├── VERSION ├── Godeps ├── _workspace │ ├── .gitignore │ └── src │ │ └── github.com │ │ ├── Sirupsen │ │ └── logrus │ │ │ ├── .gitignore │ │ │ ├── .travis.yml │ │ │ ├── terminal_openbsd.go │ │ │ ├── CHANGELOG.md │ │ │ ├── terminal_linux.go │ │ │ ├── terminal_darwin.go │ │ │ ├── terminal_freebsd.go │ │ │ ├── hooks │ │ │ ├── syslog │ │ │ │ ├── README.md │ │ │ │ └── syslog.go │ │ │ ├── airbrake │ │ │ │ └── airbrake.go │ │ │ └── papertrail │ │ │ │ ├── papertrail.go │ │ │ │ └── README.md │ │ │ ├── terminal_notwindows.go │ │ │ ├── writer.go │ │ │ ├── terminal_windows.go │ │ │ ├── examples │ │ │ ├── hook │ │ │ │ └── hook.go │ │ │ └── basic │ │ │ │ └── basic.go │ │ │ ├── json_formatter.go │ │ │ ├── LICENSE │ │ │ ├── hooks.go │ │ │ ├── formatters │ │ │ └── logstash │ │ │ │ └── logstash.go │ │ │ └── formatter.go │ │ ├── urfave │ │ └── cli │ │ │ ├── .gitignore │ │ │ ├── altsrc │ │ │ ├── altsrc.go │ │ │ └── input_source_context.go │ │ │ ├── autocomplete │ │ │ ├── zsh_autocomplete │ │ │ └── bash_autocomplete │ │ │ ├── appveyor.yml │ │ │ ├── .travis.yml │ │ │ ├── cli.go │ │ │ ├── LICENSE │ │ │ ├── category.go │ │ │ └── funcs.go │ │ ├── vishvananda │ │ └── netlink │ │ │ ├── .travis.yml │ │ │ ├── neigh.go │ │ │ ├── Makefile │ │ │ ├── nl │ │ │ ├── route_linux.go │ │ │ └── addr_linux.go │ │ │ ├── route.go │ │ │ ├── addr.go │ │ │ ├── protinfo.go │ │ │ ├── xfrm_state.go │ │ │ ├── xfrm_policy.go │ │ │ ├── netlink.go │ │ │ ├── filter.go │ │ │ └── xfrm.go │ │ ├── godbus │ │ └── dbus │ │ │ ├── MAINTAINERS │ │ │ ├── transport_darwin.go │ │ │ ├── homedir_dynamic.go │ │ │ ├── homedir.go │ │ │ ├── conn_darwin.go │ │ │ ├── conn_other.go │ │ │ ├── auth_external.go │ │ │ ├── introspect │ │ │ └── call.go │ │ │ ├── transport_unixcred_linux.go │ │ │ ├── transport_generic.go │ │ │ ├── homedir_static.go │ │ │ ├── call.go │ │ │ ├── LICENSE │ │ │ ├── README.markdown │ │ │ └── CONTRIBUTING.md │ │ ├── docker │ │ ├── docker │ │ │ ├── docs │ │ │ │ └── project │ │ │ │ │ └── images │ │ │ │ │ └── red_notice.png │ │ │ ├── pkg │ │ │ │ ├── mount │ │ │ │ │ ├── mounter_unsupported.go │ │ │ │ │ ├── mountinfo_unsupported.go │ │ │ │ │ ├── mounter_linux.go │ │ │ │ │ ├── flags_unsupported.go │ │ │ │ │ ├── mountinfo_freebsd.go │ │ │ │ │ ├── flags_freebsd.go │ │ │ │ │ ├── mountinfo.go │ │ │ │ │ └── mounter_freebsd.go │ │ │ │ ├── symlink │ │ │ │ │ ├── README.md │ │ │ │ │ └── LICENSE.BSD │ │ │ │ ├── term │ │ │ │ │ ├── tc_other.go │ │ │ │ │ ├── tc_linux_cgo.go │ │ │ │ │ └── termios_linux.go │ │ │ │ └── mflag │ │ │ │ │ └── LICENSE │ │ │ ├── vendor │ │ │ │ └── src │ │ │ │ │ └── github.com │ │ │ │ │ ├── BurntSushi │ │ │ │ │ └── toml │ │ │ │ │ │ └── COPYING │ │ │ │ │ ├── natefinch │ │ │ │ │ └── npipe │ │ │ │ │ │ └── LICENSE.txt │ │ │ │ │ ├── kr │ │ │ │ │ └── pty │ │ │ │ │ │ └── License │ │ │ │ │ ├── armon │ │ │ │ │ └── go-metrics │ │ │ │ │ │ └── LICENSE │ │ │ │ │ ├── Sirupsen │ │ │ │ │ └── logrus │ │ │ │ │ │ └── LICENSE │ │ │ │ │ ├── microsoft │ │ │ │ │ └── hcsshim │ │ │ │ │ │ └── LICENSE │ │ │ │ │ ├── mattn │ │ │ │ │ └── go-sqlite3 │ │ │ │ │ │ └── LICENSE │ │ │ │ │ ├── godbus │ │ │ │ │ └── dbus │ │ │ │ │ │ └── LICENSE │ │ │ │ │ ├── go-check │ │ │ │ │ └── check │ │ │ │ │ │ └── LICENSE │ │ │ │ │ └── gorilla │ │ │ │ │ ├── mux │ │ │ │ │ └── LICENSE │ │ │ │ │ └── context │ │ │ │ │ └── LICENSE │ │ │ ├── NOTICE │ │ │ └── contrib │ │ │ │ └── syntax │ │ │ │ └── vim │ │ │ │ └── LICENSE │ │ └── go-units │ │ │ ├── README.md │ │ │ └── duration.go │ │ ├── pquerna │ │ └── ffjson │ │ │ ├── NOTICE │ │ │ └── fflib │ │ │ └── v1 │ │ │ ├── buffer_nopool.go │ │ │ ├── reader_scan_amd64.s │ │ │ ├── reader_scan_generic.go │ │ │ └── reader_scan_amd64.go │ │ ├── syndtr │ │ └── gocapability │ │ │ ├── capability │ │ │ └── capability_noop.go │ │ │ └── LICENSE │ │ ├── opencontainers │ │ └── runtime-spec │ │ │ └── specs-go │ │ │ ├── version.go │ │ │ └── state.go │ │ ├── seccomp │ │ └── libseccomp-golang │ │ │ ├── README │ │ │ └── LICENSE │ │ ├── coreos │ │ └── go-systemd │ │ │ ├── dbus │ │ │ └── set.go │ │ │ ├── util │ │ │ └── util.go │ │ │ └── activation │ │ │ ├── packetconns.go │ │ │ └── files.go │ │ └── golang │ │ └── protobuf │ │ └── LICENSE └── Readme ├── libcontainer ├── cgroups │ ├── fs │ │ ├── fs_unsupported.go │ │ ├── name.go │ │ ├── perf_event.go │ │ ├── net_prio_test.go │ │ ├── net_prio.go │ │ ├── net_cls.go │ │ ├── net_cls_test.go │ │ ├── freezer_test.go │ │ ├── freezer.go │ │ └── cpuset_test.go │ ├── cgroups_unsupported.go │ ├── cgroups_test.go │ ├── systemd │ │ └── apply_nosystemd.go │ └── cgroups.go ├── criurpc │ └── Makefile ├── devices │ ├── devices_unsupported.go │ ├── number.go │ └── devices_test.go ├── nsenter │ ├── nsenter_unsupported.go │ ├── nsenter.go │ └── nsenter_gccgo.go ├── integration │ ├── doc.go │ └── init_test.go ├── stacktrace │ ├── stacktrace.go │ ├── frame_test.go │ ├── capture.go │ ├── frame.go │ └── capture_test.go ├── configs │ ├── namespaces.go │ ├── config_windows_test.go │ ├── cgroup_unsupported.go │ ├── cgroup_windows.go │ ├── hugepage_limit.go │ ├── namespaces_unsupported.go │ ├── interface_priority_map.go │ ├── namespaces_syscall_unsupported.go │ ├── namespaces_syscall.go │ ├── mount.go │ ├── device.go │ └── config_unix.go ├── stats_freebsd.go ├── stats_windows.go ├── user │ ├── MAINTAINERS │ ├── lookup_unsupported.go │ └── lookup_unix.go ├── stats_solaris.go ├── criu_opts_windows.go ├── stats_linux.go ├── xattr │ ├── errors.go │ ├── xattr_unsupported.go │ └── xattr_linux.go ├── system │ ├── unsupported.go │ ├── sysconfig.go │ ├── sysconfig_notcgo.go │ ├── syscall_linux_386.go │ ├── syscall_linux_arm.go │ ├── syscall_linux_64.go │ ├── proc.go │ └── setns_linux.go ├── compat_1.5_linux.go ├── generic_error_test.go ├── stats.go ├── console.go ├── setgroups_linux.go ├── seccomp │ ├── seccomp_linux_test.go │ ├── seccomp_unsupported.go │ └── fixtures │ │ └── proc_self_status ├── apparmor │ ├── apparmor_disabled.go │ └── apparmor.go ├── console_solaris.go ├── console_freebsd.go ├── container_solaris.go ├── container_windows.go ├── console_windows.go ├── utils │ └── utils_unix.go ├── error_test.go ├── specconv │ └── spec_linux_test.go ├── setns_init_linux.go ├── factory.go └── error.go ├── script ├── tmpmount ├── validate-gofmt └── .validate ├── .gitignore ├── tests └── integration │ ├── testdata │ └── hello-world.tar │ ├── version.bats │ ├── kill.bats │ ├── pause.bats │ ├── create.bats │ ├── state.bats │ ├── start_hello.bats │ ├── start_detached.bats │ ├── ps.bats │ ├── exec.bats │ ├── mask.bats │ ├── checkpoint.bats │ └── root.bats ├── .pullapprove.yml ├── man ├── README.md ├── runc-state.8.md ├── runc-ps.8.md ├── runc-pause.8.md ├── runc-resume.8.md ├── runc-start.8.md ├── md2man-all.sh ├── runc-kill.8.md ├── runc-delete.8.md ├── runc-events.8.md ├── runc-list.8.md ├── runc-checkpoint.8.md ├── runc-restore.8.md ├── runc-create.8.md ├── runc-run.8.md └── runc-exec.8.md ├── main_unsupported.go ├── MAINTAINERS ├── main_solaris.go ├── NOTICE ├── main_unix.go ├── utils.go ├── PRINCIPLES.md ├── start.go ├── pause.go ├── Dockerfile └── state.go /VERSION: -------------------------------------------------------------------------------- 1 | 1.0.0-rc2 2 | -------------------------------------------------------------------------------- /Godeps/_workspace/.gitignore: -------------------------------------------------------------------------------- 1 | /pkg 2 | /bin 3 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/.gitignore: -------------------------------------------------------------------------------- 1 | logrus 2 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/fs_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux 2 | 3 | package fs 4 | -------------------------------------------------------------------------------- /script/tmpmount: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | mount -t tmpfs none /tmp 4 | exec "$@" 5 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/.gitignore: -------------------------------------------------------------------------------- 1 | *.coverprofile 2 | node_modules/ 3 | -------------------------------------------------------------------------------- /libcontainer/cgroups/cgroups_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux 2 | 3 | package cgroups 4 | -------------------------------------------------------------------------------- /libcontainer/criurpc/Makefile: -------------------------------------------------------------------------------- 1 | gen: criurpc.proto 2 | protoc --go_out=. criurpc.proto 3 | -------------------------------------------------------------------------------- /libcontainer/devices/devices_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build windows 2 | 3 | package devices 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | vendor/pkg 2 | /runc 3 | Godeps/_workspace/src/github.com/opencontainers/runc 4 | man/man8 5 | release 6 | -------------------------------------------------------------------------------- /libcontainer/nsenter/nsenter_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux !cgo 2 | 3 | package nsenter 4 | 5 | import "C" 6 | -------------------------------------------------------------------------------- /libcontainer/integration/doc.go: -------------------------------------------------------------------------------- 1 | // integration is used for integration testing of libcontainer 2 | package integration 3 | -------------------------------------------------------------------------------- /libcontainer/stacktrace/stacktrace.go: -------------------------------------------------------------------------------- 1 | package stacktrace 2 | 3 | type Stacktrace struct { 4 | Frames []Frame 5 | } 6 | -------------------------------------------------------------------------------- /libcontainer/configs/namespaces.go: -------------------------------------------------------------------------------- 1 | package configs 2 | 3 | type NamespaceType string 4 | 5 | type Namespaces []Namespace 6 | -------------------------------------------------------------------------------- /libcontainer/stats_freebsd.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | type Stats struct { 4 | Interfaces []*NetworkInterface 5 | } 6 | -------------------------------------------------------------------------------- /libcontainer/stats_windows.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | type Stats struct { 4 | Interfaces []*NetworkInterface 5 | } 6 | -------------------------------------------------------------------------------- /libcontainer/user/MAINTAINERS: -------------------------------------------------------------------------------- 1 | Tianon Gravi (@tianon) 2 | Aleksa Sarai (@cyphar) 3 | -------------------------------------------------------------------------------- /libcontainer/configs/config_windows_test.go: -------------------------------------------------------------------------------- 1 | package configs 2 | 3 | // All current tests are for Unix-specific functionality 4 | -------------------------------------------------------------------------------- /tests/integration/testdata/hello-world.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectatomic/runc/HEAD/tests/integration/testdata/hello-world.tar -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | install: 3 | - go get github.com/vishvananda/netns 4 | -------------------------------------------------------------------------------- /libcontainer/configs/cgroup_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !windows,!linux,!freebsd 2 | 3 | package configs 4 | 5 | type Cgroup struct { 6 | } 7 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/MAINTAINERS: -------------------------------------------------------------------------------- 1 | Brandon Philips (@philips) 2 | Brian Waldon (@bcwaldon) 3 | -------------------------------------------------------------------------------- /libcontainer/stats_solaris.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | // Solaris - TODO 4 | 5 | type Stats struct { 6 | Interfaces []*NetworkInterface 7 | } 8 | -------------------------------------------------------------------------------- /Godeps/Readme: -------------------------------------------------------------------------------- 1 | This directory tree is generated automatically by godep. 2 | 3 | Please do not edit. 4 | 5 | See https://github.com/tools/godep for more information. 6 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | go: 3 | - 1.2 4 | - 1.3 5 | - 1.4 6 | - tip 7 | install: 8 | - go get -t ./... 9 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/altsrc/altsrc.go: -------------------------------------------------------------------------------- 1 | package altsrc 2 | 3 | //go:generate python ../generate-flag-types altsrc -i ../flag-types.json -o flag_generated.go 4 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/transport_darwin.go: -------------------------------------------------------------------------------- 1 | package dbus 2 | 3 | func (t *unixTransport) SendNullByte() error { 4 | _, err := t.Write([]byte{0}) 5 | return err 6 | } 7 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/terminal_openbsd.go: -------------------------------------------------------------------------------- 1 | package logrus 2 | 3 | import "syscall" 4 | 5 | const ioctlReadTermios = syscall.TIOCGETA 6 | 7 | type Termios syscall.Termios 8 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/docs/project/images/red_notice.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/projectatomic/runc/HEAD/Godeps/_workspace/src/github.com/docker/docker/docs/project/images/red_notice.png -------------------------------------------------------------------------------- /libcontainer/configs/cgroup_windows.go: -------------------------------------------------------------------------------- 1 | package configs 2 | 3 | // TODO Windows: This can ultimately be entirely factored out on Windows as 4 | // cgroups are a Unix-specific construct. 5 | type Cgroup struct { 6 | } 7 | -------------------------------------------------------------------------------- /libcontainer/criu_opts_windows.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | // TODO Windows: This can ultimately be entirely factored out as criu is 4 | // a Unix concept not relevant on Windows. 5 | type CriuOpts struct { 6 | } 7 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # 0.7.3 2 | 3 | formatter/\*: allow configuration of timestamp layout 4 | 5 | # 0.7.2 6 | 7 | formatter/text: Add configuration option for time format (#158) 8 | -------------------------------------------------------------------------------- /libcontainer/stats_linux.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | import "github.com/opencontainers/runc/libcontainer/cgroups" 4 | 5 | type Stats struct { 6 | Interfaces []*NetworkInterface 7 | CgroupStats *cgroups.Stats 8 | } 9 | -------------------------------------------------------------------------------- /libcontainer/xattr/errors.go: -------------------------------------------------------------------------------- 1 | package xattr 2 | 3 | import ( 4 | "fmt" 5 | "runtime" 6 | ) 7 | 8 | var ErrNotSupportedPlatform = fmt.Errorf("platform and architecture is not supported %s %s", runtime.GOOS, runtime.GOARCH) 9 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/autocomplete/zsh_autocomplete: -------------------------------------------------------------------------------- 1 | autoload -U compinit && compinit 2 | autoload -U bashcompinit && bashcompinit 3 | 4 | script_dir=$(dirname $0) 5 | source ${script_dir}/bash_autocomplete 6 | -------------------------------------------------------------------------------- /libcontainer/system/unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux 2 | 3 | package system 4 | 5 | // RunningInUserNS is a stub for non-Linux systems 6 | // Always returns false 7 | func RunningInUserNS() bool { 8 | return false 9 | } 10 | -------------------------------------------------------------------------------- /libcontainer/system/sysconfig.go: -------------------------------------------------------------------------------- 1 | // +build cgo,linux cgo,freebsd 2 | 3 | package system 4 | 5 | /* 6 | #include 7 | */ 8 | import "C" 9 | 10 | func GetClockTicks() int { 11 | return int(C.sysconf(C._SC_CLK_TCK)) 12 | } 13 | -------------------------------------------------------------------------------- /libcontainer/nsenter/nsenter.go: -------------------------------------------------------------------------------- 1 | // +build linux,!gccgo 2 | 3 | package nsenter 4 | 5 | /* 6 | #cgo CFLAGS: -Wall 7 | extern void nsexec(); 8 | void __attribute__((constructor)) init(void) { 9 | nsexec(); 10 | } 11 | */ 12 | import "C" 13 | -------------------------------------------------------------------------------- /.pullapprove.yml: -------------------------------------------------------------------------------- 1 | approve_by_comment: true 2 | approve_regex: ^LGTM 3 | reject_regex: ^Rejected 4 | reset_on_push: true 5 | author_approval: ignored 6 | reviewers: 7 | teams: 8 | - runc-maintainers 9 | name: default 10 | required: 2 11 | -------------------------------------------------------------------------------- /libcontainer/configs/hugepage_limit.go: -------------------------------------------------------------------------------- 1 | package configs 2 | 3 | type HugepageLimit struct { 4 | // which type of hugepage to limit. 5 | Pagesize string `json:"page_size"` 6 | 7 | // usage limit for hugepage. 8 | Limit uint64 `json:"limit"` 9 | } 10 | -------------------------------------------------------------------------------- /libcontainer/configs/namespaces_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux,!freebsd 2 | 3 | package configs 4 | 5 | // Namespace defines configuration for each namespace. It specifies an 6 | // alternate path that is able to be joined via setns. 7 | type Namespace struct { 8 | } 9 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/pquerna/ffjson/NOTICE: -------------------------------------------------------------------------------- 1 | ffjson 2 | Copyright (c) 2014, Paul Querna 3 | 4 | This product includes software developed by 5 | Paul Querna (http://paul.querna.org/). 6 | 7 | Portions of this software were developed as 8 | part of Go, Copyright (c) 2012 The Go Authors. -------------------------------------------------------------------------------- /libcontainer/compat_1.5_linux.go: -------------------------------------------------------------------------------- 1 | // +build linux,!go1.5 2 | 3 | package libcontainer 4 | 5 | import "syscall" 6 | 7 | // GidMappingsEnableSetgroups was added in Go 1.5, so do nothing when building 8 | // with earlier versions 9 | func enableSetgroups(sys *syscall.SysProcAttr) { 10 | } 11 | -------------------------------------------------------------------------------- /man/README.md: -------------------------------------------------------------------------------- 1 | runc man pages 2 | ==================== 3 | 4 | This directory contains man pages for runc in markdown format. 5 | 6 | To generate man pages from it, use this command 7 | 8 | ./md2man-all.sh 9 | 10 | You will see man pages generated under the man8 directory. 11 | 12 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/homedir_dynamic.go: -------------------------------------------------------------------------------- 1 | // +build !static_build 2 | 3 | package dbus 4 | 5 | import ( 6 | "os/user" 7 | ) 8 | 9 | func lookupHomeDir() string { 10 | u, err := user.Current() 11 | if err != nil { 12 | return "/" 13 | } 14 | return u.HomeDir 15 | } 16 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/pquerna/ffjson/fflib/v1/buffer_nopool.go: -------------------------------------------------------------------------------- 1 | // +build !go1.3 2 | 3 | package v1 4 | 5 | // Stub version of buffer_pool.go for Go 1.2, which doesn't have sync.Pool. 6 | 7 | func Pool(b []byte) {} 8 | 9 | func makeSlice(n int) []byte { 10 | return make([]byte, n) 11 | } 12 | -------------------------------------------------------------------------------- /main_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux,!solaris 2 | 3 | package main 4 | 5 | import "github.com/urfave/cli" 6 | 7 | var ( 8 | checkpointCommand cli.Command 9 | eventsCommand cli.Command 10 | restoreCommand cli.Command 11 | specCommand cli.Command 12 | killCommand cli.Command 13 | ) 14 | -------------------------------------------------------------------------------- /tests/integration/version.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | @test "runc version" { 6 | runc -v 7 | [ "$status" -eq 0 ] 8 | [[ ${lines[0]} =~ runc\ version\ [0-9]+\.[0-9]+\.[0-9]+ ]] 9 | [[ ${lines[1]} =~ commit:+ ]] 10 | [[ ${lines[2]} =~ spec:\ [0-9]+\.[0-9]+\.[0-9]+ ]] 11 | } 12 | -------------------------------------------------------------------------------- /libcontainer/generic_error_test.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "testing" 7 | ) 8 | 9 | func TestErrorDetail(t *testing.T) { 10 | err := newGenericError(fmt.Errorf("test error"), SystemError) 11 | if derr := err.Detail(ioutil.Discard); derr != nil { 12 | t.Fatal(derr) 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /man/runc-state.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc state - output the state of a container 3 | 4 | # SYNOPSIS 5 | runc state 6 | 7 | Where "" is your name for the instance of the container. 8 | 9 | # DESCRIPTION 10 | The state command outputs current state information for the 11 | instance of a container. 12 | -------------------------------------------------------------------------------- /libcontainer/configs/interface_priority_map.go: -------------------------------------------------------------------------------- 1 | package configs 2 | 3 | import ( 4 | "fmt" 5 | ) 6 | 7 | type IfPrioMap struct { 8 | Interface string `json:"interface"` 9 | Priority int64 `json:"priority"` 10 | } 11 | 12 | func (i *IfPrioMap) CgroupString() string { 13 | return fmt.Sprintf("%s %d", i.Interface, i.Priority) 14 | } 15 | -------------------------------------------------------------------------------- /libcontainer/stats.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | type NetworkInterface struct { 4 | // Name is the name of the network interface. 5 | Name string 6 | 7 | RxBytes uint64 8 | RxPackets uint64 9 | RxErrors uint64 10 | RxDropped uint64 11 | TxBytes uint64 12 | TxPackets uint64 13 | TxErrors uint64 14 | TxDropped uint64 15 | } 16 | -------------------------------------------------------------------------------- /libcontainer/cgroups/cgroups_test.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package cgroups 4 | 5 | import ( 6 | "testing" 7 | ) 8 | 9 | func TestParseCgroups(t *testing.T) { 10 | cgroups, err := ParseCgroupFile("/proc/self/cgroup") 11 | if err != nil { 12 | t.Fatal(err) 13 | } 14 | 15 | if _, ok := cgroups["cpu"]; !ok { 16 | t.Fail() 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mount/mounter_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux,!freebsd freebsd,!cgo 2 | 3 | package mount 4 | 5 | func mount(device, target, mType string, flag uintptr, data string) error { 6 | panic("Not implemented") 7 | } 8 | 9 | func unmount(target string, flag int) error { 10 | panic("Not implemented") 11 | } 12 | -------------------------------------------------------------------------------- /libcontainer/console.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | import "io" 4 | 5 | // Console represents a pseudo TTY. 6 | type Console interface { 7 | io.ReadWriter 8 | io.Closer 9 | 10 | // Path returns the filesystem path to the slave side of the pty. 11 | Path() string 12 | 13 | // Fd returns the fd for the master of the pty. 14 | Fd() uintptr 15 | } 16 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux,!freebsd freebsd,!cgo 2 | 3 | package mount 4 | 5 | import ( 6 | "fmt" 7 | "runtime" 8 | ) 9 | 10 | func parseMountTable() ([]*Info, error) { 11 | return nil, fmt.Errorf("mount.parseMountTable is not implemented on %s/%s", runtime.GOOS, runtime.GOARCH) 12 | } 13 | -------------------------------------------------------------------------------- /libcontainer/setgroups_linux.go: -------------------------------------------------------------------------------- 1 | // +build linux,go1.5 2 | 3 | package libcontainer 4 | 5 | import "syscall" 6 | 7 | // Set the GidMappingsEnableSetgroups member to true, so the process's 8 | // setgroups proc entry wont be set to 'deny' if GidMappings are set 9 | func enableSetgroups(sys *syscall.SysProcAttr) { 10 | sys.GidMappingsEnableSetgroups = true 11 | } 12 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/symlink/README.md: -------------------------------------------------------------------------------- 1 | Package symlink implements EvalSymlinksInScope which is an extension of filepath.EvalSymlinks 2 | from the [Go standard library](https://golang.org/pkg/path/filepath). 