Commit graph

21 commits

Author SHA1 Message Date
Michael Crosby
935520b224 Always symlink /dev/ptmx for libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-13 14:31:09 -07:00
Michael Crosby
da605a43d6 Add env var to toggle pivot root or ms_move
Use the  DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 19:30:52 -08:00
Michael Crosby
ca93316795 Revert "Revert "libcontainer: Use pivot_root instead of chroot""
This reverts commit 82f797f14096430c3edbace1cd30e04a483ec41f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 17:19:59 -08:00
Michael Crosby
57e7760c26 Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE""
This reverts commit bd263f5b15b51747e3429179fef7fcb425ccbe4a.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 17:19:47 -08:00
Michael Crosby
31c7d13466 Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"
This reverts commit 757b5775725fb90262cee1fa6068fa9dcbbff59f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 16:41:03 -08:00
Michael Crosby
abd1f8da60 Revert "libcontainer: Use pivot_root instead of chroot"
This reverts commit 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-06 16:32:06 -08:00
Alexander Larsson
88aed3bf92 libcontainer: Use MS_PRIVATE instead of MS_SLAVE
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-05 09:40:54 +01:00
Michael Crosby
2bddb20b91 Add shm size cap to mount
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-04 14:18:40 -08:00
Guillaume J. Charmes
9a5dead3c9 Remove /dev tmpfs mountpoint
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-04 13:21:22 -08:00
Guillaume J. Charmes
91d13e5fa1 remove /run mountpoint
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-04 12:32:17 -08:00
Guillaume J. Charmes
a8b87a47b6 Remove loopback mount bind
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-04 12:30:52 -08:00
Alexander Larsson
83de20deb7 libcontainer: Use pivot_root instead of chroot
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-04 12:44:08 +01:00
Michael Crosby
f8262b5748 Ensure that loopback devices are mounted inside the conatiner
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-26 17:21:09 -08:00
Michael Crosby
5d71533d4e Make nsinit a proper go pkg and add the main in another dir
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:17 -08:00
Guillaume J. Charmes
97738ffed3 Handle non-tty mode
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:17 -08:00
Michael Crosby
848fd7638b Revert "WIP for setup kmsg"
This reverts commit 80db9a918337c4ae80ffa9a001da13bd24e848c8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby
8590435fa0 WIP for setup kmsg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby
c20c1dfb04 Add comments to many functions
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Guillaume J. Charmes
b48bc85967 OSX compilation
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@dotcloud.com> (github: creack)
2014-02-21 14:56:16 -08:00
Michael Crosby
84ba029e25 General cleanup of libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby
e25ebdd06c Simplify namespaces with only nsinit
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Renamed from libcontainer/namespaces/nsinit/mount.go (Browse further)