43 | for i in $data;do 44 | if (( $i > 0 ));then 45 | mem_sum=$(( $i + $mem_sum )) 46 | count=$(( $count + 1 )) 47 | fi 48 | done 49 | 50 | if (( $count > 0 ));then 51 | avg=0 52 | avg=$(echo "$mem_sum / $count" | bc -l) 53 | echo "$avg" >> "$PSSLOG" 54 | fi 55 | 56 | sleep 0.2 57 | done 58 | -------------------------------------------------------------------------------- /tests/metrics/workload_time/kernel_boot_time.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of cc-oci-runtime. 4 | # 5 | # Copyright (C) 2016 Intel Corporation 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | 21 | # Description of the test: 22 | # This test measures the time kernelspace takes when a clear container 23 | # boots. 24 | 25 | set -e 26 | 27 | [ $# -ne 1 ] && ( echo >&2 "Usage: $0 "; exit 1 ) 28 | 29 | SCRIPT_PATH=$(dirname "$(readlink -f "$0")") 30 | source "${SCRIPT_PATH}/../../lib/test-common.bash" 31 | 32 | TEST_NAME="Kernel Boot Time" 33 | TIMES="$1" 34 | TMP_FILE=$(mktemp dmesglog.XXXXXXXXXX || true) 35 | 36 | function get_kernelspace_time(){ 37 | net=$1 38 | test_args="Network" 39 | if [ "$net" == "nonet" ] 40 | then 41 | test_args="No-network" 42 | run_options="--net none" 43 | fi 44 | test_result_file=$(echo "${RESULT_DIR}/${TEST_NAME}-${test_args}" | sed 's| |-|g') 45 | backup_old_file "$test_result_file" 46 | write_csv_header "$test_result_file" 47 | for i in $(seq 1 "$TIMES") 48 | do 49 | eval docker run --rm "$run_options" -ti debian dmesg > "$TMP_FILE" 50 | test_data=$(grep "Freeing" "$TMP_FILE" | tail -1 | awk '{print $2}' | cut -d']' -f1) 51 | write_result_to_file "$TEST_NAME" "$test_args" "$test_data" "$test_result_file" 52 | rm "$TMP_FILE" 53 | done 54 | } 55 | 56 | echo "Executing test: ${TEST_NAME}" 57 | 58 | get_kernelspace_time 59 | get_kernelspace_time nonet 60 | -------------------------------------------------------------------------------- /tests/metrics/workload_time/kernel_boot_time_stress.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of cc-oci-runtime. 4 | # 5 | # Copyright (C) 2016-2017 Intel Corporation 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | 21 | # Description of the test: 22 | # This test measures the time kernelspace takes when a clear container 23 | # boots. 24 | 25 | SCRIPT_PATH=$(dirname "$(readlink -f "$0")") 26 | source "${SCRIPT_PATH}/../../lib/test-common.bash" 27 | 28 | TEST_NAME="Stress Kernel Boot Time" 29 | TMP_FILE=$(mktemp dmesglog.XXXXXXXXXX) 30 | 31 | # Get the time it takes to boot a container 32 | function get_kboot_time() { 33 | [ -n "$1" ] || die "parameter not set" 34 | test_result_file=$(echo "${RESULT_DIR}/${TEST_NAME}_$1" | sed 's| |-|g') 35 | backup_old_file "$test_result_file" 36 | write_csv_header "$test_result_file" 37 | eval docker run -ti clearlinux dmesg > "$TMP_FILE" 38 | test_data=$(grep "Freeing" "$TMP_FILE" | tail -1 | awk '{print $2}' | cut -d']' -f1) 39 | write_result_to_file "$TEST_NAME" "$test_args" "$test_data" "$test_result_file" 40 | } 41 | 42 | function main_loop(){ 43 | for x in 10 50 100 44 | do 45 | printf "\n($x) loop => " 46 | for ((y=1; y<=$x; y++)) 47 | do 48 | printf "$y " 49 | docker run -tid ubuntu bash >/dev/null 50 | done 51 | get_kboot_time $x 52 | docker rm -f $(docker ps -aq) >/dev/null 53 | done 54 | rm "$TMP_FILE" 55 | } 56 | 57 | echo "Executing test: ${TEST_NAME}" 58 | main_loop 59 | -------------------------------------------------------------------------------- /tests/spec_handler_test.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of cc-oci-runtime. 3 | * 4 | * Copyright (C) 2016 Intel Corporation 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | #include 26 | #include 27 | 28 | #include "test_common.h" 29 | #include "../src/logging.h" 30 | #include "../src/oci.h" 31 | #include "../src/spec_handler.h" 32 | 33 | 34 | START_TEST(test_get_spec_vm_from_cfg_file) { 35 | struct cc_oci_config *config = NULL; 36 | 37 | ck_assert (! get_spec_vm_from_cfg_file (config)); 38 | 39 | config = cc_oci_config_create (); 40 | create_fake_test_files(); 41 | 42 | ck_assert (get_spec_vm_from_cfg_file (config)); 43 | ck_assert (get_spec_vm_from_cfg_file (config)); 44 | 45 | remove_fake_test_files(); 46 | cc_oci_config_free (config); 47 | } END_TEST 48 | 49 | Suite* make_state_suite(void) { 50 | Suite* s = suite_create(__FILE__); 51 | ADD_TEST(test_get_spec_vm_from_cfg_file, s); 52 | 53 | return s; 54 | } 55 | 56 | int main(void) { 57 | int number_failed; 58 | Suite* s; 59 | SRunner* sr; 60 | struct cc_log_options options = { 0 }; 61 | 62 | options.enable_debug = true; 63 | options.use_json = false; 64 | options.filename = g_strdup ("spec_handler_debug.log"); 65 | (void)cc_oci_log_init(&options); 66 | 67 | s = make_state_suite(); 68 | sr = srunner_create(s); 69 | 70 | srunner_run_all(sr, CK_VERBOSE); 71 | number_failed = srunner_ntests_failed(sr); 72 | srunner_free(sr); 73 | 74 | cc_oci_log_free (&options); 75 | 76 | return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; 77 | } 78 | 79 | -------------------------------------------------------------------------------- /vendor/github.com/containers/virtcontainers/hyperstart/mock/misc.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package mock 16 | 17 | import ( 18 | "fmt" 19 | "os" 20 | "path/filepath" 21 | ) 22 | 23 | // GetTmpPath will return a filename suitable for a tempory file according to 24 | // the format string given in argument. The format string must contain a single 25 | // %s which will be replaced by a random string. Eg.: 26 | // 27 | // GetTmpPath("test.foo.%s.sock") 28 | // 29 | // will return something like: 30 | // 31 | // "/tmp/test.foo.832222621.sock" 32 | func GetTmpPath(format string) string { 33 | filename := fmt.Sprintf(format, nextSuffix()) 34 | dir := os.TempDir() 35 | return filepath.Join(dir, filename) 36 | 37 | } 38 | -------------------------------------------------------------------------------- /vendor/github.com/containers/virtcontainers/hyperstart/mock/rand.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2016 Intel Corporation 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package mock 16 | 17 | import ( 18 | "os" 19 | "strconv" 20 | "sync" 21 | "time" 22 | ) 23 | 24 | // Taken from https://golang.org/src/io/ioutil/tempfile.go?s=#L19 25 | var rand uint32 26 | var randmu sync.Mutex 27 | 28 | func reseed() uint32 { 29 | return uint32(time.Now().UnixNano() + int64(os.Getpid())) 30 | } 31 | 32 | func nextSuffix() string { 33 | randmu.Lock() 34 | r := rand 35 | if r == 0 { 36 | r = reseed() 37 | } 38 | r = r*1664525 + 1013904223 // constants from Numerical Recipes 39 | rand = r 40 | randmu.Unlock() 41 | return strconv.Itoa(int(1e9 + r%1e9))[1:] 42 | } 43 | -------------------------------------------------------------------------------- /vendor/github.com/davecgh/go-spew/spew/bypasssafe.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015 Dave Collins 2 | // 3 | // Permission to use, copy, modify, and distribute this software for any 4 | // purpose with or without fee is hereby granted, provided that the above 5 | // copyright notice and this permission notice appear in all copies. 6 | // 7 | // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | // NOTE: Due to the following build constraints, this file will only be compiled 16 | // when the code is running on Google App Engine, compiled by GopherJS, or 17 | // "-tags safe" is added to the go build command line. The "disableunsafe" 18 | // tag is deprecated and thus should not be used. 19 | // +build js appengine safe disableunsafe 20 | 21 | package spew 22 | 23 | import "reflect" 24 | 25 | const ( 26 | // UnsafeDisabled is a build-time constant which specifies whether or 27 | // not access to the unsafe package is available. 28 | UnsafeDisabled = true 29 | ) 30 | 31 | // unsafeReflectValue typically converts the passed reflect.Value into a one 32 | // that bypasses the typical safety restrictions preventing access to 33 | // unaddressable and unexported data. However, doing this relies on access to 34 | // the unsafe package. This is a stub version which simply returns the passed 35 | // reflect.Value when the unsafe package is not available. 36 | func unsafeReflectValue(v reflect.Value) reflect.Value { 37 | return v 38 | } 39 | -------------------------------------------------------------------------------- /vendor/github.com/golang/glog/README: -------------------------------------------------------------------------------- 1 | glog 2 | ==== 3 | 4 | Leveled execution logs for Go. 5 | 6 | This is an efficient pure Go implementation of leveled logs in the 7 | manner of the open source C++ package 8 | https://github.com/google/glog 9 | 10 | By binding methods to booleans it is possible to use the log package 11 | without paying the expense of evaluating the arguments to the log. 12 | Through the -vmodule flag, the package also provides fine-grained 13 | control over logging at the file level. 