3 | 4 | The code from filepath.EvalSymlinks has been adapted in fs.go. 5 | Please read the LICENSE.BSD file that governs fs.go and LICENSE.APACHE for fs_test.go. 6 | -------------------------------------------------------------------------------- /libcontainer/xattr/xattr_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux 2 | 3 | package xattr 4 | 5 | func Listxattr(path string) ([]string, error) { 6 | return nil, ErrNotSupportedPlatform 7 | } 8 | 9 | func Getxattr(path, attr string) (string, error) { 10 | return "", ErrNotSupportedPlatform 11 | } 12 | 13 | func Setxattr(path, xattr, value string) error { 14 | return ErrNotSupportedPlatform 15 | } 16 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/terminal_linux.go: -------------------------------------------------------------------------------- 1 | // Based on ssh/terminal: 2 | // Copyright 2013 The Go Authors. All rights reserved. 3 | // Use of this source code is governed by a BSD-style 4 | // license that can be found in the LICENSE file. 5 | 6 | package logrus 7 | 8 | import "syscall" 9 | 10 | const ioctlReadTermios = syscall.TCGETS 11 | 12 | type Termios syscall.Termios 13 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/terminal_darwin.go: -------------------------------------------------------------------------------- 1 | // Based on ssh/terminal: 2 | // Copyright 2013 The Go Authors. All rights reserved. 3 | // Use of this source code is governed by a BSD-style 4 | // license that can be found in the LICENSE file. 5 | 6 | package logrus 7 | 8 | import "syscall" 9 | 10 | const ioctlReadTermios = syscall.TIOCGETA 11 | 12 | type Termios syscall.Termios 13 | -------------------------------------------------------------------------------- /libcontainer/seccomp/seccomp_linux_test.go: -------------------------------------------------------------------------------- 1 | // +build linux,cgo,seccomp 2 | 3 | package seccomp 4 | 5 | import "testing" 6 | 7 | func TestParseStatusFile(t *testing.T) { 8 | s, err := parseStatusFile("fixtures/proc_self_status") 9 | if err != nil { 10 | t.Fatal(err) 11 | } 12 | 13 | if _, ok := s["Seccomp"]; !ok { 14 | 15 | t.Fatal("expected to find 'Seccomp' in the map but did not.") 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /man/runc-ps.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc ps - ps displays the processes running inside a container 3 | 4 | # SYNOPSIS 5 | runc ps [command options] [-- ps options] 6 | 7 | # OPTIONS 8 | --format value, -f value select one of: table(default) or json 9 | 10 | The default format is table. The following will output the processes of a container 11 | in json format: 12 | 13 | # runc ps -f json 14 | -------------------------------------------------------------------------------- /man/runc-pause.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc pause - pause suspends all processes inside the container 3 | 4 | # SYNOPSIS 5 | runc pause 6 | 7 | Where "" is the name for the instance of the container to be 8 | paused. 9 | 10 | # DESCRIPTION 11 | The pause command suspends all processes in the instance of the container. 12 | Use runc list to identiy instances of containers and their current status. 13 | -------------------------------------------------------------------------------- /libcontainer/apparmor/apparmor_disabled.go: -------------------------------------------------------------------------------- 1 | // +build !apparmor !linux 2 | 3 | package apparmor 4 | 5 | import ( 6 | "errors" 7 | ) 8 | 9 | var ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported") 10 | 11 | func IsEnabled() bool { 12 | return false 13 | } 14 | 15 | func ApplyProfile(name string) error { 16 | if name != "" { 17 | return ErrApparmorNotEnabled 18 | } 19 | return nil 20 | } 21 | -------------------------------------------------------------------------------- /libcontainer/console_solaris.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | import ( 4 | "errors" 5 | ) 6 | 7 | // NewConsole returns an initalized console that can be used within a container by copying bytes 8 | // from the master side to the slave that is attached as the tty for the container's init process. 9 | func NewConsole(uid, gid int) (Console, error) { 10 | return nil, errors.New("libcontainer console is not supported on Solaris") 11 | } 12 | -------------------------------------------------------------------------------- /man/runc-resume.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc resume - resumes all processes that have been previously paused 3 | 4 | # SYNOPSIS 5 | runc resume 6 | 7 | Where "" is the name for the instance of the container to be 8 | resumed. 9 | 10 | # DESCRIPTION 11 | The resume command resumes all processes in the instance of the container. 12 | Use runc list to identiy instances of containers and their current status. 13 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/go-units/README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | go-units is a library to transform human friendly measurements into machine friendly values. 4 | 5 | ## Usage 6 | 7 | See the [docs in godoc](https://godoc.org/github.com/docker/go-units) for examples and documentation. 8 | 9 | ## License 10 | 11 | go-units is licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for the full license text. 12 | -------------------------------------------------------------------------------- /MAINTAINERS: -------------------------------------------------------------------------------- 1 | Michael Crosby (@crosbymichael) 2 | Rohit Jnagal (@rjnagal) 3 | Victor Marmol (@vmarmol) 4 | Mrunal Patel (@mrunalp) 5 | Alexander Morozov (@LK4D4) 6 | Daniel, Dao Quang Minh (@dqminh) 7 | Andrey Vagin (@avagin) 8 | Qiang Huang (@hqhq) 9 | Aleksa Sarai (@cyphar) 10 | -------------------------------------------------------------------------------- /libcontainer/console_freebsd.go: -------------------------------------------------------------------------------- 1 | // +build freebsd 2 | 3 | package libcontainer 4 | 5 | import ( 6 | "errors" 7 | ) 8 | 9 | // NewConsole returns an initalized console that can be used within a container by copying bytes 10 | // from the master side to the slave that is attached as the tty for the container's init process. 11 | func NewConsole(uid, gid int) (Console, error) { 12 | return nil, errors.New("libcontainer console is not supported on FreeBSD") 13 | } 14 | -------------------------------------------------------------------------------- /man/runc-start.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc start - start signals a created container to execute the user defined process 3 | 4 | # SYNOPSIS 5 | runc start 6 | 7 | Where "" is your name for the instance of the container that you 8 | are starting. The name you provide for the container instance must be unique on 9 | your host. 10 | 11 | # DESCRIPTIONa 12 | The start command signals the container to start the user's defined process. 13 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/autocomplete/bash_autocomplete: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | : ${PROG:=$(basename ${BASH_SOURCE})} 4 | 5 | _cli_bash_autocomplete() { 6 | local cur opts base 7 | COMPREPLY=() 8 | cur="${COMP_WORDS[COMP_CWORD]}" 9 | opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion ) 10 | COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) 11 | return 0 12 | } 13 | 14 | complete -F _cli_bash_autocomplete $PROG 15 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/terminal_freebsd.go: -------------------------------------------------------------------------------- 1 | /* 2 | Go 1.2 doesn't include Termios for FreeBSD. This should be added in 1.3 and this could be merged with terminal_darwin. 3 | */ 4 | package logrus 5 | 6 | import ( 7 | "syscall" 8 | ) 9 | 10 | const ioctlReadTermios = syscall.TIOCGETA 11 | 12 | type Termios struct { 13 | Iflag uint32 14 | Oflag uint32 15 | Cflag uint32 16 | Lflag uint32 17 | Cc [20]uint8 18 | Ispeed uint32 19 | Ospeed uint32 20 | } 21 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/homedir.go: -------------------------------------------------------------------------------- 1 | package dbus 2 | 3 | import ( 4 | "os" 5 | "sync" 6 | ) 7 | 8 | var ( 9 | homeDir string 10 | homeDirLock sync.Mutex 11 | ) 12 | 13 | func getHomeDir() string { 14 | homeDirLock.Lock() 15 | defer homeDirLock.Unlock() 16 | 17 | if homeDir != "" { 18 | return homeDir 19 | } 20 | 21 | homeDir = os.Getenv("HOME") 22 | if homeDir != "" { 23 | return homeDir 24 | } 25 | 26 | homeDir = lookupHomeDir() 27 | return homeDir 28 | } 29 | -------------------------------------------------------------------------------- /libcontainer/configs/namespaces_syscall_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux,!windows 2 | 3 | package configs 4 | 5 | func (n *Namespace) Syscall() int { 6 | panic("No namespace syscall support") 7 | return 0 8 | } 9 | 10 | // CloneFlags parses the container's Namespaces options to set the correct 11 | // flags on clone, unshare. This function returns flags only for new namespaces. 12 | func (n *Namespaces) CloneFlags() uintptr { 13 | panic("No namespace syscall support") 14 | return uintptr(0) 15 | } 16 | -------------------------------------------------------------------------------- /libcontainer/user/lookup_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris 2 | 3 | package user 4 | 5 | import "io" 6 | 7 | func GetPasswdPath() (string, error) { 8 | return "", ErrUnsupported 9 | } 10 | 11 | func GetPasswd() (io.ReadCloser, error) { 12 | return nil, ErrUnsupported 13 | } 14 | 15 | func GetGroupPath() (string, error) { 16 | return "", ErrUnsupported 17 | } 18 | 19 | func GetGroup() (io.ReadCloser, error) { 20 | return nil, ErrUnsupported 21 | } 22 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/conn_darwin.go: -------------------------------------------------------------------------------- 1 | package dbus 2 | 3 | import ( 4 | "errors" 5 | "os/exec" 6 | ) 7 | 8 | func sessionBusPlatform() (*Conn, error) { 9 | cmd := exec.Command("launchctl", "getenv", "DBUS_LAUNCHD_SESSION_BUS_SOCKET") 10 | b, err := cmd.CombinedOutput() 11 | 12 | if err != nil { 13 | return nil, err 14 | } 15 | 16 | if len(b) == 0 { 17 | return nil, errors.New("dbus: couldn't determine address of session bus") 18 | } 19 | 20 | return Dial("unix:path=" + string(b[:len(b)-1])) 21 | } 22 | -------------------------------------------------------------------------------- /man/md2man-all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # get into this script's directory 5 | cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" 6 | 7 | [ "$1" = '-q' ] || { 8 | set -x 9 | pwd 10 | } 11 | 12 | for FILE in *.md; do 13 | base="$(basename "$FILE")" 14 | name="${base%.md}" 15 | num="${name##*.}" 16 | if [ -z "$num" -o "$name" = "$num" ]; then 17 | # skip files that aren't of the format xxxx.N.md (like README.md) 18 | continue 19 | fi 20 | mkdir -p "./man${num}" 21 | go-md2man -in "$FILE" -out "./man${num}/${name}" 22 | done 23 | -------------------------------------------------------------------------------- /man/runc-kill.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc kill - kill sends the specified signal (default: SIGTERM) to the container's init process 3 | 4 | # SYNOPSIS 5 | runc kill 6 | 7 | Where "" is the name for the instance of the container and 8 | "" is the signal to be sent to the init process. 9 | 10 | # EXAMPLE 11 | 12 | For example, if the container id is "ubuntu01" the following will send a "KILL" 13 | signal to the init process of the "ubuntu01" container: 14 | 15 | # runc kill ubuntu01 KILL 16 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/neigh.go: -------------------------------------------------------------------------------- 1 | package netlink 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | ) 7 | 8 | // Neigh represents a link layer neighbor from netlink. 9 | type Neigh struct { 10 | LinkIndex int 11 | Family int 12 | State int 13 | Type int 14 | Flags int 15 | IP net.IP 16 | HardwareAddr net.HardwareAddr 17 | } 18 | 19 | // String returns $ip/$hwaddr $label 20 | func (neigh *Neigh) String() string { 21 | return fmt.Sprintf("%s %s", neigh.IP, neigh.HardwareAddr) 22 | } 23 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/term/tc_other.go: -------------------------------------------------------------------------------- 1 | // +build !windows 2 | // +build !linux !cgo 3 | 4 | package term 5 | 6 | import ( 7 | "syscall" 8 | "unsafe" 9 | ) 10 | 11 | func tcget(fd uintptr, p *Termios) syscall.Errno { 12 | _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(p))) 13 | return err 14 | } 15 | 16 | func tcset(fd uintptr, p *Termios) syscall.Errno { 17 | _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(p))) 18 | return err 19 | } 20 | -------------------------------------------------------------------------------- /man/runc-delete.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc delete - delete any resources held by the container often used with detached containers 3 | 4 | # SYNOPSIS 5 | runc delete 6 | 7 | Where "" is the name for the instance of the container. 8 | 9 | # EXAMPLE 10 | For example, if the container id is "ubuntu01" and runc list currently shows the 11 | status of "ubuntu01" as "destroyed" the following will delete resources held for 12 | "ubuntu01" removing "ubuntu01" from the runc list of containers: 13 | 14 | # runc delete ubuntu01 15 | -------------------------------------------------------------------------------- /libcontainer/system/sysconfig_notcgo.go: -------------------------------------------------------------------------------- 1 | // +build !cgo windows 2 | 3 | package system 4 | 5 | func GetClockTicks() int { 6 | // TODO figure out a better alternative for platforms where we're missing cgo 7 | // 8 | // TODO Windows. This could be implemented using Win32 QueryPerformanceFrequency(). 9 | // https://msdn.microsoft.com/en-us/library/windows/desktop/ms644905(v=vs.85).aspx 10 | // 11 | // An example of its usage can be found here. 12 | // https://msdn.microsoft.com/en-us/library/windows/desktop/dn553408(v=vs.85).aspx 13 | 14 | return 100 15 | } 16 | -------------------------------------------------------------------------------- /libcontainer/container_solaris.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | // State represents a running container's state 4 | type State struct { 5 | BaseState 6 | 7 | // Platform specific fields below here 8 | } 9 | 10 | // A libcontainer container object. 11 | // 12 | // Each container is thread-safe within the same process. Since a container can 13 | // be destroyed by a separate process, any function may return that the container 14 | // was not found. 15 | type Container interface { 16 | BaseContainer 17 | 18 | // Methods below here are platform specific 19 | 20 | } 21 | -------------------------------------------------------------------------------- /libcontainer/container_windows.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | // State represents a running container's state 4 | type State struct { 5 | BaseState 6 | 7 | // Platform specific fields below here 8 | } 9 | 10 | // A libcontainer container object. 11 | // 12 | // Each container is thread-safe within the same process. Since a container can 13 | // be destroyed by a separate process, any function may return that the container 14 | // was not found. 15 | type Container interface { 16 | BaseContainer 17 | 18 | // Methods below here are platform specific 19 | 20 | } 21 | -------------------------------------------------------------------------------- /main_solaris.go: -------------------------------------------------------------------------------- 1 | // +build solaris 2 | 3 | package main 4 | 5 | import "github.com/urfave/cli" 6 | 7 | var ( 8 | checkpointCommand cli.Command 9 | eventsCommand cli.Command 10 | restoreCommand cli.Command 11 | specCommand cli.Command 12 | killCommand cli.Command 13 | deleteCommand cli.Command 14 | execCommand cli.Command 15 | initCommand cli.Command 16 | listCommand cli.Command 17 | pauseCommand cli.Command 18 | resumeCommand cli.Command 19 | startCommand cli.Command 20 | stateCommand cli.Command 21 | ) 22 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/syndtr/gocapability/capability/capability_noop.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2013, Suryandaru Triandana 2 | // All rights reserved. 3 | // 4 | // Use of this source code is governed by a BSD-style license that can be 5 | // found in the LICENSE file. 6 | 7 | // +build !linux 8 | 9 | package capability 10 | 11 | import "errors" 12 | 13 | func newPid(pid int) (Capabilities, error) { 14 | return nil, errors.New("not supported") 15 | } 16 | 17 | func newFile(path string) (Capabilities, error) { 18 | return nil, errors.New("not supported") 19 | } 20 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/appveyor.yml: -------------------------------------------------------------------------------- 1 | version: "{build}" 2 | 3 | os: Windows Server 2012 R2 4 | 5 | clone_folder: c:\gopath\src\github.com\urfave\cli 6 | 7 | environment: 8 | GOPATH: C:\gopath 9 | GOVERSION: 1.6 10 | PYTHON: C:\Python27-x64 11 | PYTHON_VERSION: 2.7.x 12 | PYTHON_ARCH: 64 13 | 14 | install: 15 | - set PATH=%GOPATH%\bin;C:\go\bin;%PATH% 16 | - go version 17 | - go env 18 | - go get github.com/urfave/gfmrun/... 19 | - go get -v -t ./... 20 | 21 | build_script: 22 | - python runtests vet 23 | - python runtests test 24 | - python runtests gfmrun 25 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | runc 2 | 3 | Copyright 2012-2015 Docker, Inc. 4 | 5 | This product includes software developed at Docker, Inc. (http://www.docker.com). 6 | 7 | The following is courtesy of our legal counsel: 8 | 9 | 10 | Use and transfer of Docker may be subject to certain restrictions by the 11 | United States and other governments. 12 | It is your responsibility to ensure that your use and/or transfer does not 13 | violate applicable laws. 14 | 15 | For more information, please see http://www.bis.doc.gov 16 | 17 | See also http://www.apache.org/dev/crypto.html and/or seek legal counsel. 18 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/conn_other.go: -------------------------------------------------------------------------------- 1 | // +build !darwin 2 | 3 | package dbus 4 | 5 | import ( 6 | "bytes" 7 | "errors" 8 | "os/exec" 9 | ) 10 | 11 | func sessionBusPlatform() (*Conn, error) { 12 | cmd := exec.Command("dbus-launch") 13 | b, err := cmd.CombinedOutput() 14 | 15 | if err != nil { 16 | return nil, err 17 | } 18 | 19 | i := bytes.IndexByte(b, '=') 20 | j := bytes.IndexByte(b, '\n') 21 | 22 | if i == -1 || j == -1 { 23 | return nil, errors.New("dbus: couldn't determine address of session bus") 24 | } 25 | 26 | return Dial(string(b[i+1 : j])) 27 | } 28 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/hooks/syslog/README.md: -------------------------------------------------------------------------------- 1 | # Syslog Hooks for Logrus :walrus: 2 | 3 | ## Usage 4 | 5 | ```go 6 | import ( 7 | "log/syslog" 8 | "github.com/Sirupsen/logrus" 9 | logrus_syslog "github.com/Sirupsen/logrus/hooks/syslog" 10 | ) 11 | 12 | func main() { 13 | log := logrus.New() 14 | hook, err := logrus_syslog.NewSyslogHook("udp", "localhost:514", syslog.LOG_INFO, "") 15 | 16 | if err == nil { 17 | log.Hooks.Add(hook) 18 | } 19 | } 20 | ``` 21 | -------------------------------------------------------------------------------- /man/runc-events.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc events - display container events such as OOM notifications, cpu, memory, and IO usage statistics 3 | 4 | # SYNOPSIS 5 | runc events [command options] 6 | 7 | Where "" is the name for the instance of the container. 8 | 9 | # DESCRIPTION 10 | The events command displays information about the container. By default the 11 | information is displayed once every 5 seconds. 12 | 13 | # OPTIONS 14 | --interval value set the stats collection interval (default: 5s) 15 | --stats display the container's stats then exit 16 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/BurntSushi/toml/COPYING: -------------------------------------------------------------------------------- 1 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 2 | Version 2, December 2004 3 | 4 | Copyright (C) 2004 Sam Hocevar 5 | 6 | Everyone is permitted to copy and distribute verbatim or modified 7 | copies of this license document, and changing it is allowed as long 8 | as the name is changed. 9 | 10 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 11 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 12 | 13 | 0. You just DO WHAT THE FUCK YOU WANT TO. 14 | 15 | -------------------------------------------------------------------------------- /libcontainer/system/syscall_linux_386.go: -------------------------------------------------------------------------------- 1 | // +build linux,386 2 | 3 | package system 4 | 5 | import ( 6 | "syscall" 7 | ) 8 | 9 | // Setuid sets the uid of the calling thread to the specified uid. 10 | func Setuid(uid int) (err error) { 11 | _, _, e1 := syscall.RawSyscall(syscall.SYS_SETUID32, uintptr(uid), 0, 0) 12 | if e1 != 0 { 13 | err = e1 14 | } 15 | return 16 | } 17 | 18 | // Setgid sets the gid of the calling thread to the specified gid. 19 | func Setgid(gid int) (err error) { 20 | _, _, e1 := syscall.RawSyscall(syscall.SYS_SETGID32, uintptr(gid), 0, 0) 21 | if e1 != 0 { 22 | err = e1 23 | } 24 | return 25 | } 26 | -------------------------------------------------------------------------------- /libcontainer/system/syscall_linux_arm.go: -------------------------------------------------------------------------------- 1 | // +build linux,arm 2 | 3 | package system 4 | 5 | import ( 6 | "syscall" 7 | ) 8 | 9 | // Setuid sets the uid of the calling thread to the specified uid. 10 | func Setuid(uid int) (err error) { 11 | _, _, e1 := syscall.RawSyscall(syscall.SYS_SETUID32, uintptr(uid), 0, 0) 12 | if e1 != 0 { 13 | err = e1 14 | } 15 | return 16 | } 17 | 18 | // Setgid sets the gid of the calling thread to the specified gid. 19 | func Setgid(gid int) (err error) { 20 | _, _, e1 := syscall.RawSyscall(syscall.SYS_SETGID32, uintptr(gid), 0, 0) 21 | if e1 != 0 { 22 | err = e1 23 | } 24 | return 25 | } 26 | -------------------------------------------------------------------------------- /man/runc-list.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc list - lists containers started by runc with the given root 3 | 4 | # SYNOPSIS 5 | runc list [command options] 6 | 7 | # EXAMPLE 8 | Where the given root is specified via the global option "--root" 9 | (default: "/run/runc"). 10 | 11 | To list containers created via the default "--root": 12 | # runc list 13 | 14 | To list containers created using a non-default value for "--root": 15 | # runc --root value list 16 | 17 | # OPTIONS 18 | --format value, -f value select one of: table or json (default: "table") 19 | --quiet, -q display only container IDs 20 | -------------------------------------------------------------------------------- /libcontainer/seccomp/seccomp_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux !cgo !seccomp 2 | 3 | package seccomp 4 | 5 | import ( 6 | "errors" 7 | 8 | "github.com/opencontainers/runc/libcontainer/configs" 9 | ) 10 | 11 | var ErrSeccompNotEnabled = errors.New("seccomp: config provided but seccomp not supported") 12 | 13 | // InitSeccomp does nothing because seccomp is not supported. 14 | func InitSeccomp(config *configs.Seccomp) error { 15 | if config != nil { 16 | return ErrSeccompNotEnabled 17 | } 18 | return nil 19 | } 20 | 21 | // IsEnabled returns false, because it is not supported. 22 | func IsEnabled() bool { 23 | return false 24 | } 25 | -------------------------------------------------------------------------------- /libcontainer/nsenter/nsenter_gccgo.go: -------------------------------------------------------------------------------- 1 | // +build linux,gccgo 2 | 3 | package nsenter 4 | 5 | /* 6 | #cgo CFLAGS: -Wall 7 | extern void nsexec(); 8 | void __attribute__((constructor)) init(void) { 9 | nsexec(); 10 | } 11 | */ 12 | import "C" 13 | 14 | // AlwaysFalse is here to stay false 15 | // (and be exported so the compiler doesn't optimize out its reference) 16 | var AlwaysFalse bool 17 | 18 | func init() { 19 | if AlwaysFalse { 20 | // by referencing this C init() in a noop test, it will ensure the compiler 21 | // links in the C function. 