docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,740 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

424 Commits

Author SHA1 Message Date
Jess Frazelle ff69b23dc0 Merge pull request #18395 from LK4D4/default_cgroup_is_not_daemon 
Use /docker as cgroup parent instead of docker
 2015-12-17 13:59:00 -08:00
Brian Goff ce0b1841c8 Merge pull request #17034 from rhvgoyal/volume-propagation 
Capability to specify per volume mount propagation mode
 2015-12-15 12:14:41 -05:00
Alexander Morozov ecc3717cb1 Merge pull request #18612 from mrunalp/update_runc 
Update runc/libcontainer to v0.0.6
 2015-12-14 13:05:53 -08:00
Jess Frazelle c38aa60180 Merge pull request #18393 from qzio/apparmor/ptrace-ubuntu14 
Enable ptrace in a container on apparmor below 2.9
 2015-12-14 10:07:01 -08:00
Vivek Goyal d4b4ce2588 Check Propagation properties of source mount point 
Whether a shared/slave volume propagation will work or not also depends on
where source directory is mounted on and what are the propagation properties
of that mount point. For example, for shared volume mount to work, source
mount point should be shared. For slave volume mount to work, source mount
point should be either shared/slave.

This patch determines the mount point on which directory is mounted and
checks for desired minimum propagation properties of that mount point. It
errors out of configuration does not seem right.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
 2015-12-14 10:39:53 -05:00
Vivek Goyal a2dc4f79f2 Add capability to specify mount propagation per volume 
Allow passing mount propagation option shared, slave, or private as volume
property.

For example.
docker run -ti -v /root/mnt-source:/root/mnt-dest:slave fedora bash

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
 2015-12-14 10:39:53 -05:00
Justas Brazauskas 927b334ebf Fix typos found across repository 
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
 2015-12-13 18:04:12 +02:00
Mrunal Patel e8f7d5885d Update runc/libcontainer to v0.0.6 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-12-11 15:24:32 -05:00
Joel Hansson 6480feb766 Enable ptrace in a container on apparmor below 2.9 
Ubuntu 14.04 LTS is on apparmor 2.8.95.
This enables `ps` inside a container without causing
audit log entries on the host.

Signed-off-by: Joel Hansson <joel.hansson@ecraft.com>
 2015-12-07 11:08:49 +01:00
Jess Frazelle 87a614ed55 Merge pull request #17989 from jfrazelle/initial-seccomp-support 
Phase 1: Initial seccomp support
 2015-12-05 08:33:58 -08:00
Ma Shimiao 3f15a055e5 Add support for blkio read/write bps device 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-12-04 09:26:03 +08:00
Jessica Frazelle 6707f4b9b6
inital seccomp support 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2015-12-03 16:30:44 -08:00
Alexander Morozov 4b55765c11 Use /docker as cgroup parent instead of docker 
It means that containers will be created under root cgroup and not under
daemon cgroup.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-12-03 08:42:45 -08:00
Arnaud Porterie 8f1f53f735 Merge pull request #16277 from runcom/add-oom-score-adj 
Add OomScoreAdj
 2015-12-02 11:49:51 -08:00
Dan Walsh b3e527dfd2 This patch adds --tmpfs as a option for mounting tmpfs on directories 
It will Tar up contents of child directory onto tmpfs if mounted over