14 | 15 | The comment from glog.go introduces the ideas: 16 | 17 | Package glog implements logging analogous to the Google-internal 18 | C++ INFO/ERROR/V setup. It provides functions Info, Warning, 19 | Error, Fatal, plus formatting variants such as Infof. It 20 | also provides V-style logging controlled by the -v and 21 | -vmodule=file=2 flags. 22 | 23 | Basic examples: 24 | 25 | glog.Info("Prepare to repel boarders") 26 | 27 | glog.Fatalf("Initialization failed: %s", err) 28 | 29 | See the documentation for the V function for an explanation 30 | of these examples: 31 | 32 | if glog.V(2) { 33 | glog.Info("Starting transaction...") 34 | } 35 | 36 | glog.V(2).Infoln("Processed", nItems, "elements") 37 | 38 | 39 | The repository contains an open source version of the log package 40 | used inside Google. The master copy of the source lives inside 41 | Google, not here. The code in this repo is for export only and is not itself 42 | under development. Feature requests will be ignored. 43 | 44 | Send bug reports to golang-nuts@googlegroups.com. 45 | -------------------------------------------------------------------------------- /vendor/github.com/hyperhq/runv/NOTICE: -------------------------------------------------------------------------------- 1 | HyperHQ 2 | Copyright 2015 HyperHQ, Inc. 3 | 4 | This product includes software developed at HyperHQ, Inc. (https://www.hyper.sh). 5 | 6 | This product contains software (https://github.com/golang/glog) developed by Google, Inc. 7 | It is licensed under the Apache License Version 2.0. 8 | 9 | This product contains software (https://github.com/riobard/go-virtualbox) developed 10 | by Riobard Zhan, much appreciated for his work. 11 | -------------------------------------------------------------------------------- /vendor/github.com/hyperhq/runv/hyperstart/api/json/constants.go: -------------------------------------------------------------------------------- 1 | package json 2 | 3 | const VERSION = 4242 4 | 5 | const ( 6 | INIT_VERSION = iota 7 | INIT_STARTPOD 8 | INIT_GETPOD 9 | INIT_STOPPOD_DEPRECATED 10 | INIT_DESTROYPOD 11 | INIT_RESTARTCONTAINER 12 | INIT_EXECCMD 13 | INIT_FINISHCMD 14 | INIT_READY 15 | INIT_ACK 16 | INIT_ERROR 17 | INIT_WINSIZE 18 | INIT_PING 19 | INIT_FINISHPOD 20 | INIT_NEXT 21 | INIT_WRITEFILE 22 | INIT_READFILE 23 | INIT_NEWCONTAINER 24 | INIT_KILLCONTAINER 25 | INIT_ONLINECPUMEM 26 | INIT_SETUPINTERFACE 27 | INIT_SETUPROUTE 28 | ) 29 | -------------------------------------------------------------------------------- /vendor/github.com/hyperhq/runv/hyperstart/api/json/types.go: -------------------------------------------------------------------------------- 1 | package json 2 | 3 | import ( 4 | "encoding/binary" 5 | "syscall" 6 | ) 7 | 8 | type FileCommand struct { 9 | Container string `json:"container"` 10 | File string `json:"file"` 11 | } 12 | 13 | type KillCommand struct { 14 | Container string `json:"container"` 15 | Signal syscall.Signal `json:"signal"` 16 | } 17 | 18 | type ExecCommand struct { 19 | Container string `json:"container,omitempty"` 20 | Process Process `json:"process"` 21 | } 22 | 23 | type Routes struct { 24 | Routes []Route `json:"routes,omitempty"` 25 | } 26 | 27 | // Message 28 | type DecodedMessage struct { 29 | Code uint32 30 | Message []byte 31 | } 32 | 33 | type TtyMessage struct { 34 | Session uint64 35 | Message []byte 36 | } 37 | 38 | func (tm *TtyMessage) ToBuffer() []byte { 39 | length := len(tm.Message) + 12 40 | buf := make([]byte, length) 41 | binary.BigEndian.PutUint64(buf[:8], tm.Session) 42 | binary.BigEndian.PutUint32(buf[8:12], uint32(length)) 43 | copy(buf[12:], tm.Message) 44 | return buf 45 | } 46 | 47 | type WindowSizeMessage struct { 48 | Seq uint64 `json:"seq"` 49 | Row uint16 `json:"row"` 50 | Column uint16 `json:"column"` 51 | } 52 | -------------------------------------------------------------------------------- /vendor/github.com/stretchr/testify/assert/assertion_forward.go.tmpl: -------------------------------------------------------------------------------- 1 | {{.CommentWithoutT "a"}} 2 | func (a *Assertions) {{.DocInfo.Name}}({{.Params}}) bool { 3 | return {{.DocInfo.Name}}(a.t, {{.ForwardedParams}}) 4 | } 5 | -------------------------------------------------------------------------------- /vendor/github.com/stretchr/testify/assert/doc.go: -------------------------------------------------------------------------------- 1 | // Package assert provides a set of comprehensive testing tools for use with the normal Go testing system. 