22 | // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65134 23 | C.init() 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /libcontainer/stacktrace/frame_test.go: -------------------------------------------------------------------------------- 1 | package stacktrace 2 | 3 | import "testing" 4 | 5 | func TestParsePackageName(t *testing.T) { 6 | var ( 7 | name = "github.com/opencontainers/runc/libcontainer/stacktrace.captureFunc" 8 | expectedPackage = "github.com/opencontainers/runc/libcontainer/stacktrace" 9 | expectedFunction = "captureFunc" 10 | ) 11 | 12 | pack, funcName := parseFunctionName(name) 13 | if pack != expectedPackage { 14 | t.Fatalf("expected package %q but received %q", expectedPackage, pack) 15 | } 16 | 17 | if funcName != expectedFunction { 18 | t.Fatalf("expected function %q but received %q", expectedFunction, funcName) 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mount/mounter_linux.go: -------------------------------------------------------------------------------- 1 | package mount 2 | 3 | import ( 4 | "syscall" 5 | ) 6 | 7 | func mount(device, target, mType string, flag uintptr, data string) error { 8 | if err := syscall.Mount(device, target, mType, flag, data); err != nil { 9 | return err 10 | } 11 | 12 | // If we have a bind mount or remount, remount... 13 | if flag&syscall.MS_BIND == syscall.MS_BIND && flag&syscall.MS_RDONLY == syscall.MS_RDONLY { 14 | return syscall.Mount(device, target, mType, flag|syscall.MS_REMOUNT, data) 15 | } 16 | return nil 17 | } 18 | 19 | func unmount(target string, flag int) error { 20 | return syscall.Unmount(target, flag) 21 | } 22 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/version.go: -------------------------------------------------------------------------------- 1 | package specs 2 | 3 | import "fmt" 4 | 5 | const ( 6 | // VersionMajor is for an API incompatible changes 7 | VersionMajor = 1 8 | // VersionMinor is for functionality in a backwards-compatible manner 9 | VersionMinor = 0 10 | // VersionPatch is for backwards-compatible bug fixes 11 | VersionPatch = 0 12 | 13 | // VersionDev indicates development branch. Releases will be empty string. 14 | VersionDev = "-rc2-dev" 15 | ) 16 | 17 | // Version is the specification version that the package types support. 18 | var Version = fmt.Sprintf("%d.%d.%d%s", VersionMajor, VersionMinor, VersionPatch, VersionDev) 19 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/pquerna/ffjson/fflib/v1/reader_scan_amd64.s: -------------------------------------------------------------------------------- 1 | // +build !appengine 2 | 3 | #define NOSPLIT 4 4 | 5 | // func scanStringSSE(s []byte, j int) (int, byte) 6 | TEXT scanStringSSE(SB),NOSPLIT,$0 7 | // TODO: http://www.strchr.com/strcmp_and_strlen_using_sse_4.2 8 | // Equal any, operand1 set to 9 | RET 10 | 11 | // Copyright 2011 The Go Authors. All rights reserved. 12 | // Use of this source code is governed by a BSD-style 13 | // license that can be found in the LICENSE file. 14 | // func haveSSE42() bool 15 | TEXT ·haveSSE42(SB),NOSPLIT,$0 16 | XORQ AX, AX 17 | INCL AX 18 | CPUID 19 | SHRQ $20, CX 20 | ANDQ $1, CX 21 | MOVB CX, ret+0(FP) 22 | RET 23 | -------------------------------------------------------------------------------- /libcontainer/system/syscall_linux_64.go: -------------------------------------------------------------------------------- 1 | // +build linux,arm64 linux,amd64 linux,ppc linux,ppc64 linux,ppc64le linux,s390x 2 | 3 | package system 4 | 5 | import ( 6 | "syscall" 7 | ) 8 | 9 | // Setuid sets the uid of the calling thread to the specified uid. 10 | func Setuid(uid int) (err error) { 11 | _, _, e1 := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0) 12 | if e1 != 0 { 13 | err = e1 14 | } 15 | return 16 | } 17 | 18 | // Setgid sets the gid of the calling thread to the specified gid. 19 | func Setgid(gid int) (err error) { 20 | _, _, e1 := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0) 21 | if e1 != 0 { 22 | err = e1 23 | } 24 | return 25 | } 26 | -------------------------------------------------------------------------------- /libcontainer/user/lookup_unix.go: -------------------------------------------------------------------------------- 1 | // +build darwin dragonfly freebsd linux netbsd openbsd solaris 2 | 3 | package user 4 | 5 | import ( 6 | "io" 7 | "os" 8 | ) 9 | 10 | // Unix-specific path to the passwd and group formatted files. 11 | const ( 12 | unixPasswdPath = "/etc/passwd" 13 | unixGroupPath = "/etc/group" 14 | ) 15 | 16 | func GetPasswdPath() (string, error) { 17 | return unixPasswdPath, nil 18 | } 19 | 20 | func GetPasswd() (io.ReadCloser, error) { 21 | return os.Open(unixPasswdPath) 22 | } 23 | 24 | func GetGroupPath() (string, error) { 25 | return unixGroupPath, nil 26 | } 27 | 28 | func GetGroup() (io.ReadCloser, error) { 29 | return os.Open(unixGroupPath) 30 | } 31 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mount/flags_unsupported.go: -------------------------------------------------------------------------------- 1 | // +build !linux,!freebsd freebsd,!cgo 2 | 3 | package mount 4 | 5 | // These flags are unsupported. 6 | const ( 7 | BIND = 0 8 | DIRSYNC = 0 9 | MANDLOCK = 0 10 | NOATIME = 0 11 | NODEV = 0 12 | NODIRATIME = 0 13 | NOEXEC = 0 14 | NOSUID = 0 15 | UNBINDABLE = 0 16 | RUNBINDABLE = 0 17 | PRIVATE = 0 18 | RPRIVATE = 0 19 | SHARED = 0 20 | RSHARED = 0 21 | SLAVE = 0 22 | RSLAVE = 0 23 | RBIND = 0 24 | RELATIME = 0 25 | RELATIVE = 0 26 | REMOUNT = 0 27 | STRICTATIME = 0 28 | SYNCHRONOUS = 0 29 | RDONLY = 0 30 | ) 31 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | sudo: false 4 | 5 | cache: 6 | directories: 7 | - node_modules 8 | 9 | go: 10 | - 1.2.x 11 | - 1.3.x 12 | - 1.4.2 13 | - 1.5.x 14 | - 1.6.x 15 | - master 16 | 17 | matrix: 18 | allow_failures: 19 | - go: master 20 | include: 21 | - go: 1.6.x 22 | os: osx 23 | 24 | before_script: 25 | - go get github.com/urfave/gfmrun/... || true 26 | - go get golang.org/x/tools/... || true 27 | - if [ ! -f node_modules/.bin/markdown-toc ] ; then 28 | npm install markdown-toc ; 29 | fi 30 | 31 | script: 32 | - ./runtests gen 33 | - ./runtests vet 34 | - ./runtests test 35 | - ./runtests gfmrun 36 | - ./runtests toc 37 | -------------------------------------------------------------------------------- /tests/integration/kill.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | 15 | @test "kill detached busybox" { 16 | 17 | # run busybox detached 18 | runc run -d --console /dev/pts/ptmx test_busybox 19 | [ "$status" -eq 0 ] 20 | 21 | # check state 22 | wait_for_container 15 1 test_busybox 23 | 24 | testcontainer test_busybox running 25 | 26 | runc kill test_busybox KILL 27 | [ "$status" -eq 0 ] 28 | 29 | retry 10 1 eval "__runc state test_busybox | grep -q 'stopped'" 30 | 31 | runc delete test_busybox 32 | [ "$status" -eq 0 ] 33 | } 34 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/altsrc/input_source_context.go: -------------------------------------------------------------------------------- 1 | package altsrc 2 | 3 | import ( 4 | "time" 5 | 6 | "gopkg.in/urfave/cli.v1" 7 | ) 8 | 9 | // InputSourceContext is an interface used to allow 10 | // other input sources to be implemented as needed. 11 | type InputSourceContext interface { 12 | Int(name string) (int, error) 13 | Duration(name string) (time.Duration, error) 14 | Float64(name string) (float64, error) 15 | String(name string) (string, error) 16 | StringSlice(name string) ([]string, error) 17 | IntSlice(name string) ([]int, error) 18 | Generic(name string) (cli.Generic, error) 19 | Bool(name string) (bool, error) 20 | BoolT(name string) (bool, error) 21 | } 22 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/terminal_notwindows.go: -------------------------------------------------------------------------------- 1 | // Based on ssh/terminal: 2 | // Copyright 2011 The Go Authors. All rights reserved. 3 | // Use of this source code is governed by a BSD-style 4 | // license that can be found in the LICENSE file. 5 | 6 | // +build linux darwin freebsd openbsd 7 | 8 | package logrus 9 | 10 | import ( 11 | "syscall" 12 | "unsafe" 13 | ) 14 | 15 | // IsTerminal returns true if the given file descriptor is a terminal. 16 | func IsTerminal() bool { 17 | fd := syscall.Stdout 18 | var termios Termios 19 | _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlReadTermios, uintptr(unsafe.Pointer(&termios)), 0, 0, 0) 20 | return err == 0 21 | } 22 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/auth_external.go: -------------------------------------------------------------------------------- 1 | package dbus 2 | 3 | import ( 4 | "encoding/hex" 5 | ) 6 | 7 | // AuthExternal returns an Auth that authenticates as the given user with the 8 | // EXTERNAL mechanism. 9 | func AuthExternal(user string) Auth { 10 | return authExternal{user} 11 | } 12 | 13 | // AuthExternal implements the EXTERNAL authentication mechanism. 14 | type authExternal struct { 15 | user string 16 | } 17 | 18 | func (a authExternal) FirstData() ([]byte, []byte, AuthStatus) { 19 | b := make([]byte, 2*len(a.user)) 20 | hex.Encode(b, []byte(a.user)) 21 | return []byte("EXTERNAL"), b, AuthOk 22 | } 23 | 24 | func (a authExternal) HandleData(b []byte) ([]byte, AuthStatus) { 25 | return nil, AuthError 26 | } 27 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/introspect/call.go: -------------------------------------------------------------------------------- 1 | package introspect 2 | 3 | import ( 4 | "encoding/xml" 5 | "github.com/godbus/dbus" 6 | "strings" 7 | ) 8 | 9 | // Call calls org.freedesktop.Introspectable.Introspect on a remote object 10 | // and returns the introspection data. 11 | func Call(o dbus.BusObject) (*Node, error) { 12 | var xmldata string 13 | var node Node 14 | 15 | err := o.Call("org.freedesktop.DBus.Introspectable.Introspect", 0).Store(&xmldata) 16 | if err != nil { 17 | return nil, err 18 | } 19 | err = xml.NewDecoder(strings.NewReader(xmldata)).Decode(&node) 20 | if err != nil { 21 | return nil, err 22 | } 23 | if node.Name == "" { 24 | node.Name = string(o.Path()) 25 | } 26 | return &node, nil 27 | } 28 | -------------------------------------------------------------------------------- /libcontainer/console_windows.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | // NewConsole returns an initalized console that can be used within a container 4 | func NewConsole(uid, gid int) (Console, error) { 5 | return &windowsConsole{}, nil 6 | } 7 | 8 | // windowsConsole is a Windows pseudo TTY for use within a container. 9 | type windowsConsole struct { 10 | } 11 | 12 | func (c *windowsConsole) Fd() uintptr { 13 | return 0 14 | } 15 | 16 | func (c *windowsConsole) Path() string { 17 | return "" 18 | } 19 | 20 | func (c *windowsConsole) Read(b []byte) (int, error) { 21 | return 0, nil 22 | } 23 | 24 | func (c *windowsConsole) Write(b []byte) (int, error) { 25 | return 0, nil 26 | } 27 | 28 | func (c *windowsConsole) Close() error { 29 | return nil 30 | } 31 | -------------------------------------------------------------------------------- /libcontainer/stacktrace/capture.go: -------------------------------------------------------------------------------- 1 | package stacktrace 2 | 3 | import "runtime" 4 | 5 | // Capture captures a stacktrace for the current calling go program 6 | // 7 | // skip is the number of frames to skip 8 | func Capture(userSkip int) Stacktrace { 9 | var ( 10 | skip = userSkip + 1 // add one for our own function 11 | frames []Frame 12 | prevPc uintptr 13 | ) 14 | for i := skip; ; i++ { 15 | pc, file, line, ok := runtime.Caller(i) 16 | //detect if caller is repeated to avoid loop, gccgo 17 | //currently runs into a loop without this check 18 | if !ok || pc == prevPc { 19 | break 20 | } 21 | frames = append(frames, NewFrame(pc, file, line)) 22 | prevPc = pc 23 | } 24 | return Stacktrace{ 25 | Frames: frames, 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/writer.go: -------------------------------------------------------------------------------- 1 | package logrus 2 | 3 | import ( 4 | "bufio" 5 | "io" 6 | "runtime" 7 | ) 8 | 9 | func (logger *Logger) Writer() *io.PipeWriter { 10 | reader, writer := io.Pipe() 11 | 12 | go logger.writerScanner(reader) 13 | runtime.SetFinalizer(writer, writerFinalizer) 14 | 15 | return writer 16 | } 17 | 18 | func (logger *Logger) writerScanner(reader *io.PipeReader) { 19 | scanner := bufio.NewScanner(reader) 20 | for scanner.Scan() { 21 | logger.Print(scanner.Text()) 22 | } 23 | if err := scanner.Err(); err != nil { 24 | logger.Errorf("Error while reading from Writer: %s", err) 25 | } 26 | reader.Close() 27 | } 28 | 29 | func writerFinalizer(writer *io.PipeWriter) { 30 | writer.Close() 31 | } 32 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/NOTICE: -------------------------------------------------------------------------------- 1 | Docker 2 | Copyright 2012-2015 Docker, Inc. 3 | 4 | This product includes software developed at Docker, Inc. (https://www.docker.com). 5 | 6 | This product contains software (https://github.com/kr/pty) developed 7 | by Keith Rarick, licensed under the MIT License. 8 | 9 | The following is courtesy of our legal counsel: 10 | 11 | 12 | Use and transfer of Docker may be subject to certain restrictions by the 13 | United States and other governments. 14 | It is your responsibility to ensure that your use and/or transfer does not 15 | violate applicable laws. 16 | 17 | For more information, please see https://www.bis.doc.gov 18 | 19 | See also https://www.apache.org/dev/crypto.html and/or seek legal counsel. 20 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/state.go: -------------------------------------------------------------------------------- 1 | package specs 2 | 3 | // State holds information about the runtime state of the container. 4 | type State struct { 5 | // Version is the version of the specification that is supported. 6 | Version string `json:"version"` 7 | // ID is the container ID 8 | ID string `json:"id"` 9 | // Status is the runtime state of the container. 10 | Status string `json:"status"` 11 | // Pid is the process ID for the container process. 12 | Pid int `json:"pid"` 13 | // BundlePath is the path to the container's bundle directory. 14 | BundlePath string `json:"bundlePath"` 15 | // Annotations are the annotations associated with the container. 16 | Annotations map[string]string `json:"annotations"` 17 | } 18 | -------------------------------------------------------------------------------- /tests/integration/pause.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | @test "runc pause and resume" { 15 | # run busybox detached 16 | runc run -d --console /dev/pts/ptmx test_busybox 17 | [ "$status" -eq 0 ] 18 | 19 | wait_for_container 15 1 test_busybox 20 | 21 | # pause busybox 22 | runc pause test_busybox 23 | [ "$status" -eq 0 ] 24 | 25 | # test state of busybox is paused 26 | testcontainer test_busybox paused 27 | 28 | # resume busybox 29 | runc resume test_busybox 30 | [ "$status" -eq 0 ] 31 | 32 | # test state of busybox is back to running 33 | testcontainer test_busybox running 34 | } 35 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/transport_unixcred_linux.go: -------------------------------------------------------------------------------- 1 | // The UnixCredentials system call is currently only implemented on Linux 2 | // http://golang.org/src/pkg/syscall/sockcmsg_linux.go 3 | // https://golang.org/s/go1.4-syscall 4 | // http://code.google.com/p/go/source/browse/unix/sockcmsg_linux.go?repo=sys 5 | 6 | package dbus 7 | 8 | import ( 9 | "io" 10 | "os" 11 | "syscall" 12 | ) 13 | 14 | func (t *unixTransport) SendNullByte() error { 15 | ucred := &syscall.Ucred{Pid: int32(os.Getpid()), Uid: uint32(os.Getuid()), Gid: uint32(os.Getgid())} 16 | b := syscall.UnixCredentials(ucred) 17 | _, oobn, err := t.UnixConn.WriteMsgUnix([]byte{0}, b, nil) 18 | if err != nil { 19 | return err 20 | } 21 | if oobn != len(b) { 22 | return io.ErrShortWrite 23 | } 24 | return nil 25 | } 26 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/terminal_windows.go: -------------------------------------------------------------------------------- 1 | // Based on ssh/terminal: 2 | // Copyright 2011 The Go Authors. All rights reserved. 3 | // Use of this source code is governed by a BSD-style 4 | // license that can be found in the LICENSE file. 5 | 6 | // +build windows 7 | 8 | package logrus 9 | 10 | import ( 11 | "syscall" 12 | "unsafe" 13 | ) 14 | 15 | var kernel32 = syscall.NewLazyDLL("kernel32.dll") 16 | 17 | var ( 18 | procGetConsoleMode = kernel32.NewProc("GetConsoleMode") 19 | ) 20 | 21 | // IsTerminal returns true if the given file descriptor is a terminal. 22 | func IsTerminal() bool { 23 | fd := syscall.Stdout 24 | var st uint32 25 | r, _, e := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(fd), uintptr(unsafe.Pointer(&st)), 0) 26 | return r != 0 && e == 0 27 | } 28 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/examples/hook/hook.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/Sirupsen/logrus" 5 | "github.com/Sirupsen/logrus/hooks/airbrake" 6 | ) 7 | 8 | var log = logrus.New() 9 | 10 | func init() { 11 | log.Formatter = new(logrus.TextFormatter) // default 12 | log.Hooks.Add(airbrake.NewHook("https://example.com", "xyz", "development")) 13 | } 14 | 15 | func main() { 16 | log.WithFields(logrus.Fields{ 17 | "animal": "walrus", 18 | "size": 10, 19 | }).Info("A group of walrus emerges from the ocean") 20 | 21 | log.WithFields(logrus.Fields{ 22 | "omg": true, 23 | "number": 122, 24 | }).Warn("The group's number increased tremendously!") 25 | 26 | log.WithFields(logrus.Fields{ 27 | "omg": true, 28 | "number": 100, 29 | }).Fatal("The ice breaks!") 30 | } 31 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/cli.go: -------------------------------------------------------------------------------- 1 | // Package cli provides a minimal framework for creating and organizing command line 2 | // Go applications. cli is designed to be easy to understand and write, the most simple 3 | // cli application can be written as follows: 4 | // func main() { 5 | // cli.NewApp().Run(os.Args) 6 | // } 7 | // 8 | // Of course this application does not do much, so let's make this an actual application: 9 | // func main() { 10 | // app := cli.NewApp() 11 | // app.Name = "greet" 12 | // app.Usage = "say a greeting" 13 | // app.Action = func(c *cli.Context) error { 14 | // println("Greetings") 15 | // } 16 | // 17 | // app.Run(os.Args) 18 | // } 19 | package cli 20 | 21 | //go:generate python ./generate-flag-types cli -i flag-types.json -o flag_generated.go 22 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/transport_generic.go: -------------------------------------------------------------------------------- 1 | package dbus 2 | 3 | import ( 4 | "encoding/binary" 5 | "errors" 6 | "io" 7 | ) 8 | 9 | type genericTransport struct { 10 | io.ReadWriteCloser 11 | } 12 | 13 | func (t genericTransport) SendNullByte() error { 14 | _, err := t.Write([]byte{0}) 15 | return err 16 | } 17 | 18 | func (t genericTransport) SupportsUnixFDs() bool { 19 | return false 20 | } 21 | 22 | func (t genericTransport) EnableUnixFDs() {} 23 | 24 | func (t genericTransport) ReadMessage() (*Message, error) { 25 | return DecodeMessage(t) 26 | } 27 | 28 | func (t genericTransport) SendMessage(msg *Message) error { 29 | for _, v := range msg.Body { 30 | if _, ok := v.(UnixFD); ok { 31 | return errors.New("dbus: unix fd passing not enabled") 32 | } 33 | } 34 | return msg.EncodeTo(t, binary.LittleEndian) 35 | } 36 | -------------------------------------------------------------------------------- /script/validate-gofmt: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source "$(dirname "$BASH_SOURCE")/.validate" 4 | 5 | IFS=$'\n' 6 | files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' | grep -v '^Godeps/' || true) ) 7 | unset IFS 8 | 9 | badFiles=() 10 | for f in "${files[@]}"; do 11 | # we use "git show" here to validate that what's committed is formatted 12 | if [ "$(git show "$VALIDATE_HEAD:$f" | gofmt -s -l)" ]; then 13 | badFiles+=( "$f" ) 14 | fi 15 | done 16 | 17 | if [ ${#badFiles[@]} -eq 0 ]; then 18 | echo 'Congratulations! All Go source files are properly formatted.' 19 | else 20 | { 21 | echo "These files are not properly gofmt'd:" 22 | for f in "${badFiles[@]}"; do 23 | echo " - $f" 24 | done 25 | echo 26 | echo 'Please reformat the above files using "gofmt -s -w" and commit the result.' 27 | echo 28 | } >&2 29 | false 30 | fi 31 | -------------------------------------------------------------------------------- /libcontainer/configs/namespaces_syscall.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package configs 4 | 5 | import "syscall" 6 | 7 | func (n *Namespace) Syscall() int { 8 | return namespaceInfo[n.Type] 9 | } 10 | 11 | var namespaceInfo = map[NamespaceType]int{ 12 | NEWNET: syscall.CLONE_NEWNET, 13 | NEWNS: syscall.CLONE_NEWNS, 14 | NEWUSER: syscall.CLONE_NEWUSER, 15 | NEWIPC: syscall.CLONE_NEWIPC, 16 | NEWUTS: syscall.CLONE_NEWUTS, 17 | NEWPID: syscall.CLONE_NEWPID, 18 | } 19 | 20 | // CloneFlags parses the container's Namespaces options to set the correct 21 | // flags on clone, unshare. This function returns flags only for new namespaces. 22 | func (n *Namespaces) CloneFlags() uintptr { 23 | var flag int 24 | for _, v := range *n { 25 | if v.Path != "" { 26 | continue 27 | } 28 | flag |= namespaceInfo[v.Type] 29 | } 30 | return uintptr(flag) 31 | } 32 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/Makefile: -------------------------------------------------------------------------------- 1 | DIRS := \ 2 | . \ 3 | nl 4 | 5 | DEPS = \ 6 | github.com/vishvananda/netns 7 | 8 | uniq = $(if $1,$(firstword $1) $(call uniq,$(filter-out $(firstword $1),$1))) 9 | testdirs = $(call uniq,$(foreach d,$(1),$(dir $(wildcard $(d)/*_test.go)))) 10 | goroot = $(addprefix ../../../,$(1)) 11 | unroot = $(subst ../../../,,$(1)) 12 | fmt = $(addprefix fmt-,$(1)) 13 | 14 | all: fmt 15 | 16 | $(call goroot,$(DEPS)): 17 | go get $(call unroot,$@) 18 | 19 | .PHONY: $(call testdirs,$(DIRS)) 20 | $(call testdirs,$(DIRS)): 21 | sudo -E go test -v github.com/vishvananda/netlink/$@ 22 | 23 | $(call fmt,$(call testdirs,$(DIRS))): 24 | ! gofmt -l $(subst fmt-,,$@)/*.go | grep '' 25 | 26 | .PHONY: fmt 27 | fmt: $(call fmt,$(call testdirs,$(DIRS))) 28 | 29 | test: fmt $(call goroot,$(DEPS)) $(call testdirs,$(DIRS)) 30 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/homedir_static.go: -------------------------------------------------------------------------------- 1 | // +build static_build 2 | 3 | package dbus 4 | 5 | import ( 6 | "bufio" 7 | "os" 8 | "strconv" 9 | "strings" 10 | ) 11 | 12 | func lookupHomeDir() string { 13 | myUid := os.Getuid() 14 | 15 | f, err := os.Open("/etc/passwd") 16 | if err != nil { 17 | return "/" 18 | } 19 | defer f.Close() 20 | 21 | s := bufio.NewScanner(f) 22 | 23 | for s.Scan() { 24 | if err := s.Err(); err != nil { 25 | break 26 | } 27 | 28 | line := strings.TrimSpace(s.Text()) 29 | if line == "" { 30 | continue 31 | } 32 | 33 | parts := strings.Split(line, ":") 34 | 35 | if len(parts) >= 6 { 36 | uid, err := strconv.Atoi(parts[2]) 37 | if err == nil && uid == myUid { 38 | return parts[5] 39 | } 40 | } 41 | } 42 | 43 | // Default to / if we can't get a better value 44 | return "/" 45 | } 46 | -------------------------------------------------------------------------------- /tests/integration/create.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | @test "runc create" { 15 | runc create --console /dev/pts/ptmx test_busybox 16 | [ "$status" -eq 0 ] 17 | 18 | testcontainer test_busybox created 19 | 20 | # start the command 21 | runc start test_busybox 22 | [ "$status" -eq 0 ] 23 | 24 | testcontainer test_busybox running 25 | } 26 | 27 | @test "runc create exec" { 28 | runc create --console /dev/pts/ptmx test_busybox 29 | [ "$status" -eq 0 ] 30 | 31 | testcontainer test_busybox created 32 | 33 | runc exec test_busybox true 34 | [ "$status" -eq 0 ] 35 | 36 | # start the command 37 | runc start test_busybox 38 | [ "$status" -eq 0 ] 39 | 40 | testcontainer test_busybox running 41 | } 42 | -------------------------------------------------------------------------------- /libcontainer/utils/utils_unix.go: -------------------------------------------------------------------------------- 1 | // +build !windows 2 | 3 | package utils 4 | 5 | import ( 6 | "io/ioutil" 7 | "strconv" 8 | "syscall" 9 | ) 10 | 11 | func CloseExecFrom(minFd int) error { 12 | fdList, err := ioutil.ReadDir("/proc/self/fd") 13 | if err != nil { 14 | return err 15 | } 16 | for _, fi := range fdList { 17 | fd, err := strconv.Atoi(fi.Name()) 18 | if err != nil { 19 | // ignore non-numeric file names 20 | continue 21 | } 22 | 23 | if fd < minFd { 24 | // ignore descriptors lower than our specified minimum 25 | continue 26 | } 27 | 28 | // intentionally ignore errors from syscall.CloseOnExec 29 | syscall.CloseOnExec(fd) 30 | // the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall) 31 | } 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /libcontainer/configs/mount.go: -------------------------------------------------------------------------------- 1 | package configs 2 | 3 | type Mount struct { 4 | // Source path for the mount. 