Commit graph

10 commits

Author SHA1 Message Date
Alexander Larsson
83de20deb7 libcontainer: Use pivot_root instead of chroot
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-04 12:44:08 +01:00
Michael Crosby
f8262b5748 Ensure that loopback devices are mounted inside the conatiner
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-26 17:21:09 -08:00
Michael Crosby
5d71533d4e Make nsinit a proper go pkg and add the main in another dir
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:17 -08:00
Guillaume J. Charmes
97738ffed3 Handle non-tty mode
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:17 -08:00
Michael Crosby
848fd7638b Revert "WIP for setup kmsg"
This reverts commit 80db9a918337c4ae80ffa9a001da13bd24e848c8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby
8590435fa0 WIP for setup kmsg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby
c20c1dfb04 Add comments to many functions
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Guillaume J. Charmes
b48bc85967 OSX compilation
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@dotcloud.com> (github: creack)
2014-02-21 14:56:16 -08:00
Michael Crosby
84ba029e25 General cleanup of libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby
e25ebdd06c Simplify namespaces with only nsinit
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Renamed from libcontainer/namespaces/nsinit/mount.go (Browse further)