This fixes IP masquerading on systems with reject rules at the end of
the POSTROUTING table, by inserting the rule at the beginning of the
table instead of adding it at the end.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
This separates out the directory as returned from the graphdriver (the
"base" fs) from the root filesystem of the live container. This is
necessary as the "diff" operation needs access to the base filesystem
without all the mounts that the running container needs (/.dockerinit,
volumes, etc).
We change container in the following way:
Container.RootfsPath() returns the the directory which will be used as
the root in a running container. It is always of the form
"/var/lib/docker/container/<id>/root" and is a private bind mount to
the base filesystem. It is only available while the container is running.
Container.BasefsPath() returns the raw directory from the graph driver
without the container runtime mounts. It is availible whenever the
container is mounted (in between a container.Mount()/Unmount() pair,
which are properly refcounted).
This fixes issue #3840
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Do as was done to f09a78cd21 in the
socket-activation example.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
The integration tests had previously used the environment variable
DOCKER_INDEX_URL but it was apparently removed several months ago.
Change the integration auth tests to specify the ServerAddress field
of the AuthConfig struct to use the staging deployment of the index.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Docker-DCO-1.1-Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com> (github: lsm5)
systemd service no longer does '/bin/mount/ --make-rprivate /'.
Core issue fixed by Alex Larsson (commit 157d99a).
ip forwarding enabled.
As a bonus, if the user has run this script the way we recommend (ie, without "sudo" or "su", run as their user), we can actually give them the exact command they'll need with their correct username substituted appropriately.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
In 7fb55f7725 the DCO lost the grant so
change the title back to just DCO.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Now that docker sets /proc/sys/net/ipv4/ip_forward by default, remove
the step to enable it in the installation docs.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Now that docker sets /proc/sys/net/ipv4/ip_forward by default (unless
the user manually specifies "-ip-forward=false"), there's no need to
warn if its disabled.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Victor Vieux
Tianon Gravi
Chia-liang Kao
Andy Rothfusz
Michael Crosby
Josh Poimboeuf
Alexander Larsson
Sven Dowideit
James Turnbull
Piergiuliano Bossi
Brandon Philips
Josh Hawn
unclejack
Lokesh Mandvekar
Guillaume J. Charmes