5 | Source string `json:"source"` 6 | 7 | // Destination path for the mount inside the container. 8 | Destination string `json:"destination"` 9 | 10 | // Device the mount is for. 11 | Device string `json:"device"` 12 | 13 | // Mount flags. 14 | Flags int `json:"flags"` 15 | 16 | // Propagation Flags 17 | PropagationFlags []int `json:"propagation_flags"` 18 | 19 | // Mount data applied to the mount. 20 | Data string `json:"data"` 21 | 22 | // Relabel source if set, "z" indicates shared, "Z" indicates unshared. 23 | Relabel string `json:"relabel"` 24 | 25 | // Optional Command to be run before Source is mounted. 26 | PremountCmds []Command `json:"premount_cmds"` 27 | 28 | // Optional Command to be run after Source is mounted. 29 | PostmountCmds []Command `json:"postmount_cmds"` 30 | } 31 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/name.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "github.com/opencontainers/runc/libcontainer/cgroups" 7 | "github.com/opencontainers/runc/libcontainer/configs" 8 | ) 9 | 10 | type NameGroup struct { 11 | GroupName string 12 | Join bool 13 | } 14 | 15 | func (s *NameGroup) Name() string { 16 | return s.GroupName 17 | } 18 | 19 | func (s *NameGroup) Apply(d *cgroupData) error { 20 | if s.Join { 21 | // ignore errors if the named cgroup does not exist 22 | d.join(s.GroupName) 23 | } 24 | return nil 25 | } 26 | 27 | func (s *NameGroup) Set(path string, cgroup *configs.Cgroup) error { 28 | return nil 29 | } 30 | 31 | func (s *NameGroup) Remove(d *cgroupData) error { 32 | if s.Join { 33 | removePath(d.path(s.GroupName)) 34 | } 35 | return nil 36 | } 37 | 38 | func (s *NameGroup) GetStats(path string, stats *cgroups.Stats) error { 39 | return nil 40 | } 41 | -------------------------------------------------------------------------------- /libcontainer/error_test.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | import "testing" 4 | 5 | func TestErrorCode(t *testing.T) { 6 | codes := map[ErrorCode]string{ 7 | IdInUse: "Id already in use", 8 | InvalidIdFormat: "Invalid format", 9 | ContainerPaused: "Container paused", 10 | ConfigInvalid: "Invalid configuration", 11 | SystemError: "System error", 12 | ContainerNotExists: "Container does not exist", 13 | ContainerNotStopped: "Container is not stopped", 14 | ContainerNotRunning: "Container is not running", 15 | ConsoleExists: "Console exists for process", 16 | ContainerNotPaused: "Container is not paused", 17 | NoProcessOps: "No process operations", 18 | } 19 | 20 | for code, expected := range codes { 21 | if actual := code.String(); actual != expected { 22 | t.Fatalf("expected string %q but received %q", expected, actual) 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /libcontainer/system/proc.go: -------------------------------------------------------------------------------- 1 | package system 2 | 3 | import ( 4 | "io/ioutil" 5 | "path/filepath" 6 | "strconv" 7 | "strings" 8 | ) 9 | 10 | // look in /proc to find the process start time so that we can verify 11 | // that this pid has started after ourself 12 | func GetProcessStartTime(pid int) (string, error) { 13 | data, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat")) 14 | if err != nil { 15 | return "", err 16 | } 17 | 18 | parts := strings.Split(string(data), " ") 19 | // the starttime is located at pos 22 20 | // from the man page 21 | // 22 | // starttime %llu (was %lu before Linux 2.6) 23 | // (22) The time the process started after system boot. In kernels before Linux 2.6, this 24 | // value was expressed in jiffies. Since Linux 2.6, the value is expressed in clock ticks 25 | // (divide by sysconf(_SC_CLK_TCK)). 26 | return parts[22-1], nil // starts at 1 27 | } 28 | -------------------------------------------------------------------------------- /libcontainer/stacktrace/frame.go: -------------------------------------------------------------------------------- 1 | package stacktrace 2 | 3 | import ( 4 | "path/filepath" 5 | "runtime" 6 | "strings" 7 | ) 8 | 9 | // NewFrame returns a new stack frame for the provided information 10 | func NewFrame(pc uintptr, file string, line int) Frame { 11 | fn := runtime.FuncForPC(pc) 12 | if fn == nil { 13 | return Frame{} 14 | } 15 | pack, name := parseFunctionName(fn.Name()) 16 | return Frame{ 17 | Line: line, 18 | File: filepath.Base(file), 19 | Package: pack, 20 | Function: name, 21 | } 22 | } 23 | 24 | func parseFunctionName(name string) (string, string) { 25 | i := strings.LastIndex(name, ".") 26 | if i == -1 { 27 | return "", name 28 | } 29 | return name[:i], name[i+1:] 30 | } 31 | 32 | // Frame contains all the information for a stack frame within a go program 33 | type Frame struct { 34 | File string 35 | Function string 36 | Package string 37 | Line int 38 | } 39 | -------------------------------------------------------------------------------- /libcontainer/stacktrace/capture_test.go: -------------------------------------------------------------------------------- 1 | package stacktrace 2 | 3 | import ( 4 | "strings" 5 | "testing" 6 | ) 7 | 8 | func captureFunc() Stacktrace { 9 | return Capture(0) 10 | } 11 | 12 | func TestCaptureTestFunc(t *testing.T) { 13 | stack := captureFunc() 14 | 15 | if len(stack.Frames) == 0 { 16 | t.Fatal("expected stack frames to be returned") 17 | } 18 | 19 | // the first frame is the caller 20 | frame := stack.Frames[0] 21 | if expected := "captureFunc"; frame.Function != expected { 22 | t.Fatalf("expteced function %q but recevied %q", expected, frame.Function) 23 | } 24 | expected := "/runc/libcontainer/stacktrace" 25 | if !strings.HasSuffix(frame.Package, expected) { 26 | t.Fatalf("expected package %q but received %q", expected, frame.Package) 27 | } 28 | if expected := "capture_test.go"; frame.File != expected { 29 | t.Fatalf("expected file %q but received %q", expected, frame.File) 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/perf_event.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "github.com/opencontainers/runc/libcontainer/cgroups" 7 | "github.com/opencontainers/runc/libcontainer/configs" 8 | ) 9 | 10 | type PerfEventGroup struct { 11 | } 12 | 13 | func (s *PerfEventGroup) Name() string { 14 | return "perf_event" 15 | } 16 | 17 | func (s *PerfEventGroup) Apply(d *cgroupData) error { 18 | // we just want to join this group even though we don't set anything 19 | if _, err := d.join("perf_event"); err != nil && !cgroups.IsNotFound(err) { 20 | return err 21 | } 22 | return nil 23 | } 24 | 25 | func (s *PerfEventGroup) Set(path string, cgroup *configs.Cgroup) error { 26 | return nil 27 | } 28 | 29 | func (s *PerfEventGroup) Remove(d *cgroupData) error { 30 | return removePath(d.path("perf_event")) 31 | } 32 | 33 | func (s *PerfEventGroup) GetStats(path string, stats *cgroups.Stats) error { 34 | return nil 35 | } 36 | -------------------------------------------------------------------------------- /main_unix.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package main 4 | 5 | import ( 6 | "os" 7 | "runtime" 8 | 9 | "github.com/opencontainers/runc/libcontainer" 10 | _ "github.com/opencontainers/runc/libcontainer/nsenter" 11 | "github.com/urfave/cli" 12 | ) 13 | 14 | func init() { 15 | if len(os.Args) > 1 && os.Args[1] == "init" { 16 | runtime.GOMAXPROCS(1) 17 | runtime.LockOSThread() 18 | } 19 | } 20 | 21 | var initCommand = cli.Command{ 22 | Name: "init", 23 | Usage: `initialize the namespaces and launch the process (do not call it outside of runc)`, 24 | Action: func(context *cli.Context) error { 25 | factory, _ := libcontainer.New("") 26 | if err := factory.StartInitialization(); err != nil { 27 | // as the error is sent back to the parent there is no need to log 28 | // or write it to stderr because the parent process will handle this 29 | os.Exit(1) 30 | } 31 | panic("libcontainer: container init failed to exec") 32 | }, 33 | } 34 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/nl/route_linux.go: -------------------------------------------------------------------------------- 1 | package nl 2 | 3 | import ( 4 | "syscall" 5 | "unsafe" 6 | ) 7 | 8 | type RtMsg struct { 9 | syscall.RtMsg 10 | } 11 | 12 | func NewRtMsg() *RtMsg { 13 | return &RtMsg{ 14 | RtMsg: syscall.RtMsg{ 15 | Table: syscall.RT_TABLE_MAIN, 16 | Scope: syscall.RT_SCOPE_UNIVERSE, 17 | Protocol: syscall.RTPROT_BOOT, 18 | Type: syscall.RTN_UNICAST, 19 | }, 20 | } 21 | } 22 | 23 | func NewRtDelMsg() *RtMsg { 24 | return &RtMsg{ 25 | RtMsg: syscall.RtMsg{ 26 | Table: syscall.RT_TABLE_MAIN, 27 | Scope: syscall.RT_SCOPE_NOWHERE, 28 | }, 29 | } 30 | } 31 | 32 | func (msg *RtMsg) Len() int { 33 | return syscall.SizeofRtMsg 34 | } 35 | 36 | func DeserializeRtMsg(b []byte) *RtMsg { 37 | return (*RtMsg)(unsafe.Pointer(&b[0:syscall.SizeofRtMsg][0])) 38 | } 39 | 40 | func (msg *RtMsg) Serialize() []byte { 41 | return (*(*[syscall.SizeofRtMsg]byte)(unsafe.Pointer(msg)))[:] 42 | } 43 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/net_prio_test.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "strings" 7 | "testing" 8 | 9 | "github.com/opencontainers/runc/libcontainer/configs" 10 | ) 11 | 12 | var ( 13 | prioMap = []*configs.IfPrioMap{ 14 | { 15 | Interface: "test", 16 | Priority: 5, 17 | }, 18 | } 19 | ) 20 | 21 | func TestNetPrioSetIfPrio(t *testing.T) { 22 | helper := NewCgroupTestUtil("net_prio", t) 23 | defer helper.cleanup() 24 | 25 | helper.CgroupData.config.Resources.NetPrioIfpriomap = prioMap 26 | netPrio := &NetPrioGroup{} 27 | if err := netPrio.Set(helper.CgroupPath, helper.CgroupData.config); err != nil { 28 | t.Fatal(err) 29 | } 30 | 31 | value, err := getCgroupParamString(helper.CgroupPath, "net_prio.ifpriomap") 32 | if err != nil { 33 | t.Fatalf("Failed to parse net_prio.ifpriomap - %s", err) 34 | } 35 | if !strings.Contains(value, "test 5") { 36 | t.Fatal("Got the wrong value, set net_prio.ifpriomap failed.") 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /libcontainer/devices/number.go: -------------------------------------------------------------------------------- 1 | // +build linux freebsd 2 | 3 | package devices 4 | 5 | /* 6 | 7 | This code provides support for manipulating linux device numbers. It should be replaced by normal syscall functions once http://code.google.com/p/go/issues/detail?id=8106 is solved. 8 | 9 | You can read what they are here: 10 | 11 | - http://www.makelinux.net/ldd3/chp-3-sect-2 12 | - http://www.linux-tutorial.info/modules.php?name=MContent&pageid=94 13 | 14 | Note! These are NOT the same as the MAJOR(dev_t device);, MINOR(dev_t device); and MKDEV(int major, int minor); functions as defined in as the representation of device numbers used by go is different than the one used internally to the kernel! - https://github.com/torvalds/linux/blob/master/include/linux/kdev_t.h#L9 15 | 16 | */ 17 | 18 | func Major(devNumber int) int64 { 19 | return int64((devNumber >> 8) & 0xfff) 20 | } 21 | 22 | func Minor(devNumber int) int64 { 23 | return int64((devNumber & 0xff) | ((devNumber >> 12) & 0xfff00)) 24 | } 25 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/net_prio.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "github.com/opencontainers/runc/libcontainer/cgroups" 7 | "github.com/opencontainers/runc/libcontainer/configs" 8 | ) 9 | 10 | type NetPrioGroup struct { 11 | } 12 | 13 | func (s *NetPrioGroup) Name() string { 14 | return "net_prio" 15 | } 16 | 17 | func (s *NetPrioGroup) Apply(d *cgroupData) error { 18 | _, err := d.join("net_prio") 19 | if err != nil && !cgroups.IsNotFound(err) { 20 | return err 21 | } 22 | return nil 23 | } 24 | 25 | func (s *NetPrioGroup) Set(path string, cgroup *configs.Cgroup) error { 26 | for _, prioMap := range cgroup.Resources.NetPrioIfpriomap { 27 | if err := writeFile(path, "net_prio.ifpriomap", prioMap.CgroupString()); err != nil { 28 | return err 29 | } 30 | } 31 | 32 | return nil 33 | } 34 | 35 | func (s *NetPrioGroup) Remove(d *cgroupData) error { 36 | return removePath(d.path("net_prio")) 37 | } 38 | 39 | func (s *NetPrioGroup) GetStats(path string, stats *cgroups.Stats) error { 40 | return nil 41 | } 42 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/route.go: -------------------------------------------------------------------------------- 1 | package netlink 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "syscall" 7 | ) 8 | 9 | // Scope is an enum representing a route scope. 10 | type Scope uint8 11 | 12 | const ( 13 | SCOPE_UNIVERSE Scope = syscall.RT_SCOPE_UNIVERSE 14 | SCOPE_SITE Scope = syscall.RT_SCOPE_SITE 15 | SCOPE_LINK Scope = syscall.RT_SCOPE_LINK 16 | SCOPE_HOST Scope = syscall.RT_SCOPE_HOST 17 | SCOPE_NOWHERE Scope = syscall.RT_SCOPE_NOWHERE 18 | ) 19 | 20 | // Route represents a netlink route. A route is associated with a link, 21 | // has a destination network, an optional source ip, and optional 22 | // gateway. Advanced route parameters and non-main routing tables are 23 | // currently not supported. 24 | type Route struct { 25 | LinkIndex int 26 | Scope Scope 27 | Dst *net.IPNet 28 | Src net.IP 29 | Gw net.IP 30 | } 31 | 32 | func (r Route) String() string { 33 | return fmt.Sprintf("{Ifindex: %d Dst: %s Src: %s Gw: %s}", r.LinkIndex, r.Dst, 34 | r.Src, r.Gw) 35 | } 36 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/call.go: -------------------------------------------------------------------------------- 1 | package dbus 2 | 3 | import ( 4 | "errors" 5 | ) 6 | 7 | // Call represents a pending or completed method call. 8 | type Call struct { 9 | Destination string 10 | Path ObjectPath 11 | Method string 12 | Args []interface{} 13 | 14 | // Strobes when the call is complete. 15 | Done chan *Call 16 | 17 | // After completion, the error status. If this is non-nil, it may be an 18 | // error message from the peer (with Error as its type) or some other error. 19 | Err error 20 | 21 | // Holds the response once the call is done. 22 | Body []interface{} 23 | } 24 | 25 | var errSignature = errors.New("dbus: mismatched signature") 26 | 27 | // Store stores the body of the reply into the provided pointers. It returns 28 | // an error if the signatures of the body and retvalues don't match, or if 29 | // the error status is not nil. 30 | func (c *Call) Store(retvalues ...interface{}) error { 31 | if c.Err != nil { 32 | return c.Err 33 | } 34 | 35 | return Store(c.Body, retvalues...) 36 | } 37 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/pquerna/ffjson/fflib/v1/reader_scan_generic.go: -------------------------------------------------------------------------------- 1 | // +build !amd64 appengine 2 | 3 | /** 4 | * Copyright 2014 Paul Querna 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | * 18 | */ 19 | 20 | package v1 21 | 22 | func scanString(s []byte, j int) (int, byte) { 23 | for { 24 | if j >= len(s) { 25 | return j, 0 26 | } 27 | 28 | c := s[j] 29 | j++ 30 | if byteLookupTable[c]&sliceStringMask == 0 { 31 | continue 32 | } 33 | 34 | return j, c 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/net_cls.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "strconv" 7 | 8 | "github.com/opencontainers/runc/libcontainer/cgroups" 9 | "github.com/opencontainers/runc/libcontainer/configs" 10 | ) 11 | 12 | type NetClsGroup struct { 13 | } 14 | 15 | func (s *NetClsGroup) Name() string { 16 | return "net_cls" 17 | } 18 | 19 | func (s *NetClsGroup) Apply(d *cgroupData) error { 20 | _, err := d.join("net_cls") 21 | if err != nil && !cgroups.IsNotFound(err) { 22 | return err 23 | } 24 | return nil 25 | } 26 | 27 | func (s *NetClsGroup) Set(path string, cgroup *configs.Cgroup) error { 28 | if cgroup.Resources.NetClsClassid != 0 { 29 | if err := writeFile(path, "net_cls.classid", strconv.FormatUint(uint64(cgroup.Resources.NetClsClassid), 10)); err != nil { 30 | return err 31 | } 32 | } 33 | 34 | return nil 35 | } 36 | 37 | func (s *NetClsGroup) Remove(d *cgroupData) error { 38 | return removePath(d.path("net_cls")) 39 | } 40 | 41 | func (s *NetClsGroup) GetStats(path string, stats *cgroups.Stats) error { 42 | return nil 43 | } 44 | -------------------------------------------------------------------------------- /libcontainer/specconv/spec_linux_test.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package specconv 4 | 5 | import ( 6 | "testing" 7 | 8 | "github.com/opencontainers/runtime-spec/specs-go" 9 | ) 10 | 11 | func TestLinuxCgroupsPathSpecified(t *testing.T) { 12 | cgroupsPath := "/user/cgroups/path/id" 13 | 14 | spec := &specs.Spec{} 15 | spec.Linux = &specs.Linux{ 16 | CgroupsPath: &cgroupsPath, 17 | } 18 | 19 | cgroup, err := createCgroupConfig("ContainerID", false, spec) 20 | if err != nil { 21 | t.Errorf("Couldn't create Cgroup config: %v", err) 22 | } 23 | 24 | if cgroup.Path != cgroupsPath { 25 | t.Errorf("Wrong cgroupsPath, expected '%s' got '%s'", cgroupsPath, cgroup.Path) 26 | } 27 | } 28 | 29 | func TestLinuxCgroupsPathNotSpecified(t *testing.T) { 30 | spec := &specs.Spec{} 31 | 32 | cgroup, err := createCgroupConfig("ContainerID", false, spec) 33 | if err != nil { 34 | t.Errorf("Couldn't create Cgroup config: %v", err) 35 | } 36 | 37 | if cgroup.Path != "" { 38 | t.Errorf("Wrong cgroupsPath, expected it to be empty string, got '%s'", cgroup.Path) 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /man/runc-checkpoint.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc checkpoint - checkpoint a running container 3 | 4 | # SYNOPSIS 5 | runc checkpoint [command options] 6 | 7 | Where "" is the name for the instance of the container to be 8 | checkpointed. 9 | 10 | # DESCRIPTION 11 | The checkpoint command saves the state of the container instance. 12 | 13 | # OPTIONS 14 | --image-path value path for saving criu image files 15 | --work-path value path for saving work files and logs 16 | --leave-running leave the process running after checkpointing 17 | --tcp-established allow open tcp connections 18 | --ext-unix-sk allow external unix sockets 19 | --shell-job allow shell jobs 20 | --page-server value ADDRESS:PORT of the page server 21 | --file-locks handle file locks, for safety 22 | --manage-cgroups-mode value cgroups mode: 'soft' (default), 'full' and 'strict' 23 | --empty-ns value create a namespace, but don't restore its properies 24 | -------------------------------------------------------------------------------- /script/.validate: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$VALIDATE_UPSTREAM" ]; then 4 | # this is kind of an expensive check, so let's not do this twice if we 5 | # are running more than one validate bundlescript 6 | 7 | VALIDATE_REPO='https://github.com/opencontainers/runc.git' 8 | VALIDATE_BRANCH='master' 9 | 10 | if [ "$TRAVIS" = 'true' -a "$TRAVIS_PULL_REQUEST" != 'false' ]; then 11 | VALIDATE_REPO="https://github.com/${TRAVIS_REPO_SLUG}.git" 12 | VALIDATE_BRANCH="${TRAVIS_BRANCH}" 13 | fi 14 | 15 | VALIDATE_HEAD="$(git rev-parse --verify HEAD)" 16 | 17 | git fetch -q "$VALIDATE_REPO" "refs/heads/$VALIDATE_BRANCH" 18 | VALIDATE_UPSTREAM="$(git rev-parse --verify FETCH_HEAD)" 19 | 20 | VALIDATE_COMMIT_LOG="$VALIDATE_UPSTREAM..$VALIDATE_HEAD" 21 | VALIDATE_COMMIT_DIFF="$VALIDATE_UPSTREAM...$VALIDATE_HEAD" 22 | 23 | validate_diff() { 24 | if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then 25 | git diff "$VALIDATE_COMMIT_DIFF" "$@" 26 | fi 27 | } 28 | validate_log() { 29 | if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then 30 | git log "$VALIDATE_COMMIT_LOG" "$@" 31 | fi 32 | } 33 | fi 34 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/json_formatter.go: -------------------------------------------------------------------------------- 1 | package logrus 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | ) 7 | 8 | type JSONFormatter struct { 9 | // TimestampFormat sets the format used for marshaling timestamps. 10 | TimestampFormat string 11 | } 12 | 13 | func (f *JSONFormatter) Format(entry *Entry) ([]byte, error) { 14 | data := make(Fields, len(entry.Data)+3) 15 | for k, v := range entry.Data { 16 | switch v := v.(type) { 17 | case error: 18 | // Otherwise errors are ignored by `encoding/json` 19 | // https://github.com/Sirupsen/logrus/issues/137 20 | data[k] = v.Error() 21 | default: 22 | data[k] = v 23 | } 24 | } 25 | prefixFieldClashes(data) 26 | 27 | if f.TimestampFormat == "" { 28 | f.TimestampFormat = DefaultTimestampFormat 29 | } 30 | 31 | data["time"] = entry.Time.Format(f.TimestampFormat) 32 | data["msg"] = entry.Message 33 | data["level"] = entry.Level.String() 34 | 35 | serialized, err := json.Marshal(data) 36 | if err != nil { 37 | return nil, fmt.Errorf("Failed to marshal fields to JSON, %v", err) 38 | } 39 | return append(serialized, '\n'), nil 40 | } 41 | -------------------------------------------------------------------------------- /utils.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | 7 | "github.com/Sirupsen/logrus" 8 | "github.com/opencontainers/runtime-spec/specs-go" 9 | "github.com/urfave/cli" 10 | ) 11 | 12 | // fatal prints the error's details if it is a libcontainer specific error type 13 | // then exits the program with an exit status of 1. 14 | func fatal(err error) { 15 | // make sure the error is written to the logger 16 | logrus.Error(err) 17 | fmt.Fprintln(os.Stderr, err) 18 | os.Exit(1) 19 | } 20 | 21 | // setupSpec performs initial setup based on the cli.Context for the container 22 | func setupSpec(context *cli.Context) (*specs.Spec, error) { 23 | bundle := context.String("bundle") 24 | if bundle != "" { 25 | if err := os.Chdir(bundle); err != nil { 26 | return nil, err 27 | } 28 | } 29 | spec, err := loadSpec(specConfig) 30 | if err != nil { 31 | return nil, err 32 | } 33 | notifySocket := os.Getenv("NOTIFY_SOCKET") 34 | if notifySocket != "" { 35 | setupSdNotify(spec, notifySocket) 36 | } 37 | if os.Geteuid() != 0 { 38 | return nil, fmt.Errorf("runc should be run as root") 39 | } 40 | return spec, nil 41 | } 42 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/net_cls_test.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "strconv" 7 | "testing" 8 | ) 9 | 10 | const ( 11 | classidBefore = 0x100002 12 | classidAfter = 0x100001 13 | ) 14 | 15 | func TestNetClsSetClassid(t *testing.T) { 16 | helper := NewCgroupTestUtil("net_cls", t) 17 | defer helper.cleanup() 18 | 19 | helper.writeFileContents(map[string]string{ 20 | "net_cls.classid": strconv.FormatUint(classidBefore, 10), 21 | }) 22 | 23 | helper.CgroupData.config.Resources.NetClsClassid = classidAfter 24 | netcls := &NetClsGroup{} 25 | if err := netcls.Set(helper.CgroupPath, helper.CgroupData.config); err != nil { 26 | t.Fatal(err) 27 | } 28 | 29 | // As we are in mock environment, we can't get correct value of classid from 30 | // net_cls.classid. 31 | // So. we just judge if we successfully write classid into file 32 | value, err := getCgroupParamUint(helper.CgroupPath, "net_cls.classid") 33 | if err != nil { 34 | t.Fatalf("Failed to parse net_cls.classid - %s", err) 35 | } 36 | if value != classidAfter { 37 | t.Fatal("Got the wrong value, set net_cls.classid failed.") 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /libcontainer/apparmor/apparmor.go: -------------------------------------------------------------------------------- 1 | // +build apparmor,linux 2 | 3 | package apparmor 4 | 5 | // #cgo LDFLAGS: -lapparmor 6 | // #include 7 | // #include 8 | import "C" 9 | import ( 10 | "fmt" 11 | "io/ioutil" 12 | "os" 13 | "unsafe" 14 | ) 15 | 16 | // IsEnabled returns true if apparmor is enabled for the host. 17 | func IsEnabled() bool { 18 | if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" { 19 | if _, err = os.Stat("/sbin/apparmor_parser"); err == nil { 20 | buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") 21 | return err == nil && len(buf) > 1 && buf[0] == 'Y' 22 | } 23 | } 24 | return false 25 | } 26 | 27 | // ApplyProfile will apply the profile with the specified name to the process after 28 | // the next exec. 29 | func ApplyProfile(name string) error { 30 | if name == "" { 31 | return nil 32 | } 33 | cName := C.CString(name) 34 | defer C.free(unsafe.Pointer(cName)) 35 | if _, err := C.aa_change_onexec(cName); err != nil { 36 | return fmt.Errorf("apparmor failed to apply profile: %s", err) 37 | } 38 | return nil 39 | } 40 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/natefinch/npipe/LICENSE.