Guillaume J. Charmes
c838fc9266
Merge pull request #4719 from philips/Capabilities-to-CapabilitiesMask
...
refactor(libcontainer): rename to CapabilitiesMask
2014-03-17 11:15:29 -07:00
Brandon Philips
c6b2c2f6b0
chore(libcontainer): small grammar fix in types_test
...
Someone probably got really used to typing er on the end of contain :)
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
2014-03-17 11:07:29 -07:00
Brandon Philips
4f5c96a769
refactor(libcontainer): rename to CapabilitiesMask
...
The Capabilities field on libcontainer is actually used as a mask.
Rename the field so that this is more clear.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
2014-03-17 11:07:12 -07:00
unclejack
191a9c1ff3
Merge pull request #4672 from vieux/update_godoc_mflags
...
update godoc and add MAINTAINERS for mflags
2014-03-17 19:30:58 +02:00
Michael Crosby
a518a10209
Send sigterm to child instead of sigkill
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-14 15:42:05 -07:00
Victor Vieux
eac9cae74d
update godoc and add MAINTAINERS for mflags
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-14 17:35:41 +00:00
Michael Crosby
9183242a5d
Add stderr log ouput if in debug
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-14 09:55:05 -07:00
Michael Crosby
f7eec3dd13
Add initial logging to libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-14 09:55:05 -07:00
Michael Crosby
ff10ab55d2
Update libcontainer readme and todo list
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-13 15:18:08 -07:00
Michael Crosby
aca132a1dd
Merge pull request #4656 from crosbymichael/fix-ptmx-link
...
Always symlink /dev/ptmx for libcontainer
2014-03-13 14:57:17 -07:00
Guillaume J. Charmes
2a30a1a2f3
Merge pull request #4422 from alexlarsson/internal-mounts
...
Move all bind-mounts in the container inside the namespace
2014-03-13 14:55:29 -07:00
Michael Crosby
935520b224
Always symlink /dev/ptmx for libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-13 14:31:09 -07:00
Victor Vieux
26f4981284
Merge pull request #4624 from creack/fix_apparmor_init
...
Fix issue when /etc/apparmor.d does not exists
2014-03-13 14:04:13 -07:00
Alexander Larsson
eebaba3215
Move all bind-mounts in the container inside the namespace
...
This moves the bind mounts like /.dockerinit, /etc/hostname, volumes,
etc into the container namespace, by setting them up using lxc.
This is useful to avoid littering the global namespace with a lot of
mounts that are internal to each container and are not generally
needed on the outside. In particular, it seems that having a lot of
mounts is problematic wrt scaling to a lot of containers on systems
where the root filesystem is mounted --rshared.
Note that the "private" option is only supported by the native driver, as
lxc doesn't support setting this. This is not a huge problem, but it does
mean that some mounts are unnecessarily shared inside the container if you're
using the lxc driver.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-13 20:01:29 +01:00
Guillaume J. Charmes
87b153606a
Use BSD raw mode on darwin. Fixes nano, tmux and others
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-13 11:11:02 -07:00
Guillaume J. Charmes
3e89864534
Fix issue when /etc/apparmor.d does not exists
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-12 11:13:24 -07:00
Victor Vieux
f7fe084946
improve deprecation message
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-12 00:51:46 +00:00
Guillaume J. Charmes
02be9306bc
Update email + add self to pkg/signal
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-10 20:26:45 -07:00
Kato Kazuyoshi
3f25da9dd5
Like signal_linux.go, we don't have import os and os/signal
...
Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
2014-03-11 23:14:58 +09:00
Michael Crosby
4631153f90
Merge pull request #4563 from creack/signal-improvment
...
Signal improvments
2014-03-10 17:59:17 -07:00
Michael Crosby
4125e1ccc3
Merge pull request #4515 from vieux/improve_sort_flags
...
improve alpha sort in mflag
2014-03-10 17:45:41 -07:00
Guillaume J. Charmes
2433bf6372
Make docker use the signal pkg with strings
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-10 17:36:47 -07:00
Guillaume J. Charmes
16d0b6b959
Create portable signalMap
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-10 17:36:41 -07:00
Guillaume J. Charmes
db6b150d99
Move signal to pkg
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-10 17:36:32 -07:00
srid
115f88b346
nsinit: prefix errors with their source
...
