Commit graph

1108 commits

Author SHA1 Message Date
Michael Crosby
ab15aa234c Refactor stats and add them to all subsystems
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-20 12:02:39 -07:00
Michael Crosby
b5b44ad439 Squashed commit of the following:
commit 75af1649b063abbc5d662fd2f8bc4ff62c927687
Author: Evan Hazlett <ejhazlett@gmail.com>
Date:   Sun Apr 20 01:32:42 2014 -0400

    more refactor

commit 43b36d0f15d634497127bcb17dacaa70ae92e903
Author: Evan Hazlett <ejhazlett@gmail.com>
Date:   Sun Apr 20 01:11:49 2014 -0400

    refactored cgroup param parsing to util func

commit e3738b0168a075bd92ec828879b0e46bdbbe3845
Author: Evan Hazlett <ejhazlett@gmail.com>
Date:   Sun Apr 20 00:57:19 2014 -0400

    dat error checking

commit 57872bcc59403ecd308cfe97c78f73d6ca58d165
Author: Evan Hazlett <ejhazlett@gmail.com>
Date:   Sun Apr 20 00:43:25 2014 -0400

    proper use of fmt.Errorf

commit 43dad6acc0cb21aac2b04ce074699879898ee820
Author: Evan Hazlett <ejhazlett@gmail.com>
Date:   Sun Apr 20 00:36:45 2014 -0400

    proper placement of defer

commit b7f20b934b2bc92cd39397dbc608b77bff28493c
Author: Evan Hazlett <ejhazlett@gmail.com>
Date:   Sun Apr 20 00:34:39 2014 -0400

    defers, error checking, panic avoidance

commit 7a9a6ff267f8806dfe6676486f73fe89b72968fb
Author: Evan Hazlett <ejhazlett@gmail.com>
Date:   Sun Apr 20 00:22:00 2014 -0400

    data param to use container info instead of host

commit 0e0cf7309be1644687160d6519db792b23cd26e9
Author: Evan Hazlett <ejhazlett@gmail.com>
Date:   Sun Apr 20 00:11:29 2014 -0400

    added stats for cpuacct, memory, and blkio

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-20 11:34:28 -07:00
Michael Crosby
810cf722cc Add remove method to subsystems
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-18 22:17:31 -07:00
Michael Crosby
bb89b83c68 Break down groups into subsystems
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-18 22:10:30 -07:00
Michael Crosby
8cc8aca9cc Move raw cgroups into fs package (filesystem)
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-18 21:34:26 -07:00
Michael Crosby
9f508e4b3e Move systemd code into pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-18 21:30:08 -07:00
Michael Crosby
a183681b1d Refactor cgroups file locations
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-18 21:14:58 -07:00
Kato Kazuyoshi
d79271c0b2 SQLite is also available in FreeBSD
Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
2014-04-17 07:19:30 +09:00
Kato Kazuyoshi
c0b1b13860 Support FreeBSD on pkg/mount
Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
2014-04-15 23:16:51 +09:00
Kato Kazuyoshi
243b3164c8 FreeBSD's nullfs doesn't support file mount
FreeBSD doesn't have "bind" mount, but nullfs might be a similar feature.
However nullfs can mount only directories.

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
2014-04-15 05:40:23 +09:00
Kato Kazuyoshi
8e163af55e Add a test for mount.GetMounts
Because mount.parseInfoFile is only available on Linux

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
2014-04-15 05:40:23 +09:00
Victor Vieux
b0481297a1 Merge pull request #5132 from crosbymichael/fix-cgroup-hiar
Setup cgroups for supported subsystems
2014-04-14 10:56:15 -07:00
Guillaume J. Charmes
2fb2497321 Merge pull request #4878 from kzys/freebsd-utimes
Support FreeBSD on pkg/system/utimes_*.go
2014-04-14 10:39:25 -07:00
Michael Crosby
7612df5c8a Generate imports based on what is avaliable
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-14 05:22:45 +00:00
Michael Crosby
f95367f57f Ignore not exist errors for joining default subsystems
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-14 00:07:48 +00:00
Michael Crosby
a8c9c4bf97 Ignore is not exist error
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-14 00:03:35 +00:00
Michael Crosby
ca3224687b Move apparmor to top level pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-13 23:33:25 +00:00
Michael Crosby
b0dfd5c5d9 Use apparmor_parser directly
The current load script does alot of things.  If it does not find the
parser loaded on the system it will just exit 0 and not load the
profile.  We think it should fail loudly if it cannot load the profile
and apparmor is enabled on the system.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-13 23:31:10 +00:00
Alexander Larsson
e5ba166e75 Join memory and cpu cgroup in systemd too
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: crosbymichael)
2014-04-11 17:29:40 +00:00
Michael Crosby
1dd3c38cb5 Join cpuacct, freezer, perf_event, and blkio groups
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-11 17:28:27 +00:00
Michael Crosby
27ceac34af Setup cgroups for all subsystems
Fixes #5117
Fixes #5118
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-11 17:28:27 +00:00
Victor Vieux
0fe679322b Merge pull request #5143 from kzys/ns-nil
Avoid "invalid memory address or nil pointer dereference" panic
2014-04-10 11:07:35 -07:00
Guillaume J. Charmes
eb0ec63b59 Merge pull request #5131 from crosbymichael/shm-mode
Change shm mode to 1777
2014-04-10 07:50:32 -07:00
Guillaume J. Charmes
8a64aa8f4b Merge pull request #5115 from alexlarsson/fix-libcontainer-network-rhel6
Fix libcontainer network support on rhel6
2014-04-10 07:45:12 -07:00
Kato Kazuyoshi
8dc1d8b6c0 Avoid "invalid memory address or nil pointer dereference" panic
libcontainer.GetNamespace returns nil on FreeBSD because
libcontainer.namespaceList is empty. In this case, Namespaces#Get should
return nil instead of being panic.

