docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,401 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

234 Commits

Author SHA1 Message Date
Michael Crosby 87f0d63fb2 Check for apparmor enabled on host to populate profile 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-09 10:22:17 +00:00
Guillaume J. Charmes 4f828d67f0
Backup current docker apparmor profile and replace it with the new one 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-04-08 11:09:31 -07:00
Guillaume J. Charmes 8cfbc44661 Merge pull request #5049 from Supermathie/aa-fix 
apparmor: docker-default: Include base abstraction
 2014-04-07 21:34:01 -07:00
Guillaume J. Charmes 1d2126be6c Merge pull request #5025 from dstine/readme-fix 
fixed two readme typos
 2014-04-07 19:31:16 -07:00
Dan Stine 9c4d10b9a9 fixed three more typos 2014-04-07 22:09:15 -04:00
Michael Crosby b6042f252d Ensure that ro mounts are remounted 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-07 18:23:22 -07:00
Michael Brown 726206f2aa apparmor: pull in variables from tunables/global 
The variables that were defined at the top of the apparmor profile are best
pulled in via the <tunables/global> include.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
 2014-04-07 03:04:27 -04:00
Michael Brown 320b3e0d21 apparmor: abstractions/base expects pid variable 
Add 'pid' variable pointing to 'self' to allow parsing of profile to succeed

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
 2014-04-07 02:47:43 -04:00
Michael Brown e35c23311f apparmor: docker-default: Include base abstraction 
Encountered problems on 14.04 relating to signals between container
processes being blocked by apparmor. The base abstraction contains
appropriate rules to allow this communication.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
 2014-04-07 02:19:38 -04:00
Dan Stine bea71245c8 fixed two readme typos 2014-04-04 08:12:17 -04:00
Michael Crosby 18ef3cc24a Remove loopback setup for native driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-02 13:12:52 +00:00
Victor Vieux 9687c087ab Merge pull request #4953 from rhatdan/selinux 
These two patches should fix problems we see with running docker in the wild.
 2014-04-02 16:36:41 -07:00
unclejack 30ff3fa954 Merge pull request #4867 from crosbymichael/clean-shutdown 
Cleanly shutdown docker
 2014-04-02 01:48:03 +03:00
Michael Crosby 9cf89f8542 Merge pull request #4942 from vieux/cleanup_dev_libcontainer 
remove setupDev from libcontainer
 2014-04-01 14:28:17 -07:00
Dan Walsh 2224e0d65a In certain cases, setting the process label will not happen. 
When the code attempts to set the ProcessLabel, it checks if SELinux Is
enabled.  We have seen a case with some of our patches where the code
is fooled by the container to think that SELinux is not enabled.  Calling
label.Init before setting up the rest of the container, tells the library that
SELinux is enabled and everything works fine.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2014-04-01 13:30:10 -04:00
Michael Crosby 283daced0c Don't send prctl to be consistent with other drivers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-01 07:12:50 +00:00
Michael Crosby 5bb82f6313 Ensure a reliable way to kill ghost containers on reboot 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-01 07:11:41 +00:00
Victor Vieux d52d24dd80 remove setupDev from libcontainer 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-04-01 00:28:44 +00:00
Alexander Larsson 7f7d8419a7 cgroups: Splity out Apply/Cleanup to separate file/interface 
This leaves only the generic cgroup helper functions in cgroups.go and
will allow easy implementations of other cgroup managers.

This also wires up the call to Cleanup the cgroup which was missing
before.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-27 21:47:47 +01:00
Michael Crosby eab56ac007 Merge branch 'master' into pluginflag 
Conflicts:
	pkg/cgroups/cgroups.go
	pkg/libcontainer/nsinit/exec.go
	pkg/libcontainer/nsinit/init.go
	pkg/libcontainer/nsinit/mount.go
	runconfig/hostconfig.go
	runconfig/parse.go
	runtime/execdriver/driver.go
	runtime/execdriver/lxc/lxc_template.go
	runtime/execdriver/lxc/lxc_template_unit_test.go
	runtime/execdriver/native/default_template.go
	runtime/execdriver/native/driver.go

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-27 08:00:18 +00:00
Dan Walsh 4c43566925 This patch adds SELinux labeling support. 
docker will run the process(es) within the container with an SELinux label and will label
all of  the content within the container with mount label.  Any temporary file systems
created within the container need to be mounted with the same mount label.

The user can override the process label by specifying

-Z With a string of space separated options.

-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"

Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"

By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.

The process mcs level is based of the PID of the docker process that is creating the container.

