summaryrefslogtreecommitdiffhomepage
path: root/pkg/shim/service.go
AgeCommit message (Collapse)Author
2021-10-11Create subcontainer cgroups for compatibilityFabricio Voznika
Tools (e.g. cAdvisor) watches for changes inside /sys/fs/cgroup to detect when containers are created and deleted. With gVisor, container cgroups were not created because the containers are not visible to the host. This change enables the creation of [empty] subcontainer cgroups that can be used by tools to detect creation/deletion of subcontainers. This change required a new annotation to be added so that the shim can communicate the pod cgroup path to runsc, so pod and container cgroups can be identified, Fixes #6500 PiperOrigin-RevId: 402392291
2021-06-29Redirect all calls from `errdefs.ToGRPC` to `utils.ErrToGRPC`Fabricio Voznika
This is to ensure that Go 1.13 error wrapping is correctly translated to gRPC errors before returning from the shim. Updates #6225 PiperOrigin-RevId: 382120441
2021-06-23Ensure shim propagates errors over gRPC correctlyNoah Fontes
This change wraps containerd's errdefs.ToGRPC function with one that understands Go 1.13-style error wrapping style, which is used pervasively throughout the shim. With this change, errors that have been marked with, e.g., `errdefs.ErrNotFound`, will be correctly propagated back to the containerd server.
2021-06-21Improve stopped container handlingFabricio Voznika
Getting state of a stopped container would fail and could lead containerd to not detecting that the container had actually stopped. Now stopped and deleted containers return `stopped` state. Also makes other messages more consistent when container is stopped. Some where still sending messages to runsc and failing in different ways. Now they go through `initState` state machine like the other messages. There are a few changes to improve debugability with it as well. Fixes #5861 PiperOrigin-RevId: 380698513
2021-05-17Make sandbox join the pod cgroup in K8sFabricio Voznika
cgroups in K8s are setup with the following hierarchy: `.../pod/container`. The sandbox is created with the first container and consequently uses the the pause container cgroup. This change removes the container cgroup from the path to make the sandbox use the pod cgroup instead. Otherwise limits set to the pause container will apply to the entire sandbox. PiperOrigin-RevId: 374273277
2021-03-03[op] Replace syscall package usage with golang.org/x/sys/unix in pkg/.Ayush Ranjan
The syscall package has been deprecated in favor of golang.org/x/sys. Note that syscall is still used in the following places: - pkg/sentry/socket/hostinet/stack.go: some netlink related functionalities are not yet available in golang.org/x/sys. - syscall.Stat_t is still used in some places because os.FileInfo.Sys() still returns it and not unix.Stat_t. Updates #214 PiperOrigin-RevId: 360701387
2021-01-13Fix code review issuesTravis DePrato
2021-01-13Add support for pause/restore in containerd shimTravis DePrato
2021-01-12Delete shim v1Fabricio Voznika
gvisor-containerd-shim is not compatible with containerd 1.1 or earlier. Starting from containerd 1.2, shim v2 is the preferred interface. PiperOrigin-RevId: 351485556