Commit Graph

1821 Commits

Author SHA1 Message Date
Guillaume J. Charmes b722aa21b7 Merge pull request #4506 from creack/fix_apparmor
Use CGO for apparmor profile switch
2014-03-06 13:37:34 -08:00
Tianon Gravi 0b23393ba1 Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-03-06 13:39:17 -07:00
Guillaume J. Charmes c89fa6645e
Add buildflags to allow crosscompilation for apparmor
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-06 12:05:03 -08:00
Guillaume J. Charmes 31f62b934b Merge pull request #4503 from unclejack/attempt_to_fix_apparmor_profile
remove dbus from apparmor profile for Ubuntu 12.04
2014-03-06 11:20:06 -08:00
Guillaume J. Charmes f0f833c6d7
Use CGO for apparmor profile switch
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-06 11:10:58 -08:00
unclejack 46fdb6af8e remove dbus from apparmor profile
This removes the dbus entry from the apparmor profile Docker creates.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-03-06 19:47:03 +02:00
Alexander Larsson 5c9b28db18 libcontainer: Don't use UsetCloseOnExec, it is racy
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.

Instead we just use Cmd.ExtraFiles which handles all this for us.

This fixes https://github.com/dotcloud/docker/issues/4493

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-06 14:10:32 +01:00
Guillaume J. Charmes 920a6ca54c
Generate and load custom docker profile for apparmor
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-05 15:02:11 -08:00
Michael Crosby 37f137c822 Some cleanup around logs
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-05 13:50:49 -08:00
Guillaume J. Charmes cb4189a292
Add AppArmor support to native driver + change pipe/dup logic
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-05 13:08:24 -08:00
Victor Vieux 069dc7f8c7 fix panic with only long flags or only one deprecatd
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-05 19:45:57 +00:00
Victor Vieux 089bf5e11e fix usage for completly deprecated flag
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-05 19:27:39 +00:00
Michael Crosby 858d0356fd Merge pull request #4278 from alexlarsson/system
Create pkg/system and move stuff there from archive
2014-03-05 12:32:35 -05:00
Alexander Larsson d6114c0da0 Create pkg/system and move stuff there from archive
This is a package for generic system calls etc that for some reason
is not yet supported by "syscall", or where it is different enough
for the different ports to need portability wrappers.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-05 14:05:32 +01:00
Alexander Larsson 757b577572 libcontainer: Use MS_PRIVATE instead of MS_SLAVE
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-05 09:40:54 +01:00
Michael Crosby b07708c8de Add shm size cap to mount
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-04 14:18:40 -08:00
Guillaume J. Charmes 57a47f5bbf
Remove /dev tmpfs mountpoint
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-04 13:21:22 -08:00
Guillaume J. Charmes c74a8b28cd
remove /run mountpoint
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-04 12:32:17 -08:00
Guillaume J. Charmes 39d58129c3
Remove loopback mount bind
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-04 12:30:52 -08:00
Michael Crosby b63709c1f1 Merge pull request #4452 from crosbymichael/small-fixes-to-libcontainer
Add find tests and remove panic in DEBUG
2014-03-04 14:37:41 -05:00
Michael Crosby 7e52445f2f Add find tests and remove panic in DEBUG
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-04 08:55:12 -08:00
Alexander Larsson 5b5c884cc8 libcontainer: Use pivot_root instead of chroot
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-04 12:44:08 +01:00
Darren Shepherd b39d02b611 Support hairpin NAT without going through docker server
Hairpin NAT is currently done by passing through the docker server.  If
two containers on the same box try to access each other through exposed
ports and using the host IP the current iptables rules will not match the
DNAT and thus the traffic goes to 'docker -d'

This change drops the restriction that DNAT traffic must not originate
from docker0.  It should be safe to drop this restriction because the
DOCKER chain is already gated by jumps that check for the destination
address to be a local address.

Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
2014-03-03 21:53:57 -07:00
Guillaume J. Charmes 69c69059fc Merge pull request #4327 from crosbymichael/add-libcontainer
Add native execution driver to docker and make it the default
2014-03-03 16:34:20 -08:00
Sven Dowideit 2e71adac9f very minor spelling
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
2014-03-04 10:12:12 +10:00
Michael Crosby 5465fdf00f Factor out finalize namespace
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-03 12:15:47 -08:00
Victor Vieux bb5ed45224 add warning for deprecatd flags
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-03 19:57:05 +00:00
Michael Crosby 2f35f8e2a8 Update readme to remove .nspid
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-03 11:31:37 -08:00
Victor Vieux cb3d27d01b prevent flag grouping with --
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-03-03 19:17:28 +00:00
unclejack 7531f82c70 Merge pull request #4321 from vieux/docker_run_-it
Add support for docker run -it or docker images -qa
2014-03-03 20:52:10 +02:00
Alexander Larsson e8af7fcf6d runtime: Fix unique constraint error checks
The sqlite3 version in fedora (3.8) returns a different error string in the unique constraints
failure case than the one in hack/ (3.7). This updates the check to detect both, fixing
one integration check failure on Fedora.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-03 15:10:52 +01:00
Michael Crosby fdeea90fc8 Allow child process to live if daemon dies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-27 09:33:36 -08:00
Michael Crosby fb08b8b221 Code review updates
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-26 19:21:46 -08:00
Michael Crosby 7cd2245947 Ensure that loopback devices are mounted inside the conatiner
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-26 17:21:09 -08:00
Michael Crosby 70820b69ec Make network a slice to support multiple types
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-26 14:20:41 -08:00
Michael Crosby ce08083f9c Merge branch 'master' into add-libcontainer
Conflicts:
	execdriver/termconsole.go

