This adds an options has that may be passed to spawn. The initial
option allowed is the boolean "privileged," which, if supplied,
will cause the command to be run as root.
Change-Id: I7f90553e7e3092b17d9326bb4d339c52d0a55035
The warden daemon currently faints when it sees malformed json. This
change makes the daemon slightly more robust by disconnecting the
client when warden can't parse the request and keeps the warden daemon
running.
Test plan: pass unit tests
Change-Id: I90301efd86a18cda63db6483b9b89c7c0f454709
The ``mount'' command writes to /etc/mtab by default, expecting
a corresponding ``unmount'' command to remove the added entries.
However, we rely on the destruction of the container's mount
namespace to handle unmounting bind mounts, so there is no
corresponding ``unmount'' to the initial ``mount''. This leaves
/etc/mtab out of sync.
Change-Id: Id71bfc0361e7595b616e160704cea115927a72fa
In addition, this patch makes the "bind_mounts" configuration option use
an Array to keep its mount specifications instead of a Hash. The order
in which mount specifications are passed may be important.
Change-Id: I6083dde1fbcbab61dc7a5d50f29a4e707eb270b0
This add support for bind mounting parts of the host filesystem into
the container during creation. Mount permissions may also be supplied.
Change-Id: I37b5daf73b57507dc1cbde659ffa4e93a4e128c7
This diff provides support for copying files/directories to/from containers.
Callers may also supply a "owner" (in the form of <user>:<group>) when
copying files out of a container.
Test plan:
- Spot checking with warden-repl
- Added new specs
Change-Id: I2629d29b1a90b8b2d2b4484c5baebe73496053cf
This requires both memory.limit_in_bytes and memory.memsw.limit_in_bytes
in the container's cgroup to be set to the memory limit.
Change-Id: I1a989d55394fd243fd8fe21a955d461c71215648
This merges the old information obtained via "stats" into the
"info" command and adds the following extra information: limits
and container state.
Test plan:
- New unit tests pass
Change-Id: Ia18b5663513552d2876aebf84f8595329fd241b0
Switch protocol because of current shortcomings in hiredis. This commit
also removes the EM-based client and adds a new blocking client for the
new protocol.
Change-Id: I6527a4ca0cf949470df8d7fa465997a4b25a234e
This adds the "stopped" state to containers. When stopped, all processes
inside the container are killed. After entering the stopped state, the
container may be introspected, existing spawns may be linked, and the
container can be destroyed.
We now transition to the "stopped" state after an oom or quota violation
occurs in order to allow users to poke around inside the container and
retrieve artifacts.
Test plan:
- Unit tests pass
Change-Id: I13a6b19ba9b3fc0bcd208de6b677f4fdbb21d757
This diff add support for the "stats" command. It returns a list
of key value pairs that correspond to container-specific metrics.
Currently, "disk_usage_B" and "mem_usage_B" are returned for LXC.
Test plan:
- New unit tests pass
Change-Id: I1314410412095f1d37f2b1d675fd70295b41ca73
This allows users to set the memory limit on their containers
via 'memory.limit_in_bytes'. Containers whose cgroup exceeds the supplied
limit will be destroyed automatically.
Test plan:
- New unit test passes
Change-Id: I52e3eb74bcaf5f43f186d98bc599d06f02f359c0
This adds support for black/whitelisting of networks. These
configuration parameters are applied as follows:
* If destination IP is whitelisted => allow
* If destination IP is blacklisted => deny
* Default => allow
To use a deny-by-default policy, the 0.0.0.0/0 network may be added as a
blacklisted and all traffic that is not explicitly allowed is denied.
Change-Id: I3b610e15d02dc95acce04d27902b172afa27c4d3
This diff includes a few of things:
1. A class for monitor quota usage and tearing down containers that exceed their limits.
2. A small C program for reporting quota usage. This is necessary because repquota
has several bugs that prevent us from using it to reliably check quota usage.
3. Small refactor that moves everything under the :quota config hash. This makes sense,
as we only need the uidpool if quota support is enabled.
Test plan:
- Existing unit tests pass
- New unit tests pass
Change-Id: I8dccd91bb4571f051c7a328d22436b77c6fb3f0c
This add plumbing for setting limits on containers. The syntax is:
limit <handle> <name> # Retrieve limit named <name>
limit <handle> <name> <limit>+ # Set limit named <name>
This diff also implements support for setting and retrieving disk usage
limits (enforced via quotas).
Test plan:
- All existing tests pass
- New tests pass.
Change-Id: I9b5d3c7ffdd22e06a2dcfd2605146a3a3ae48d23
This is in preparation for adding quota support to the LXC container.
If a uid pool is supplied the LXC container will now attempt to acquire a
uid for each container that is created. A WardenError will be raised in the
event that a uid cannot be acquired. Note that the uid is the same both inside
and outside the container in order to facilitate enforcement of disk quotas.
Test plan:
- All existing tests pass.
- New tests pass.
Change-Id: Ic509c0cd9e40275f92207d35bb9bfb943d700026
Instead of simply running commands in a fire and forget manner, we want
to optionally run rollback hooks to undo (or try to undo) the mutation
caused by the initial command. When a command halfway through the
sequence fails, it should execute a rollback for all commands up to the
failing one.
This is best-effort approach, as commands may irreversibly mutate global
state. It can therefore be seen best as an abstraction to a set of nested
begin/rescue/end blocks.
Change-Id: I5132a0135fce07c69760e77fa6517d28048a3a77
This enables client connections to go away without killing the scripts
that it started. Clients can reconnect and re-attach to the scripts they
started to wait until completion, or to reap the status when the script
has already exited.
Change-Id: Id9b89f241d9bba89b5ea211b5737d957ca48c62a
The insecure handler does not try to jail the container in any way.
Scripts run in insecure containers have access to the full file system,
network interfaces, process table, etc. They are run as the user that
runs warden.
Change-Id: Ia5eeed8fb0df1f67750eebe1cd69cf86e7c552f7
This also includes prep work for supporting execution environments that
are less secure than LXC. This is required for MCF, OSX, dev, etc.
Change-Id: I82ee0aef3dce60ea0f174598663b9d78ab89bb6c
mpage
Jesse Zhang
Pieter Noordhuis
mpage