vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity
2021 commits 2 branches 0 tags 3.9 MiB
Commit graph

2021 commits

This branch
This branch
All branches
Author SHA1 Message Date
Guillaume J. Charmes
f9bd82dd75 Merge pull request #4506 from creack/fix_apparmor 
Use CGO for apparmor profile switch
 2014-03-06 13:37:34 -08:00
Tianon Gravi
5c13d61425 Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-03-06 13:39:17 -07:00
Guillaume J. Charmes
729080d46a Add buildflags to allow crosscompilation for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 12:05:03 -08:00
Guillaume J. Charmes
6fcfe645f8 Merge pull request #4503 from unclejack/attempt_to_fix_apparmor_profile 
remove dbus from apparmor profile for Ubuntu 12.04
 2014-03-06 11:20:06 -08:00
Guillaume J. Charmes
0ecd2aa284 Use CGO for apparmor profile switch 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 11:10:58 -08:00
unclejack
b359efd9ec remove dbus from apparmor profile 
This removes the dbus entry from the apparmor profile Docker creates.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-03-06 19:47:03 +02:00
Alexander Larsson
0caa2d3992 libcontainer: Don't use UsetCloseOnExec, it is racy 
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.

Instead we just use Cmd.ExtraFiles which handles all this for us.

This fixes https://github.com/dotcloud/docker/issues/4493

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-06 14:10:32 +01:00
Guillaume J. Charmes
d3bbd78cc5 Generate and load custom docker profile for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 15:02:11 -08:00
Michael Crosby
0eb4ea2f79 Some cleanup around logs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-05 13:50:49 -08:00
Guillaume J. Charmes
73233223de Add AppArmor support to native driver + change pipe/dup logic 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 13:08:24 -08:00
Victor Vieux
7339ca8699 fix panic with only long flags or only one deprecatd 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-05 19:45:57 +00:00
Victor Vieux
a5ba28e1f7 fix usage for completly deprecated flag 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-05 19:27:39 +00:00
Michael Crosby
e8163b809b Merge pull request #4278 from alexlarsson/system 
Create pkg/system and move stuff there from archive
 2014-03-05 12:32:35 -05:00
Alexander Larsson
7eb32029e9 Create pkg/system and move stuff there from archive 
This is a package for generic system calls etc that for some reason
is not yet supported by "syscall", or where it is different enough
for the different ports to need portability wrappers.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-05 14:05:32 +01:00
Alexander Larsson
88aed3bf92 libcontainer: Use MS_PRIVATE instead of MS_SLAVE 
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-05 09:40:54 +01:00
Michael Crosby
2bddb20b91 Add shm size cap to mount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 14:18:40 -08:00
Guillaume J. Charmes
9a5dead3c9 Remove /dev tmpfs mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 13:21:22 -08:00
Guillaume J. Charmes
91d13e5fa1 remove /run mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:32:17 -08:00
Guillaume J. Charmes
a8b87a47b6 Remove loopback mount bind 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:30:52 -08:00
Michael Crosby
4f641377e0 Merge pull request #4452 from crosbymichael/small-fixes-to-libcontainer 
Add find tests and remove panic in DEBUG
 2014-03-04 14:37:41 -05:00
Michael Crosby
bd2d7a377c Add find tests and remove panic in DEBUG 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 08:55:12 -08:00
Alexander Larsson
83de20deb7 libcontainer: Use pivot_root instead of chroot 
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-04 12:44:08 +01:00
Darren Shepherd
3d2d4a0624 Support hairpin NAT without going through docker server 
Hairpin NAT is currently done by passing through the docker server.  If
two containers on the same box try to access each other through exposed
ports and using the host IP the current iptables rules will not match the
DNAT and thus the traffic goes to 'docker -d'

This change drops the restriction that DNAT traffic must not originate
from docker0.  It should be safe to drop this restriction because the
DOCKER chain is already gated by jumps that check for the destination
address to be a local address.

Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
 2014-03-03 21:53:57 -07:00
Guillaume J. Charmes
0ef83adf9f Merge pull request #4327 from crosbymichael/add-libcontainer 
Add native execution driver to docker and make it the default
 2014-03-03 16:34:20 -08:00
Sven Dowideit
313d6a9e13 very minor spelling 
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
 2014-03-04 10:12:12 +10:00
Michael Crosby
7dc071dca5 Factor out finalize namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 12:15:47 -08:00
Victor Vieux
ed2e85ad24 add warning for deprecatd flags 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-03 19:57:05 +00:00
Michael Crosby
ab952e2502 Update readme to remove .nspid 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 11:31:37 -08:00
Victor Vieux
d1b77040a7 prevent flag grouping with -- 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-03 19:17:28 +00:00
unclejack
6e7ffe094b Merge pull request #4321 from vieux/docker_run_-it 
Add support for docker run -it or docker images -qa
 2014-03-03 20:52:10 +02:00
Alexander Larsson
48cfa0fbdf runtime: Fix unique constraint error checks 
The sqlite3 version in fedora (3.8) returns a different error string in the unique constraints
failure case than the one in hack/ (3.7). This updates the check to detect both, fixing
one integration check failure on Fedora.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-03 15:10:52 +01:00
Michael Crosby
85696fdb67 Allow child process to live if daemon dies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-27 09:33:36 -08:00
Michael Crosby
34301be200 Code review updates 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 19:21:46 -08:00
Michael Crosby
f8262b5748 Ensure that loopback devices are mounted inside the conatiner 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 17:21:09 -08:00
Michael Crosby
4f6cdc6f08 Make network a slice to support multiple types 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 14:20:41 -08:00
Michael Crosby
87e010b2e9 Merge branch 'master' into add-libcontainer 
Conflicts:
	execdriver/termconsole.go

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 12:55:24 -08:00
Michael Crosby
d8025d1066 Fix cgroups swap issue when it is not supported 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 19:45:57 -08:00
Michael Crosby
f85823b53d Fix cross compile for make cross 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 15:19:13 -08:00
Victor Vieux
98f0a748a7 add version pkg 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-02-25 21:08:38 +00:00
Michael Crosby
2acaf7ca82 Move container.json and pid file into a root specific driver dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 12:41:31 -08:00
Guillaume J. Charmes
faa2334eea Merge branch 'add-libcontainer' of https://github.com/crosbymichael/docker into add-libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-25 11:42:15 -08:00
Michael Crosby
5982af4969 Address initial feedback from pr 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 10:54:41 -08:00
Guillaume J. Charmes
357ca32831 Better capability/namespace management 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-24 21:52:29 -08:00
Michael Crosby
6daf56799f Refactor and improve libcontainer and driver 
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 21:11:52 -08:00
Michael Crosby
0e4d946dc4 Improve logging for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 18:38:36 -08:00
Michael Crosby
c8ad8184ec Cgroups allow devices for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 15:47:23 -08:00
Victor Vieux
8a05149d91 enable docker run -it 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-02-24 22:53:00 +00:00
Michael Crosby
d50dc3cb7e Honor user passed on container in nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:52:56 -08:00
Michael Crosby
b899d9bc44 Fix tests with dockerinit lookup path 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:40:17 -08:00
Michael Crosby
d388db815c Look for cpu subsystem instead of memory 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 10:46:20 -08:00