83de20deb7
Instead of keeping all the old mounts in the container namespace and just using subtree as root we pivot_root so that the actual root in the namespace is the root we want, and then we unmount the previous mounts. This has multiple advantages: * The namespace mount tree is smaller (in the kernel) * If you break out of the chroot you could previously access the host filesystem. Now the host filesystem is fully invisible to the namespace. * We get rid of all unrelated mounts from the parent namespace, which means we don't hog these. This is important if we later switch to MS_PRIVATE instead of MS_SLAVE as otherwise these mounts would be impossible to unmount from the parent namespace. Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson) |
||
|---|---|---|
| cgroups | ||
| collections | ||
| graphdb | ||
| iptables | ||
| libcontainer | ||
| listenbuffer | ||
| mflag | ||
| mount | ||
| namesgenerator | ||
| netlink | ||
| opts | ||
| proxy | ||
| sysinfo | ||
| system | ||
| systemd | ||
| term | ||
| user | ||
| version | ||
| README.md | ||
pkg/ is a collection of utility packages used by the Docker project without being specific to its internals.
Utility packages are kept separate from the docker core codebase to keep it as small and concise as possible. If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the Docker organization, to facilitate re-use by other projects. However that is not the priority.
The directory pkg is named after the same directory in the camlistore project. Since Brad is a core
Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad!
Because utility packages are small and neatly separated from the rest of the codebase, they are a good place to start for aspiring maintainers and contributors. Get in touch if you want to help maintain them!