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-26 12:55:24 -08:00
Michael Crosby 6016126c71 Fix cgroups swap issue when it is not supported
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-25 19:45:57 -08:00
Michael Crosby 93ed15075c Fix cross compile for make cross
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-25 15:19:13 -08:00
Victor Vieux 8dad771daa add version pkg
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-02-25 21:08:38 +00:00
Michael Crosby 96e33a7646 Move container.json and pid file into a root specific driver dir
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-25 12:41:31 -08:00
Guillaume J. Charmes ca42758368
Merge branch 'add-libcontainer' of https://github.com/crosbymichael/docker into add-libcontainer
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-25 11:42:15 -08:00
Michael Crosby de083400b8 Address initial feedback from pr
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-25 10:54:41 -08:00
Guillaume J. Charmes 91bf120c51
Better capability/namespace management
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-24 21:52:29 -08:00
Michael Crosby f8453cd049 Refactor and improve libcontainer and driver
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-24 21:11:52 -08:00
Michael Crosby 9cb4573d33 Improve logging for nsinit
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-24 18:38:36 -08:00
Michael Crosby a76407ac61 Cgroups allow devices for privileged containers
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-24 15:47:23 -08:00
Victor Vieux 3839e3a0f6 enable docker run -it
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-02-24 22:53:00 +00:00
Michael Crosby 1c79b747bb Honor user passed on container in nsinit
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-24 13:52:56 -08:00
Michael Crosby 01f9815b55 Fix tests with dockerinit lookup path
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-24 13:40:17 -08:00
Michael Crosby a08e78a78c Look for cpu subsystem instead of memory
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-24 10:46:20 -08:00
Michael Crosby fac41af25b Refactor driver to use Exec function from nsini
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-22 01:21:26 -08:00
Michael Crosby ae423a036e Abstract out diff implementations for importing
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-22 00:29:21 -08:00
Michael Crosby 2412656ef5 Add syncpipe for passing context
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 22:58:30 -08:00
Michael Crosby dd59f7fb28 Refactor exec method
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 22:37:09 -08:00
Michael Crosby 5a4069f3aa Refactor network creation and initialization into strategies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 22:26:07 -08:00
Michael Crosby 9876e5b890 Export functions of nsinit
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 21:14:21 -08:00
Michael Crosby 2419e63d24 Initial commit of libcontainer running docker
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 17:23:49 -08:00
Michael Crosby 332755b99d Pass tty master to Exec
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 16:40:32 -08:00
Michael Crosby c8fd81c278 Pass pipes into Exec function
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 16:28:43 -08:00
Michael Crosby a352ecb01a Use lookup path for init
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 16:17:18 -08:00
Michael Crosby ba025cb75c User os.Args[0] as name to reexec
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 15:32:50 -08:00
Michael Crosby 50c752fcb0 Add good logging support to both sides
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:17 -08:00
Michael Crosby 7f247e7006 Move tty into container.json
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:17 -08:00
Michael Crosby 6b2e963ce0 Refactor the flag management for main
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:17 -08:00
Michael Crosby 1316007e54 Make nsinit a proper go pkg and add the main in another dir
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 66baa0653b Make sure to close the pipe upon ctrl-d
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 1a4fb09219 Handle non-tty mode
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 83dfdd1d95 Minor cleanup
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 8dec4adcb3 Use a custom pipe instead of stdin for sync net namespace
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:16 -08:00
Guillaume J. Charmes b519d3ea5a Use flag for init
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:16 -08:00
Michael Crosby 7020e208c7 Move rest of cgroups functions into cgroups pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby 3cb698125d Change IP to address because it includes the subnet
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby c442586305 Refactory cgroups into general pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby f00f374138 Remove clone_vfork
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby 5f84738ef1 Revert "WIP for setup kmsg"
This reverts commit 80db9a918337c4ae80ffa9a001da13bd24e848c8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Alexander Larsson 664fc54e65 libcontainer: Initial version of cgroups support
This is a minimal version of raw cgroup support for libcontainer.
It has only enough for what docker needs, and it has no support
for systemd yet.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-02-21 14:56:16 -08:00
Michael Crosby f0b4dd6e58 WIP for setup kmsg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby e133d895a6 Remove privileged.json config
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby 70593be139 Add comments to many functions
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby e0ff0f4dd6 Add CAP_NET_ADMIN
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby 3a97fe27d8 Update readme and add TODO
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby d84feb8fe5 Refactor to remove cmd from container
Pass the container's command via args
Remove execin function and just look for an
existing nspid file to join the namespace
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby 420b5eb211 Add execin function to running a process in a namespace
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby 5d62916c48 Refactor large funcs
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Guillaume J. Charmes f3c48ec584 OSX compilation
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@dotcloud.com> (github: creack)
2014-02-21 14:56:16 -08:00
Michael Crosby 61a119220d General cleanup of libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby 5428964400 Add dynamic veth name
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:16 -08:00
Michael Crosby 34671f2010 Implement init veth creation
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Michael Crosby 7bc3c01250 Simplify namespaces with only nsinit
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Michael Crosby e25065a6b1 Use nsinit as app
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Guillaume J. Charmes 18f06b8d16 Fix ptmx issue on libcontainer
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:15 -08:00
Guillaume J. Charmes 93d41e53ae Improve general quality of libcontainer
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-21 14:56:15 -08:00
Michael Crosby 1142945769 Use nsinit for setting up namespace
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Michael Crosby 72e65b654b WIP moving to nsini
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Michael Crosby 68b049aed4 Make separate nsinit pkg for a dockerinit like init
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Michael Crosby e8abaf217b Initial commit of libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-21 14:56:15 -08:00
Michael Crosby 113629efb1 Merge pull request #4011 from crosbymichael/add-netlink-functions
Add more netlink functions
2014-02-18 19:37:52 -05:00
Victor Vieux 4187f4e750 Merge pull request #4168 from crosbymichael/add-listenbuffer
Hold connections until the daemon has fully loaded
2014-02-17 16:04:49 -08:00
Victor Vieux 518670f3d8 Merge pull request #4153 from crosbymichael/move-proxy
Move proxy into pkg
2014-02-17 14:51:16 -08:00
Michael Crosby 055f1a1f81 Remove verbose logging for non errors
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-17 13:31:13 -08:00
Michael Crosby a75c6907b4 Make crosbymichael and creack netlink maintainers
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-17 11:17:05 -08:00
Michael Crosby d5e41c1cb6 Change name to listenbuffer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-15 21:10:37 -08:00
Michael Crosby cfb7711a74 Add socket activation for go apps
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-15 20:18:47 -08:00
Michael Crosby 8c39db8f96 Move proxy into pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-14 15:48:05 -08:00
Michael Crosby 17719cab91 Add new functions to unsupported file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-14 12:12:35 -08:00
Guillaume J. Charmes 38e5b4e70f
Simplify code + Allow more generic attr children + remove prefix
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-12 09:29:06 -08:00
Guillaume J. Charmes dce7b6a69c
Merge remote-tracking branch 'mike/add-netlink-functions' into implement_create_veth
Conflicts:
	pkg/netlink/netlink_linux.go

