docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,743 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

87 Commits

Author SHA1 Message Date
Michael Crosby 36dd124b16 Add env var to toggle pivot root or ms_move 
Use the  DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 19:30:52 -08:00
Michael Crosby c38635020a Revert "Revert "libcontainer: Use pivot_root instead of chroot"" 
This reverts commit 82f797f140.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 17:19:59 -08:00
Michael Crosby 557e4fef44 Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"" 
This reverts commit bd263f5b15.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 17:19:47 -08:00
unclejack 78dc1ede52 Merge pull request #4512 from crosbymichael/no-pivot-root 
No pivot root because of ramdisk
 2014-03-07 02:54:03 +02:00
Michael Crosby bd263f5b15 Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE" 
This reverts commit 757b577572.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:41:03 -08:00
Michael Crosby 82f797f140 Revert "libcontainer: Use pivot_root instead of chroot" 
This reverts commit 5b5c884cc8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:32:06 -08:00
Michael Crosby ea9bce8724 Ensure that native containers die with the parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:30:56 -08:00
Michael Crosby 772ef99d28 Remove the ghosts and kill everything 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 15:30:26 -08:00
Guillaume J. Charmes b722aa21b7 Merge pull request #4506 from creack/fix_apparmor 
Use CGO for apparmor profile switch
 2014-03-06 13:37:34 -08:00
Tianon Gravi 0b23393ba1 Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-03-06 13:39:17 -07:00
Guillaume J. Charmes c89fa6645e
Add buildflags to allow crosscompilation for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 12:05:03 -08:00
Guillaume J. Charmes 31f62b934b Merge pull request #4503 from unclejack/attempt_to_fix_apparmor_profile 
remove dbus from apparmor profile for Ubuntu 12.04
 2014-03-06 11:20:06 -08:00
Guillaume J. Charmes f0f833c6d7
Use CGO for apparmor profile switch 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 11:10:58 -08:00
unclejack 46fdb6af8e remove dbus from apparmor profile 
This removes the dbus entry from the apparmor profile Docker creates.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-03-06 19:47:03 +02:00
Alexander Larsson 5c9b28db18 libcontainer: Don't use UsetCloseOnExec, it is racy 
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.

Instead we just use Cmd.ExtraFiles which handles all this for us.

This fixes https://github.com/dotcloud/docker/issues/4493

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-06 14:10:32 +01:00
Guillaume J. Charmes 920a6ca54c
Generate and load custom docker profile for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 15:02:11 -08:00
Michael Crosby 37f137c822 Some cleanup around logs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-05 13:50:49 -08:00
Guillaume J. Charmes cb4189a292
Add AppArmor support to native driver + change pipe/dup logic 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 13:08:24 -08:00
Alexander Larsson 757b577572 libcontainer: Use MS_PRIVATE instead of MS_SLAVE 
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-05 09:40:54 +01:00
Michael Crosby b07708c8de Add shm size cap to mount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 14:18:40 -08:00
Guillaume J. Charmes 57a47f5bbf
Remove /dev tmpfs mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 13:21:22 -08:00
Guillaume J. Charmes c74a8b28cd
remove /run mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:32:17 -08:00
Guillaume J. Charmes 39d58129c3
Remove loopback mount bind 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:30:52 -08:00
Michael Crosby b63709c1f1 Merge pull request #4452 from crosbymichael/small-fixes-to-libcontainer 
Add find tests and remove panic in DEBUG
 2014-03-04 14:37:41 -05:00
Michael Crosby 7e52445f2f Add find tests and remove panic in DEBUG 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 08:55:12 -08:00
Alexander Larsson 5b5c884cc8 libcontainer: Use pivot_root instead of chroot 
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-04 12:44:08 +01:00
Sven Dowideit 2e71adac9f very minor spelling 
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
 2014-03-04 10:12:12 +10:00
Michael Crosby 5465fdf00f Factor out finalize namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 12:15:47 -08:00
Michael Crosby 2f35f8e2a8 Update readme to remove .nspid 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 11:31:37 -08:00
Michael Crosby fdeea90fc8 Allow child process to live if daemon dies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-27 09:33:36 -08:00
Michael Crosby fb08b8b221 Code review updates 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 19:21:46 -08:00
Michael Crosby 7cd2245947 Ensure that loopback devices are mounted inside the conatiner 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 17:21:09 -08:00
Michael Crosby 70820b69ec Make network a slice to support multiple types 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 14:20:41 -08:00
Michael Crosby 93ed15075c Fix cross compile for make cross 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 15:19:13 -08:00
Michael Crosby 96e33a7646 Move container.json and pid file into a root specific driver dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 12:41:31 -08:00
Guillaume J. Charmes 91bf120c51
Better capability/namespace management 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-24 21:52:29 -08:00
Michael Crosby f8453cd049 Refactor and improve libcontainer and driver 
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 21:11:52 -08:00
Michael Crosby 9cb4573d33 Improve logging for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 18:38:36 -08:00
Michael Crosby a76407ac61 Cgroups allow devices for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 15:47:23 -08:00
Michael Crosby 1c79b747bb Honor user passed on container in nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:52:56 -08:00
Michael Crosby 01f9815b55 Fix tests with dockerinit lookup path 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:40:17 -08:00
Michael Crosby fac41af25b Refactor driver to use Exec function from nsini 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-22 01:21:26 -08:00
Michael Crosby ae423a036e Abstract out diff implementations for importing 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-22 00:29:21 -08:00
Michael Crosby 2412656ef5 Add syncpipe for passing context 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:58:30 -08:00
Michael Crosby dd59f7fb28 Refactor exec method 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:37:09 -08:00
Michael Crosby 5a4069f3aa Refactor network creation and initialization into strategies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:26:07 -08:00
Michael Crosby 9876e5b890 Export functions of nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 21:14:21 -08:00
Michael Crosby 2419e63d24 Initial commit of libcontainer running docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 17:23:49 -08:00
Michael Crosby 332755b99d Pass tty master to Exec 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:40:32 -08:00
Michael Crosby c8fd81c278 Pass pipes into Exec function 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:28:43 -08:00