This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
 2015-12-02 10:06:59 -05:00
Jess Frazelle e852959fad Merge pull request #18178 from jfrazelle/apparmor-we-meet-again 
Fix docker-default profile handing signals
 2015-11-30 11:34:34 -08:00
Jessica Frazelle f8db9a09e0
check version for docker-default aa profile 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2015-11-30 10:18:12 -08:00
Jess Frazelle 360a106511 Merge pull request #18303 from runcom/lxc-leftover 
daemon: remove sysInitPath, lxc leftover
 2015-11-30 09:37:05 -08:00
Alexander Morozov 377e1d75f9 Merge pull request #18239 from jfrazelle/17783-fix-regex 
Fix parsing of apparmor pcre syntax
 2015-11-30 09:15:25 -08:00
Antonio Murdaca d3af7f283d Add OomScoreAdj to configure container oom killer preferences 
libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to
better tune oom killing preferences for container process. This patch
simply integrates OomScoreAdj libcontainer's config option and adjust
the cli with this new option.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2015-11-30 11:19:04 +01:00
Antonio Murdaca 1b726b29b2 daemon: remove sysInitPath, lxc leftover 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2015-11-30 10:04:13 +01:00
Qiang Huang dd7b4fd651 Fix kernel memory limit 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-11-28 09:47:25 +08:00
Jessica Frazelle c0f7fdc025
Fix parsing of apparmor pcre syntax 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2015-11-25 10:38:18 -08:00
Stefan Berger 5cd6b3eca2
Adjust docker-default profile when docker daemon is confined 
Adjust the docker-default profile for when the docker daemon is running in
AppArmor confinement. To enable 'docker kill' we need to allow the container
to receive kill signals from the daemon.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-11-23 15:20:01 -08:00
Vincent Demeester c32f8bb36a Merge pull request #17704 from LK4D4/default_cgroupfs 
Use fs cgroups by default
 2015-11-19 14:01:13 +01:00
Alexander Morozov 419fd7449f Use fs cgroups by default 
Our implementation of systemd cgroups is mixture of systemd api and
plain filesystem api. It's hard to keep it up to date with systemd and
it already contains some nasty bugs with new versions. Ideally it should
be replaced with some daemon flag which will allow to set parent systemd
slice.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-11-18 16:16:13 -08:00
Alexander Morozov 9187656305 Merge pull request #16639 from mrunalp/skip_dev_setup 
Skip /dev setup in container when it is bind mounted in
 2015-11-17 11:36:00 -08:00
David Calavera 6f1bc096a6 Merge pull request #18025 from Microsoft/10662-ArgumentEscaping 
Windows: Fix docker exec
 2015-11-17 11:14:54 +01:00
Darren Stahl d7692b02bd Typo in previous PR processConfig, not c.ProcessConfig 
Signed-off-by: Darren Stahl <darst@microsoft.com>
 2015-11-16 11:56:01 -08:00
Antonio Murdaca ad8a66573c Merge pull request #17851 from Microsoft/10662-ArgumentEscaping 
Prevent double escaping of Dockerfile commands on Windows
 2015-11-14 17:25:53 +01:00
Darren Stahl 9db5db1b94 This fixes the case where arguments are escaped twice from Dockerfiles on 
Windows

Signed-off-by: Darren Stahl <darst@microsoft.com>
 2015-11-13 10:43:06 -08:00
Vincent Demeester 588fedef4a Merge pull request #17949 from Microsoft/jjh/cpuweighttp4 
Windows: TP4 fix cpu weight
 2015-11-12 21:13:09 +01:00
Vincent Demeester 812a1c149a Merge pull request #13959 from Mashimiao/add-support-blkio_weight_device 
Add support for blkio.weight_device
 2015-11-12 20:42:13 +01:00
John Howard 90eac6b48b Windows: TP4 fix cpu weight 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-11-12 11:08:24 -08:00
David Calavera 8cf38b6a8b Merge pull request #17589 from Microsoft/jjh/refactorprocessconfig 
Refactor ProcessConfig
 2015-11-12 07:28:32 -08:00
Ma Shimiao 0fbfa1449d Add support for blkio.weight_device 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-11-11 23:06:36 +08:00
Sebastiaan van Stijn d4c4557b1a Merge pull request #17613 from Microsoft/10662-isolationexecopt 
Windows: Add default isolation exec driver option
 2015-11-10 19:55:46 +00:00
John Howard a429ad1e35 Windows: Add default isolation exec driver option 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-11-10 11:39:05 -08:00
David Calavera 58b270c338 Merge pull request #17431 from vdemeester/hope-it-does-not-broke-everything-again 
Another try at dockerversion placeholder for library import
 2015-11-09 13:15:50 -08:00
Vincent Demeester 8054a30387 dockerversion placeholder for library import 
- Add a *version* file placeholder.
- Update autogen and builds to use it and an autogen build flag

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
 2015-11-09 19:32:46 +01:00
John Howard 5fa2e4d4f2 Refactor ProcessConfig 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-11-09 09:51:09 -08:00
John Howard 77af7d1067 Refactor exitStatus structure 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-11-09 08:26:35 -08:00
Brian Goff 342e6bb99f Merge pull request #17581 from Microsoft/10662-factoroutexecuser 
Windows: Factor out user in execdriver\driver
 2015-11-07 22:11:26 -05:00
John Howard b10dd17e06 Don't build utils on Windows 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-11-07 08:46:36 -08:00
Alexander Morozov ad55d29c91 Merge pull request #17575 from Microsoft/10662-nativetemplate 
Windows: Fix native exec template
 2015-11-06 16:14:44 -08:00
Lei Jitang 00d00b429f Remove LxcConf in daemon_test.go and fix a typo 
Signed-off-by: Lei Jitang <leijitang@huawei.com>
 2015-11-06 09:58:06 +08:00
David Calavera 157b66ad39 Remove exec-driver global daemon option. 
Each platform has only a driver now.

Signed-off-by: David Calavera <david.calavera@gmail.com>
 2015-11-05 17:09:58 -05:00
David Calavera 3b5fac462d Remove LXC support. 
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.

Signed-off-by: David Calavera <david.calavera@gmail.com>
 2015-11-05 17:09:57 -05:00
John Howard 910e4ba7ed Windows: Factor out user in execdriver\driver 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-10-31 19:19:24 -07:00
John Howard be2f53ece8 Windows: Fix native exec template 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-10-31 11:39:19 -07:00