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-12 04:17:12 -08:00
Guillaume J. Charmes 2d2c237f50
Implement create veth
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-12 04:09:56 -08:00
Solomon Hykes e6e320acc7 pkg/opts: a collection of custom value parsers implementing flag.Value
This facilitates the refactoring of commands.go.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-02-11 19:59:52 -08:00
Michael Crosby 34f5d94b2c Merge branch 'add-netlink-functions' of github.com:crosbymichael/docker into add-netlink-functions
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-11 03:33:18 -08:00
Tianon Gravi c626349f65 Add comment clarifying null termination
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-02-11 10:32:31 -07:00
Michael Crosby 27ed9a9f98 Exec out to ip right now for creating the veth pair
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-11 03:32:35 -08:00
Michael Crosby f9cd1be6ff Add more netlink functions for set ns by fd and bring iface down
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-10 22:32:07 -08:00
Michael Crosby 4dec36d1ee Allow add of empty name
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-10 16:41:16 -08:00
Victor Vieux 2dcb48af0f Merge pull request #3524 from tianon/supplementary-groups
Add supplementary groups lookup in sysinit
2014-02-10 14:42:14 -08:00
Michael Crosby 38eabfa65c Create veth pair via netlink
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-10 13:37:16 -08:00
Michael Crosby 27df18ff11 Improve get if socket loop
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-10 11:36:23 -08:00
Tianon Gravi 3a7c144e99 Update NetworkChangeName to be more similar to my original (moving IFNAMSIZ constant outside the function like it should've been)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-02-09 18:14:17 -07:00
Michael Crosby 524416560a Replace my C code with tianons Go code
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-09 05:54:13 -08:00
Michael Crosby ee39033073 Use c to change interface name
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-08 20:44:04 -08:00
Michael Crosby e3762e8d69 Add network set interface in namespace by pid
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-08 10:03:16 -08:00
Michael Crosby a6c791e8a9 Add set master for interface
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-08 09:53:04 -08:00
Guillaume J. Charmes 547ac42199
Add Freebsd client support
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-02-06 16:40:39 -08:00
Brandon Philips 15711ed670 pkg: systemd: add initial MAINTAINERS
I volunteered for pkg/systemd MAINTAINER and there were no objections
during the #docker-dev meeting. For context I wrote most of the stuff in
here and wrote the dependent calls in api.go. Plus, I actively test the
code via CoreOS.

