docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,561 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

581 Commits

Author SHA1 Message Date
Victor Vieux 5708aa62f3 use stderr to debug iptables 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-30 19:39:42 +00:00
Alexandr Morozov adb639117b Atomically increment sequence in pkg/netlink 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-30 16:08:29 +04:00
Vishnu Kannan 72e6e5ff7e Added a new method cgroups.GetStats() which will return a cgroups.Stats object which will contain all the available cgroup Stats. 
Remove old Stats interface in libcontainers cgroups package.
Changed Stats to use unit64 instead of int64 to prevent integer overflow issues.
Updated unit tests.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-05-29 20:16:49 +00:00
Michael Crosby 189c600b3b Merge pull request #6105 from gdm85/master 
Do not consider iptables' output an error in case of xtables lock
 2014-05-29 11:06:25 -07:00
Giuseppe Mazzotta 5e3b643ce6 * do not consider iptables' output an error in case of xtables lock 
Docker-DCO-1.1-Signed-off-by: Giuseppe Mazzotta <gdm85@users.noreply.github.com> (github: gdm85)
 2014-05-29 15:57:29 +02:00
Michael Crosby 5d04b9deaf Handle EBUSY on remount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-28 18:10:50 -07:00
Victor Vieux b204b97c9a Merge pull request #6083 from bernerdschaefer/nsinit-drop-capabilities-after-changing-user 
SETUID/SETGID not required for changing user
 2014-05-28 17:29:17 -07:00
Alexander Larsson 7f5cd76824 libcontainer: Don't create a device node on /dev/console to bind mount on 
There is no need for this, the device node by itself doesn't work, since
its not on a devpts fs, and we can just a regular file to bind mount over.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-28 21:07:40 +02:00
Alexander Larsson 35d08bdd01 Revert "Remove the bind mount for dev/console which override the mknod/label" 
This reverts commit ae85dd5458.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-28 21:07:27 +02:00
unclejack 2330be2adc Merge pull request #6076 from LK4D4/remove_collections_package 
Remove collections package
 2014-05-28 21:32:27 +03:00
Victor Marmol 5e2af07137 Merge pull request #5868 from jhspaybar/5749-libcontainerroutes 
libcontainer support for arbitrary route table entries
 2014-05-28 10:50:56 -07:00
William Thurston bf7f360dca Fixes #5749 
libcontainer support for arbitrary route table entries

Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
 2014-05-28 17:42:02 +00:00
Bernerd Schaefer 0563453b91 SETUID/SETGID not required for changing user 
It is no longer necessary to pass "SETUID" or "SETGID" capabilities to
the container when a "user" is specified in the config.

Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-28 16:41:48 +02:00
Bernerd Schaefer fd58524f81 Add system.SetKeepCaps and system.ClearKeepCaps 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-28 16:40:36 +02:00
Alexandr Morozov 31f0a61a3d Remove collections package 
It doesn't needed anymore аfter port and ip allocators refactoring
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4dmath@gmail.com> (github: LK4D4)
 2014-05-28 13:59:45 +04:00
Michael Crosby b9de22e828 Update wait calls to call Wait on Command 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-27 13:38:24 -07:00
unclejack 0d9a5ce6dd Merge pull request #6025 from crosbymichael/concurrent-names 
Improve name generation on concurrent requests
 2014-05-27 23:18:19 +03:00
Erik Hollensbe b01c3283fa libcontainer/nsinit: remove Wait call from Exec and Kill from Attach in tty_term.go 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Erik Hollensbe 92e41a02ce Add Wait() calls in the appropriate spots 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-05-27 12:26:56 -07:00
Michael Crosby 6ec86cb6e5 Improve name generation on concurrent requests 
Fixes #2586