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
2014-04-10 22:07:29 +09:00
Kato Kazuyoshi
6b292bf034 Support FreeBSD on pkg/system/utimes_*.go
Implement system.LUtimesNano and system.UtimesNano. The latter might be
removed in future because it's basically same as os.Chtimes. That's why
the test is mainly focusing LUtimesNano.

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
2014-04-10 07:34:37 +09:00
Alexander Larsson
db1a117450 Fix libcontainer network support on rhel6
It seems that netlink in older kernels, including RHEL6, does not
support RTM_SETLINK with IFLA_MASTER. It just silently ignores it, reporting
no error, causing netlink.NetworkSetMaster() to not do anything yet
return no error.

We fix this by introducing and using AddToBridge() in a very similar manner
to CreateBridge(), which use the old ioctls directly.

This fixes https://github.com/dotcloud/docker/issues/4668

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-04-09 15:44:18 +02:00
Michael Crosby
1df38475cd Revert "Support hairpin NAT without going through docker server"
This reverts commit b39d02b611f1cc0af283f417b73bf0d36f26277a.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-09 11:55:08 +00:00
Michael Crosby
6b4ca764f0 Change shm mode to 1777
Fixes #5126
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-09 10:53:32 +00:00
Michael Crosby
4b3bfc742b Check for apparmor enabled on host to populate profile
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-09 10:22:17 +00:00
Guillaume J. Charmes
2538689b31 Backup current docker apparmor profile and replace it with the new one
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-04-08 11:09:31 -07:00
Guillaume J. Charmes
908be5a3d9 Merge pull request #5049 from Supermathie/aa-fix
apparmor: docker-default: Include base abstraction
2014-04-07 21:34:01 -07:00
Guillaume J. Charmes
23ce43ac20 Merge pull request #5025 from dstine/readme-fix
fixed two readme typos
2014-04-07 19:31:16 -07:00
Dan Stine
3a7b63669c fixed three more typos 2014-04-07 22:09:15 -04:00
Michael Crosby
8824b08802 Ensure that ro mounts are remounted
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-07 18:23:22 -07:00
Michael Crosby
1adf0ae8a4 Remove and unexport selinux functions
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-07 14:59:44 -07:00
Michael Crosby
bcd17c6fdc Ensure that selinux is disabled by default
This also includes some portability changes so that the package can be
imported with the top level runtime.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-07 14:44:53 -07:00
Michael Crosby
08ed0c8761 Add more label checks for selinux enabled
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-07 14:44:53 -07:00
Michael Brown
7c63627a7f apparmor: pull in variables from tunables/global
The variables that were defined at the top of the apparmor profile are best
pulled in via the <tunables/global> include.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 03:04:27 -04:00
Michael Brown
0bcebe0347 apparmor: abstractions/base expects pid variable
Add 'pid' variable pointing to 'self' to allow parsing of profile to succeed

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 02:47:43 -04:00
Michael Brown
264a89788c apparmor: docker-default: Include base abstraction
Encountered problems on 14.04 relating to signals between container
processes being blocked by apparmor. The base abstraction contains
appropriate rules to allow this communication.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 02:19:38 -04:00
Dan Stine
e59092b62c fixed two readme typos 2014-04-04 08:12:17 -04:00
unclejack
c05f329be8 Merge pull request #5002 from crosbymichael/rhatdan-selinux
Improve selinux label handling
2014-04-04 04:43:16 +03:00
Victor Vieux
1999505cc5 Merge pull request #4991 from ruphin/fix_name_typo
Fix typo in names-generator
2014-04-03 16:24:14 -07:00
Goffert van Gool
5754752556 Fix typo in names-generator
Docker-DCO-1.1-Signed-off-by: Goffert van Gool <ruphin@ruphin.net> (github: ruphin)
2014-04-04 00:57:43 +02:00
Victor Vieux
534990bda9 Merge pull request #4953 from rhatdan/selinux
These two patches should fix problems we see with running docker in the wild.
2014-04-02 16:36:41 -07:00
Michael Crosby
de5d0ed979 Fix lxc label handleing
This also improves the logic around formatting the labels for selinux
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-02 16:52:49 +00:00
Michael Crosby
bdea26ea08 Merge branch 'selinux' of https://github.com/rhatdan/docker into rhatdan-selinux
Conflicts:
	pkg/selinux/selinux.go
	runtime/execdriver/lxc/lxc_template.go

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-02 16:11:35 +00:00
Dan Walsh
eab8c83391 In certain cases, setting the process label will not happen.
When the code attempts to set the ProcessLabel, it checks if SELinux Is
enabled.  We have seen a case with some of our patches where the code
is fooled by the container to think that SELinux is not enabled.  Calling
label.Init before setting up the rest of the container, tells the library that
SELinux is enabled and everything works fine.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-04-03 09:32:29 -04:00
Dan Walsh
c250bdad25 Remove hard coding of SELinux labels on systems without proper selinux policy.
If a system is configured for SELinux but does not know about docker or
containers, then we want the transitions of the policy to work.  Hard coding
the labels causes docker to break on older Fedora and RHEL systems

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-04-03 09:32:29 -04:00