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | Copyright (c) 2013 npipe authors 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 5 | 6 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 7 | 8 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go: -------------------------------------------------------------------------------- 1 | package mount 2 | 3 | /* 4 | #include 5 | #include 6 | #include 7 | */ 8 | import "C" 9 | 10 | import ( 11 | "fmt" 12 | "reflect" 13 | "unsafe" 14 | ) 15 | 16 | // Parse /proc/self/mountinfo because comparing Dev and ino does not work from 17 | // bind mounts. 18 | func parseMountTable() ([]*Info, error) { 19 | var rawEntries *C.struct_statfs 20 | 21 | count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT)) 22 | if count == 0 { 23 | return nil, fmt.Errorf("Failed to call getmntinfo") 24 | } 25 | 26 | var entries []C.struct_statfs 27 | header := (*reflect.SliceHeader)(unsafe.Pointer(&entries)) 28 | header.Cap = count 29 | header.Len = count 30 | header.Data = uintptr(unsafe.Pointer(rawEntries)) 31 | 32 | var out []*Info 33 | for _, entry := range entries { 34 | var mountinfo Info 35 | mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0]) 36 | mountinfo.Source = C.GoString(&entry.f_mntfromname[0]) 37 | mountinfo.Fstype = C.GoString(&entry.f_fstypename[0]) 38 | out = append(out, &mountinfo) 39 | } 40 | return out, nil 41 | } 42 | -------------------------------------------------------------------------------- /tests/integration/state.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | @test "state" { 15 | runc state test_busybox 16 | [ "$status" -ne 0 ] 17 | 18 | # run busybox detached 19 | runc run -d --console /dev/pts/ptmx test_busybox 20 | [ "$status" -eq 0 ] 21 | 22 | # check state 23 | wait_for_container 15 1 test_busybox 24 | 25 | testcontainer test_busybox running 26 | 27 | # pause busybox 28 | runc pause test_busybox 29 | [ "$status" -eq 0 ] 30 | 31 | # test state of busybox is paused 32 | testcontainer test_busybox paused 33 | 34 | # resume busybox 35 | runc resume test_busybox 36 | [ "$status" -eq 0 ] 37 | 38 | # test state of busybox is back to running 39 | testcontainer test_busybox running 40 | 41 | runc kill test_busybox KILL 42 | # wait for busybox to be in the destroyed state 43 | retry 10 1 eval "__runc state test_busybox | grep -q 'stopped'" 44 | 45 | # delete test_busybox 46 | runc delete test_busybox 47 | 48 | runc state test_busybox 49 | [ "$status" -ne 0 ] 50 | } 51 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 Jeremy Saenz & Contributors 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/addr.go: -------------------------------------------------------------------------------- 1 | package netlink 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "strings" 7 | ) 8 | 9 | // Addr represents an IP address from netlink. Netlink ip addresses 10 | // include a mask, so it stores the address as a net.IPNet. 11 | type Addr struct { 12 | *net.IPNet 13 | Label string 14 | } 15 | 16 | // String returns $ip/$netmask $label 17 | func (a Addr) String() string { 18 | return fmt.Sprintf("%s %s", a.IPNet, a.Label) 19 | } 20 | 21 | // ParseAddr parses the string representation of an address in the 22 | // form $ip/$netmask $label. The label portion is optional 23 | func ParseAddr(s string) (*Addr, error) { 24 | label := "" 25 | parts := strings.Split(s, " ") 26 | if len(parts) > 1 { 27 | s = parts[0] 28 | label = parts[1] 29 | } 30 | m, err := ParseIPNet(s) 31 | if err != nil { 32 | return nil, err 33 | } 34 | return &Addr{IPNet: m, Label: label}, nil 35 | } 36 | 37 | // Equal returns true if both Addrs have the same net.IPNet value. 38 | func (a Addr) Equal(x Addr) bool { 39 | sizea, _ := a.Mask.Size() 40 | sizeb, _ := x.Mask.Size() 41 | // ignore label for comparison 42 | return a.IP.Equal(x.IP) && sizea == sizeb 43 | } 44 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/nl/addr_linux.go: -------------------------------------------------------------------------------- 1 | package nl 2 | 3 | import ( 4 | "syscall" 5 | "unsafe" 6 | ) 7 | 8 | type IfAddrmsg struct { 9 | syscall.IfAddrmsg 10 | } 11 | 12 | func NewIfAddrmsg(family int) *IfAddrmsg { 13 | return &IfAddrmsg{ 14 | IfAddrmsg: syscall.IfAddrmsg{ 15 | Family: uint8(family), 16 | }, 17 | } 18 | } 19 | 20 | // struct ifaddrmsg { 21 | // __u8 ifa_family; 22 | // __u8 ifa_prefixlen; /* The prefix length */ 23 | // __u8 ifa_flags; /* Flags */ 24 | // __u8 ifa_scope; /* Address scope */ 25 | // __u32 ifa_index; /* Link index */ 26 | // }; 27 | 28 | // type IfAddrmsg struct { 29 | // Family uint8 30 | // Prefixlen uint8 31 | // Flags uint8 32 | // Scope uint8 33 | // Index uint32 34 | // } 35 | // SizeofIfAddrmsg = 0x8 36 | 37 | func DeserializeIfAddrmsg(b []byte) *IfAddrmsg { 38 | return (*IfAddrmsg)(unsafe.Pointer(&b[0:syscall.SizeofIfAddrmsg][0])) 39 | } 40 | 41 | func (msg *IfAddrmsg) Serialize() []byte { 42 | return (*(*[syscall.SizeofIfAddrmsg]byte)(unsafe.Pointer(msg)))[:] 43 | } 44 | 45 | func (msg *IfAddrmsg) Len() int { 46 | return syscall.SizeofIfAddrmsg 47 | } 48 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Simon Eskildsen 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /PRINCIPLES.md: -------------------------------------------------------------------------------- 1 | # runc principles 2 | 3 | In the design and development of runc and libcontainer we try to follow these principles: 4 | 5 | (Work in progress) 6 | 7 | * Don't try to replace every tool. Instead, be an ingredient to improve them. 8 | * Less code is better. 9 | * Fewer components are better. Do you really need to add one more class? 10 | * 50 lines of straightforward, readable code is better than 10 lines of magic that nobody can understand. 11 | * Don't do later what you can do now. "//TODO: refactor" is not acceptable in new code. 12 | * When hesitating between two options, choose the one that is easier to reverse. 13 | * "No" is temporary; "Yes" is forever. If you're not sure about a new feature, say no. You can change your mind later. 14 | * Containers must be portable to the greatest possible number of machines. Be suspicious of any change which makes machines less interchangeable. 15 | * The fewer moving parts in a container, the better. 16 | * Don't merge it unless you document it. 17 | * Don't document it unless you can keep it up-to-date. 18 | * Don't merge it unless you test it! 19 | * Everyone's problem is slightly different. Focus on the part that is the same for everyone, and solve that. 20 | -------------------------------------------------------------------------------- /libcontainer/system/setns_linux.go: -------------------------------------------------------------------------------- 1 | package system 2 | 3 | import ( 4 | "fmt" 5 | "runtime" 6 | "syscall" 7 | ) 8 | 9 | // Via http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b21fddd087678a70ad64afc0f632e0f1071b092 10 | // 11 | // We need different setns values for the different platforms and arch 12 | // We are declaring the macro here because the SETNS syscall does not exist in th stdlib 13 | var setNsMap = map[string]uintptr{ 14 | "linux/386": 346, 15 | "linux/arm64": 268, 16 | "linux/amd64": 308, 17 | "linux/arm": 375, 18 | "linux/ppc": 350, 19 | "linux/ppc64": 350, 20 | "linux/ppc64le": 350, 21 | "linux/s390x": 339, 22 | } 23 | 24 | var sysSetns = setNsMap[fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)] 25 | 26 | func SysSetns() uint32 { 27 | return uint32(sysSetns) 28 | } 29 | 30 | func Setns(fd uintptr, flags uintptr) error { 31 | ns, exists := setNsMap[fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)] 32 | if !exists { 33 | return fmt.Errorf("unsupported platform %s/%s", runtime.GOOS, runtime.GOARCH) 34 | } 35 | _, _, err := syscall.RawSyscall(ns, fd, flags, 0) 36 | if err != 0 { 37 | return err 38 | } 39 | return nil 40 | } 41 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/kr/pty/License: -------------------------------------------------------------------------------- 1 | Copyright (c) 2011 Keith Rarick 2 | 3 | Permission is hereby granted, free of charge, to any person 4 | obtaining a copy of this software and associated 5 | documentation files (the "Software"), to deal in the 6 | Software without restriction, including without limitation 7 | the rights to use, copy, modify, merge, publish, distribute, 8 | sublicense, and/or sell copies of the Software, and to 9 | permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall 13 | be included in all copies or substantial portions of the 14 | Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY 17 | KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE 18 | WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 19 | PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS 20 | OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 21 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 22 | OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 23 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 24 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/go-units/duration.go: -------------------------------------------------------------------------------- 1 | // Package units provides helper function to parse and print size and time units 2 | // in human-readable format. 3 | package units 4 | 5 | import ( 6 | "fmt" 7 | "time" 8 | ) 9 | 10 | // HumanDuration returns a human-readable approximation of a duration 11 | // (eg. "About a minute", "4 hours ago", etc.). 12 | func HumanDuration(d time.Duration) string { 13 | if seconds := int(d.Seconds()); seconds < 1 { 14 | return "Less than a second" 15 | } else if seconds < 60 { 16 | return fmt.Sprintf("%d seconds", seconds) 17 | } else if minutes := int(d.Minutes()); minutes == 1 { 18 | return "About a minute" 19 | } else if minutes < 60 { 20 | return fmt.Sprintf("%d minutes", minutes) 21 | } else if hours := int(d.Hours()); hours == 1 { 22 | return "About an hour" 23 | } else if hours < 48 { 24 | return fmt.Sprintf("%d hours", hours) 25 | } else if hours < 24*7*2 { 26 | return fmt.Sprintf("%d days", hours/24) 27 | } else if hours < 24*30*3 { 28 | return fmt.Sprintf("%d weeks", hours/24/7) 29 | } else if hours < 24*365*2 { 30 | return fmt.Sprintf("%d months", hours/24/30) 31 | } 32 | return fmt.Sprintf("%d years", int(d.Hours())/24/365) 33 | } 34 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mount/flags_freebsd.go: -------------------------------------------------------------------------------- 1 | // +build freebsd,cgo 2 | 3 | package mount 4 | 5 | /* 6 | #include 7 | */ 8 | import "C" 9 | 10 | const ( 11 | // RDONLY will mount the filesystem as read-only. 12 | RDONLY = C.MNT_RDONLY 13 | 14 | // NOSUID will not allow set-user-identifier or set-group-identifier bits to 15 | // take effect. 16 | NOSUID = C.MNT_NOSUID 17 | 18 | // NOEXEC will not allow execution of any binaries on the mounted file system. 19 | NOEXEC = C.MNT_NOEXEC 20 | 21 | // SYNCHRONOUS will allow any I/O to the file system to be done synchronously. 22 | SYNCHRONOUS = C.MNT_SYNCHRONOUS 23 | 24 | // NOATIME will not update the file access time when reading from a file. 25 | NOATIME = C.MNT_NOATIME 26 | ) 27 | 28 | // These flags are unsupported. 29 | const ( 30 | BIND = 0 31 | DIRSYNC = 0 32 | MANDLOCK = 0 33 | NODEV = 0 34 | NODIRATIME = 0 35 | UNBINDABLE = 0 36 | RUNBINDABLE = 0 37 | PRIVATE = 0 38 | RPRIVATE = 0 39 | SHARED = 0 40 | RSHARED = 0 41 | SLAVE = 0 42 | RSLAVE = 0 43 | RBIND = 0 44 | RELATIVE = 0 45 | RELATIME = 0 46 | REMOUNT = 0 47 | STRICTATIME = 0 48 | ) 49 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/armon/go-metrics/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2013 Armon Dadgar 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/protinfo.go: -------------------------------------------------------------------------------- 1 | package netlink 2 | 3 | import ( 4 | "strings" 5 | ) 6 | 7 | // Protinfo represents bridge flags from netlink. 8 | type Protinfo struct { 9 | Hairpin bool 10 | Guard bool 11 | FastLeave bool 12 | RootBlock bool 13 | Learning bool 14 | Flood bool 15 | } 16 | 17 | // String returns a list of enabled flags 18 | func (prot *Protinfo) String() string { 19 | var boolStrings []string 20 | if prot.Hairpin { 21 | boolStrings = append(boolStrings, "Hairpin") 22 | } 23 | if prot.Guard { 24 | boolStrings = append(boolStrings, "Guard") 25 | } 26 | if prot.FastLeave { 27 | boolStrings = append(boolStrings, "FastLeave") 28 | } 29 | if prot.RootBlock { 30 | boolStrings = append(boolStrings, "RootBlock") 31 | } 32 | if prot.Learning { 33 | boolStrings = append(boolStrings, "Learning") 34 | } 35 | if prot.Flood { 36 | boolStrings = append(boolStrings, "Flood") 37 | } 38 | return strings.Join(boolStrings, " ") 39 | } 40 | 41 | func boolToByte(x bool) []byte { 42 | if x { 43 | return []byte{1} 44 | } 45 | return []byte{0} 46 | } 47 | 48 | func byteToBool(x byte) bool { 49 | if uint8(x) != 0 { 50 | return true 51 | } 52 | return false 53 | } 54 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/Sirupsen/logrus/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Simon Eskildsen 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/microsoft/hcsshim/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Microsoft 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /start.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | 6 | "github.com/opencontainers/runc/libcontainer" 7 | "github.com/urfave/cli" 8 | ) 9 | 10 | var startCommand = cli.Command{ 11 | Name: "start", 12 | Usage: "executes the user defined process in a created container", 13 | ArgsUsage: ` 14 | 15 | Where "" is your name for the instance of the container that you 16 | are starting. The name you provide for the container instance must be unique on 17 | your host.`, 18 | Description: `The start command executes the user defined process in a created container.`, 19 | Action: func(context *cli.Context) error { 20 | container, err := getContainer(context) 21 | if err != nil { 22 | return err 23 | } 24 | status, err := container.Status() 25 | if err != nil { 26 | return err 27 | } 28 | switch status { 29 | case libcontainer.Created: 30 | return container.Exec() 31 | case libcontainer.Stopped: 32 | return fmt.Errorf("cannot start a container that has run and stopped") 33 | case libcontainer.Running: 34 | return fmt.Errorf("cannot start an already running container") 35 | default: 36 | return fmt.Errorf("cannot start a container in the %s state", status) 37 | } 38 | }, 39 | } 40 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/examples/basic/basic.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/Sirupsen/logrus" 5 | ) 6 | 7 | var log = logrus.New() 8 | 9 | func init() { 10 | log.Formatter = new(logrus.JSONFormatter) 11 | log.Formatter = new(logrus.TextFormatter) // default 12 | log.Level = logrus.DebugLevel 13 | } 14 | 15 | func main() { 16 | defer func() { 17 | err := recover() 18 | if err != nil { 19 | log.WithFields(logrus.Fields{ 20 | "omg": true, 21 | "err": err, 22 | "number": 100, 23 | }).Fatal("The ice breaks!") 24 | } 25 | }() 26 | 27 | log.WithFields(logrus.Fields{ 28 | "animal": "walrus", 29 | "number": 8, 30 | }).Debug("Started observing beach") 31 | 32 | log.WithFields(logrus.Fields{ 33 | "animal": "walrus", 34 | "size": 10, 35 | }).Info("A group of walrus emerges from the ocean") 36 | 37 | log.WithFields(logrus.Fields{ 38 | "omg": true, 39 | "number": 122, 40 | }).Warn("The group's number increased tremendously!") 41 | 42 | log.WithFields(logrus.Fields{ 43 | "temperature": -4, 44 | }).Debug("Temperature changes") 45 | 46 | log.WithFields(logrus.Fields{ 47 | "animal": "orca", 48 | "size": 9009, 49 | }).Panic("It's over 9000!") 50 | } 51 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/mattn/go-sqlite3/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Yasuhiro Matsumoto 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /libcontainer/seccomp/fixtures/proc_self_status: -------------------------------------------------------------------------------- 1 | Name: cat 2 | State: R (running) 3 | Tgid: 19383 4 | Ngid: 0 5 | Pid: 19383 6 | PPid: 19275 7 | TracerPid: 0 8 | Uid: 1000 1000 1000 1000 9 | Gid: 1000 1000 1000 1000 10 | FDSize: 256 11 | Groups: 24 25 27 29 30 44 46 102 104 108 111 1000 1001 12 | NStgid: 19383 13 | NSpid: 19383 14 | NSpgid: 19383 15 | NSsid: 19275 16 | VmPeak: 5944 kB 17 | VmSize: 5944 kB 18 | VmLck: 0 kB 19 | VmPin: 0 kB 20 | VmHWM: 744 kB 21 | VmRSS: 744 kB 22 | VmData: 324 kB 23 | VmStk: 136 kB 24 | VmExe: 48 kB 25 | VmLib: 1776 kB 26 | VmPTE: 32 kB 27 | VmPMD: 12 kB 28 | VmSwap: 0 kB 29 | Threads: 1 30 | SigQ: 0/30067 31 | SigPnd: 0000000000000000 32 | ShdPnd: 0000000000000000 33 | SigBlk: 0000000000000000 34 | SigIgn: 0000000000000080 35 | SigCgt: 0000000000000000 36 | CapInh: 0000000000000000 37 | CapPrm: 0000000000000000 38 | CapEff: 0000000000000000 39 | CapBnd: 0000003fffffffff 40 | CapAmb: 0000000000000000 41 | Seccomp: 0 42 | Cpus_allowed: f 43 | Cpus_allowed_list: 0-3 44 | Mems_allowed: 00000000,00000001 45 | Mems_allowed_list: 0 46 | voluntary_ctxt_switches: 0 47 | nonvoluntary_ctxt_switches: 1 48 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/seccomp/libseccomp-golang/README: -------------------------------------------------------------------------------- 1 | libseccomp-golang: Go Language Bindings for the libseccomp Project 2 | =============================================================================== 3 | https://github.com/seccomp/libseccomp-golang 4 | https://github.com/seccomp/libseccomp 5 | 6 | The libseccomp library provides an easy to use, platform independent, interface 7 | to the Linux Kernel's syscall filtering mechanism. The libseccomp API is 8 | designed to abstract away the underlying BPF based syscall filter language and 9 | present a more conventional function-call based filtering interface that should 10 | be familiar to, and easily adopted by, application developers. 11 | 12 | The libseccomp-golang library provides a Go based interface to the libseccomp 13 | library. 14 | 15 | * Online Resources 16 | 17 | The library source repository currently lives on GitHub at the following URLs: 18 | 19 | -> https://github.com/seccomp/libseccomp-golang 20 | -> https://github.com/seccomp/libseccomp 21 | 22 | The project mailing list is currently hosted on Google Groups at the URL below, 23 | please note that a Google account is not required to subscribe to the mailing 24 | list. 25 | 26 | -> https://groups.google.com/d/forum/libseccomp 27 | -------------------------------------------------------------------------------- /libcontainer/xattr/xattr_linux.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package xattr 4 | 5 | import ( 6 | "syscall" 7 | 8 | "github.com/opencontainers/runc/libcontainer/system" 9 | ) 10 | 11 | func XattrEnabled(path string) bool { 12 | if Setxattr(path, "user.test", "") == syscall.ENOTSUP { 13 | return false 14 | } 15 | return true 16 | } 17 | 18 | func stringsfromByte(buf []byte) (result []string) { 19 | offset := 0 20 | for index, b := range buf { 21 | if b == 0 { 22 | result = append(result, string(buf[offset:index])) 23 | offset = index + 1 24 | } 25 | } 26 | return 27 | } 28 | 29 | func Listxattr(path string) ([]string, error) { 30 | size, err := system.Llistxattr(path, nil) 31 | if err != nil { 32 | return nil, err 33 | } 34 | buf := make([]byte, size) 35 | read, err := system.Llistxattr(path, buf) 36 | if err != nil { 37 | return nil, err 38 | } 39 | names := stringsfromByte(buf[:read]) 40 | return names, nil 41 | } 42 | 43 | func Getxattr(path, attr string) (string, error) { 44 | value, err := system.Lgetxattr(path, attr) 45 | if err != nil { 46 | return "", err 47 | } 48 | return string(value), nil 49 | } 50 | 51 | func Setxattr(path, xattr, value string) error { 52 | return system.Lsetxattr(path, xattr, []byte(value), 0) 53 | } 54 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/hooks.go: -------------------------------------------------------------------------------- 1 | package logrus 2 | 3 | // A hook to be fired when logging on the logging levels returned from 4 | // `Levels()` on your implementation of the interface. Note that this is not 5 | // fired in a goroutine or a channel with workers, you should handle such 6 | // functionality yourself if your call is non-blocking and you don't wish for 7 | // the logging calls for levels returned from `Levels()` to block. 8 | type Hook interface { 9 | Levels() []Level 10 | Fire(*Entry) error 11 | } 12 | 13 | // Internal type for storing the hooks on a logger instance. 14 | type levelHooks map[Level][]Hook 15 | 16 | // Add a hook to an instance of logger. This is called with 17 | // `log.Hooks.Add(new(MyHook))` where `MyHook` implements the `Hook` interface. 18 | func (hooks levelHooks) Add(hook Hook) { 19 | for _, level := range hook.Levels() { 20 | hooks[level] = append(hooks[level], hook) 21 | } 22 | } 23 | 24 | // Fire all the hooks for the passed level. Used by `entry.log` to fire 25 | // appropriate hooks for a log entry. 26 | func (hooks levelHooks) Fire(level Level, entry *Entry) error { 27 | for _, hook := range hooks[level] { 28 | if err := hook.Fire(entry); err != nil { 29 | return err 30 | } 31 | } 32 | 33 | return nil 34 | } 35 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mount/mountinfo.go: -------------------------------------------------------------------------------- 1 | package mount 2 | 3 | // Info reveals information about a particular mounted filesystem. This 4 | // struct is populated from the content in the /proc//mountinfo file. 5 | type Info struct { 6 | // ID is a unique identifier of the mount (may be reused after umount). 7 | ID int 8 | 9 | // Parent indicates the ID of the mount parent (or of self for the top of the 10 | // mount tree). 11 | Parent int 12 | 13 | // Major indicates one half of the device ID which identifies the device class. 14 | Major int 15 | 16 | // Minor indicates one half of the device ID which identifies a specific 17 | // instance of device. 18 | Minor int 19 | 20 | // Root of the mount within the filesystem. 21 | Root string 22 | 23 | // Mountpoint indicates the mount point relative to the process's root. 24 | Mountpoint string 25 | 26 | // Opts represents mount-specific options. 27 | Opts string 28 | 29 | // Optional represents optional fields. 30 | Optional string 31 | 32 | // Fstype indicates the type of filesystem, such as EXT3. 33 | Fstype string 34 | 35 | // Source indicates filesystem specific information or "none". 36 | Source string 37 | 38 | // VfsOpts represents per super block options. 39 | VfsOpts string 40 | } 41 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/term/tc_linux_cgo.go: -------------------------------------------------------------------------------- 1 | // +build linux,cgo 2 | 3 | package term 4 | 5 | import ( 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | // #include 11 | import "C" 12 | 13 | type Termios syscall.Termios 14 | 15 | // MakeRaw put the terminal connected to the given file descriptor into raw 16 | // mode and returns the previous state of the terminal so that it can be 17 | // restored. 18 | func MakeRaw(fd uintptr) (*State, error) { 19 | var oldState State 20 | if err := tcget(fd, &oldState.termios); err != 0 { 21 | return nil, err 22 | } 23 | 24 | newState := oldState.termios 25 | 26 | C.cfmakeraw((*C.struct_termios)(unsafe.Pointer(&newState))) 27 | newState.Oflag = newState.Oflag | C.OPOST 28 | if err := tcset(fd, &newState); err != 0 { 29 | return nil, err 30 | } 31 | return &oldState, nil 32 | } 33 | 34 | func tcget(fd uintptr, p *Termios) syscall.Errno { 35 | ret, err := C.tcgetattr(C.int(fd), (*C.struct_termios)(unsafe.Pointer(p))) 36 | if ret != 0 { 37 | return err.(syscall.Errno) 38 | } 39 | return 0 40 | } 41 | 42 | func tcset(fd uintptr, p *Termios) syscall.Errno { 43 | ret, err := C.tcsetattr(C.int(fd), C.TCSANOW, (*C.struct_termios)(unsafe.Pointer(p))) 44 | if ret != 0 { 45 | return err.(syscall.Errno) 46 | } 47 | return 0 48 | } 49 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/category.go: -------------------------------------------------------------------------------- 1 | package cli 2 | 3 | // CommandCategories is a slice of *CommandCategory. 4 | type CommandCategories []*CommandCategory 5 | 6 | // CommandCategory is a category containing commands. 7 | type CommandCategory struct { 8 | Name string 9 | Commands Commands 10 | } 11 | 12 | func (c CommandCategories) Less(i, j int) bool { 13 | return c[i].Name < c[j].Name 14 | } 15 | 16 | func (c CommandCategories) Len() int { 17 | return len(c) 18 | } 19 | 20 | func (c CommandCategories) Swap(i, j int) { 21 | c[i], c[j] = c[j], c[i] 22 | } 23 | 24 | // AddCommand adds a command to a category. 