diff --git a/hack/vendor.sh b/hack/vendor.sh index f916e1fcf0..3036b638b0 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar clone git github.com/godbus/dbus v1 clone git github.com/coreos/go-systemd v2 -clone git github.com/docker/libcontainer bc06326a5e7decdc4191d1367de8439b9d83c450 +clone git github.com/docker/libcontainer 68ea1234a0b046803aacb2562df0da12eec2b2f9 diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/stats_test_util.go b/vendor/src/github.com/docker/libcontainer/cgroups/fs/stats_util_test.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/stats_test_util.go rename to vendor/src/github.com/docker/libcontainer/cgroups/fs/stats_util_test.go diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/test_util.go b/vendor/src/github.com/docker/libcontainer/cgroups/fs/util_test.go similarity index 100% rename from vendor/src/github.com/docker/libcontainer/cgroups/fs/test_util.go rename to vendor/src/github.com/docker/libcontainer/cgroups/fs/util_test.go diff --git a/vendor/src/github.com/docker/libcontainer/namespaces/exec.go b/vendor/src/github.com/docker/libcontainer/namespaces/exec.go index 6f3838fd22..c9b2037cc7 100644 --- a/vendor/src/github.com/docker/libcontainer/namespaces/exec.go +++ b/vendor/src/github.com/docker/libcontainer/namespaces/exec.go @@ -133,7 +133,7 @@ func DefaultCreateCommand(container *libcontainer.Config, console, rootfs, dataP } */ - command := exec.Command(init, append([]string{"init"}, args...)...) + command := exec.Command(init, append([]string{"init", "--"}, args...)...) // make sure the process is executed inside the context of the rootfs command.Dir = rootfs command.Env = append(os.Environ(), env...) diff --git a/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/vendor/src/github.com/docker/libcontainer/namespaces/init.go index 0e678b67ab..f077fd6c8a 100644 --- a/vendor/src/github.com/docker/libcontainer/namespaces/init.go +++ b/vendor/src/github.com/docker/libcontainer/namespaces/init.go @@ -5,7 +5,6 @@ package namespaces import ( "fmt" "os" - "runtime" "strings" "syscall" @@ -28,6 +27,8 @@ import ( // Move this to libcontainer package. // Init is the init process that first runs inside a new namespace to setup mounts, users, networking, // and other options required for the new container. +// The caller of Init function has to ensure that the go runtime is locked to an OS thread +// (using runtime.LockOSThread) else system calls like setns called within Init may not work as intended. func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syncPipe *syncpipe.SyncPipe, args []string) (err error) { defer func() { if err != nil { @@ -87,8 +88,6 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn } } - runtime.LockOSThread() - if err := apparmor.ApplyProfile(container.AppArmorProfile); err != nil { return fmt.Errorf("set apparmor profile %s: %s", container.AppArmorProfile, err) } diff --git a/vendor/src/github.com/docker/libcontainer/nsinit/init.go b/vendor/src/github.com/docker/libcontainer/nsinit/init.go index 0dd964115c..e7a96632d7 100644 --- a/vendor/src/github.com/docker/libcontainer/nsinit/init.go +++ b/vendor/src/github.com/docker/libcontainer/nsinit/init.go @@ -3,6 +3,7 @@ package nsinit import ( "log" "os" + "runtime" "strconv" "github.com/codegangsta/cli" @@ -23,6 +24,8 @@ var ( ) func initAction(context *cli.Context) { + runtime.LockOSThread() + container, err := loadContainer() if err != nil { log.Fatal(err)