Commit graph

  • c6e60b57a2 Merge pull request #5903 from alexlarsson/writable-proc Victor Marmol 2014-05-19 12:21:15 -07:00
  • 6b97c80b4d Make /proc writable, but not /proc/sys and /proc/sysrq-trigger Alexander Larsson 2014-05-19 09:51:20 +02:00
  • c3b01dfb59 Merge pull request #5792 from bernerdschaefer/nsinit-supports-pdeathsig Victor Marmol 2014-05-19 11:13:23 -07:00
  • 9e23d99fa2 Merge pull request #5865 from crosbymichael/add-all-caps Michael Crosby 2014-05-19 09:56:55 -07:00
  • 3e097e5052 Add the rest of the caps so that they are retained in privilged mode Michael Crosby 2014-05-17 02:03:26 +00:00
  • b089773388 Check uid ranges Alexandr Morozov 2014-05-17 22:43:31 +04:00
  • 58ba10aa54 add support for CAP_FOWNER Victor Vieux 2014-05-17 01:16:07 +00:00
  • 73f678f6f8 Make libcontainer's CapabilitiesMask into a []string (Capabilities). Victor Marmol 2014-05-17 00:44:10 +00:00
  • 724c84c6fc Merge pull request #5833 from ActiveState/fix_nsinit_env_panic Michael Crosby 2014-05-16 12:03:26 -07:00
  • 18a7cee3c7 fix panic when passing empty environment Sridhar Ratnakumar 2014-05-15 21:36:15 -07:00
  • fa7e4d6946 Merge pull request #5810 from vmarmol/drop-caps Victor Marmol 2014-05-16 11:51:41 -07:00
  • 2732a59592 nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL Bernerd Schaefer 2014-05-14 11:50:15 +02:00
  • f6ddb6051c nsinit.Init() restores parent death signal before exec Bernerd Schaefer 2014-05-14 11:49:06 +02:00
  • 3a423f3e4e Change libcontainer to drop all capabilities by default. Only keeps those that were specified in the config. This commit also explicitly adds a set of capabilities that we were silently not dropping and were assumed by the tests. Victor Marmol 2014-05-14 18:29:08 +00:00
  • 0b1aab5435 Fixes 5370 infinite/maxLoopCount loop for relative symlinks lalyos 2014-04-25 05:54:20 +02:00
  • 02b08b3961 Defend against infinite loop when following symlinks lalyos 2014-05-16 00:25:38 +02:00
  • 64b6d99e35 Adding test case for symlink causes infinit loop, reproduces: dotcloud#5370 lalyos 2014-05-15 23:52:36 +02:00
  • bb9eabf1ef Add GetParentDeathSignal() to pkg/system Bernerd Schaefer 2014-05-14 11:48:10 +02:00
  • 9b677d0733 Remove the cgroups maintainer file Michael Crosby 2014-05-14 16:01:45 -07:00
  • b30f280d2f Move cgroups package into libcontainer Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-14 15:21:44 -07:00
  • 9133caa6d3 Setup standard /dev symlinks Bernerd Schaefer 2014-05-12 14:41:07 +02:00
  • ceedff720e Merge pull request #5783 from LK4D4/fix_duplicate_ip_allocation_#5729 Guillaume J. Charmes 2014-05-14 13:32:27 -07:00
  • 05878da301 Merge pull request #5756 from crosbymichael/move-units-to-pkg Victor Vieux 2014-05-14 11:36:14 -07:00
  • 9e48ca7b79 Merge pull request #5791 from bernerdschaefer/nsinit-exec-forwards-signals Michael Crosby 2014-05-14 11:05:27 -07:00
  • ffcd37b861 Merge pull request #5781 from creack/remove_bind_console Victor Vieux 2014-05-14 10:57:21 -07:00
  • 31c9adba67 "nsinit exec ..." forwards signals to container Bernerd Schaefer 2014-05-14 10:56:55 +02:00
  • a42b2abb10 Refactoring collections/orderedintset and benchmarks for it Alexandr Morozov 2014-05-13 21:16:06 +04:00
  • 1cc1c05a55 Copy parents cpus and mems for cpuset Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-13 13:34:31 -07:00
  • fd5a5dc56f Remove the bind mount for dev/console which override the mknod/label Guillaume J. Charmes 2014-05-13 11:59:27 -07:00
  • 04ec76023a Add MAINTAINERS file to symlink pkg Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-13 11:27:24 -07:00
  • f2bd8e8486 Update code to handle new path to Follow Symlink func Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-13 10:54:08 -07:00
  • e8a8022ba3 Move Follow symlink to pkg Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-13 10:34:30 -07:00
  • 4086e37e27 libcontainer: Ensure bind mount target files are inside rootfs Alexander Larsson 2014-05-13 15:42:21 +02:00
