vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity
466 commits 2 branches 0 tags 3.9 MiB
Commit graph

179 commits

Author SHA1 Message Date
Michael Crosby
8cd88f75fa Remove command factory and NsInit interface from libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-30 17:55:15 -07:00
Michael Crosby
2db754f3ee Export more functions from libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-30 17:18:07 -07:00
Michael Crosby
aecfa0d890 Split term files to make it easier to manage 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-30 17:04:24 -07:00
Michael Crosby
a0ab2aa12e Export syncpipe fields 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-30 17:02:45 -07:00
Michael Crosby
3fde553297 Remove statewriter interface, export more libcontainer funcs 
This temp. expands the Exec method's signature but adds a more robust
way to know when the container's process is actually released and begins
to run.  The network interfaces are not guaranteed to be up yet but this
provides a more accurate view with a single callback at this time.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-30 15:52:40 -07:00
Michael Crosby
f98f4455b9 Export SetupUser 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-30 15:27:59 -07:00
Michael Crosby
32e9beb86e Remove logger from nsinit struct 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-30 15:24:18 -07:00
Guillaume J. Charmes
b6344f992e Merge pull request #5448 from crosbymichael/selinux-defaults 
Add selinux label support for processes and mount
 2014-04-30 14:14:39 -07:00
Michael Crosby
8e22ca2eed Merge pull request #5464 from tianon/close-leftover-fds 2014-04-30 12:27:52 -07:00
Tianon Gravi
c1dad4d063 Close extraneous file descriptors in containers 
Without this patch, containers inherit the open file descriptors of the daemon, so my "exec 42>&2" allows us to "echo >&42 some nasty error with some bad advice" directly into the daemon log. :)

Also, "hack/dind" was already doing this due to issues caused by the inheritance, so I'm removing that hack too since this patch obsoletes it by generalizing it for all containers.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-04-29 16:45:28 -06:00
Michael Crosby
7b566eab43 Add mountlabel to dev 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-29 03:41:44 -07:00
Michael Crosby
48d893cc6b Initial work on selinux patch 
This has every container using the docker daemon's pid for the processes
label so it does not work correctly.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-29 03:40:05 -07:00
Victor Vieux
a94e54c65b Merge pull request #5449 from tianon/remove-libcontainer-root-special-case 
Remove "root" and "" special cases in libcontainer
 2014-04-28 16:29:08 -07:00
Rohit Jnagal
8cb62581de Merge branch 'master' into libcontainer-fixes 
Conflicts:
	pkg/libcontainer/README.md
	pkg/libcontainer/container.json

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
 2014-04-28 23:04:04 +00:00
Tianon Gravi
c54bc4ca04 Remove "root" and "" special cases in libcontainer 
These are unnecessary since the user package handles these cases properly already (as evidenced by the LXC backend not having these special cases).

I also updated the errors returned to match the other libcontainer error messages in this same file.

Also, switching from Setresuid to Setuid directly isn't a problem, because the "setuid" system call will automatically do that if our own effective UID is root currently: (from `man 2 setuid`)