If you run the container in --priv mode, the labeling will be disabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2014-03-26 15:30:40 -04:00
Michael Crosby 2c58a1e288 Change placement of readonly filesystem 
We need to change it to read only at the very end so that bound,
copy dev nodes and other ops do not fail.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-21 14:17:17 +00:00
Michael Crosby be5538d8a8 Allow containers to join the net namespace of other conatiners 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-21 00:48:17 +00:00
Michael Crosby 1bedae9107 Merge branch 'proppy-nsinit' into pluginflag 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-21 00:36:23 +00:00
Michael Crosby 70f3b9f4ce Add ability to work with individual namespaces 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-21 00:23:34 +00:00
Michael Crosby 443a75d5f6 Allow caps to be toggled in native driver with plugin flag 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-21 00:10:24 +00:00
Michael Crosby c5f9c4bd69 Dont use custom marshaling for caps and namespaces 
This also adds an enabled field to the types so that they
can be easily toggled.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-20 23:09:01 +00:00
Johan Euphrosine 5dbfe310fe libcontainer: remove duplicate imports 
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
 2014-03-18 16:25:26 -07:00
Johan Euphrosine f58757a699 libcontainer: goimports 
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
 2014-03-18 16:18:34 -07:00
Johan Euphrosine b10b950b11 libcontainer/nsinit/init: move mount namespace after network 
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
 2014-03-18 16:18:04 -07:00
Johan Euphrosine f52b2fdcbb libcontainer/network: add netns strategy 
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
 2014-03-18 16:17:28 -07:00
Michael Crosby 4b1513f9c3 Only unshare the mount namespace for execin 
Fixes #4728
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-17 18:52:56 -07:00
Timothy Hobbs 353df19ab7 Fix issue #4681 - No loopback interface within container when networking is disabled. 
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Remove loopback code from veth strategy

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Looback strategy: Get rid of uneeded code in Create
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Use append when building network strategy list

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Swap loopback and veth strategies in Networks list

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Revert "Swap loopback and veth strategies in Networks list"

This reverts commit 3b8b2c8454171d79bed5e9a80165172617e92fc7.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

When initializing networks, only return from the loop if there is an error

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
 2014-03-17 22:01:24 +01:00
Guillaume J. Charmes 597e0812fb Merge pull request #4645 from crosbymichael/add-logger 
Add logger to libcontainer
 2014-03-17 11:30:14 -07:00
Brandon Philips ad7e7d6123 chore(libcontainer): small grammar fix in types_test 
Someone probably got really used to typing er on the end of contain :)

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
 2014-03-17 11:07:29 -07:00
Brandon Philips 128381e0f0 refactor(libcontainer): rename to CapabilitiesMask 
The Capabilities field on libcontainer is actually used as a mask.
Rename the field so that this is more clear.

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
 2014-03-17 11:07:12 -07:00
Michael Crosby 39037a91f8 Send sigterm to child instead of sigkill 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-14 15:42:05 -07:00
Michael Crosby 0e863a584a Add stderr log ouput if in debug 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-14 09:55:05 -07:00
Michael Crosby 7294392c72 Add initial logging to libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-14 09:55:05 -07:00
Michael Crosby cbd2a30cd6 Update libcontainer readme and todo list 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-13 15:18:08 -07:00
Michael Crosby 28994f86ee Merge pull request #4656 from crosbymichael/fix-ptmx-link 
Always symlink /dev/ptmx for libcontainer
 2014-03-13 14:57:17 -07:00
Guillaume J. Charmes c7ea6e5da8 Merge pull request #4422 from alexlarsson/internal-mounts 
Move all bind-mounts in the container inside the namespace
 2014-03-13 14:55:29 -07:00
Michael Crosby 747275d30c Always symlink /dev/ptmx for libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-13 14:31:09 -07:00
Alexander Larsson 6c266c4b42 Move all bind-mounts in the container inside the namespace 
This moves the bind mounts like /.dockerinit, /etc/hostname, volumes,
etc into the container namespace, by setting them up using lxc.

This is useful to avoid littering the global namespace with a lot of
mounts that are internal to each container and are not generally
needed on the outside. In particular, it seems that having a lot of
mounts is problematic wrt scaling to a lot of containers on systems
where the root filesystem is mounted --rshared.