2 | // 3 | // Example Usage 4 | // 5 | // The following is a complete example using assert in a standard test function: 6 | // import ( 7 | // "testing" 8 | // "github.com/stretchr/testify/assert" 9 | // ) 10 | // 11 | // func TestSomething(t *testing.T) { 12 | // 13 | // var a string = "Hello" 14 | // var b string = "Hello" 15 | // 16 | // assert.Equal(t, a, b, "The two words should be the same.") 17 | // 18 | // } 19 | // 20 | // if you assert many times, use the format below: 21 | // 22 | // import ( 23 | // "testing" 24 | // "github.com/stretchr/testify/assert" 25 | // ) 26 | // 27 | // func TestSomething(t *testing.T) { 28 | // assert := assert.New(t) 29 | // 30 | // var a string = "Hello" 31 | // var b string = "Hello" 32 | // 33 | // assert.Equal(a, b, "The two words should be the same.") 34 | // } 35 | // 36 | // Assertions 37 | // 38 | // Assertions allow you to easily write test code, and are global funcs in the `assert` package. 39 | // All assertion functions take, as the first argument, the `*testing.T` object provided by the 40 | // testing framework. This allows the assertion funcs to write the failings and other details to 41 | // the correct place. 42 | // 43 | // Every assertion function also takes an optional string message as the final argument, 44 | // allowing custom error messages to be appended to the message the assertion method outputs. 45 | package assert 46 | -------------------------------------------------------------------------------- /vendor/github.com/stretchr/testify/assert/errors.go: -------------------------------------------------------------------------------- 1 | package assert 2 | 3 | import ( 4 | "errors" 5 | ) 6 | 7 | // AnError is an error instance useful for testing. If the code does not care 8 | // about error specifics, and only needs to return the error for example, this 9 | // error should be used to make the test code more readable. 10 | var AnError = errors.New("assert.AnError general error for testing") 11 | -------------------------------------------------------------------------------- /vendor/github.com/stretchr/testify/assert/forward_assertions.go: -------------------------------------------------------------------------------- 1 | package assert 2 | 3 | // Assertions provides assertion methods around the 4 | // TestingT interface. 5 | type Assertions struct { 6 | t TestingT 7 | } 8 | 9 | // New makes a new Assertions object for the specified TestingT. 10 | func New(t TestingT) *Assertions { 11 | return &Assertions{ 12 | t: t, 13 | } 14 | } 15 | 16 | //go:generate go run ../_codegen/main.go -output-package=assert -template=assertion_forward.go.tmpl 17 | -------------------------------------------------------------------------------- /versions.txt: -------------------------------------------------------------------------------- 1 | go_version=1.7.1 2 | glib_version=2.46.2 3 | json_glib_version=1.2.2 4 | check_version=0.10.0 5 | docker_engine_fedora_version=1.12.1 6 | docker_engine_ubuntu_version=1.12.1-0~xenial 7 | clear_vm_image_version=16670 8 | clear_vm_kernel_version=4.9.35-76 9 | docker_engine_semaphoreci_ubuntu_version=1.12.1-0~trusty 10 | gcc_version=6.2.0 11 | qemu_lite_version=741f430a960b5b67745670e8270db91aeb083c5f 12 | mpfr_version=3.1.4 13 | gmp_version=6.1.0 14 | mpc_version=1.0.3 15 | 16 | # OBS Fedora package versions 17 | cc_image_fedora_obs_version=16670-31.1 18 | cc_selinux_fedora_obs_version=0.1-2.1 19 | linux_container_fedora_obs_version=4.9.35-65.1 20 | qemu_lite_fedora_obs_version=2.7.1+git.741f430-5.1 21 | 22 | # OBS Ubuntu package versions 23 | cc_image_ubuntu_obs_version=16670-23 24 | linux_container_ubuntu_obs_version=4.9.35-62 25 | qemu_lite_ubuntu_obs_version=2.7.1+git.741f430-5.1 26 | --------------------------------------------------------------------------------