If container.Destroy() has failed, runc destroy still return 0, which is
wrong and can result in other issues down the line.
Let's always return error from destroy in runc delete.
For runc checkpoint and runc run, we still treat it as a warning.
Co-authored-by: Zhang Tianyang <burning9699@gmail.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Commit f8ad20f moved the kill logic from container destroy to container
kill (which is the right thing to do).
Alas, it broke the use case of doing "runc delete -f" for a container
which does not have its own private PID namespace, when its init process
is gone. In this case, some processes may still be running, and runc
delete -f should kill them (the same way as "runc kill" does).
It does not do that because the container status is "stopped" (as runc
considers the container with no init process as stopped), and so we only
call "destroy" (which was doing the killing before).
The fix is easy: if --force is set, call killContainer no matter what.
Add a test case, similar to the one in the previous commit.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
As of previous commit, this is implied in a particular scenario. In
fact, this is the one and only scenario that justifies the use of -a.
Drop the option from the documentation. For backward compatibility, do
recognize it, and retain the feature of ignoring the "container is
stopped" error when set.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The only implementation of these is linuxContainer. It does not make
sense to have an interface with a single implementation, and we do not
foresee other types of containers being added to runc.
Remove BaseContainer and Container interfaces, moving their methods
documentation to linuxContainer.
Rename linuxContainer to Container.
Adopt users from using interface to using struct.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Error messages should not usually contain newlines.
Testing shows that the error runc delete prints is the same before and
after this commit:
[kir@kir-rhat runc-tst]$ sudo ../runc/runc delete xx3
ERRO[0000] cannot delete container xx3 that is not stopped: running
[kir@kir-rhat runc-tst]$
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was added by commit 5aa82c950 back in the day when we thought
runc is going to be cross-platform. It's very clear now it's Linux-only
package.
While at it, further clarify it in README that we're Linux only.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This removes libcontainer's own error wrapping system, consisting of a
few types and functions, aimed at typization, wrapping and unwrapping
of errors, as well as saving error stack traces.
Since Go 1.13 now provides its own error wrapping mechanism and a few
related functions, it makes sense to switch to it.
While doing that, improve some error messages so that they start
with "error", "unable to", or "can't".
A few things that are worth mentioning:
1. We lose stack traces (which were never shown anyway).
2. Users of libcontainer that relied on particular errors (like
ContainerNotExists) need to switch to using errors.Is with
the new errors defined in error.go.
3. encoding/json is unable to unmarshal the built-in error type,
so we have to introduce initError and wrap the errors into it
(basically passing the error as a string). This is the same
as it was before, just a tad simpler (actually the initError
is a type that got removed in commit afa844311; also suddenly
ierr variable name makes sense now).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Do this for all errors except one from unix.*.
This fixes a bunch of errorlint warnings, like these
libcontainer/generic_error.go:25:15: type assertion on error will fail on wrapped errors. Use errors.As to check for specific errors (errorlint)
if le, ok := err.(Error); ok {
^
libcontainer/factory_linux_test.go:145:14: type assertion on error will fail on wrapped errors. Use errors.As to check for specific errors (errorlint)
lerr, ok := err.(Error)
^
libcontainer/state_linux_test.go:28:11: type assertion on error will fail on wrapped errors. Use errors.As to check for specific errors (errorlint)
_, ok := err.(*stateTransitionError)
^
libcontainer/seccomp/patchbpf/enosys_linux.go:88:4: switch on an error will fail on wrapped errors. Use errors.Is to check for specific errors (errorlint)
switch err {
^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
In many places (not all of them though) we can use `unix.`
instead of `syscall.` as these are indentical.
In particular, x/sys/unix defines:
```go
type Signal = syscall.Signal
type Errno = syscall.Errno
type SysProcAttr = syscall.SysProcAttr
const ENODEV = syscall.Errno(0x13)
```
and unix.Exec() calls syscall.Exec().
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This patch mimics the behavior of "rm -rf" so that if a container
doesn't exist and you force delete it, it won't error out.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
As per the discussions in #1156 , we think it's a bad
idea to allow multi container operations in runc. So
revert it.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This allows a user to send a signal to all the processes in the
container within a single atomic action to avoid new processes being
forked off before the signal can be sent.
This is basically taking functionality that we already use being
`delete` and exposing it ok the `kill` command by adding a flag.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This patch enhance the `runc delete` command as following
1) when `runc delete` without one container-id
```
$ runc delete
runc: "delete" requires a minimum of 1 argument
```
2) we can delete more containers at one command
for example:
```
$ runc list
ID PID STATUS BUNDLE CREATED
a 8490 created /mycontainer 2016-09-18T03:49:32.259760434Z
b 8520 running /mycontainer 2016-09-18T03:49:36.999299944Z
c 8535 created /mycontainer 2016-09-18T03:49:40.975277538Z
d 8549 created /mycontainer 2016-09-18T03:49:42.675282602Z
e 8562 running /mycontainer 2016-09-18T03:49:44.175400931Z
$ runc delete a b cc
cannot delete container b that is not stopped: running
container cc is not exist
$ runc list
ID PID STATUS BUNDLE CREATED
b 8520 running /mycontainer 2016-09-18T03:49:36.999299944Z
c 8535 created /mycontainer 2016-09-18T03:49:40.975277538Z
d 8549 created /mycontainer 2016-09-18T03:49:42.675282602Z
e 8562 running /mycontainer 2016-09-18T03:49:44.175400931Z
$ runc delete -f b c d e
$ runc list
ID PID STATUS BUNDLE CREATED
```
Signed-off-by: Wang Long <long.wanglong@huawei.com>
If the container's state is `created` when runc delete is called make
sure that the init is killed before deleting the on system state.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
There are 3 types of EXAMPLE title in manual and code:
1: "# EXAMPLE"
runc-delete.8.md
runc-exec.8.md
runc-kill.8.md
2: "EXAMPE:"
runc-spec.8.md
3: EXAMPLE title exist in manual, but not exist in code's --help output
delete.go
exec.go
kill.go
This patch unified above format, and deleted some useless blanks.
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
If runc was SIGKILL'd or something happened and the container was not
able to start and runc died as well then we could get into the state
where `$root/<containerid>` exists but `$root/<containerid>/state.json`
does not. This will not allow libcontainer to load the container to
call the delete function as it has no data on the container other than
its id. We should just remove it in runc so that that system matches
what runc sees for the container.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
By adding detach to runc the container process is the only thing running
on the system is the containers process.
This allows better usage of memeory and no runc process being long
lived. With this addition you also need a delete command because the
detached container will not be able to remove state and the left over
cgroups directories.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