25 | func (c CommandCategories) AddCommand(category string, command Command) CommandCategories { 26 | for _, commandCategory := range c { 27 | if commandCategory.Name == category { 28 | commandCategory.Commands = append(commandCategory.Commands, command) 29 | return c 30 | } 31 | } 32 | return append(c, &CommandCategory{Name: category, Commands: []Command{command}}) 33 | } 34 | 35 | // VisibleCommands returns a slice of the Commands with Hidden=false 36 | func (c *CommandCategory) VisibleCommands() []Command { 37 | ret := []Command{} 38 | for _, command := range c.Commands { 39 | if !command.Hidden { 40 | ret = append(ret, command) 41 | } 42 | } 43 | return ret 44 | } 45 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/coreos/go-systemd/dbus/set.go: -------------------------------------------------------------------------------- 1 | // Copyright 2015 CoreOS, Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package dbus 16 | 17 | type set struct { 18 | data map[string]bool 19 | } 20 | 21 | func (s *set) Add(value string) { 22 | s.data[value] = true 23 | } 24 | 25 | func (s *set) Remove(value string) { 26 | delete(s.data, value) 27 | } 28 | 29 | func (s *set) Contains(value string) (exists bool) { 30 | _, exists = s.data[value] 31 | return 32 | } 33 | 34 | func (s *set) Length() int { 35 | return len(s.data) 36 | } 37 | 38 | func (s *set) Values() (values []string) { 39 | for val, _ := range s.data { 40 | values = append(values, val) 41 | } 42 | return 43 | } 44 | 45 | func newSet() *set { 46 | return &set{make(map[string]bool)} 47 | } 48 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/pquerna/ffjson/fflib/v1/reader_scan_amd64.go: -------------------------------------------------------------------------------- 1 | // +build amd64 2 | // +build !appengine 3 | 4 | /** 5 | * Copyright 2014 Paul Querna 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * 19 | */ 20 | 21 | package v1 22 | 23 | func haveSSE42() bool 24 | func scanStringSSE(s []byte, j int) (int, byte) 25 | 26 | var sse42 = haveSSE42() 27 | 28 | func scanString(s []byte, j int) (int, byte) { 29 | // XXX The following fails to compile on Go 1.2. 30 | /* 31 | if false && sse42 { 32 | return scanStringSSE(s, j) 33 | } 34 | */ 35 | 36 | for { 37 | if j >= len(s) { 38 | return j, 0 39 | } 40 | 41 | c := s[j] 42 | j++ 43 | if byteLookupTable[c]&sliceStringMask == 0 { 44 | continue 45 | } 46 | 47 | return j, c 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/hooks/airbrake/airbrake.go: -------------------------------------------------------------------------------- 1 | package airbrake 2 | 3 | import ( 4 | "errors" 5 | "fmt" 6 | 7 | "github.com/Sirupsen/logrus" 8 | "github.com/tobi/airbrake-go" 9 | ) 10 | 11 | // AirbrakeHook to send exceptions to an exception-tracking service compatible 12 | // with the Airbrake API. 13 | type airbrakeHook struct { 14 | APIKey string 15 | Endpoint string 16 | Environment string 17 | } 18 | 19 | func NewHook(endpoint, apiKey, env string) *airbrakeHook { 20 | return &airbrakeHook{ 21 | APIKey: apiKey, 22 | Endpoint: endpoint, 23 | Environment: env, 24 | } 25 | } 26 | 27 | func (hook *airbrakeHook) Fire(entry *logrus.Entry) error { 28 | airbrake.ApiKey = hook.APIKey 29 | airbrake.Endpoint = hook.Endpoint 30 | airbrake.Environment = hook.Environment 31 | 32 | var notifyErr error 33 | err, ok := entry.Data["error"].(error) 34 | if ok { 35 | notifyErr = err 36 | } else { 37 | notifyErr = errors.New(entry.Message) 38 | } 39 | 40 | airErr := airbrake.Notify(notifyErr) 41 | if airErr != nil { 42 | return fmt.Errorf("Failed to send error to Airbrake: %s", airErr) 43 | } 44 | 45 | return nil 46 | } 47 | 48 | func (hook *airbrakeHook) Levels() []logrus.Level { 49 | return []logrus.Level{ 50 | logrus.ErrorLevel, 51 | logrus.FatalLevel, 52 | logrus.PanicLevel, 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/coreos/go-systemd/util/util.go: -------------------------------------------------------------------------------- 1 | // Copyright 2015 CoreOS, Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package util contains utility functions related to systemd that applications 16 | // can use to check things like whether systemd is running. 17 | package util 18 | 19 | import ( 20 | "os" 21 | ) 22 | 23 | // IsRunningSystemd checks whether the host was booted with systemd as its init 24 | // system. This functions similar to systemd's `sd_booted(3)`: internally, it 25 | // checks whether /run/systemd/system/ exists and is a directory. 26 | // http://www.freedesktop.org/software/systemd/man/sd_booted.html 27 | func IsRunningSystemd() bool { 28 | fi, err := os.Lstat("/run/systemd/system") 29 | if err != nil { 30 | return false 31 | } 32 | return fi.IsDir() 33 | } 34 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/freezer_test.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "testing" 7 | 8 | "github.com/opencontainers/runc/libcontainer/configs" 9 | ) 10 | 11 | func TestFreezerSetState(t *testing.T) { 12 | helper := NewCgroupTestUtil("freezer", t) 13 | defer helper.cleanup() 14 | 15 | helper.writeFileContents(map[string]string{ 16 | "freezer.state": string(configs.Frozen), 17 | }) 18 | 19 | helper.CgroupData.config.Resources.Freezer = configs.Thawed 20 | freezer := &FreezerGroup{} 21 | if err := freezer.Set(helper.CgroupPath, helper.CgroupData.config); err != nil { 22 | t.Fatal(err) 23 | } 24 | 25 | value, err := getCgroupParamString(helper.CgroupPath, "freezer.state") 26 | if err != nil { 27 | t.Fatalf("Failed to parse freezer.state - %s", err) 28 | } 29 | if value != string(configs.Thawed) { 30 | t.Fatal("Got the wrong value, set freezer.state failed.") 31 | } 32 | } 33 | 34 | func TestFreezerSetInvalidState(t *testing.T) { 35 | helper := NewCgroupTestUtil("freezer", t) 36 | defer helper.cleanup() 37 | 38 | const ( 39 | invalidArg configs.FreezerState = "Invalid" 40 | ) 41 | 42 | helper.CgroupData.config.Resources.Freezer = invalidArg 43 | freezer := &FreezerGroup{} 44 | if err := freezer.Set(helper.CgroupPath, helper.CgroupData.config); err == nil { 45 | t.Fatal("Failed to return invalid argument error") 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /man/runc-restore.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc restore - restore a container from a previous checkpoint 3 | 4 | # SYNOPSIS 5 | runc restore [command options] 6 | 7 | Where "" is the name for the instance of the container to be 8 | restored. 9 | 10 | # DESCRIPTION 11 | Restores the saved state of the container instance that was previously saved 12 | using the runc checkpoint command. 13 | 14 | # OPTIONS 15 | --image-path value path to criu image files for restoring 16 | --work-path value path for saving work files and logs 17 | --tcp-established allow open tcp connections 18 | --ext-unix-sk allow external unix sockets 19 | --shell-job allow shell jobs 20 | --file-locks handle file locks, for safety 21 | --manage-cgroups-mode value cgroups mode: 'soft' (default), 'full' and 'strict' 22 | --bundle value, -b value path to the root of the bundle directory 23 | --detach, -d detach from the container's process 24 | --pid-file value specify the file to write the process id to 25 | --no-subreaper disable the use of the subreaper used to reap reparented processes 26 | --no-pivot do not use pivot root to jail process inside rootfs. This should be used whenever the rootfs is on top of a ramdisk 27 | -------------------------------------------------------------------------------- /tests/integration/start_hello.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_hello 7 | setup_hello 8 | } 9 | 10 | function teardown() { 11 | teardown_hello 12 | } 13 | 14 | @test "runc run" { 15 | # run hello-world 16 | runc run test_hello 17 | [ "$status" -eq 0 ] 18 | 19 | # check expected output 20 | [[ "${output}" == *"Hello"* ]] 21 | } 22 | 23 | @test "runc run ({u,g}id != 0)" { 24 | # replace "uid": 0 with "uid": 1000 25 | # and do a similar thing for gid. 26 | sed -i 's;"uid": 0;"uid": 1000;g' config.json 27 | sed -i 's;"gid": 0;"gid": 100;g' config.json 28 | 29 | # run hello-world 30 | runc run test_hello 31 | [ "$status" -eq 0 ] 32 | 33 | # check expected output 34 | [[ "${output}" == *"Hello"* ]] 35 | } 36 | 37 | @test "runc run with rootfs set to ." { 38 | cp config.json rootfs/. 39 | rm config.json 40 | cd rootfs 41 | sed -i 's;"rootfs";".";' config.json 42 | 43 | # run hello-world 44 | runc run test_hello 45 | [ "$status" -eq 0 ] 46 | [[ "${output}" == *"Hello"* ]] 47 | } 48 | 49 | @test "runc run --pid-file" { 50 | # run hello-world 51 | runc run --pid-file pid.txt test_hello 52 | [ "$status" -eq 0 ] 53 | [[ "${output}" == *"Hello"* ]] 54 | 55 | # check pid.txt was generated 56 | [ -e pid.txt ] 57 | 58 | run cat pid.txt 59 | [ "$status" -eq 0 ] 60 | [[ ${lines[0]} =~ [0-9]+ ]] 61 | } 62 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/urfave/cli/funcs.go: -------------------------------------------------------------------------------- 1 | package cli 2 | 3 | // BashCompleteFunc is an action to execute when the bash-completion flag is set 4 | type BashCompleteFunc func(*Context) 5 | 6 | // BeforeFunc is an action to execute before any subcommands are run, but after 7 | // the context is ready if a non-nil error is returned, no subcommands are run 8 | type BeforeFunc func(*Context) error 9 | 10 | // AfterFunc is an action to execute after any subcommands are run, but after the 11 | // subcommand has finished it is run even if Action() panics 12 | type AfterFunc func(*Context) error 13 | 14 | // ActionFunc is the action to execute when no subcommands are specified 15 | type ActionFunc func(*Context) error 16 | 17 | // CommandNotFoundFunc is executed if the proper command cannot be found 18 | type CommandNotFoundFunc func(*Context, string) 19 | 20 | // OnUsageErrorFunc is executed if an usage error occurs. This is useful for displaying 21 | // customized usage error messages. This function is able to replace the 22 | // original error messages. If this function is not set, the "Incorrect usage" 23 | // is displayed and the execution is interrupted. 24 | type OnUsageErrorFunc func(context *Context, err error, isSubcommand bool) error 25 | 26 | // FlagStringFunc is used by the help generation to display a flag, which is 27 | // expected to be a single line. 28 | type FlagStringFunc func(Flag) string 29 | -------------------------------------------------------------------------------- /tests/integration/start_detached.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | @test "runc run detached" { 15 | # run busybox detached 16 | runc run -d --console /dev/pts/ptmx test_busybox 17 | [ "$status" -eq 0 ] 18 | 19 | # check state 20 | wait_for_container 15 1 test_busybox 21 | 22 | testcontainer test_busybox running 23 | } 24 | 25 | @test "runc run detached ({u,g}id != 0)" { 26 | # replace "uid": 0 with "uid": 1000 27 | # and do a similar thing for gid. 28 | sed -i 's;"uid": 0;"uid": 1000;g' config.json 29 | sed -i 's;"gid": 0;"gid": 100;g' config.json 30 | 31 | # run busybox detached 32 | runc run -d --console /dev/pts/ptmx test_busybox 33 | [ "$status" -eq 0 ] 34 | 35 | # check state 36 | wait_for_container 15 1 test_busybox 37 | 38 | testcontainer test_busybox running 39 | } 40 | 41 | @test "runc run detached --pid-file" { 42 | # run busybox detached 43 | runc run --pid-file pid.txt -d --console /dev/pts/ptmx test_busybox 44 | [ "$status" -eq 0 ] 45 | 46 | # check state 47 | wait_for_container 15 1 test_busybox 48 | 49 | testcontainer test_busybox running 50 | 51 | # check pid.txt was generated 52 | [ -e pid.txt ] 53 | 54 | run cat pid.txt 55 | [ "$status" -eq 0 ] 56 | [[ ${lines[0]} =~ [0-9]+ ]] 57 | } 58 | -------------------------------------------------------------------------------- /man/runc-create.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc create - create a container 3 | 4 | # SYNOPSIS 5 | runc create [command options] 6 | 7 | Where "" is your name for the instance of the container that you 8 | are starting. The name you provide for the container instance must be unique on 9 | your host. 10 | 11 | # DESCRIPTION 12 | The create command creates an instance of a container for a bundle. The bundle 13 | is a directory with a specification file named "config.json" and a root 14 | filesystem. 15 | 16 | The specification file includes an args parameter. The args parameter is used 17 | to specify command(s) that get run when the container is started. To change the 18 | command(s) that get executed on start, edit the args parameter of the spec. See 19 | "runc spec --help" for more explanation. 20 | 21 | # OPTIONS 22 | --bundle value, -b value path to the root of the bundle directory, defaults to the current directory 23 | --console value specify the pty slave path for use with the container 24 | --pid-file value specify the file to write the process id to 25 | --no-pivot do not use pivot root to jail process inside rootfs. This should be used whenever the rootfs is on top of a ramdisk 26 | --no-new-keyring do not create a new session keyring for the container. This will cause the container to inherit the calling processes session key 27 | -------------------------------------------------------------------------------- /libcontainer/cgroups/systemd/apply_nosystemd.go: -------------------------------------------------------------------------------- 1 | // +build !linux 2 | 3 | package systemd 4 | 5 | import ( 6 | "fmt" 7 | 8 | "github.com/opencontainers/runc/libcontainer/cgroups" 9 | "github.com/opencontainers/runc/libcontainer/configs" 10 | ) 11 | 12 | type Manager struct { 13 | Cgroups *configs.Cgroup 14 | Paths map[string]string 15 | } 16 | 17 | func UseSystemd() bool { 18 | return false 19 | } 20 | 21 | func (m *Manager) Apply(pid int) error { 22 | return fmt.Errorf("Systemd not supported") 23 | } 24 | 25 | func (m *Manager) GetPids() ([]int, error) { 26 | return nil, fmt.Errorf("Systemd not supported") 27 | } 28 | 29 | func (m *Manager) GetAllPids() ([]int, error) { 30 | return nil, fmt.Errorf("Systemd not supported") 31 | } 32 | 33 | func (m *Manager) Destroy() error { 34 | return fmt.Errorf("Systemd not supported") 35 | } 36 | 37 | func (m *Manager) GetPaths() map[string]string { 38 | return nil 39 | } 40 | 41 | func (m *Manager) GetStats() (*cgroups.Stats, error) { 42 | return nil, fmt.Errorf("Systemd not supported") 43 | } 44 | 45 | func (m *Manager) Set(container *configs.Config) error { 46 | return nil, fmt.Errorf("Systemd not supported") 47 | } 48 | 49 | func (m *Manager) Freeze(state configs.FreezerState) error { 50 | return fmt.Errorf("Systemd not supported") 51 | } 52 | 53 | func Freeze(c *configs.Cgroup, state configs.FreezerState) error { 54 | return fmt.Errorf("Systemd not supported") 55 | } 56 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/contrib/syntax/vim/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013 Honza Pokorny 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | 2. Redistributions in binary form must reproduce the above copyright 10 | notice, this list of conditions and the following disclaimer in the 11 | documentation and/or other materials provided with the distribution. 12 | 13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 14 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 15 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 17 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 18 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 19 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 20 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 22 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/xfrm_state.go: -------------------------------------------------------------------------------- 1 | package netlink 2 | 3 | import ( 4 | "net" 5 | ) 6 | 7 | // XfrmStateAlgo represents the algorithm to use for the ipsec encryption. 8 | type XfrmStateAlgo struct { 9 | Name string 10 | Key []byte 11 | TruncateLen int // Auth only 12 | } 13 | 14 | // EncapType is an enum representing an ipsec template direction. 15 | type EncapType uint8 16 | 17 | const ( 18 | XFRM_ENCAP_ESPINUDP_NONIKE EncapType = iota + 1 19 | XFRM_ENCAP_ESPINUDP 20 | ) 21 | 22 | func (e EncapType) String() string { 23 | switch e { 24 | case XFRM_ENCAP_ESPINUDP_NONIKE: 25 | return "espinudp-nonike" 26 | case XFRM_ENCAP_ESPINUDP: 27 | return "espinudp" 28 | } 29 | return "unknown" 30 | } 31 | 32 | // XfrmEncap represents the encapsulation to use for the ipsec encryption. 33 | type XfrmStateEncap struct { 34 | Type EncapType 35 | SrcPort int 36 | DstPort int 37 | OriginalAddress net.IP 38 | } 39 | 40 | // XfrmState represents the state of an ipsec policy. It optionally 41 | // contains an XfrmStateAlgo for encryption and one for authentication. 42 | type XfrmState struct { 43 | Dst net.IP 44 | Src net.IP 45 | Proto Proto 46 | Mode Mode 47 | Spi int 48 | Reqid int 49 | ReplayWindow int 50 | Auth *XfrmStateAlgo 51 | Crypt *XfrmStateAlgo 52 | Encap *XfrmStateEncap 53 | } 54 | -------------------------------------------------------------------------------- /tests/integration/ps.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | @test "ps" { 15 | # start busybox detached 16 | runc run -d --console /dev/pts/ptmx test_busybox 17 | [ "$status" -eq 0 ] 18 | 19 | # check state 20 | wait_for_container 15 1 test_busybox 21 | 22 | testcontainer test_busybox running 23 | 24 | runc ps test_busybox 25 | [ "$status" -eq 0 ] 26 | [[ ${lines[0]} =~ UID\ +PID\ +PPID\ +C\ +STIME\ +TTY\ +TIME\ +CMD+ ]] 27 | [[ "${lines[1]}" == *"root"*[0-9]* ]] 28 | } 29 | 30 | @test "ps -f json" { 31 | # start busybox detached 32 | runc run -d --console /dev/pts/ptmx test_busybox 33 | [ "$status" -eq 0 ] 34 | 35 | # check state 36 | wait_for_container 15 1 test_busybox 37 | 38 | testcontainer test_busybox running 39 | 40 | runc ps -f json test_busybox 41 | [ "$status" -eq 0 ] 42 | [[ ${lines[0]} =~ [0-9]+ ]] 43 | } 44 | 45 | @test "ps -e -x" { 46 | # start busybox detached 47 | runc run -d --console /dev/pts/ptmx test_busybox 48 | [ "$status" -eq 0 ] 49 | 50 | # check state 51 | wait_for_container 15 1 test_busybox 52 | 53 | testcontainer test_busybox running 54 | 55 | runc ps test_busybox -e -x 56 | [ "$status" -eq 0 ] 57 | [[ ${lines[0]} =~ \ +PID\ +TTY\ +STAT\ +TIME\ +COMMAND+ ]] 58 | [[ "${lines[1]}" =~ [0-9]+ ]] 59 | } 60 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/term/termios_linux.go: -------------------------------------------------------------------------------- 1 | // +build !cgo 2 | 3 | package term 4 | 5 | import ( 6 | "syscall" 7 | "unsafe" 8 | ) 9 | 10 | const ( 11 | getTermios = syscall.TCGETS 12 | setTermios = syscall.TCSETS 13 | ) 14 | 15 | type Termios struct { 16 | Iflag uint32 17 | Oflag uint32 18 | Cflag uint32 19 | Lflag uint32 20 | Cc [20]byte 21 | Ispeed uint32 22 | Ospeed uint32 23 | } 24 | 25 | // MakeRaw put the terminal connected to the given file descriptor into raw 26 | // mode and returns the previous state of the terminal so that it can be 27 | // restored. 28 | func MakeRaw(fd uintptr) (*State, error) { 29 | var oldState State 30 | if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, getTermios, uintptr(unsafe.Pointer(&oldState.termios))); err != 0 { 31 | return nil, err 32 | } 33 | 34 | newState := oldState.termios 35 | 36 | newState.Iflag &^= (syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON) 37 | newState.Oflag &^= syscall.OPOST 38 | newState.Lflag &^= (syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN) 39 | newState.Cflag &^= (syscall.CSIZE | syscall.PARENB) 40 | newState.Cflag |= syscall.CS8 41 | 42 | if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, setTermios, uintptr(unsafe.Pointer(&newState))); err != 0 { 43 | return nil, err 44 | } 45 | return &oldState, nil 46 | } 47 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/syndtr/gocapability/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2013 Suryandaru Triandana 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are 6 | met: 7 | 8 | * Redistributions of source code must retain the above copyright 9 | notice, this list of conditions and the following disclaimer. 10 | * Redistributions in binary form must reproduce the above copyright 11 | notice, this list of conditions and the following disclaimer in the 12 | documentation and/or other materials provided with the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 15 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 16 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 17 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 18 | HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 20 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 24 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013, Georg Reinke (), Google 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions 6 | are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, 9 | this list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above copyright 12 | notice, this list of conditions and the following disclaimer in the 13 | documentation and/or other materials provided with the distribution. 14 | 15 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 18 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 19 | HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 21 | TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 22 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 23 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 24 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 25 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | -------------------------------------------------------------------------------- /libcontainer/configs/device.go: -------------------------------------------------------------------------------- 1 | package configs 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | ) 7 | 8 | const ( 9 | Wildcard = -1 10 | ) 11 | 12 | // TODO Windows: This can be factored out in the future 13 | 14 | type Device struct { 15 | // Device type, block, char, etc. 16 | Type rune `json:"type"` 17 | 18 | // Path to the device. 19 | Path string `json:"path"` 20 | 21 | // Major is the device's major number. 22 | Major int64 `json:"major"` 23 | 24 | // Minor is the device's minor number. 25 | Minor int64 `json:"minor"` 26 | 27 | // Cgroup permissions format, rwm. 28 | Permissions string `json:"permissions"` 29 | 30 | // FileMode permission bits for the device. 31 | FileMode os.FileMode `json:"file_mode"` 32 | 33 | // Uid of the device. 34 | Uid uint32 `json:"uid"` 35 | 36 | // Gid of the device. 37 | Gid uint32 `json:"gid"` 38 | 39 | // Write the file to the allowed list 40 | Allow bool `json:"allow"` 41 | } 42 | 43 | func (d *Device) CgroupString() string { 44 | return fmt.Sprintf("%c %s:%s %s", d.Type, deviceNumberString(d.Major), deviceNumberString(d.Minor), d.Permissions) 45 | } 46 | 47 | func (d *Device) Mkdev() int { 48 | return int((d.Major << 8) | (d.Minor & 0xff) | ((d.Minor & 0xfff00) << 12)) 49 | } 50 | 51 | // deviceNumberString converts the device number to a string return result. 52 | func deviceNumberString(number int64) string { 53 | if number == Wildcard { 54 | return "*" 55 | } 56 | return fmt.Sprint(number) 57 | } 58 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/README.markdown: -------------------------------------------------------------------------------- 1 | dbus 2 | ---- 3 | 4 | dbus is a simple library that implements native Go client bindings for the 5 | D-Bus message bus system. 6 | 7 | ### Features 8 | 9 | * Complete native implementation of the D-Bus message protocol 10 | * Go-like API (channels for signals / asynchronous method calls, Goroutine-safe connections) 11 | * Subpackages that help with the introspection / property interfaces 12 | 13 | ### Installation 14 | 15 | This packages requires Go 1.1. If you installed it and set up your GOPATH, just run: 16 | 17 | ``` 18 | go get github.com/godbus/dbus 19 | ``` 20 | 21 | If you want to use the subpackages, you can install them the same way. 22 | 23 | ### Usage 24 | 25 | The complete package documentation and some simple examples are available at 26 | [godoc.org](http://godoc.org/github.com/godbus/dbus). Also, the 27 | [_examples](https://github.com/godbus/dbus/tree/master/_examples) directory 28 | gives a short overview over the basic usage. 29 | 30 | #### Projects using godbus 31 | - [notify](https://github.com/esiqveland/notify) provides desktop notifications over dbus into a library. 32 | 33 | Please note that the API is considered unstable for now and may change without 34 | further notice. 35 | 36 | ### License 37 | 38 | go.dbus is available under the Simplified BSD License; see LICENSE for the full 39 | text. 40 | 41 | Nearly all of the credit for this library goes to github.com/guelfey/go.dbus. 42 | -------------------------------------------------------------------------------- /pause.