  • 9b01755ade Merge pull request #5655 from alexlarsson/mount-run-dir unclejack 2014-05-13 11:51:14 +03:00
  • 68928c3485 Move duration and size to units pkg Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-12 16:40:19 -07:00
  • 2d9fd36002 Always mount a /run tmpfs in the container Alexander Larsson 2014-05-07 15:08:52 +02:00
  • 2260de8bd6 Use int64 instead of int Guillaume J. Charmes 2014-05-11 06:12:48 -07:00
  • fa0e7c2ec2 Merge pull request #5748 from crosbymichael/libcontainer-bindmounts Michael Crosby 2014-05-12 12:27:18 -07:00
  • f86639dab5 Remove newline char in error message Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-12 12:24:30 -07:00
  • 36ba2f5cb1 Correct a comment in libcontainer Mount Namespace setup. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh) Vishnu Kannan 2014-05-09 19:01:29 +00:00
  • ad35ca9f5b libcontainer: Create dirs/files as needed for bind mounts Alexander Larsson 2014-05-08 19:58:33 +02:00
  • caca8eec08 beam/data: Message.GetOne() returns the last value set at a key Solomon Hykes 2014-05-09 17:01:27 -07:00
  • c2a237f019 Fix stdin handling in engine.Sender and engine.Receiver Solomon Hykes 2014-05-09 15:39:55 -07:00
  • 78848a31a5 Merge pull request #5673 from tianon/kcore-error Michael Crosby 2014-05-08 10:20:19 -07:00
  • 959897e5fd Merge pull request #5535 from vmarmol/add-maintainers-cgroup Michael Crosby 2014-05-08 09:48:31 -07:00
  • f5aa22416f Update restrict.Restrict to both show the error message when failing to mount /dev/null over /proc/kcore, and to ignore "not exists" errors while doing so (for when CONFIG_PROC_KCORE=n in the kernel) Tianon Gravi 2014-05-08 01:03:45 -06:00
  • 777139b650 use tabwriter to display usage in mflag Victor Vieux 2014-05-06 17:43:46 +00:00
  • a65772368c Merge pull request #5631 from vmarmol/cpuacct-usage Michael Crosby 2014-05-06 11:47:55 -07:00
  • 741e47e6a4 Export cpuacct CPU usage in total cores over the sampled period. Victor Marmol 2014-05-05 23:56:53 +00:00
  • bafc6a6233 Merge pull request #5630 from rjnagal/libcontainer-fixes Michael Crosby 2014-05-06 09:49:52 -07:00
  • 44102c82aa Merge pull request #5629 from vmarmol/fix-systemd-softlimit Michael Crosby 2014-05-06 09:48:33 -07:00
  • 93d8505fed Remove support for MemoryReservation in systemd systems. This has been deperecated since systemd 208. Victor Marmol 2014-05-06 15:53:38 +00:00
  • 52e64d2f09 pkg: networkfs: etchosts: fixed tests cyphar 2014-05-07 00:42:22 +10:00
  • 8cd2903898 add linked containers to hosts file Bryan Murphy 2014-04-07 18:34:07 +00:00
  • 512bf6cd45 Merge pull request #5354 from alexlarsson/cgroups-systemd-fixes Guillaume J. Charmes 2014-05-05 16:00:56 -07:00
  • 5b4c76a6d6 add resolvconf Victor Vieux 2014-05-05 22:51:32 +00:00
  • 05227e1d6f add etchosts Victor Vieux 2014-05-05 22:05:14 +00:00
  • ecd6b47eaf Merge pull request #5602 from crosbymichael/libcontainer-enable Michael Crosby 2014-05-05 13:50:08 -07:00
  • 6db7128c2d Merge pull request #5400 from bmatsuo/5398-fix-pkg/graphdb-osx Michael Crosby 2014-05-05 13:41:43 -07:00
  • 412c081a9b Improve libcontainer namespace and cap format Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-05 12:34:21 -07:00
  • 10b377c0fb Check supplied hostname before using it. Rohit Jnagal 2014-05-05 18:12:25 +00:00
  • b5b239af1d cgroups: Update systemd to match fs backend Alexander Larsson 2014-04-23 11:00:12 +02:00
  • bbc3c913a9 Merge pull request #5556 from crosbymichael/no-restrict-lxc Michael Crosby 2014-05-02 17:20:27 -07:00
  • 8a4bb62438 Month devpts before mounting subdirs Guillaume J. Charmes 2014-05-02 13:55:45 -07:00
  • 65fb57349d Don't restrict lxc because of apparmor Michael Crosby 2014-05-02 11:14:24 -07:00
  • 473686ec89 Merge pull request #5529 from crosbymichael/restrict-proc Guillaume J. Charmes 2014-05-02 10:52:53 -07:00