Note that the "private" option is only supported by the native driver, as
lxc doesn't support setting this. This is not a huge problem, but it does
mean that some mounts are unnecessarily shared inside the container if you're
using the lxc driver.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-13 20:01:29 +01:00
Guillaume J. Charmes 6a325f1c7a
Fix issue when /etc/apparmor.d does not exists 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-12 11:13:24 -07:00
Guillaume J. Charmes 915d967f55
Update email + add self to pkg/signal 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-10 20:26:45 -07:00
srid 03211ecce0 nsinit: prefix errors with their source 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
 2014-03-10 17:08:50 -07:00
Michael Crosby 36dd124b16 Add env var to toggle pivot root or ms_move 
Use the  DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 19:30:52 -08:00
Michael Crosby c38635020a Revert "Revert "libcontainer: Use pivot_root instead of chroot"" 
This reverts commit 82f797f140.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 17:19:59 -08:00
Michael Crosby 557e4fef44 Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"" 
This reverts commit bd263f5b15.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 17:19:47 -08:00
unclejack 78dc1ede52 Merge pull request #4512 from crosbymichael/no-pivot-root 
No pivot root because of ramdisk
 2014-03-07 02:54:03 +02:00
Michael Crosby bd263f5b15 Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE" 
This reverts commit 757b577572.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:41:03 -08:00
Michael Crosby 82f797f140 Revert "libcontainer: Use pivot_root instead of chroot" 
This reverts commit 5b5c884cc8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:32:06 -08:00
Michael Crosby ea9bce8724 Ensure that native containers die with the parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:30:56 -08:00
Michael Crosby 772ef99d28 Remove the ghosts and kill everything 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 15:30:26 -08:00
Guillaume J. Charmes b722aa21b7 Merge pull request #4506 from creack/fix_apparmor 
Use CGO for apparmor profile switch
 2014-03-06 13:37:34 -08:00
Tianon Gravi 0b23393ba1 Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-03-06 13:39:17 -07:00
Guillaume J. Charmes c89fa6645e
Add buildflags to allow crosscompilation for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 12:05:03 -08:00
Guillaume J. Charmes 31f62b934b Merge pull request #4503 from unclejack/attempt_to_fix_apparmor_profile 
remove dbus from apparmor profile for Ubuntu 12.04
 2014-03-06 11:20:06 -08:00
Guillaume J. Charmes f0f833c6d7
Use CGO for apparmor profile switch 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 11:10:58 -08:00
unclejack 46fdb6af8e remove dbus from apparmor profile 
This removes the dbus entry from the apparmor profile Docker creates.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-03-06 19:47:03 +02:00
Alexander Larsson 5c9b28db18 libcontainer: Don't use UsetCloseOnExec, it is racy 
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.

Instead we just use Cmd.ExtraFiles which handles all this for us.