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package main 4 | 5 | import "github.com/urfave/cli" 6 | 7 | var pauseCommand = cli.Command{ 8 | Name: "pause", 9 | Usage: "pause suspends all processes inside the container", 10 | ArgsUsage: ` 11 | 12 | Where "" is the name for the instance of the container to be 13 | paused. `, 14 | Description: `The pause command suspends all processes in the instance of the container. 15 | 16 | Use runc list to identiy instances of containers and their current status.`, 17 | Action: func(context *cli.Context) error { 18 | container, err := getContainer(context) 19 | if err != nil { 20 | return err 21 | } 22 | if err := container.Pause(); err != nil { 23 | return err 24 | } 25 | return nil 26 | }, 27 | } 28 | 29 | var resumeCommand = cli.Command{ 30 | Name: "resume", 31 | Usage: "resumes all processes that have been previously paused", 32 | ArgsUsage: ` 33 | 34 | Where "" is the name for the instance of the container to be 35 | resumed.`, 36 | Description: `The resume command resumes all processes in the instance of the container. 37 | 38 | Use runc list to identiy instances of containers and their current status.`, 39 | Action: func(context *cli.Context) error { 40 | container, err := getContainer(context) 41 | if err != nil { 42 | return err 43 | } 44 | if err := container.Resume(); err != nil { 45 | return err 46 | } 47 | return nil 48 | }, 49 | } 50 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/xfrm_policy.go: -------------------------------------------------------------------------------- 1 | package netlink 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | ) 7 | 8 | // Dir is an enum representing an ipsec template direction. 9 | type Dir uint8 10 | 11 | const ( 12 | XFRM_DIR_IN Dir = iota 13 | XFRM_DIR_OUT 14 | XFRM_DIR_FWD 15 | XFRM_SOCKET_IN 16 | XFRM_SOCKET_OUT 17 | XFRM_SOCKET_FWD 18 | ) 19 | 20 | func (d Dir) String() string { 21 | switch d { 22 | case XFRM_DIR_IN: 23 | return "dir in" 24 | case XFRM_DIR_OUT: 25 | return "dir out" 26 | case XFRM_DIR_FWD: 27 | return "dir fwd" 28 | case XFRM_SOCKET_IN: 29 | return "socket in" 30 | case XFRM_SOCKET_OUT: 31 | return "socket out" 32 | case XFRM_SOCKET_FWD: 33 | return "socket fwd" 34 | } 35 | return fmt.Sprintf("socket %d", d-XFRM_SOCKET_IN) 36 | } 37 | 38 | // XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec 39 | // policy. These rules are matched with XfrmState to determine encryption 40 | // and authentication algorithms. 41 | type XfrmPolicyTmpl struct { 42 | Dst net.IP 43 | Src net.IP 44 | Proto Proto 45 | Mode Mode 46 | Reqid int 47 | } 48 | 49 | // XfrmPolicy represents an ipsec policy. It represents the overlay network 50 | // and has a list of XfrmPolicyTmpls representing the base addresses of 51 | // the policy. 52 | type XfrmPolicy struct { 53 | Dst *net.IPNet 54 | Src *net.IPNet 55 | Dir Dir 56 | Priority int 57 | Index int 58 | Tmpls []XfrmPolicyTmpl 59 | } 60 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/godbus/dbus/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013, Georg Reinke () 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions 6 | are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, 9 | this list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above copyright 12 | notice, this list of conditions and the following disclaimer in the 13 | documentation and/or other materials provided with the distribution. 14 | 15 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 18 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 19 | HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 21 | TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 22 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 23 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 24 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 25 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/seccomp/libseccomp-golang/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015 Matthew Heon 2 | Copyright (c) 2015 Paul Moore 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | - Redistributions of source code must retain the above copyright notice, 8 | this list of conditions and the following disclaimer. 9 | - Redistributions in binary form must reproduce the above copyright notice, 10 | this list of conditions and the following disclaimer in the documentation 11 | and/or other materials provided with the distribution. 12 | 13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 14 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 15 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 17 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 19 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 20 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 21 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/coreos/go-systemd/activation/packetconns.go: -------------------------------------------------------------------------------- 1 | // Copyright 2015 CoreOS, Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package activation 16 | 17 | import ( 18 | "net" 19 | ) 20 | 21 | // PacketConns returns a slice containing a net.PacketConn for each matching socket type 22 | // passed to this process. 23 | // 24 | // The order of the file descriptors is preserved in the returned slice. 25 | // Nil values are used to fill any gaps. For example if systemd were to return file descriptors 26 | // corresponding with "udp, tcp, udp", then the slice would contain {net.PacketConn, nil, net.PacketConn} 27 | func PacketConns(unsetEnv bool) ([]net.PacketConn, error) { 28 | files := Files(unsetEnv) 29 | conns := make([]net.PacketConn, len(files)) 30 | 31 | for i, f := range files { 32 | if pc, err := net.FilePacketConn(f); err == nil { 33 | conns[i] = pc 34 | } 35 | } 36 | return conns, nil 37 | } 38 | -------------------------------------------------------------------------------- /tests/integration/exec.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | @test "runc exec" { 15 | # run busybox detached 16 | runc run -d --console /dev/pts/ptmx test_busybox 17 | [ "$status" -eq 0 ] 18 | 19 | wait_for_container 15 1 test_busybox 20 | 21 | runc exec test_busybox echo Hello from exec 22 | [ "$status" -eq 0 ] 23 | echo text echoed = "'""${output}""'" 24 | [[ "${output}" == *"Hello from exec"* ]] 25 | } 26 | 27 | @test "runc exec --pid-file" { 28 | # run busybox detached 29 | runc run -d --console /dev/pts/ptmx test_busybox 30 | [ "$status" -eq 0 ] 31 | 32 | wait_for_container 15 1 test_busybox 33 | 34 | runc exec --pid-file pid.txt test_busybox echo Hello from exec 35 | [ "$status" -eq 0 ] 36 | echo text echoed = "'""${output}""'" 37 | [[ "${output}" == *"Hello from exec"* ]] 38 | 39 | # check pid.txt was generated 40 | [ -e pid.txt ] 41 | 42 | run cat pid.txt 43 | [ "$status" -eq 0 ] 44 | [[ ${lines[0]} =~ [0-9]+ ]] 45 | } 46 | 47 | @test "runc exec ls -la" { 48 | # run busybox detached 49 | runc run -d --console /dev/pts/ptmx test_busybox 50 | [ "$status" -eq 0 ] 51 | 52 | wait_for_container 15 1 test_busybox 53 | 54 | runc exec test_busybox ls -la 55 | [ "$status" -eq 0 ] 56 | [[ ${lines[0]} == *"total"* ]] 57 | [[ ${lines[1]} == *"."* ]] 58 | [[ ${lines[2]} == *".."* ]] 59 | } 60 | -------------------------------------------------------------------------------- /tests/integration/mask.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | @test "MaskPaths(file)" { 15 | # run busybox detached 16 | runc run -d --console /dev/pts/ptmx test_busybox 17 | [ "$status" -eq 0 ] 18 | 19 | wait_for_container 15 1 test_busybox 20 | 21 | runc exec test_busybox cat /proc/kcore 22 | [ "$status" -eq 0 ] 23 | [[ "${output}" == "" ]] 24 | 25 | runc exec test_busybox rm -f /proc/kcore 26 | [ "$status" -eq 1 ] 27 | [[ "${output}" == *"Permission denied"* ]] 28 | 29 | runc exec test_busybox umount /proc/kcore 30 | [ "$status" -eq 1 ] 31 | [[ "${output}" == *"Operation not permitted"* ]] 32 | } 33 | 34 | @test "MaskPaths(directory)" { 35 | # run busybox detached 36 | runc run -d --console /dev/pts/ptmx test_busybox 37 | [ "$status" -eq 0 ] 38 | 39 | wait_for_container 15 1 test_busybox 40 | 41 | runc exec test_busybox ls /sys/firmware 42 | [ "$status" -eq 0 ] 43 | [[ "${output}" == "" ]] 44 | 45 | runc exec test_busybox touch /sys/firmware/foo 46 | [ "$status" -eq 1 ] 47 | [[ "${output}" == *"Read-only file system"* ]] 48 | 49 | runc exec test_busybox rm -rf /sys/firmware 50 | [ "$status" -eq 1 ] 51 | [[ "${output}" == *"Read-only file system"* ]] 52 | 53 | runc exec test_busybox umount /sys/firmware 54 | [ "$status" -eq 1 ] 55 | [[ "${output}" == *"Operation not permitted"* ]] 56 | } 57 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/formatters/logstash/logstash.go: -------------------------------------------------------------------------------- 1 | package logstash 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | 7 | "github.com/Sirupsen/logrus" 8 | ) 9 | 10 | // Formatter generates json in logstash format. 11 | // Logstash site: http://logstash.net/ 12 | type LogstashFormatter struct { 13 | Type string // if not empty use for logstash type field. 14 | 15 | // TimestampFormat sets the format used for timestamps. 16 | TimestampFormat string 17 | } 18 | 19 | func (f *LogstashFormatter) Format(entry *logrus.Entry) ([]byte, error) { 20 | entry.Data["@version"] = 1 21 | 22 | if f.TimestampFormat == "" { 23 | f.TimestampFormat = logrus.DefaultTimestampFormat 24 | } 25 | 26 | entry.Data["@timestamp"] = entry.Time.Format(f.TimestampFormat) 27 | 28 | // set message field 29 | v, ok := entry.Data["message"] 30 | if ok { 31 | entry.Data["fields.message"] = v 32 | } 33 | entry.Data["message"] = entry.Message 34 | 35 | // set level field 36 | v, ok = entry.Data["level"] 37 | if ok { 38 | entry.Data["fields.level"] = v 39 | } 40 | entry.Data["level"] = entry.Level.String() 41 | 42 | // set type field 43 | if f.Type != "" { 44 | v, ok = entry.Data["type"] 45 | if ok { 46 | entry.Data["fields.type"] = v 47 | } 48 | entry.Data["type"] = f.Type 49 | } 50 | 51 | serialized, err := json.Marshal(entry.Data) 52 | if err != nil { 53 | return nil, fmt.Errorf("Failed to marshal fields to JSON, %v", err) 54 | } 55 | return append(serialized, '\n'), nil 56 | } 57 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/netlink.go: -------------------------------------------------------------------------------- 1 | // Package netlink provides a simple library for netlink. Netlink is 2 | // the interface a user-space program in linux uses to communicate with 3 | // the kernel. It can be used to add and remove interfaces, set up ip 4 | // addresses and routes, and confiugre ipsec. Netlink communication 5 | // requires elevated privileges, so in most cases this code needs to 6 | // be run as root. The low level primitives for netlink are contained 7 | // in the nl subpackage. This package attempts to provide a high-level 8 | // interface that is loosly modeled on the iproute2 cli. 9 | package netlink 10 | 11 | import ( 12 | "net" 13 | 14 | "github.com/vishvananda/netlink/nl" 15 | ) 16 | 17 | const ( 18 | // Family type definitions 19 | FAMILY_ALL = nl.FAMILY_ALL 20 | FAMILY_V4 = nl.FAMILY_V4 21 | FAMILY_V6 = nl.FAMILY_V6 22 | ) 23 | 24 | // ParseIPNet parses a string in ip/net format and returns a net.IPNet. 25 | // This is valuable because addresses in netlink are often IPNets and 26 | // ParseCIDR returns an IPNet with the IP part set to the base IP of the 27 | // range. 28 | func ParseIPNet(s string) (*net.IPNet, error) { 29 | ip, ipNet, err := net.ParseCIDR(s) 30 | if err != nil { 31 | return nil, err 32 | } 33 | return &net.IPNet{IP: ip, Mask: ipNet.Mask}, nil 34 | } 35 | 36 | // NewIPNet generates an IPNet from an ip address using a netmask of 32. 37 | func NewIPNet(ip net.IP) *net.IPNet { 38 | return &net.IPNet{IP: ip, Mask: net.CIDRMask(32, 32)} 39 | } 40 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/freezer.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "fmt" 7 | "strings" 8 | "time" 9 | 10 | "github.com/opencontainers/runc/libcontainer/cgroups" 11 | "github.com/opencontainers/runc/libcontainer/configs" 12 | ) 13 | 14 | type FreezerGroup struct { 15 | } 16 | 17 | func (s *FreezerGroup) Name() string { 18 | return "freezer" 19 | } 20 | 21 | func (s *FreezerGroup) Apply(d *cgroupData) error { 22 | _, err := d.join("freezer") 23 | if err != nil && !cgroups.IsNotFound(err) { 24 | return err 25 | } 26 | return nil 27 | } 28 | 29 | func (s *FreezerGroup) Set(path string, cgroup *configs.Cgroup) error { 30 | switch cgroup.Resources.Freezer { 31 | case configs.Frozen, configs.Thawed: 32 | if err := writeFile(path, "freezer.state", string(cgroup.Resources.Freezer)); err != nil { 33 | return err 34 | } 35 | 36 | for { 37 | state, err := readFile(path, "freezer.state") 38 | if err != nil { 39 | return err 40 | } 41 | if strings.TrimSpace(state) == string(cgroup.Resources.Freezer) { 42 | break 43 | } 44 | time.Sleep(1 * time.Millisecond) 45 | } 46 | case configs.Undefined: 47 | return nil 48 | default: 49 | return fmt.Errorf("Invalid argument '%s' to freezer.state", string(cgroup.Resources.Freezer)) 50 | } 51 | 52 | return nil 53 | } 54 | 55 | func (s *FreezerGroup) Remove(d *cgroupData) error { 56 | return removePath(d.path("freezer")) 57 | } 58 | 59 | func (s *FreezerGroup) GetStats(path string, stats *cgroups.Stats) error { 60 | return nil 61 | } 62 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/filter.go: -------------------------------------------------------------------------------- 1 | package netlink 2 | 3 | import ( 4 | "fmt" 5 | ) 6 | 7 | type Filter interface { 8 | Attrs() *FilterAttrs 9 | Type() string 10 | } 11 | 12 | // Filter represents a netlink filter. A filter is associated with a link, 13 | // has a handle and a parent. The root filter of a device should have a 14 | // parent == HANDLE_ROOT. 15 | type FilterAttrs struct { 16 | LinkIndex int 17 | Handle uint32 18 | Parent uint32 19 | Priority uint16 // lower is higher priority 20 | Protocol uint16 // syscall.ETH_P_* 21 | } 22 | 23 | func (q FilterAttrs) String() string { 24 | return fmt.Sprintf("{LinkIndex: %d, Handle: %s, Parent: %s, Priority: %d, Protocol: %d}", q.LinkIndex, HandleStr(q.Handle), HandleStr(q.Parent), q.Priority, q.Protocol) 25 | } 26 | 27 | // U32 filters on many packet related properties 28 | type U32 struct { 29 | FilterAttrs 30 | // Currently only supports redirecting to another interface 31 | RedirIndex int 32 | } 33 | 34 | func (filter *U32) Attrs() *FilterAttrs { 35 | return &filter.FilterAttrs 36 | } 37 | 38 | func (filter *U32) Type() string { 39 | return "u32" 40 | } 41 | 42 | // GenericFilter filters represent types that are not currently understood 43 | // by this netlink library. 44 | type GenericFilter struct { 45 | FilterAttrs 46 | FilterType string 47 | } 48 | 49 | func (filter *GenericFilter) Attrs() *FilterAttrs { 50 | return &filter.FilterAttrs 51 | } 52 | 53 | func (filter *GenericFilter) Type() string { 54 | return filter.FilterType 55 | } 56 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/go-check/check/LICENSE: -------------------------------------------------------------------------------- 1 | Gocheck - A rich testing framework for Go 2 | 3 | Copyright (c) 2010-2013 Gustavo Niemeyer 4 | 5 | All rights reserved. 6 | 7 | Redistribution and use in source and binary forms, with or without 8 | modification, are permitted provided that the following conditions are met: 9 | 10 | 1. Redistributions of source code must retain the above copyright notice, this 11 | list of conditions and the following disclaimer. 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 17 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 20 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 22 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 23 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 25 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | -------------------------------------------------------------------------------- /libcontainer/integration/init_test.go: -------------------------------------------------------------------------------- 1 | package integration 2 | 3 | import ( 4 | "os" 5 | "runtime" 6 | "testing" 7 | 8 | "github.com/Sirupsen/logrus" 9 | "github.com/opencontainers/runc/libcontainer" 10 | "github.com/opencontainers/runc/libcontainer/cgroups/systemd" 11 | _ "github.com/opencontainers/runc/libcontainer/nsenter" 12 | ) 13 | 14 | // init runs the libcontainer initialization code because of the busybox style needs 15 | // to work around the go runtime and the issues with forking 16 | func init() { 17 | if len(os.Args) < 2 || os.Args[1] != "init" { 18 | return 19 | } 20 | runtime.GOMAXPROCS(1) 21 | runtime.LockOSThread() 22 | factory, err := libcontainer.New("") 23 | if err != nil { 24 | logrus.Fatalf("unable to initialize for container: %s", err) 25 | } 26 | if err := factory.StartInitialization(); err != nil { 27 | logrus.Fatal(err) 28 | } 29 | } 30 | 31 | var ( 32 | factory libcontainer.Factory 33 | systemdFactory libcontainer.Factory 34 | ) 35 | 36 | func TestMain(m *testing.M) { 37 | var ( 38 | err error 39 | ret int 40 | ) 41 | 42 | logrus.SetOutput(os.Stderr) 43 | logrus.SetLevel(logrus.InfoLevel) 44 | 45 | factory, err = libcontainer.New("/run/libctTests", libcontainer.Cgroupfs) 46 | if err != nil { 47 | logrus.Error(err) 48 | os.Exit(1) 49 | } 50 | if systemd.UseSystemd() { 51 | systemdFactory, err = libcontainer.New("/run/libctTests", libcontainer.SystemdCgroups) 52 | if err != nil { 53 | logrus.Error(err) 54 | os.Exit(1) 55 | } 56 | } 57 | 58 | ret = m.Run() 59 | os.Exit(ret) 60 | } 61 | -------------------------------------------------------------------------------- /man/runc-run.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc run - create and run a container 3 | 4 | # SYNOPSIS 5 | runc run [command options] 6 | 7 | Where "" is your name for the instance of the container that you 8 | are starting. The name you provide for the container instance must be unique on 9 | your host. 10 | 11 | # DESCRIPTION 12 | The run command creates an instance of a container for a bundle. The bundle 13 | is a directory with a specification file named "config.json" and a root 14 | filesystem. 15 | 16 | The specification file includes an args parameter. The args parameter is used 17 | to specify command(s) that get run when the container is started. To change the 18 | command(s) that get executed on start, edit the args parameter of the spec. See 19 | "runc spec --help" for more explanation. 20 | 21 | # OPTIONS 22 | --bundle value, -b value path to the root of the bundle directory, defaults to the current directory 23 | --console value specify the pty slave path for use with the container 24 | --detach, -d detach from the container's process 25 | --pid-file value specify the file to write the process id to 26 | --no-subreaper disable the use of the subreaper used to reap reparented processes 27 | --no-pivot do not use pivot root to jail process inside rootfs. This should be used whenever the rootfs is on top of a ramdisk 28 | --no-new-keyring do not create a new session keyring for the container. This will cause the container to inherit the calling processes session key 29 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.7.1 2 | 3 | # libseccomp in jessie is not _quite_ new enough -- need backports version 4 | RUN echo 'deb http://httpredir.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/backports.list 5 | 6 | RUN apt-get update && apt-get install -y \ 7 | build-essential \ 8 | curl \ 9 | gawk \ 10 | iptables \ 11 | pkg-config \ 12 | libaio-dev \ 13 | libcap-dev \ 14 | libprotobuf-dev \ 15 | libprotobuf-c0-dev \ 16 | libseccomp2/jessie-backports \ 17 | libseccomp-dev/jessie-backports \ 18 | protobuf-c-compiler \ 19 | protobuf-compiler \ 20 | python-minimal \ 21 | --no-install-recommends 22 | 23 | # install bats 24 | RUN cd /tmp \ 25 | && git clone https://github.com/sstephenson/bats.git \ 26 | && cd bats \ 27 | && git reset --hard 03608115df2071fff4eaaff1605768c275e5f81f \ 28 | && ./install.sh /usr/local 29 | 30 | # install criu 31 | ENV CRIU_VERSION 1.7 32 | RUN mkdir -p /usr/src/criu \ 33 | && curl -sSL https://github.com/xemul/criu/archive/v${CRIU_VERSION}.tar.gz | tar -v -C /usr/src/criu/ -xz --strip-components=1 \ 34 | && cd /usr/src/criu \ 35 | && make install-criu 36 | 37 | # setup a playground for us to spawn containers in 38 | ENV ROOTFS /busybox 39 | RUN mkdir -p ${ROOTFS} \ 40 | && curl -o- -sSL 'https://github.com/jpetazzo/docker-busybox/raw/buildroot-2014.11/rootfs.tar' | tar -C ${ROOTFS} -xf - 41 | 42 | COPY script/tmpmount / 43 | WORKDIR /go/src/github.com/opencontainers/runc 44 | ENTRYPOINT ["/tmpmount"] 45 | 46 | ADD . /go/src/github.com/opencontainers/runc 47 | -------------------------------------------------------------------------------- /man/runc-exec.8.md: -------------------------------------------------------------------------------- 1 | # NAME 2 | runc exec - execute new process inside the container 3 | 4 | # SYNOPSIS 5 | runc exec [command options] -- [args...] 6 | 7 | Where "" is the name for the instance of the container and 8 | "" is the command to be executed in the container. 9 | 10 | # EXAMPLE 11 | For example, if the container is configured to run the linux ps command the 12 | following will output a list of processes running in the container: 13 | 14 | # runc exec ps 15 | 16 | # OPTIONS 17 | --console value specify the pty slave path for use with the container 18 | --cwd value current working directory in the container 19 | --env value, -e value set environment variables 20 | --tty, -t allocate a pseudo-TTY 21 | --user value, -u value UID (format: [:]) 22 | --process value, -p value path to the process.json 23 | --detach, -d detach from the container's process 24 | --pid-file value specify the file to write the process id to 25 | --process-label value set the asm process label for the process commonly used with selinux 26 | --apparmor value set the apparmor profile for the process 27 | --no-new-privs set the no new privileges value for the process 28 | --cap value, -c value add a capability to the bounding set for the process 29 | --no-subreaper disable the use of the subreaper used to reap reparented processes 30 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mount/mounter_freebsd.go: -------------------------------------------------------------------------------- 1 | package mount 2 | 3 | /* 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | */ 11 | import "C" 12 | 13 | import ( 14 | "fmt" 15 | "strings" 16 | "syscall" 17 | "unsafe" 18 | ) 19 | 20 | func allocateIOVecs(options []string) []C.struct_iovec { 21 | out := make([]C.struct_iovec, len(options)) 22 | for i, option := range options { 23 | out[i].iov_base = unsafe.Pointer(C.CString(option)) 24 | out[i].iov_len = C.size_t(len(option) + 1) 25 | } 26 | return out 27 | } 28 | 29 | func mount(device, target, mType string, flag uintptr, data string) error { 30 | isNullFS := false 31 | 32 | xs := strings.Split(data, ",") 33 | for _, x := range xs { 34 | if x == "bind" { 35 | isNullFS = true 36 | } 37 | } 38 | 39 | options := []string{"fspath", target} 40 | if isNullFS { 41 | options = append(options, "fstype", "nullfs", "target", device) 42 | } else { 43 | options = append(options, "fstype", mType, "from", device) 44 | } 45 | rawOptions := allocateIOVecs(options) 46 | for _, rawOption := range rawOptions { 47 | defer C.free(rawOption.iov_base) 48 | } 49 | 50 | if errno := C.nmount(&rawOptions[0], C.uint(len(options)), C.int(flag)); errno != 0 { 51 | reason := C.GoString(C.strerror(*C.__error())) 52 | return fmt.Errorf("Failed to call nmount: %s", reason) 53 | } 54 | return nil 55 | } 56 | 57 | func unmount(target string, flag int) error { 58 | return syscall.Unmount(target, flag) 59 | } 60 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/vishvananda/netlink/xfrm.go: -------------------------------------------------------------------------------- 1 | package netlink 2 | 3 | import ( 4 | "fmt" 5 | "syscall" 6 | ) 7 | 8 | // Proto is an enum representing an ipsec protocol. 9 | type Proto uint8 10 | 11 | const ( 12 | XFRM_PROTO_ROUTE2 Proto = syscall.IPPROTO_ROUTING 13 | XFRM_PROTO_ESP Proto = syscall.IPPROTO_ESP 14 | XFRM_PROTO_AH Proto = syscall.IPPROTO_AH 15 | XFRM_PROTO_HAO Proto = syscall.IPPROTO_DSTOPTS 16 | XFRM_PROTO_COMP Proto = syscall.IPPROTO_COMP 17 | XFRM_PROTO_IPSEC_ANY Proto = syscall.IPPROTO_RAW 18 | ) 19 | 20 | func (p Proto) String() string { 21 | switch p { 22 | case XFRM_PROTO_ROUTE2: 23 | return "route2" 24 | case XFRM_PROTO_ESP: 25 | return "esp" 26 | case XFRM_PROTO_AH: 27 | return "ah" 28 | case XFRM_PROTO_HAO: 29 | return "hao" 30 | case XFRM_PROTO_COMP: 31 | return "comp" 32 | case XFRM_PROTO_IPSEC_ANY: 33 | return "ipsec-any" 34 | } 35 | return fmt.Sprintf("%d", p) 36 | } 37 | 38 | // Mode is an enum representing an ipsec transport. 