diff options
| -rwxr-xr-x | pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go | 2 | ||||
| -rwxr-xr-x | pkg/sentry/platform/ring0/defs_impl.go | 3 | ||||
| -rwxr-xr-x | pkg/sentry/time/seqatomic_parameters.go | 2 | ||||
| -rw-r--r-- | runsc/cmd/do.go | 20 | ||||
| -rw-r--r-- | runsc/cmd/restore.go | 3 | ||||
| -rw-r--r-- | runsc/cmd/run.go | 3 | ||||
| -rw-r--r-- | runsc/container/container.go | 19 | ||||
| -rw-r--r-- | runsc/sandbox/sandbox.go | 9 |
8 files changed, 45 insertions, 16 deletions
diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go index 25ad17a4e..c284a1b11 100755 --- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go +++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go @@ -1,11 +1,11 @@ package kernel import ( - "fmt" "reflect" "strings" "unsafe" + "fmt" "gvisor.dev/gvisor/third_party/gvsync" ) diff --git a/pkg/sentry/platform/ring0/defs_impl.go b/pkg/sentry/platform/ring0/defs_impl.go index 8efc3825f..5032ac56e 100755 --- a/pkg/sentry/platform/ring0/defs_impl.go +++ b/pkg/sentry/platform/ring0/defs_impl.go @@ -4,11 +4,10 @@ import ( "fmt" "gvisor.dev/gvisor/pkg/cpuid" "gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables" + "gvisor.dev/gvisor/pkg/sentry/usermem" "io" "reflect" "syscall" - - "gvisor.dev/gvisor/pkg/sentry/usermem" ) var ( diff --git a/pkg/sentry/time/seqatomic_parameters.go b/pkg/sentry/time/seqatomic_parameters.go index 89792c56d..1ec221edd 100755 --- a/pkg/sentry/time/seqatomic_parameters.go +++ b/pkg/sentry/time/seqatomic_parameters.go @@ -1,11 +1,11 @@ package time import ( - "fmt" "reflect" "strings" "unsafe" + "fmt" "gvisor.dev/gvisor/third_party/gvsync" ) diff --git a/runsc/cmd/do.go b/runsc/cmd/do.go index 16d135b51..9a8a49054 100644 --- a/runsc/cmd/do.go +++ b/runsc/cmd/do.go @@ -39,9 +39,10 @@ import ( // Do implements subcommands.Command for the "do" command. It sets up a simple // sandbox and executes the command inside it. See Usage() for more details. type Do struct { - root string - cwd string - ip string + root string + cwd string + ip string + quiet bool } // Name implements subcommands.Command.Name. @@ -71,6 +72,7 @@ func (c *Do) SetFlags(f *flag.FlagSet) { f.StringVar(&c.root, "root", "/", `path to the root directory, defaults to "/"`) f.StringVar(&c.cwd, "cwd", ".", "path to the current directory, defaults to the current directory") f.StringVar(&c.ip, "ip", "192.168.10.2", "IPv4 address for the sandbox") + f.BoolVar(&c.quiet, "quiet", false, "suppress runsc messages to stdout. Application output is still sent to stdout and stderr") } // Execute implements subcommands.Command.Execute. @@ -134,7 +136,7 @@ func (c *Do) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) su } else if conf.Rootless { if conf.Network == boot.NetworkSandbox { - fmt.Println("*** Rootless requires changing network type to host ***") + c.notifyUser("*** Warning: using host network due to --rootless ***") conf.Network = boot.NetworkHost } @@ -168,8 +170,9 @@ func (c *Do) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) su ID: cid, Spec: spec, BundleDir: tmpDir, + Attached: true, } - ws, err := container.Run(conf, runArgs, false) + ws, err := container.Run(conf, runArgs) if err != nil { return Errorf("running container: %v", err) } @@ -178,6 +181,13 @@ func (c *Do) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) su return subcommands.ExitSuccess } +func (c *Do) notifyUser(format string, v ...interface{}) { + if !c.quiet { + fmt.Printf(format+"\n", v...) + } + log.Warningf(format, v...) +} + func resolvePath(path string) (string, error) { var err error path, err = filepath.Abs(path) diff --git a/runsc/cmd/restore.go b/runsc/cmd/restore.go index e18910325..7be60cd7d 100644 --- a/runsc/cmd/restore.go +++ b/runsc/cmd/restore.go @@ -107,8 +107,9 @@ func (r *Restore) Execute(_ context.Context, f *flag.FlagSet, args ...interface{ ConsoleSocket: r.consoleSocket, PIDFile: r.pidFile, UserLog: r.userLog, + Attached: !r.detach, } - ws, err := container.Run(conf, runArgs, r.detach) + ws, err := container.Run(conf, runArgs) if err != nil { return Errorf("running container: %v", err) } diff --git a/runsc/cmd/run.go b/runsc/cmd/run.go index ee14dc3d9..33f4bc12b 100644 --- a/runsc/cmd/run.go +++ b/runsc/cmd/run.go @@ -88,8 +88,9 @@ func (r *Run) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) s ConsoleSocket: r.consoleSocket, PIDFile: r.pidFile, UserLog: r.userLog, + Attached: !r.detach, } - ws, err := container.Run(conf, runArgs, r.detach) + ws, err := container.Run(conf, runArgs) if err != nil { return Errorf("running container: %v", err) } diff --git a/runsc/container/container.go b/runsc/container/container.go index 3a358224c..bde46fb9b 100644 --- a/runsc/container/container.go +++ b/runsc/container/container.go @@ -262,7 +262,15 @@ type Args struct { PIDFile string // UserLog is the filename to send user-visible logs to. It may be empty. + // + // It only applies for the init container. UserLog string + + // Attached indicates that the sandbox lifecycle is attached with the caller. + // If the caller exits, the sandbox should exit too. + // + // It only applies for the init container. + Attached bool } // Create creates the container in a new Sandbox process, unless the metadata @@ -349,6 +357,7 @@ func New(conf *boot.Config, args Args) (*Container, error) { IOFiles: ioFiles, MountsFile: specFile, Cgroup: cg, + Attached: args.Attached, } sand, err := sandbox.New(conf, sandArgs) if err != nil { @@ -499,7 +508,7 @@ func (c *Container) Restore(spec *specs.Spec, conf *boot.Config, restoreFile str } // Run is a helper that calls Create + Start + Wait. -func Run(conf *boot.Config, args Args, detach bool) (syscall.WaitStatus, error) { +func Run(conf *boot.Config, args Args) (syscall.WaitStatus, error) { log.Debugf("Run container %q in root dir: %s", args.ID, conf.RootDir) c, err := New(conf, args) if err != nil { @@ -522,11 +531,11 @@ func Run(conf *boot.Config, args Args, detach bool) (syscall.WaitStatus, error) return 0, fmt.Errorf("starting container: %v", err) } } - if detach { - cu.Release() - return 0, nil + if args.Attached { + return c.Wait() } - return c.Wait() + cu.Release() + return 0, nil } // Execute runs the specified command in the container. It returns the PID of diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go index bf17f62d9..00b0bf659 100644 --- a/runsc/sandbox/sandbox.go +++ b/runsc/sandbox/sandbox.go @@ -103,6 +103,10 @@ type Args struct { // Gcgroup is the cgroup that the sandbox is part of. Cgroup *cgroup.Cgroup + + // Attached indicates that the sandbox lifecycle is attached with the caller. + // If the caller exits, the sandbox should exit too. + Attached bool } // New creates the sandbox process. The caller must call Destroy() on the @@ -650,6 +654,11 @@ func (s *Sandbox) createSandboxProcess(conf *boot.Config, args *Args, startSyncF log.Debugf("Donating FD %d: %q", i+3, f.Name()) } + if args.Attached { + // Kill sandbox if parent process exits in attached mode. + cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL + } + log.Debugf("Starting sandbox: %s %v", binPath, cmd.Args) log.Debugf("SysProcAttr: %+v", cmd.SysProcAttr) if err := specutils.StartInNS(cmd, nss); err != nil { |