vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity
600 commits 2 branches 0 tags 3.9 MiB
Commit graph

600 commits

This branch
This branch
All branches
Author SHA1 Message Date
unclejack
33381db09d apparmor: write & load the profile on every start 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-06-04 00:56:35 +03:00
Victor Marmol
460e9bcc04 Merge pull request #6153 from vishh/stats1 
Add per cpu usage to libcontainer  stats
 2014-06-02 17:53:17 -07:00
Victor Vieux
41bdc33843 Merge pull request #6160 from crosbymichael/update-test-for-nil-error 
Update cpu stat test for no error
 2014-06-02 12:12:49 -07:00
Victor Vieux
bb7ac3e05b Merge pull request #6147 from cyphar/6142-mflag-strip-quotes-long-equal-form 
mflag: strip quotes in certain forms from flag values
 2014-06-02 12:03:58 -07:00
Michael Crosby
3a5c4516f9 Update cpu stat test for no error 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-02 11:54:23 -07:00
Vishnu Kannan
8610e96a03 Adding percpu usage to cgroup stats reported by libcontainer. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-02 06:56:15 +00:00
Vishnu Kannan
3589181812 Adding "stats" and "spec" option to nsinit binary which will print the stats and spec respectively. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-06-02 06:37:22 +00:00
cyphar
c3e6f79cb3 pkg: mflag: flag: added tests for quote-stripped flags 
This patch adds some tests to ensure that quoted flags are properly
handled by the mflag package.

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
 2014-06-02 15:25:38 +10:00
cyphar
4941e364a9 pkg: mflag: flag: make mflag strip quotes in -flag="var" forms 
This patch improves the mflag package to ensure that things arguments
to mflag such as `-flag="var"` or `-flag='var'` have the quotes
stripped from the value (to mirror the getopt functionality for similar
flags).

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
 2014-06-02 15:25:33 +10:00
unclejack
1a38e6ff10 Merge pull request #6128 from crosbymichael/empty-sqlite 
Init database if empty file
 2014-05-31 06:56:00 +03:00
Michael Crosby
084c621c66 Ensure all dev nodes are copied for privileged 
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-30 18:39:11 -07:00
Michael Crosby
edadb42c99 Init database if empty file 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-30 17:44:00 -07:00
unclejack
000552944e Merge pull request #6097 from timthelion/consistentdevices 
Refactor device handling code
 2014-05-31 03:34:52 +03:00
Victor Vieux
6d70b5e210 use stderr to debug iptables 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-30 19:39:42 +00:00
Timothy Hobbs
193f9894c0 Refactor device handling code 
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
 2014-05-30 19:21:29 +00:00
Alexandr Morozov
d9882a62ff Atomically increment sequence in pkg/netlink 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-30 16:08:29 +04:00
Vishnu Kannan
c7135d73d3 Added a new method cgroups.GetStats() which will return a cgroups.Stats object which will contain all the available cgroup Stats. 
Remove old Stats interface in libcontainers cgroups package.
Changed Stats to use unit64 instead of int64 to prevent integer overflow issues.
Updated unit tests.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-05-29 20:16:49 +00:00
Michael Crosby
c22a0a3297 Merge pull request #6105 from gdm85/master 
Do not consider iptables' output an error in case of xtables lock
 2014-05-29 11:06:25 -07:00
Giuseppe Mazzotta
d68100ec34 * do not consider iptables' output an error in case of xtables lock 
Docker-DCO-1.1-Signed-off-by: Giuseppe Mazzotta <gdm85@users.noreply.github.com> (github: gdm85)
 2014-05-29 15:57:29 +02:00
Michael Crosby
e8727a6236 Handle EBUSY on remount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-28 18:10:50 -07:00
Victor Vieux
1dd391fe26 Merge pull request #6083 from bernerdschaefer/nsinit-drop-capabilities-after-changing-user 
SETUID/SETGID not required for changing user
 2014-05-28 17:29:17 -07:00
Alexander Larsson
95a61f16dc libcontainer: Don't create a device node on /dev/console to bind mount on 
There is no need for this, the device node by itself doesn't work, since
its not on a devpts fs, and we can just a regular file to bind mount over.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-28 21:07:40 +02:00
Alexander Larsson
a193d05209 Revert "Remove the bind mount for dev/console which override the mknod/label" 
This reverts commit ae85dd54582e94d36b146ab1688844ed58cc8df3.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-28 21:07:27 +02:00
unclejack
2ca2e1b82a Merge pull request #6076 from LK4D4/remove_collections_package 
Remove collections package
 2014-05-28 21:32:27 +03:00
Victor Marmol
744a7c030c Merge pull request #5868 from jhspaybar/5749-libcontainerroutes 
libcontainer support for arbitrary route table entries
 2014-05-28 10:50:56 -07:00
William Thurston
755e5047a7 Fixes #5749 
libcontainer support for arbitrary route table entries

Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
 2014-05-28 17:42:02 +00:00
Bernerd Schaefer
906451091d SETUID/SETGID not required for changing user 
It is no longer necessary to pass "SETUID" or "SETGID" capabilities to
the container when a "user" is specified in the config.

Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-28 16:41:48 +02:00
Bernerd Schaefer
b6ee193b8e Add system.SetKeepCaps and system.ClearKeepCaps 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-28 16:40:36 +02:00
Alexandr Morozov
a09f2d1c41 Remove collections package 
It doesn't needed anymore аfter port and ip allocators refactoring
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4dmath@gmail.com> (github: LK4D4)
 2014-05-28 13:59:45 +04:00
Michael Crosby
c8a8176936 Update wait calls to call Wait on Command 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-27 13:38:24 -07:00
unclejack
eb075733c5 Merge pull request #6025 from crosbymichael/concurrent-names 
Improve name generation on concurrent requests
 2014-05-27 23:18:19 +03:00
Erik Hollensbe
18d68cf1a9 libcontainer/nsinit: remove Wait call from Exec and Kill from Attach in tty_term.go 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Erik Hollensbe
36bd5bf98b Add Wait() calls in the appropriate spots 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Michael Crosby
47b9bba5e1 Improve name generation on concurrent requests 
Fixes #2586

This fixes a few races where the name generator asks if a name is free
but another container takes the name before it can be reserved.  This
solves this by generating the name and setting it.  If the set fails
with a non unique error then we try again.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 17:51:16 -07:00
Michael Crosby
4a0d1718ee Merge pull request #6018 from vishh/stats_strongtype 
Strong type all stats exported by libcontainer
 2014-05-23 14:35:14 -07:00
Michael Crosby
1c07f75e6f Add check for iptables xlock support 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 14:18:50 -07:00
Vishnu Kannan
c5be84cd2d Added stats.go which provides strong types for all stats that will be exported by libcontainer. This commit only introduces the strong type. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-05-23 20:42:43 +00:00
Michael Crosby
cc706701b0 Add wait flag to iptables 
Fixes #1573
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 01:24:58 +00:00
Michael Crosby
b98c3f7fb4 Merge pull request #5995 from vieux/recur_nodes 
Add device nodes recursively
 2014-05-22 16:35:27 -07:00
Victor Vieux
4b1df3687b update test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-22 22:50:41 +00:00
Victor Vieux
bf21f0d493 add recursive device nodes 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-22 22:29:13 +00:00
Victor Marmol
c88ecf6acd Make all cgroup stats output int64s instead of float64. 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-05-22 20:53:36 +00:00
Victor Vieux
89b64d33ee Merge pull request #5976 from crosbymichael/getpids 
Move get pid into cgroup implementation
 2014-05-21 19:09:50 -07:00
Victor Vieux
a0841ff1eb Merge pull request #5922 from crosbymichael/host-dev-priv 
Mount /dev in tmpfs for privileged containers
 2014-05-21 18:56:24 -07:00
Michael Crosby
c6c0dc2ebb Move get pid into cgroup implementation 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-21 21:14:07 +00:00
Tianon Gravi
c3c5ddfc50 Revert "Always mount a /run tmpfs in the container" 
This reverts commit 905795ece624675abe2ec2622b0bbafdb9d7f44c.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-05-21 14:28:19 -06:00
Michael Crosby
3d95e5cf7b Update code post codereview 
Add specific types for Required and Optional DeviceNodes
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-21 00:40:41 +00:00
Michael Crosby
7fb3f86fec Update documentation for container struct in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-20 23:34:46 +00:00
Michael Crosby
d48b2cf390 Mount /dev in tmpfs for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-20 22:51:24 +00:00
Alexander Larsson
0f44c2849c cgroups: Allow mknod for any device in systemd cgroup backend 
Without this any container startup fails:
2014/05/20 09:20:36 setup mount namespace copy additional dev nodes mknod fuse operation not permitted

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-20 09:29:32 +02:00