This fixes https://github.com/dotcloud/docker/issues/4493

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-06 14:10:32 +01:00
Guillaume J. Charmes 920a6ca54c
Generate and load custom docker profile for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 15:02:11 -08:00
Michael Crosby 37f137c822 Some cleanup around logs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-05 13:50:49 -08:00
Guillaume J. Charmes cb4189a292
Add AppArmor support to native driver + change pipe/dup logic 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 13:08:24 -08:00
Alexander Larsson 757b577572 libcontainer: Use MS_PRIVATE instead of MS_SLAVE 
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-05 09:40:54 +01:00
Michael Crosby b07708c8de Add shm size cap to mount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 14:18:40 -08:00
Guillaume J. Charmes 57a47f5bbf
Remove /dev tmpfs mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 13:21:22 -08:00
Guillaume J. Charmes c74a8b28cd
remove /run mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:32:17 -08:00
Guillaume J. Charmes 39d58129c3
Remove loopback mount bind 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:30:52 -08:00
Michael Crosby b63709c1f1 Merge pull request #4452 from crosbymichael/small-fixes-to-libcontainer 
Add find tests and remove panic in DEBUG
 2014-03-04 14:37:41 -05:00
Michael Crosby 7e52445f2f Add find tests and remove panic in DEBUG 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 08:55:12 -08:00
Alexander Larsson 5b5c884cc8 libcontainer: Use pivot_root instead of chroot 
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-04 12:44:08 +01:00
Sven Dowideit 2e71adac9f very minor spelling 
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
 2014-03-04 10:12:12 +10:00
Michael Crosby 5465fdf00f Factor out finalize namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 12:15:47 -08:00
Michael Crosby 2f35f8e2a8 Update readme to remove .nspid 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 11:31:37 -08:00
Michael Crosby fdeea90fc8 Allow child process to live if daemon dies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-27 09:33:36 -08:00
Michael Crosby fb08b8b221 Code review updates 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 19:21:46 -08:00
Michael Crosby 7cd2245947 Ensure that loopback devices are mounted inside the conatiner 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 17:21:09 -08:00
Michael Crosby 70820b69ec Make network a slice to support multiple types 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 14:20:41 -08:00
Michael Crosby 93ed15075c Fix cross compile for make cross 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 15:19:13 -08:00
Michael Crosby 96e33a7646 Move container.json and pid file into a root specific driver dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 12:41:31 -08:00
Guillaume J. Charmes 91bf120c51
Better capability/namespace management 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-24 21:52:29 -08:00
Michael Crosby f8453cd049 Refactor and improve libcontainer and driver 
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 21:11:52 -08:00
Michael Crosby 9cb4573d33 Improve logging for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 18:38:36 -08:00
Michael Crosby a76407ac61 Cgroups allow devices for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 15:47:23 -08:00
Michael Crosby 1c79b747bb Honor user passed on container in nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:52:56 -08:00
Michael Crosby 01f9815b55 Fix tests with dockerinit lookup path 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:40:17 -08:00
Michael Crosby fac41af25b Refactor driver to use Exec function from nsini 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-22 01:21:26 -08:00
Michael Crosby ae423a036e Abstract out diff implementations for importing 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-22 00:29:21 -08:00
Michael Crosby 2412656ef5 Add syncpipe for passing context 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:58:30 -08:00
Michael Crosby dd59f7fb28 Refactor exec method 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:37:09 -08:00
Michael Crosby 5a4069f3aa Refactor network creation and initialization into strategies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:26:07 -08:00
Michael Crosby 9876e5b890 Export functions of nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 21:14:21 -08:00
Michael Crosby 2419e63d24 Initial commit of libcontainer running docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 17:23:49 -08:00
Michael Crosby 332755b99d Pass tty master to Exec 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:40:32 -08:00
Michael Crosby c8fd81c278 Pass pipes into Exec function 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:28:43 -08:00
Michael Crosby a352ecb01a Use lookup path for init 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:17:18 -08:00
Michael Crosby ba025cb75c User os.Args[0] as name to reexec 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 15:32:50 -08:00
Michael Crosby 50c752fcb0 Add good logging support to both sides 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Michael Crosby 7f247e7006 Move tty into container.json 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Michael Crosby 6b2e963ce0 Refactor the flag management for main 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Michael Crosby 1316007e54 Make nsinit a proper go pkg and add the main in another dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 66baa0653b Make sure to close the pipe upon ctrl-d 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 1a4fb09219 Handle non-tty mode 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 83dfdd1d95 Minor cleanup 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:17 -08:00
Guillaume J. Charmes 8dec4adcb3 Use a custom pipe instead of stdin for sync net namespace 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:16 -08:00
Guillaume J. Charmes b519d3ea5a Use flag for init 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:16 -08:00
Michael Crosby 7020e208c7 Move rest of cgroups functions into cgroups pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 3cb698125d Change IP to address because it includes the subnet 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby c442586305 Refactory cgroups into general pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby f00f374138 Remove clone_vfork 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 5f84738ef1 Revert "WIP for setup kmsg" 
This reverts commit 80db9a918337c4ae80ffa9a001da13bd24e848c8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Alexander Larsson 664fc54e65 libcontainer: Initial version of cgroups support 
This is a minimal version of raw cgroup support for libcontainer.
It has only enough for what docker needs, and it has no support
for systemd yet.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-02-21 14:56:16 -08:00
Michael Crosby f0b4dd6e58 WIP for setup kmsg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby e133d895a6 Remove privileged.json config 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 70593be139 Add comments to many functions 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby e0ff0f4dd6 Add CAP_NET_ADMIN 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 3a97fe27d8 Update readme and add TODO 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby d84feb8fe5 Refactor to remove cmd from container 
Pass the container's command via args
Remove execin function and just look for an
existing nspid file to join the namespace
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 420b5eb211 Add execin function to running a process in a namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 5d62916c48 Refactor large funcs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Guillaume J. Charmes f3c48ec584 OSX compilation 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@dotcloud.com> (github: creack)
 2014-02-21 14:56:16 -08:00
Michael Crosby 61a119220d General cleanup of libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 5428964400 Add dynamic veth name 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:16 -08:00
Michael Crosby 34671f2010 Implement init veth creation 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby 7bc3c01250 Simplify namespaces with only nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby e25065a6b1 Use nsinit as app 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Guillaume J. Charmes 18f06b8d16 Fix ptmx issue on libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:15 -08:00
Guillaume J. Charmes 93d41e53ae Improve general quality of libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:15 -08:00
Michael Crosby 1142945769 Use nsinit for setting up namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby 72e65b654b WIP moving to nsini 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby 68b049aed4 Make separate nsinit pkg for a dockerinit like init 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00
Michael Crosby e8abaf217b Initial commit of libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:15 -08:00