Merge v1.2.1-master

Signed-off-by: Emile Vauge <emile@vauge.com>

vendor/github.com/opencontainers/runc/exec.go

@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/opencontainers/runc/libcontainer"
 	"github.com/opencontainers/runc/libcontainer/utils"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/urfave/cli"
@@ -17,20 +18,21 @@ import (
 var execCommand = cli.Command{
 	Name:  "exec",
 	Usage: "execute new process inside the container",
-	ArgsUsage: `<container-id> <container command>
+	ArgsUsage: `<container-id> <command> [command options]  || -p process.json <container-id>
 
 Where "<container-id>" is the name for the instance of the container and
-"<container command>" is the command to be executed in the container.
+"<command>" is the command to be executed in the container.
+"<command>" can't be empty unless a "-p" flag provided.
 
 EXAMPLE:
 For example, if the container is configured to run the linux ps command the
 following will output a list of processes running in the container:
-	 
+
        # runc exec <container-id> ps`,
 	Flags: []cli.Flag{
 		cli.StringFlag{
-			Name:  "console",
-			Usage: "specify the pty slave path for use with the container",
+			Name:  "console-socket",
+			Usage: "path to an AF_UNIX socket which will receive a file descriptor referencing the master end of the console's pseudoterminal",
 		},
 		cli.StringFlag{
 			Name:  "cwd",
@@ -79,13 +81,17 @@ following will output a list of processes running in the container:
 			Usage: "add a capability to the bounding set for the process",
 		},
 		cli.BoolFlag{
-			Name:  "no-subreaper",
-			Usage: "disable the use of the subreaper used to reap reparented processes",
+			Name:   "no-subreaper",
+			Usage:  "disable the use of the subreaper used to reap reparented processes",
+			Hidden: true,
 		},
 	},
 	Action: func(context *cli.Context) error {
-		if os.Geteuid() != 0 {
-			return fmt.Errorf("runc should be run as root")
+		if err := checkArgs(context, 1, minArgs); err != nil {
+			return err
+		}
+		if err := revisePidFile(context); err != nil {
+			return err
 		}
 		status, err := execProcess(context)
 		if err == nil {
@@ -93,6 +99,7 @@ following will output a list of processes running in the container:
 		}
 		return fmt.Errorf("exec failed: %v", err)
 	},
+	SkipArgReorder: true,
 }
 
 func execProcess(context *cli.Context) (int, error) {
@@ -100,6 +107,13 @@ func execProcess(context *cli.Context) (int, error) {
 	if err != nil {
 		return -1, err
 	}
+	status, err := container.Status()
+	if err != nil {
+		return -1, err
+	}
+	if status == libcontainer.Stopped {
+		return -1, fmt.Errorf("cannot exec a container that has stopped")
+	}
 	path := context.String("process")
 	if path == "" && len(context.Args()) == 1 {
 		return -1, fmt.Errorf("process args cannot be empty")
@@ -115,10 +129,10 @@ func execProcess(context *cli.Context) (int, error) {
 		return -1, err
 	}
 	r := &runner{
-		enableSubreaper: !context.Bool("no-subreaper"),
+		enableSubreaper: false,
 		shouldDestroy:   false,
 		container:       container,
-		console:         context.String("console"),
+		consoleSocket:   context.String("console-socket"),
 		detach:          detach,
 		pidFile:         context.String("pid-file"),
 	}
@@ -159,12 +173,17 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) {
 		p.SelinuxLabel = l
 	}
 	if caps := context.StringSlice("cap"); len(caps) > 0 {
-		p.Capabilities = caps
+		for _, c := range caps {
+			p.Capabilities.Bounding = append(p.Capabilities.Bounding, c)
+			p.Capabilities.Inheritable = append(p.Capabilities.Inheritable, c)
+			p.Capabilities.Effective = append(p.Capabilities.Effective, c)
+			p.Capabilities.Permitted = append(p.Capabilities.Permitted, c)
+			p.Capabilities.Ambient = append(p.Capabilities.Ambient, c)
+		}
 	}
 	// append the passed env variables
-	for _, e := range context.StringSlice("env") {
-		p.Env = append(p.Env, e)
-	}
+	p.Env = append(p.Env, context.StringSlice("env")...)
+
 	// set the tty
 	if context.IsSet("tty") {
 		p.Terminal = context.Bool("tty")