39 | type Mode uint8 40 | 41 | const ( 42 | XFRM_MODE_TRANSPORT Mode = iota 43 | XFRM_MODE_TUNNEL 44 | XFRM_MODE_ROUTEOPTIMIZATION 45 | XFRM_MODE_IN_TRIGGER 46 | XFRM_MODE_BEET 47 | XFRM_MODE_MAX 48 | ) 49 | 50 | func (m Mode) String() string { 51 | switch m { 52 | case XFRM_MODE_TRANSPORT: 53 | return "transport" 54 | case XFRM_MODE_TUNNEL: 55 | return "tunnel" 56 | case XFRM_MODE_ROUTEOPTIMIZATION: 57 | return "ro" 58 | case XFRM_MODE_IN_TRIGGER: 59 | return "in_trigger" 60 | case XFRM_MODE_BEET: 61 | return "beet" 62 | } 63 | return fmt.Sprintf("%d", m) 64 | } 65 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/hooks/papertrail/papertrail.go: -------------------------------------------------------------------------------- 1 | package logrus_papertrail 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "os" 7 | "time" 8 | 9 | "github.com/Sirupsen/logrus" 10 | ) 11 | 12 | const ( 13 | format = "Jan 2 15:04:05" 14 | ) 15 | 16 | // PapertrailHook to send logs to a logging service compatible with the Papertrail API. 17 | type PapertrailHook struct { 18 | Host string 19 | Port int 20 | AppName string 21 | UDPConn net.Conn 22 | } 23 | 24 | // NewPapertrailHook creates a hook to be added to an instance of logger. 25 | func NewPapertrailHook(host string, port int, appName string) (*PapertrailHook, error) { 26 | conn, err := net.Dial("udp", fmt.Sprintf("%s:%d", host, port)) 27 | return &PapertrailHook{host, port, appName, conn}, err 28 | } 29 | 30 | // Fire is called when a log event is fired. 31 | func (hook *PapertrailHook) Fire(entry *logrus.Entry) error { 32 | date := time.Now().Format(format) 33 | msg, _ := entry.String() 34 | payload := fmt.Sprintf("<22> %s %s: %s", date, hook.AppName, msg) 35 | 36 | bytesWritten, err := hook.UDPConn.Write([]byte(payload)) 37 | if err != nil { 38 | fmt.Fprintf(os.Stderr, "Unable to send log line to Papertrail via UDP. Wrote %d bytes before error: %v", bytesWritten, err) 39 | return err 40 | } 41 | 42 | return nil 43 | } 44 | 45 | // Levels returns the available logging levels. 46 | func (hook *PapertrailHook) Levels() []logrus.Level { 47 | return []logrus.Level{ 48 | logrus.PanicLevel, 49 | logrus.FatalLevel, 50 | logrus.ErrorLevel, 51 | logrus.WarnLevel, 52 | logrus.InfoLevel, 53 | logrus.DebugLevel, 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /state.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package main 4 | 5 | import ( 6 | "encoding/json" 7 | "os" 8 | 9 | "github.com/opencontainers/runc/libcontainer" 10 | "github.com/opencontainers/runc/libcontainer/utils" 11 | "github.com/urfave/cli" 12 | ) 13 | 14 | var stateCommand = cli.Command{ 15 | Name: "state", 16 | Usage: "output the state of a container", 17 | ArgsUsage: ` 18 | 19 | Where "" is your name for the instance of the container.`, 20 | Description: `The state command outputs current state information for the 21 | instance of a container.`, 22 | Action: func(context *cli.Context) error { 23 | container, err := getContainer(context) 24 | if err != nil { 25 | return err 26 | } 27 | containerStatus, err := container.Status() 28 | if err != nil { 29 | return err 30 | } 31 | state, err := container.State() 32 | if err != nil { 33 | return err 34 | } 35 | pid := state.BaseState.InitProcessPid 36 | if containerStatus == libcontainer.Stopped { 37 | pid = 0 38 | } 39 | bundle, annotations := utils.Annotations(state.Config.Labels) 40 | cs := containerState{ 41 | Version: state.BaseState.Config.Version, 42 | ID: state.BaseState.ID, 43 | InitProcessPid: pid, 44 | Status: containerStatus.String(), 45 | Bundle: bundle, 46 | Rootfs: state.BaseState.Config.Rootfs, 47 | Created: state.BaseState.Created, 48 | Annotations: annotations, 49 | } 50 | data, err := json.MarshalIndent(cs, "", " ") 51 | if err != nil { 52 | return err 53 | } 54 | os.Stdout.Write(data) 55 | return nil 56 | }, 57 | } 58 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/mflag/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014-2015 The Docker & Go Authors. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/coreos/go-systemd/activation/files.go: -------------------------------------------------------------------------------- 1 | // Copyright 2015 CoreOS, Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package activation implements primitives for systemd socket activation. 16 | package activation 17 | 18 | import ( 19 | "os" 20 | "strconv" 21 | "syscall" 22 | ) 23 | 24 | // based on: https://gist.github.com/alberts/4640792 25 | const ( 26 | listenFdsStart = 3 27 | ) 28 | 29 | func Files(unsetEnv bool) []*os.File { 30 | if unsetEnv { 31 | defer os.Unsetenv("LISTEN_PID") 32 | defer os.Unsetenv("LISTEN_FDS") 33 | } 34 | 35 | pid, err := strconv.Atoi(os.Getenv("LISTEN_PID")) 36 | if err != nil || pid != os.Getpid() { 37 | return nil 38 | } 39 | 40 | nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS")) 41 | if err != nil || nfds == 0 { 42 | return nil 43 | } 44 | 45 | files := make([]*os.File, 0, nfds) 46 | for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ { 47 | syscall.CloseOnExec(fd) 48 | files = append(files, os.NewFile(uintptr(fd), "LISTEN_FD_"+strconv.Itoa(fd))) 49 | } 50 | 51 | return files 52 | } 53 | -------------------------------------------------------------------------------- /tests/integration/checkpoint.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_busybox 7 | setup_busybox 8 | } 9 | 10 | function teardown() { 11 | teardown_busybox 12 | } 13 | 14 | @test "checkpoint and restore" { 15 | requires criu 16 | 17 | # criu does not work with external terminals so.. 18 | # setting terminal and root:readonly: to false 19 | sed -i 's;"terminal": true;"terminal": false;' config.json 20 | sed -i 's;"readonly": true;"readonly": false;' config.json 21 | sed -i 's/"sh"/"sh","-c","while :; do date; sleep 1; done"/' config.json 22 | 23 | ( 24 | # run busybox (not detached) 25 | runc run test_busybox 26 | [ "$status" -eq 0 ] 27 | ) & 28 | 29 | # check state 30 | wait_for_container 15 1 test_busybox 31 | 32 | runc state test_busybox 33 | [ "$status" -eq 0 ] 34 | [[ "${output}" == *"running"* ]] 35 | 36 | # checkpoint the running container 37 | runc --criu "$CRIU" checkpoint test_busybox 38 | # if you are having problems getting criu to work uncomment the following dump: 39 | #cat /run/opencontainer/containers/test_busybox/criu.work/dump.log 40 | [ "$status" -eq 0 ] 41 | 42 | # after checkpoint busybox is no longer running 43 | runc state test_busybox 44 | [ "$status" -ne 0 ] 45 | 46 | # restore from checkpoint 47 | ( 48 | runc --criu "$CRIU" restore test_busybox 49 | [ "$status" -eq 0 ] 50 | ) & 51 | 52 | # check state 53 | wait_for_container 15 1 test_busybox 54 | 55 | # busybox should be back up and running 56 | runc state test_busybox 57 | [ "$status" -eq 0 ] 58 | [[ "${output}" == *"running"* ]] 59 | } 60 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/formatter.go: -------------------------------------------------------------------------------- 1 | package logrus 2 | 3 | import "time" 4 | 5 | const DefaultTimestampFormat = time.RFC3339 6 | 7 | // The Formatter interface is used to implement a custom Formatter. It takes an 8 | // `Entry`. It exposes all the fields, including the default ones: 9 | // 10 | // * `entry.Data["msg"]`. The message passed from Info, Warn, Error .. 11 | // * `entry.Data["time"]`. The timestamp. 12 | // * `entry.Data["level"]. The level the entry was logged at. 13 | // 14 | // Any additional fields added with `WithField` or `WithFields` are also in 15 | // `entry.Data`. Format is expected to return an array of bytes which are then 16 | // logged to `logger.Out`. 17 | type Formatter interface { 18 | Format(*Entry) ([]byte, error) 19 | } 20 | 21 | // This is to not silently overwrite `time`, `msg` and `level` fields when 22 | // dumping it. If this code wasn't there doing: 23 | // 24 | // logrus.WithField("level", 1).Info("hello") 25 | // 26 | // Would just silently drop the user provided level. Instead with this code 27 | // it'll logged as: 28 | // 29 | // {"level": "info", "fields.level": 1, "msg": "hello", "time": "..."} 30 | // 31 | // It's not exported because it's still using Data in an opinionated way. It's to 32 | // avoid code duplication between the two default formatters. 33 | func prefixFieldClashes(data Fields) { 34 | _, ok := data["time"] 35 | if ok { 36 | data["fields.time"] = data["time"] 37 | } 38 | 39 | _, ok = data["msg"] 40 | if ok { 41 | data["fields.msg"] = data["msg"] 42 | } 43 | 44 | _, ok = data["level"] 45 | if ok { 46 | data["fields.level"] = data["level"] 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/pkg/symlink/LICENSE.BSD: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014-2015 The Docker & Go Authors. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/gorilla/mux/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012 Rodrigo Moraes. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /libcontainer/devices/devices_test.go: -------------------------------------------------------------------------------- 1 | // +build linux freebsd 2 | 3 | package devices 4 | 5 | import ( 6 | "errors" 7 | "os" 8 | "testing" 9 | ) 10 | 11 | func TestDeviceFromPathLstatFailure(t *testing.T) { 12 | testError := errors.New("test error") 13 | 14 | // Override os.Lstat to inject error. 15 | osLstat = func(path string) (os.FileInfo, error) { 16 | return nil, testError 17 | } 18 | 19 | _, err := DeviceFromPath("", "") 20 | if err != testError { 21 | t.Fatalf("Unexpected error %v, expected %v", err, testError) 22 | } 23 | } 24 | 25 | func TestHostDevicesIoutilReadDirFailure(t *testing.T) { 26 | testError := errors.New("test error") 27 | 28 | // Override ioutil.ReadDir to inject error. 29 | ioutilReadDir = func(dirname string) ([]os.FileInfo, error) { 30 | return nil, testError 31 | } 32 | 33 | _, err := HostDevices() 34 | if err != testError { 35 | t.Fatalf("Unexpected error %v, expected %v", err, testError) 36 | } 37 | } 38 | 39 | func TestHostDevicesIoutilReadDirDeepFailure(t *testing.T) { 40 | testError := errors.New("test error") 41 | called := false 42 | 43 | // Override ioutil.ReadDir to inject error after the first call. 44 | ioutilReadDir = func(dirname string) ([]os.FileInfo, error) { 45 | if called { 46 | return nil, testError 47 | } 48 | called = true 49 | 50 | // Provoke a second call. 51 | fi, err := os.Lstat("/tmp") 52 | if err != nil { 53 | t.Fatalf("Unexpected error %v", err) 54 | } 55 | 56 | return []os.FileInfo{fi}, nil 57 | } 58 | 59 | _, err := HostDevices() 60 | if err != testError { 61 | t.Fatalf("Unexpected error %v, expected %v", err, testError) 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/docker/docker/vendor/src/github.com/gorilla/context/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012 Rodrigo Moraes. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /libcontainer/setns_init_linux.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package libcontainer 4 | 5 | import ( 6 | "fmt" 7 | "os" 8 | 9 | "github.com/opencontainers/runc/libcontainer/apparmor" 10 | "github.com/opencontainers/runc/libcontainer/keys" 11 | "github.com/opencontainers/runc/libcontainer/label" 12 | "github.com/opencontainers/runc/libcontainer/seccomp" 13 | "github.com/opencontainers/runc/libcontainer/system" 14 | ) 15 | 16 | // linuxSetnsInit performs the container's initialization for running a new process 17 | // inside an existing container. 18 | type linuxSetnsInit struct { 19 | config *initConfig 20 | } 21 | 22 | func (l *linuxSetnsInit) getSessionRingName() string { 23 | return fmt.Sprintf("_ses.%s", l.config.ContainerId) 24 | } 25 | 26 | func (l *linuxSetnsInit) Init() error { 27 | if !l.config.Config.NoNewKeyring { 28 | // do not inherit the parent's session keyring 29 | if _, err := keys.JoinSessionKeyring(l.getSessionRingName()); err != nil { 30 | return err 31 | } 32 | } 33 | if l.config.NoNewPrivileges { 34 | if err := system.Prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil { 35 | return err 36 | } 37 | } 38 | if l.config.Config.Seccomp != nil { 39 | if err := seccomp.InitSeccomp(l.config.Config.Seccomp); err != nil { 40 | return err 41 | } 42 | } 43 | if err := finalizeNamespace(l.config); err != nil { 44 | return err 45 | } 46 | if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil { 47 | return err 48 | } 49 | if err := label.SetProcessLabel(l.config.ProcessLabel); err != nil { 50 | return err 51 | } 52 | return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ()) 53 | } 54 | -------------------------------------------------------------------------------- /tests/integration/root.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | load helpers 4 | 5 | function setup() { 6 | teardown_running_container_inroot test_dotbox $HELLO_BUNDLE 7 | teardown_busybox 8 | setup_busybox 9 | } 10 | 11 | function teardown() { 12 | teardown_running_container_inroot test_dotbox $HELLO_BUNDLE 13 | teardown_busybox 14 | } 15 | 16 | @test "global --root" { 17 | # run busybox detached using $HELLO_BUNDLE for state 18 | ROOT=$HELLO_BUNDLE runc run -d --console /dev/pts/ptmx test_dotbox 19 | [ "$status" -eq 0 ] 20 | 21 | # run busybox detached in default root 22 | runc run -d --console /dev/pts/ptmx test_busybox 23 | [ "$status" -eq 0 ] 24 | 25 | # check state of the busyboxes are only in their respective root path 26 | wait_for_container 15 1 test_busybox 27 | wait_for_container_inroot 15 1 test_dotbox $HELLO_BUNDLE 28 | 29 | runc state test_busybox 30 | [ "$status" -eq 0 ] 31 | [[ "${output}" == *"running"* ]] 32 | 33 | ROOT=$HELLO_BUNDLE runc state test_dotbox 34 | [ "$status" -eq 0 ] 35 | [[ "${output}" == *"running"* ]] 36 | 37 | ROOT=$HELLO_BUNDLE runc state test_busybox 38 | [ "$status" -ne 0 ] 39 | 40 | runc state test_dotbox 41 | [ "$status" -ne 0 ] 42 | 43 | runc kill test_busybox KILL 44 | [ "$status" -eq 0 ] 45 | retry 10 1 eval "__runc state test_busybox | grep -q 'stopped'" 46 | runc delete test_busybox 47 | [ "$status" -eq 0 ] 48 | 49 | ROOT=$HELLO_BUNDLE runc kill test_dotbox KILL 50 | [ "$status" -eq 0 ] 51 | retry 10 1 eval "ROOT='$HELLO_BUNDLE' __runc state test_dotbox | grep -q 'stopped'" 52 | ROOT=$HELLO_BUNDLE runc delete test_dotbox 53 | [ "$status" -eq 0 ] 54 | } 55 | -------------------------------------------------------------------------------- /libcontainer/factory.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | import ( 4 | "github.com/opencontainers/runc/libcontainer/configs" 5 | ) 6 | 7 | type Factory interface { 8 | // Creates a new container with the given id and starts the initial process inside it. 9 | // id must be a string containing only letters, digits and underscores and must contain 10 | // between 1 and 1024 characters, inclusive. 11 | // 12 | // The id must not already be in use by an existing container. Containers created using 13 | // a factory with the same path (and file system) must have distinct ids. 14 | // 15 | // Returns the new container with a running process. 16 | // 17 | // errors: 18 | // IdInUse - id is already in use by a container 19 | // InvalidIdFormat - id has incorrect format 20 | // ConfigInvalid - config is invalid 21 | // Systemerror - System error 22 | // 23 | // On error, any partially created container parts are cleaned up (the operation is atomic). 24 | Create(id string, config *configs.Config) (Container, error) 25 | 26 | // Load takes an ID for an existing container and returns the container information 27 | // from the state. This presents a read only view of the container. 28 | // 29 | // errors: 30 | // Path does not exist 31 | // Container is stopped 32 | // System error 33 | Load(id string) (Container, error) 34 | 35 | // StartInitialization is an internal API to libcontainer used during the reexec of the 36 | // container. 37 | // 38 | // Errors: 39 | // Pipe connection error 40 | // System error 41 | StartInitialization() error 42 | 43 | // Type returns info string about factory type (e.g. lxc, libcontainer...) 44 | Type() string 45 | } 46 | -------------------------------------------------------------------------------- /libcontainer/cgroups/fs/cpuset_test.go: -------------------------------------------------------------------------------- 1 | // +build linux 2 | 3 | package fs 4 | 5 | import ( 6 | "testing" 7 | ) 8 | 9 | func TestCpusetSetCpus(t *testing.T) { 10 | helper := NewCgroupTestUtil("cpuset", t) 11 | defer helper.cleanup() 12 | 13 | const ( 14 | cpusBefore = "0" 15 | cpusAfter = "1-3" 16 | ) 17 | 18 | helper.writeFileContents(map[string]string{ 19 | "cpuset.cpus": cpusBefore, 20 | }) 21 | 22 | helper.CgroupData.config.Resources.CpusetCpus = cpusAfter 23 | cpuset := &CpusetGroup{} 24 | if err := cpuset.Set(helper.CgroupPath, helper.CgroupData.config); err != nil { 25 | t.Fatal(err) 26 | } 27 | 28 | value, err := getCgroupParamString(helper.CgroupPath, "cpuset.cpus") 29 | if err != nil { 30 | t.Fatalf("Failed to parse cpuset.cpus - %s", err) 31 | } 32 | 33 | if value != cpusAfter { 34 | t.Fatal("Got the wrong value, set cpuset.cpus failed.") 35 | } 36 | } 37 | 38 | func TestCpusetSetMems(t *testing.T) { 39 | helper := NewCgroupTestUtil("cpuset", t) 40 | defer helper.cleanup() 41 | 42 | const ( 43 | memsBefore = "0" 44 | memsAfter = "1" 45 | ) 46 | 47 | helper.writeFileContents(map[string]string{ 48 | "cpuset.mems": memsBefore, 49 | }) 50 | 51 | helper.CgroupData.config.Resources.CpusetMems = memsAfter 52 | cpuset := &CpusetGroup{} 53 | if err := cpuset.Set(helper.CgroupPath, helper.CgroupData.config); err != nil { 54 | t.Fatal(err) 55 | } 56 | 57 | value, err := getCgroupParamString(helper.CgroupPath, "cpuset.mems") 58 | if err != nil { 59 | t.Fatalf("Failed to parse cpuset.mems - %s", err) 60 | } 61 | 62 | if value != memsAfter { 63 | t.Fatal("Got the wrong value, set cpuset.mems failed.") 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/hooks/papertrail/README.md: -------------------------------------------------------------------------------- 1 | # Papertrail Hook for Logrus :walrus: 2 | 3 | [Papertrail](https://papertrailapp.com) provides hosted log management. Once stored in Papertrail, you can [group](http://help.papertrailapp.com/kb/how-it-works/groups/) your logs on various dimensions, [search](http://help.papertrailapp.com/kb/how-it-works/search-syntax) them, and trigger [alerts](http://help.papertrailapp.com/kb/how-it-works/alerts). 4 | 5 | In most deployments, you'll want to send logs to Papertrail via their [remote_syslog](http://help.papertrailapp.com/kb/configuration/configuring-centralized-logging-from-text-log-files-in-unix/) daemon, which requires no application-specific configuration. This hook is intended for relatively low-volume logging, likely in managed cloud hosting deployments where installing `remote_syslog` is not possible. 6 | 7 | ## Usage 8 | 9 | You can find your Papertrail UDP port on your [Papertrail account page](https://papertrailapp.com/account/destinations). Substitute it below for `YOUR_PAPERTRAIL_UDP_PORT`. 10 | 11 | For `YOUR_APP_NAME`, substitute a short string that will readily identify your application or service in the logs. 12 | 13 | ```go 14 | import ( 15 | "log/syslog" 16 | "github.com/Sirupsen/logrus" 17 | "github.com/Sirupsen/logrus/hooks/papertrail" 18 | ) 19 | 20 | func main() { 21 | log := logrus.New() 22 | hook, err := logrus_papertrail.NewPapertrailHook("logs.papertrailapp.com", YOUR_PAPERTRAIL_UDP_PORT, YOUR_APP_NAME) 23 | 24 | if err == nil { 25 | log.Hooks.Add(hook) 26 | } 27 | } 28 | ``` 29 | -------------------------------------------------------------------------------- /libcontainer/error.go: -------------------------------------------------------------------------------- 1 | package libcontainer 2 | 3 | import "io" 4 | 5 | // ErrorCode is the API error code type. 6 | type ErrorCode int 7 | 8 | // API error codes. 9 | const ( 10 | // Factory errors 11 | IdInUse ErrorCode = iota 12 | InvalidIdFormat 13 | 14 | // Container errors 15 | ContainerNotExists 16 | ContainerPaused 17 | ContainerNotStopped 18 | ContainerNotRunning 19 | ContainerNotPaused 20 | 21 | // Process errors 22 | NoProcessOps 23 | 24 | // Common errors 25 | ConfigInvalid 26 | ConsoleExists 27 | SystemError 28 | ) 29 | 30 | func (c ErrorCode) String() string { 31 | switch c { 32 | case IdInUse: 33 | return "Id already in use" 34 | case InvalidIdFormat: 35 | return "Invalid format" 36 | case ContainerPaused: 37 | return "Container paused" 38 | case ConfigInvalid: 39 | return "Invalid configuration" 40 | case SystemError: 41 | return "System error" 42 | case ContainerNotExists: 43 | return "Container does not exist" 44 | case ContainerNotStopped: 45 | return "Container is not stopped" 46 | case ContainerNotRunning: 47 | return "Container is not running" 48 | case ConsoleExists: 49 | return "Console exists for process" 50 | case ContainerNotPaused: 51 | return "Container is not paused" 52 | case NoProcessOps: 53 | return "No process operations" 54 | default: 55 | return "Unknown error" 56 | } 57 | } 58 | 59 | // Error is the API error type. 60 | type Error interface { 61 | error 62 | 63 | // Returns a verbose string including the error message 64 | // and a representation of the stack trace suitable for 65 | // printing. 66 | Detail(w io.Writer) error 67 | 68 | // Returns the error code for this error. 69 | Code() ErrorCode 70 | } 71 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/Sirupsen/logrus/hooks/syslog/syslog.go: -------------------------------------------------------------------------------- 1 | package logrus_syslog 2 | 3 | import ( 4 | "fmt" 5 | "github.com/Sirupsen/logrus" 6 | "log/syslog" 7 | "os" 8 | ) 9 | 10 | // SyslogHook to send logs via syslog. 11 | type SyslogHook struct { 12 | Writer *syslog.Writer 13 | SyslogNetwork string 14 | SyslogRaddr string 15 | } 16 | 17 | // Creates a hook to be added to an instance of logger. This is called with 18 | // `hook, err := NewSyslogHook("udp", "localhost:514", syslog.LOG_DEBUG, "")` 19 | // `if err == nil { log.Hooks.Add(hook) }` 20 | func NewSyslogHook(network, raddr string, priority syslog.Priority, tag string) (*SyslogHook, error) { 21 | w, err := syslog.Dial(network, raddr, priority, tag) 22 | return &SyslogHook{w, network, raddr}, err 23 | } 24 | 25 | func (hook *SyslogHook) Fire(entry *logrus.Entry) error { 26 | line, err := entry.String() 27 | if err != nil { 28 | fmt.Fprintf(os.Stderr, "Unable to read entry, %v", err) 29 | return err 30 | } 31 | 32 | switch entry.Level { 33 | case logrus.PanicLevel: 34 | return hook.Writer.Crit(line) 35 | case logrus.FatalLevel: 36 | return hook.Writer.Crit(line) 37 | case logrus.ErrorLevel: 38 | return hook.Writer.Err(line) 39 | case logrus.WarnLevel: 40 | return hook.Writer.Warning(line) 41 | case logrus.InfoLevel: 42 | return hook.Writer.Info(line) 43 | case logrus.DebugLevel: 44 | return hook.Writer.Debug(line) 45 | default: 46 | return nil 47 | } 48 | } 49 | 50 | func (hook *SyslogHook) Levels() []logrus.Level { 51 | return []logrus.Level{ 52 | logrus.PanicLevel, 53 | logrus.FatalLevel, 54 | logrus.ErrorLevel, 55 | logrus.WarnLevel, 56 | logrus.InfoLevel, 57 | logrus.DebugLevel, 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /Godeps/_workspace/src/github.com/godbus/dbus/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to Contribute 2 | 3 | ## Getting Started 4 | 5 | - Fork the repository on GitHub 6 | - Read the [README](README.markdown) for build and test instructions 7 | - Play with the project, submit bugs, submit patches! 8 | 9 | ## Contribution Flow 10 | 11 | This is a rough outline of what a contributor's workflow looks like: 12 | 13 | - Create a topic branch from where you want to base your work (usually master). 14 | - Make commits of logical units. 15 | - Make sure your commit messages are in the proper format (see below). 16 | - Push your changes to a topic branch in your fork of the repository. 17 | - Make sure the tests pass, and add any new tests as appropriate. 18 | - Submit a pull request to the original repository. 19 | 20 | Thanks for your contributions! 21 | 22 | ### Format of the Commit Message 23 | 24 | We follow a rough convention for commit messages that is designed to answer two 25 | questions: what changed and why. The subject line should feature the what and 26 | the body of the commit should describe the why. 27 | 28 | ``` 29 | scripts: add the test-cluster command 30 | 31 | this uses tmux to setup a test cluster that you can easily kill and 32 | start for debugging. 33 | 34 | Fixes #38 35 | ``` 36 | 37 | The format can be described more formally as follows: 38 | 39 | ``` 40 | : 41 | 42 | 43 | 44 |