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
2014-02-06 12:04:35 -08:00
Josh Poimboeuf ea63ade772 iptables: use dest_addr and dest_port for public port FORWARD rule
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
2014-02-04 11:32:50 -06:00
Michael Crosby 4ffc52385c Use type switch instead of reflection
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-01-31 20:15:24 -07:00
Tianon Gravi ee93f6185b Move UserLookup functionality into a separate pkg/user submodule that implements proper parsing of /etc/passwd and /etc/group, and use that to add support for "docker run -u user:group" and for getting supplementary groups (if ":group" is not specified)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-01-31 20:15:24 -07:00
Victor Vieux 78189c9bcf Merge pull request #3876 from dotcloud/fix_panic_mflag
fix panic in mflag
2014-01-31 14:43:16 -08:00
Michael Crosby 53ee1daa69 Merge pull request #3841 from alexlarsson/separate-base-fs
Separate out graphdriver mount and container root
2014-01-31 11:49:14 -08:00
Victor Vieux 65794a2c49 fix panic in mflag
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-01-31 11:39:29 -08:00
Tianon Gravi 065dd231dd Update/fix build tags, Dockerfile, and release.sh for proper building and releasing of linux/386 and linux/arm cross-compiled client binaries
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-01-31 03:16:42 -07:00
Guillaume J. Charmes 45dd051e8e Remove all darwin specific files and use more generic _unsupported with build tags.
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-01-30 23:10:56 +00:00
Alexander Larsson fc1169a220 pkg/mount: Add "private" flag
This allows "mount --make-private" functionallity.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-01-30 16:41:45 +01:00
unclejack 6013cbdce8 Merge pull request #3810 from jpoimboe/iptables-forward-public-ports
network: add publicly mapped ports to FORWARD table
2014-01-29 11:53:26 -08:00
Michael Crosby c00cb1aca1 Merge pull request #3808 from alexlarsson/execdriver-get-pids-for-container
execdriver: Make GetPidsForContainer() a driver call
2014-01-29 10:38:10 -08:00
Michael Crosby 2723133a69 Merge pull request #3105 from philips/add-socket-activation
Add socket activation
2014-01-28 11:38:25 -08:00
Josh Poimboeuf ef6c0d5341 remove ip_forward warning
Now that docker sets /proc/sys/net/ipv4/ip_forward by default (unless
the user manually specifies "-ip-forward=false"), there's no need to
warn if its disabled.

Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
2014-01-28 13:27:56 -06:00
Josh Poimboeuf db250f709a network: add publicly mapped ports to FORWARD table
Allow publicly mapped ports to be made public beyond the host.  This is
needed for distros like Fedora and RHEL which have a reject all rule at
the end of their FORWARD table.

Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
2014-01-28 13:11:49 -06:00
Alexander Larsson 335bc39c9a execdriver: Make GetPidsForContainer() a driver call
The current implementation is lxc specific.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-01-28 16:21:49 +01:00
Brandon Philips 7839350dd5 chore(coreos/go-systemd): copy to github.com/dotcloud/docker/systemd/pkg/activation
Via https://github.com/dotcloud/docker/pull/3105#issuecomment-32807547

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
2014-01-27 17:18:09 -08:00
Brandon Philips def0952606 chore(systemd): use activation.Listeners instead of Files
Use this Listeners() API that was exposed to save a few more lines of
boiler plate code.

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
2014-01-27 17:18:09 -08:00
Brandon Philips 7f9d3268bf Allow fd:// like unix:// and tcp://
Somthing like 20605eb310

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
2014-01-27 17:18:09 -08:00
Brandon Philips 566fb31c88 Move listenfd to utility package
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
2014-01-27 17:18:09 -08:00
Victor Vieux c4e7b0e4d5 fix mflag import
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
2014-01-27 23:29:56 +00:00
Guillaume J. Charmes da30eb7c20 Remove std sort and use custom sort for performances
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-01-26 14:01:38 -08:00
Michael Crosby 303ed3c830 Add port allocator and move ipset into orderedintset
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-01-26 14:01:38 -08:00
Tianon Gravi f60eee4894 Fix mflag test issue with "ResetForTesting" (which only showed up under dyntest for some odd reason)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-01-23 13:03:17 -07:00
Victor Vieux be6aeda1e4 Merge pull request #3640 from proppy/networkgetroutes-add-default
netlink: add default Route to NetworkGetRoutes
2014-01-21 15:20:16 -08:00
Paul Nasrat 71c1646ba3 Don't expose cgroups via the execdriver API.
Use Resources to represent container limits rather than a cgroup specific field.

Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
2014-01-20 17:06:24 -05:00
Paul Nasrat 2553029959 Extract cgroups pkg.
Initial move before enhancing cgroups package.

Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
2014-01-20 14:15:44 -05:00
Michael Crosby 0f0e582490 Merge pull request #3680 from pnasrat/extract-mount-pkg
Extract mount into pkg.
2014-01-20 11:04:16 -08:00
Paul Nasrat 2e094db639 Extract mount into pkg.
Mount is self contained and generic, it should be in pkg, to allow other pkg modules to use it.

Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
2014-01-20 13:59:29 -05:00
Guillaume J. Charmes ff662446f7
Add MAINTAINER and remove docker/utils dep from pkg/sysinfo
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-01-20 10:20:29 -08:00
Guillaume J. Charmes 9e9f4b925b Rename Capabilities in sysinfo and move it to its own subpackage
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: crosbymichael)
2014-01-17 17:42:58 -08:00
Victor Vieux e71dbf4ee5 update commands.go
update docker.go

move to pkg

update docs

update name and copyright

change --sinceId to --since-id, update completion and docs

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor@docker.com> (github: vieux)
2014-01-17 17:33:15 -08:00
Johan Euphrosine 77d9fd2628 netlink: make darwin happy
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
2014-01-17 16:55:42 -08:00
Johan Euphrosine dadd54dba3 netlink: move Route type to common arch file
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
2014-01-17 14:04:11 -08:00
Johan Euphrosine 26726dc9ff netlink: add default Route to NetworkGetRoutes
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
2014-01-17 11:09:50 -08:00
Cory Forsyth 7a7c3d87d8 Fix misspelled Hawkings -> Hawking, Archimede -> Archimedes, Euclide -> Euclid
Docker-DCO-1.0-Signed-off-by: Cory Forsyth <cory.forsyth@gmail.com> (github: bantic)
2014-01-09 10:02:55 -05:00
Cory Forsyth 98193a397e Fix misspelling of Richard Feynman's last name
Docker-DCO-1.0-Signed-off-by: Cory Forsyth <cory.forsyth@gmail.com> (github: bantic)
2014-01-08 19:02:15 -05:00
Tianon Gravi e525ad3f9b Fix a few miscellaneous typos (Unkown -> Unknown, Recieve -> Receive)
Docker-DCO-1.0-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-01-07 22:15:53 -07:00
Solomon Hykes 7799ae27ca Move utility package 'iptables' to pkg/iptables 2014-01-06 15:41:24 -08:00
Guillaume J. Charmes 2b4bb67ce0 Merge pull request #3327 from shykes/pkg-graphdb
Move utility package 'graphdb' to pkg/graphdb
2013-12-23 16:33:11 -08:00
Victor Vieux 6155f07561 Merge pull request #3331 from shykes/pkg-names
Move utility package 'namesgenerator' to pkg/namesgenerator
2013-12-23 16:15:26 -08:00
Victor Vieux e6e35e5984 Merge pull request #3330 from shykes/pkg-term
Move utility package 'term' to pkg/term
2013-12-23 16:11:42 -08:00
Solomon Hykes a009d4ae8d Move utility package 'namesgenerator' to pkg/namesgenerator 2013-12-23 23:45:18 +00:00
Solomon Hykes 7ce7516c12 Move utility package 'term' to pkg/term 2013-12-23 23:42:37 +00:00
Solomon Hykes f6b91262a7 Move utility package 'netlink' to pkg/netlink 2013-12-23 23:39:39 +00:00
Solomon Hykes d16d748132 Move utility package 'graphdb' to pkg/graphdb 2013-12-23 23:33:06 +00:00
Solomon Hykes 652c2c2a80 Add README to pkg 2013-12-23 23:12:19 +00:00
Solomon Hykes 8e7db0432e Move utility package 'systemd' to pkg/systemd 2013-12-23 23:07:01 +00:00