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
2014-03-10 17:08:50 -07:00
unclejack
374c3a3d3f
Merge pull request #3985 from creack/add_freebsd_support
...
Add freebsd client support
2014-03-11 00:58:30 +02:00
Guillaume J. Charmes
10ae745ed8
Update bsd specs
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-10 15:19:08 -07:00
Victor Vieux
d9eb03d2ef
move opts out of pkg because it's related to docker
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-10 21:10:23 +00:00
Victor Vieux
ff054ba1e2
remove utils.go
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-10 21:06:27 +00:00
Guillaume J. Charmes
fcd7612643
Merge branch 'master' into add_freebsd_support
...
Conflicts:
archive/archive.go
archive/start_unsupported.go
2014-03-10 13:20:49 -07:00
Victor Vieux
572ce1c6a9
handle capital
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-07 23:40:45 +00:00
Michael Crosby
da605a43d6
Add env var to toggle pivot root or ms_move
...
Use the DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 19:30:52 -08:00
Victor Vieux
6c4652a766
improve alpha sort in mflag
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-07 02:20:59 +00:00
Michael Crosby
ca93316795
Revert "Revert "libcontainer: Use pivot_root instead of chroot""
...
This reverts commit 82f797f14096430c3edbace1cd30e04a483ec41f.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 17:19:59 -08:00
Michael Crosby
57e7760c26
Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE""
...
This reverts commit bd263f5b15b51747e3429179fef7fcb425ccbe4a.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 17:19:47 -08:00
unclejack
0718fb409c
Merge pull request #4512 from crosbymichael/no-pivot-root
...
No pivot root because of ramdisk
2014-03-07 02:54:03 +02:00
Michael Crosby
31c7d13466
Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"
...
This reverts commit 757b5775725fb90262cee1fa6068fa9dcbbff59f.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 16:41:03 -08:00
Michael Crosby
abd1f8da60
Revert "libcontainer: Use pivot_root instead of chroot"
...
This reverts commit 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 16:32:06 -08:00
Michael Crosby
fd8470acba
Ensure that native containers die with the parent
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 16:30:56 -08:00
Michael Crosby
c0d5c529bb
Remove the ghosts and kill everything
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 15:30:26 -08:00
Guillaume J. Charmes
f9bd82dd75
Merge pull request #4506 from creack/fix_apparmor
...
Use CGO for apparmor profile switch
2014-03-06 13:37:34 -08:00
Tianon Gravi
5c13d61425
Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu)
...
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-03-06 13:39:17 -07:00
Guillaume J. Charmes
729080d46a
Add buildflags to allow crosscompilation for apparmor
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-06 12:05:03 -08:00
Guillaume J. Charmes
6fcfe645f8
Merge pull request #4503 from unclejack/attempt_to_fix_apparmor_profile
...
remove dbus from apparmor profile for Ubuntu 12.04
2014-03-06 11:20:06 -08:00
Guillaume J. Charmes
0ecd2aa284
Use CGO for apparmor profile switch
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-06 11:10:58 -08:00
unclejack
b359efd9ec
remove dbus from apparmor profile
...
This removes the dbus entry from the apparmor profile Docker creates.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-03-06 19:47:03 +02:00
Alexander Larsson
0caa2d3992
libcontainer: Don't use UsetCloseOnExec, it is racy
...
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.
Instead we just use Cmd.ExtraFiles which handles all this for us.
This fixes https://github.com/dotcloud/docker/issues/4493
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-06 14:10:32 +01:00
Guillaume J. Charmes
d3bbd78cc5
Generate and load custom docker profile for apparmor
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-05 15:02:11 -08:00
Michael Crosby
0eb4ea2f79
Some cleanup around logs
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-05 13:50:49 -08:00
Guillaume J. Charmes
73233223de
Add AppArmor support to native driver + change pipe/dup logic
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-05 13:08:24 -08:00