This fixes a few races where the name generator asks if a name is free
but another container takes the name before it can be reserved.  This
solves this by generating the name and setting it.  If the set fails
with a non unique error then we try again.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 17:51:16 -07:00
Michael Crosby 3b4b0a901d Merge pull request #6018 from vishh/stats_strongtype 
Strong type all stats exported by libcontainer
 2014-05-23 14:35:14 -07:00
Michael Crosby 034babf175 Add check for iptables xlock support 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 14:18:50 -07:00
Vishnu Kannan 321b457044 Added stats.go which provides strong types for all stats that will be exported by libcontainer. This commit only introduces the strong type. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-05-23 20:42:43 +00:00
Michael Crosby b315c380f4 Add wait flag to iptables 
Fixes #1573
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 01:24:58 +00:00
Michael Crosby 3d78c49aab Merge pull request #5995 from vieux/recur_nodes 
Add device nodes recursively
 2014-05-22 16:35:27 -07:00
Victor Vieux b6c65df093 update test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-22 22:50:41 +00:00
Victor Vieux 0abb52c7a9 add recursive device nodes 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-22 22:29:13 +00:00
Victor Marmol 4a33a757d5 Make all cgroup stats output int64s instead of float64. 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-05-22 20:53:36 +00:00
Victor Vieux 55d41c3e21 Merge pull request #5976 from crosbymichael/getpids 
Move get pid into cgroup implementation
 2014-05-21 19:09:50 -07:00
Victor Vieux 5a0a03e394 Merge pull request #5922 from crosbymichael/host-dev-priv 
Mount /dev in tmpfs for privileged containers
 2014-05-21 18:56:24 -07:00
Michael Crosby 811d93326b Move get pid into cgroup implementation 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-21 21:14:07 +00:00
Tianon Gravi 8e967fe802 Revert "Always mount a /run tmpfs in the container" 
This reverts commit 905795ece6.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-05-21 14:28:19 -06:00
Michael Crosby f042c3c157 Update code post codereview 
Add specific types for Required and Optional DeviceNodes
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-21 00:40:41 +00:00
Michael Crosby ed5892ed4e Update documentation for container struct in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-20 23:34:46 +00:00
Michael Crosby 34c05c58c8 Mount /dev in tmpfs for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-20 22:51:24 +00:00
Alexander Larsson 6029504350 cgroups: Allow mknod for any device in systemd cgroup backend 
Without this any container startup fails:
2014/05/20 09:20:36 setup mount namespace copy additional dev nodes mknod fuse operation not permitted

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-20 09:29:32 +02:00
Michael Crosby a87bcefb8b Make sure dev/fuse is created in container 
Fixes #5849

If the host system does not have fuse enabled in the kernel config we
will ignore the is not exist errors when trying to copy the device node
from the host system into the container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-19 20:46:59 +00:00
Victor Marmol 30bd2bbc83 Merge pull request #5903 from alexlarsson/writable-proc 
Make /proc writable, but not /proc/sys and /proc/sysrq-trigger
 2014-05-19 12:21:15 -07:00
Alexander Larsson 68493e2f7f Make /proc writable, but not /proc/sys and /proc/sysrq-trigger 
Some applications want to write to /proc. For instance:

docker run -it centos groupadd foo

Gives: groupadd: failure while writing changes to /etc/group

And strace reveals why:

open("/proc/self/task/13/attr/fscreate", O_RDWR) = -1 EROFS (Read-only file system)

I've looked at what other systems do, and systemd-nspawn makes /proc read-write
and /proc/sys readonly, while lxc allows "proc:mixed" which does the same,
plus it makes /proc/sysrq-trigger also readonly.

The later seems like a prudent idea, so we follows lxc proc:mixed.
Additionally we make /proc/irq and /proc/bus, as these seem to let
you control various hardware things.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-05-19 20:46:05 +02:00
Victor Marmol cb7680b9b9 Merge pull request #5792 from bernerdschaefer/nsinit-supports-pdeathsig 
Add PDEATHSIG support to nsinit library
 2014-05-19 11:13:23 -07:00
Michael Crosby 265de539ff Merge pull request #5865 from crosbymichael/add-all-caps 
Add the rest of the caps so that they are retained in privilged mode
 2014-05-19 09:56:55 -07:00
Michael Crosby e1c7abe890 Add the rest of the caps so that they are retained in privilged mode 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-19 16:43:31 +00:00
Alexandr Morozov 72d1e40c4a Check uid ranges 
Fixes #5647
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-18 20:49:08 +04:00
Victor Vieux a0070f0c17 add support for CAP_FOWNER 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-17 01:16:07 +00:00
Victor Marmol 92614928ce Make libcontainer's CapabilitiesMask into a []string (Capabilities). 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
 2014-05-17 00:44:10 +00:00
Michael Crosby 62c3183fc8 Merge pull request #5833 from ActiveState/fix_nsinit_env_panic 
fix panic when passing empty environment
 2014-05-16 12:03:26 -07:00
Sridhar Ratnakumar d787f2731e fix panic when passing empty environment 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
 2014-05-16 11:55:34 -07:00
Victor Marmol 01d10d6f13 Merge pull request #5810 from vmarmol/drop-caps 
Change libcontainer to drop all capabilities by default.
 2014-05-16 11:51:41 -07:00
Bernerd Schaefer 6a1d76bc7b nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-16 13:48:41 +02:00
Bernerd Schaefer 00e1adfead nsinit.Init() restores parent death signal before exec 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
 2014-05-16 13:48:41 +02:00