  • 593c632113 Apply apparmor before restrictions Michael Crosby 2014-05-01 19:09:12 -07:00
  • f2ee0ca9db Adding Rohit Jnagal and Victor Marmol to pkg/libcontainer maintainers. Victor Marmol 2014-05-01 15:51:38 -07:00
  • faf6769a66 Adding Rohit Jnagal and Victor Marmol to pkg/cgroups maintainers. Victor Marmol 2014-05-01 15:48:16 -07:00
  • cc38164090 Fix /proc/kcore mount of /dev/null Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-01 13:55:23 -07:00
  • 57762b375f Mount attr and task as rw for selinux support Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-05-01 11:11:29 -07:00
  • af5420420b Update restrictions for better handling of mounts Michael Crosby 2014-05-01 10:08:18 -07:00
  • 5d1a3b2ab5 Update to enable cross compile Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 19:09:25 -07:00
  • a5364236a7 Mount /proc and /sys read-only, except in privileged containers. Jérôme Petazzoni 2014-04-30 18:00:42 -07:00
  • ecb2b00021 skip apparmor with dind Victor Vieux 2014-05-01 21:52:29 +00:00
  • 68849feeed drop CAP_SYSLOG capability Eiichi Tsukata 2014-04-30 15:20:22 +09:00
  • 4ed7d8b533 Merge pull request #5515 from crosbymichael/refactor-libcontainer2 Guillaume J. Charmes 2014-05-01 11:41:54 -07:00
  • bf43f17c56 beam: Add simple framing system for UnixConn Alexander Larsson 2014-03-31 11:06:39 +02:00
  • 3e5d25eca6 Remove container.json from readme Michael Crosby 2014-04-30 18:52:15 -07:00
  • 761fd72512 Make native driver use Exec func with different CreateCommand Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 18:49:24 -07:00
  • 2afcf71b2c Fix execin with environment and Enabled support Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 18:24:47 -07:00
  • cc33cd3410 Integrate new structure into docker's native driver Michael Crosby 2014-04-30 18:20:01 -07:00
  • 8cd88f75fa Remove command factory and NsInit interface from libcontainer Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 17:55:15 -07:00
  • 2db754f3ee Export more functions from libcontainer Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 17:18:07 -07:00
  • aecfa0d890 Split term files to make it easier to manage Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 17:04:09 -07:00
  • a0ab2aa12e Export syncpipe fields Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 17:02:45 -07:00
  • d6deab19dc Merge pull request #5511 from crosbymichael/refactor-libcontainer Guillaume J. Charmes 2014-04-30 16:50:57 -07:00
  • 9e4ea7734d Merge pull request #5512 from crosbymichael/set-freezer Guillaume J. Charmes 2014-04-30 16:50:01 -07:00
  • 6c3fd65a5c Add ability to set cgroups freezer Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 16:07:12 -07:00
  • 3fde553297 Remove statewriter interface, export more libcontainer funcs Michael Crosby 2014-04-30 15:52:40 -07:00
  • f98f4455b9 Export SetupUser Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 15:27:59 -07:00
  • 32e9beb86e Remove logger from nsinit struct Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 15:24:18 -07:00
  • 039b08e945 Merge pull request #5498 from tianon/better-apparmor-missing-error Michael Crosby 2014-04-30 15:16:43 -07:00
  • b6344f992e Merge pull request #5448 from crosbymichael/selinux-defaults Guillaume J. Charmes 2014-04-30 14:14:39 -07:00
  • 4b772dcb94 Merge pull request #5506 from crosbymichael/add-system-maintainer Michael Crosby 2014-04-30 14:14:21 -07:00
  • 8e22ca2eed Merge pull request #5464 from tianon/close-leftover-fds Michael Crosby 2014-04-30 12:27:52 -07:00
  • 81479222ec Add system maintainers Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) Michael Crosby 2014-04-30 12:01:06 -07:00
  • 3c1ad30029 FIXES #5398: pkg/graphdb build only dependent on cgo tag Bryan Matsuo 2014-04-25 03:11:32 -06:00
  • f4cb0afb99 Fix various MAINTAINERS format inconsistencies Tianon Gravi 2014-04-30 11:22:11 -06:00
  • 31e3d94a4f beam: Add more tests to unix_test.go Alexander Larsson 2014-03-25 13:19:41 +01:00