    setuid() sets the effective user ID of the calling process.  If the
    effective UID of the caller is root, the real UID and saved set-user-
    ID are also set.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-04-28 16:46:03 -06:00
Rohit Jnagal
030155d44d Updated sample config to be usable. We should change the namespace 
config to not need "value" later.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
 2014-04-25 21:10:23 +00:00
Rohit Jnagal
aeb186a0ba Updated sample config and README to match the default template for 
native execdriver.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
 2014-04-25 06:02:30 +00:00
Rohit Jnagal
c81ca6ef71 Improved README formatting. 
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
 2014-04-25 01:23:48 +00:00
Rohit Jnagal
35c12256c7 Add enabled option to namespaces and capabilities spec in 
container.json. Although we don't yet check for enabled everywhere.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
 2014-04-25 01:10:11 +00:00
Rohit Jnagal
8173da962b Fix typos in nsinit logs. 
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
 2014-04-25 00:20:14 +00:00
Rohit Jnagal
60159f9737 Fix container.json sample to be loadable by nsinit. 
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
 2014-04-25 00:17:45 +00:00
Michael Crosby
76a06effef Ignore isnot exists errors for proc paths 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
2ecea22c8c Update init for new apparmor import path 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
bd7c140c01 Update container.json and readme 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
e40bde54a5 Move capabilities into security pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
454751e768 Move mounts into types.go 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
824ee83816 Move rest of console functions to pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
a77846506b Refactor mounts into pkg to make changes easier 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
323ea01c18 Move console into its own package 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
cc900b9db8 Mount over dev and only copy allowed nodes in 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
ef923907df No not mount sysfs by default for non privilged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
3d546f20db Add restrictions to proc in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:19 -07:00
Michael Crosby
b5434b5d7f Move apparmor into security sub dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:19 -07:00
Guillaume J. Charmes
3ee90e1348 Merge pull request #5328 from crosbymichael/refactor-cgroups 
Refactor cgroups into subsystems and support metrics
 2014-04-21 14:06:17 -07:00
Michael Crosby
8cc8aca9cc Move raw cgroups into fs package (filesystem) 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 21:34:26 -07:00
Michael Crosby
9f508e4b3e Move systemd code into pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 21:30:08 -07:00
Michael Crosby
a183681b1d Refactor cgroups file locations 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 21:14:58 -07:00
Michael Crosby
ca3224687b Move apparmor to top level pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-13 23:33:25 +00:00
Michael Crosby
b0dfd5c5d9 Use apparmor_parser directly 
The current load script does alot of things.  If it does not find the
parser loaded on the system it will just exit 0 and not load the
profile.  We think it should fail loudly if it cannot load the profile
and apparmor is enabled on the system.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-13 23:31:10 +00:00
Victor Vieux
0fe679322b Merge pull request #5143 from kzys/ns-nil 
Avoid "invalid memory address or nil pointer dereference" panic
 2014-04-10 11:07:35 -07:00
Guillaume J. Charmes
eb0ec63b59 Merge pull request #5131 from crosbymichael/shm-mode 
Change shm mode to 1777
 2014-04-10 07:50:32 -07:00
Guillaume J. Charmes
8a64aa8f4b Merge pull request #5115 from alexlarsson/fix-libcontainer-network-rhel6 
Fix libcontainer network support on rhel6
 2014-04-10 07:45:12 -07:00
Kato Kazuyoshi
8dc1d8b6c0 Avoid "invalid memory address or nil pointer dereference" panic 
libcontainer.GetNamespace returns nil on FreeBSD because
libcontainer.namespaceList is empty. In this case, Namespaces#Get should
return nil instead of being panic.

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
 2014-04-10 22:07:29 +09:00
Alexander Larsson
db1a117450 Fix libcontainer network support on rhel6 
It seems that netlink in older kernels, including RHEL6, does not
support RTM_SETLINK with IFLA_MASTER. It just silently ignores it, reporting
no error, causing netlink.NetworkSetMaster() to not do anything yet
return no error.

We fix this by introducing and using AddToBridge() in a very similar manner
to CreateBridge(), which use the old ioctls directly.

This fixes https://github.com/dotcloud/docker/issues/4668

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-04-09 15:44:18 +02:00
Michael Crosby
6b4ca764f0 Change shm mode to 1777 
Fixes #5126
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-09 10:53:32 +00:00
Michael Crosby
4b3bfc742b Check for apparmor enabled on host to populate profile 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-09 10:22:17 +00:00
Guillaume J. Charmes
2538689b31 Backup current docker apparmor profile and replace it with the new one 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-04-08 11:09:31 -07:00
Guillaume J. Charmes
908be5a3d9 Merge pull request #5049 from Supermathie/aa-fix 
apparmor: docker-default: Include base abstraction
 2014-04-07 21:34:01 -07:00
Guillaume J. Charmes
23ce43ac20 Merge pull request #5025 from dstine/readme-fix 
fixed two readme typos
 2014-04-07 19:31:16 -07:00
Dan Stine
3a7b63669c fixed three more typos 2014-04-07 22:09:15 -04:00