Beispiel #1
0
// notifyOnOOM returns a channel that signals if the container received an OOM notification
// for any process. If it is unable to subscribe to OOM notifications then a closed
// channel is returned as it will be non-blocking and return the correct result when read.
func notifyOnOOM(container libcontainer.Container) <-chan struct{} {
	oom, err := container.NotifyOOM()
	if err != nil {
		logrus.Warnf("Your kernel does not support OOM notifications: %s", err)
		c := make(chan struct{})
		close(c)
		return c
	}
	return oom
}
Beispiel #2
0
func destroy(container libcontainer.Container) {
	status, err := container.Status()
	if err != nil {
		logrus.Error(err)
	}
	if status != libcontainer.Checkpointed {
		if err := container.Destroy(); err != nil {
			logrus.Error(err)
		}
	}
}
Beispiel #3
0
func killContainer(container libcontainer.Container) error {
	container.Signal(syscall.SIGKILL)
	for i := 0; i < 100; i++ {
		time.Sleep(100 * time.Millisecond)
		if err := container.Signal(syscall.Signal(0)); err != nil {
			destroy(container)
			return nil
		}
	}
	return fmt.Errorf("container init still running")
}
Beispiel #4
0
func killCgroupProcs(c libcontainer.Container) {
	var procs []*os.Process
	if err := c.Pause(); err != nil {
		logrus.Warn(err)
	}
	pids, err := c.Processes()
	if err != nil {
		// don't care about childs if we can't get them, this is mostly because cgroup already deleted
		logrus.Warnf("Failed to get processes from container %s: %v", c.ID(), err)
	}
	for _, pid := range pids {
		if p, err := os.FindProcess(pid); err == nil {
			procs = append(procs, p)
			if err := p.Kill(); err != nil {
				logrus.Warn(err)
			}
		}
	}
	if err := c.Resume(); err != nil {
		logrus.Warn(err)
	}
	for _, p := range procs {
		if _, err := p.Wait(); err != nil {
			logrus.Warn(err)
		}
	}
}
Beispiel #5
0
// runProcess will create a new process in the specified container
// by executing the process specified in the 'config'.
func runProcess(container libcontainer.Container, config *specs.Process, listenFDs []*os.File, console string, pidFile string, detach bool) (int, error) {
	process := newProcess(*config)

	// Add extra file descriptors if needed
	if len(listenFDs) > 0 {
		process.Env = append(process.Env, fmt.Sprintf("LISTEN_FDS=%d", len(listenFDs)), "LISTEN_PID=1")
		process.ExtraFiles = append(process.ExtraFiles, listenFDs...)
	}

	rootuid, err := container.Config().HostUID()
	if err != nil {
		return -1, err
	}

	tty, err := setupIO(process, rootuid, console, config.Terminal, detach)
	if err != nil {
		return -1, err
	}

	handler := newSignalHandler(tty)
	defer handler.Close()

	if err := container.Start(process); err != nil {
		if tty != nil {
			tty.Close()
		}
		return -1, err
	}

	if pidFile != "" {
		if err := createPidFile(pidFile, process); err != nil {
			process.Signal(syscall.SIGKILL)
			process.Wait()
			if tty != nil {
				tty.Close()
			}
			return -1, err
		}
	}
	if detach {
		return 0, nil
	}

	return handler.forward(process)
}
Beispiel #6
0
func destroy(container libcontainer.Container) {
	if err := container.Destroy(); err != nil {
		logrus.Error(err)
	}
}
Beispiel #7
0
// runCmdInDir runs the given command inside a container under dir
func runCmdInDir(im *schema.ImageManifest, cmd, dir string, jail bool, mounts []*configs.Mount) error {
	exePath, err := osext.Executable()
	if err != nil {
		return fmt.Errorf("error getting path to the current executable: %v", err)
	}
	factory, err := libcontainer.New(dir, libcontainer.InitArgs(exePath, "init"))
	if err != nil {
		return fmt.Errorf("error creating a container factory: %v", err)
	}

	// The containter ID doesn't really matter here... using a UUID
	containerID := uuid.NewV4().String()

	var container libcontainer.Container
	if jail {
		config := &configs.Config{}
		if err := json.Unmarshal([]byte(LibcontainerDefaultConfig), config); err != nil {
			return fmt.Errorf("error unmarshalling default config: %v", err)
		}
		config.Rootfs = dir
		config.Readonlyfs = false
		container, err = factory.Create(containerID, config)
		if err != nil {
			return fmt.Errorf("error creating a container: %v", err)
		}
	} else {
		container, err = factory.Create(containerID, &configs.Config{
			Rootfs: dir,
			Mounts: mounts,
			Cgroups: &configs.Cgroup{
				Name:            containerID,
				Parent:          "system",
				AllowAllDevices: false,
				AllowedDevices:  configs.DefaultAllowedDevices,
			},
		})
		if err != nil {
			return fmt.Errorf("error creating a container: %v", err)
		}
	}

	process := &libcontainer.Process{
		Args:   strings.Fields(cmd),
		User:   "******",
		Stdin:  os.Stdin,
		Stdout: os.Stdout,
		Stderr: os.Stderr,
	}

	if im.App != nil {
		process.Env = util.ACIEnvironmentToList(im.App.Environment)
	}
	process.Env = []string{"PATH=/usr/bin:/sbin/:/bin"}

	if err := container.Start(process); err != nil {
		return fmt.Errorf("error starting the process inside the container: %v", err)
	}

	_, err = process.Wait()
	if err != nil {
		return fmt.Errorf("error running the process: %v", err)
	}

	if err := container.Destroy(); err != nil {
		return fmt.Errorf("error destroying the container: %v", err)
	}

	return nil
}