docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,501 Commits 21 Branches 28 Tags 813 MiB
Commit Graph

442 Commits

Author SHA1 Message Date
Andrea Luzzardi b669025949 Stable MAC addresses: Add support for MAC address restoring. 
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
 2014-10-03 13:46:24 -07:00
Andrea Luzzardi a487593729 Stable Networking: Keep the same network settings across container restarts. 
This change will allocate network settings (IP and public ports) at
container creation rather than start and keep them throughout the
lifetime of the container (i.e. until it gets destroyed) instead of
discarding them when the container is stopped.

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
 2014-10-03 13:46:24 -07:00
Brian Goff 882223c0f8 Fix #8259 - Can't reuse symlink'd bindmount 
volumes.Get was not checking for symlinked paths meanwhile when adding a
new volume it was following the symlink.
So when trying to use a bind-mount that is a symlink, the volume is
added with the correct path, but when another container tries to use the
same volume it got a "Volume exists" error because volumes.Get returned
nil and as such attempted to create a new volume.

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
 2014-09-26 14:36:44 -04:00
Michael Crosby 0bb5f98731 Merge pull request #8233 from tiborvass/pr-7658 
Fix Interactive container hangs when redirecting stdout
 2014-09-26 11:31:29 -07:00
Tibor Vass 29a62ceefc Add DockerCli tests 
Signed-off-by: Tibor Vass <teabee89@gmail.com>
 2014-09-25 20:58:43 +02:00
Victor Vieux 857b739e29 Merge pull request #8208 from estesp/7851-fix-hostname-fqdn 
Provide full hostname with domainname to underlying container layer
 2014-09-25 11:33:50 -07:00
Phil Estes 5239ba3d06 Provide full hostname with domainname to underlying container layer 
Addresses #7851

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
 2014-09-25 09:23:39 -04:00
unclejack f2fad5c290 Merge pull request #8173 from crosbymichael/update-mem-limit 
Update memory limit for container
 2014-09-24 20:55:25 +03:00
Michael Crosby 9b755412ab Update memory limit for container 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2014-09-22 21:41:14 +00:00
Alexandr Morozov 652cd6a842 Test on execdriver dir behavior 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-09-22 22:49:21 +04:00
Brian Goff 45407cf00a Split volumes out from daemon 
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
 2014-09-19 17:47:47 -05:00
Alexandr Morozov aa536b27a7 Use prefix naming for docker_cli_run_test.go 
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
 2014-09-19 21:56:24 +04:00
Jessica Frazelle 42dafe4bd8 test for panic on daemon restart 
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
 2014-09-18 21:54:42 +00:00
Tim Hockin 68e48b65a6 Allow extra lines in /etc/hosts 
This adds a --add-host host:ip flag which appends lines to /etc/hosts.  This is needed in places where you want the container to get a different name resolution than it would through DNS.  This was submitted before as #5525, closed, and now I am re-opening.  It has come up 2 or 3 times in the last couple days.

Signed-off-by: Tim Hockin <thockin@google.com>
 2014-09-16 23:38:23 +00:00
Brian Goff 0a3211f131 Fix #7792 - Order mounts 
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
 2014-09-16 14:51:06 -07:00
Alexandr Morozov 00fd008170 Merge pull request #8062 from vishh/run_in_phase2 
Add support for 'docker exec' - phase 2
 2014-09-16 23:56:12 +04:00
Vishnu Kannan d980589de6 Adding integration tests for docker exec feature. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-09-15 16:59:59 +00:00
Erik Hollensbe 09b700288e Allow /etc/hosts and /etc/resolv.conf to be updated both outside and 
inside the container.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-09-13 11:27:34 -07:00
Michael Crosby a96811272a Merge pull request #7934 from LK4D4/fix_double_allocation 
Fix error propagation from userland-proxy
 2014-09-12 11:39:10 -07:00
unclejack 3ec564bfda integ-cli: better debug output for run & import 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-09-12 16:51:21 +03:00
Alexandr Morozov 41e9e93e27 Fix my own comments from #7927 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-09-12 10:05:07 +04:00
Tibor Vass 3109fc9537 Add Test for port allocation bug (port already in use by other programs than docker) 
Signed-off-by: Tibor Vass <teabee89@gmail.com>
 2014-09-12 09:51:14 +04:00
Alexandr Morozov 2e7cf6b0ce Deallocate port before trying to delete iptables chain 
Fixes #7954
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-09-10 00:40:46 +04:00
unclejack 05a76477e6 integ-cli: increase verbosity for mem & cpu test 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-09-08 20:46:45 +03:00
Alexandr Morozov ba24820284 Don't initialize network for 'none' mode 
Fixes #7837

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-09-04 09:50:58 +04:00
Michael Crosby c0a5ec75c5 Add more error info to TestDockerRunEchoStdoutWithMemoryLimit 
This test fails on my CI server often so we need more info when it does
happen with this test.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2014-09-01 17:09:52 -07:00
Alexandr Morozov 195cee9983
Move TestRunCidFileCheckIDLength to integration-cli 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-09-01 20:15:20 +04:00
Alexandr Morozov 8892320835
Move TestRunCidFileCleanupIfEmpty to integration-cli 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-09-01 19:55:39 +04:00
Alexandr Morozov 3c984a6d15
Add logDone logs where it's missing 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-08-28 09:25:57 +04:00
Michael Crosby 2a5e29adc6 Merge pull request #7677 from erikh/update_hosts_linked_containers 
Update /etc/hosts when linked container is restarted
 2014-08-27 19:54:09 -07:00
Michael Crosby 77eefbc688 Merge pull request #7672 from cpuguy83/cleanup_volumes_from 
Cleanup: applyVolumesFrom
 2014-08-27 19:43:16 -07:00
Victor Vieux 450740c891 Update /etc/hosts when linked container is restarted 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-08-27 18:23:41 -07:00
Victor Vieux 5b27fbc0e2 move TestEntrypoint & TestBindMounts 
Signed-off-by: Victor Vieux <vieux@docker.com>
 2014-08-28 00:25:10 +00:00
Brian Goff 7495fbc0e3 Cleanup: applyVolumesFrom 
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
 2014-08-26 20:52:58 -04:00
Alexandr Morozov 17b95ecb08
Handle error from GetDevice early 
Also more verbose error.

Fixes panic from #7701

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-08-24 14:09:30 +04:00
Victor Vieux fc39f9c78d add tests 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-08-19 17:06:17 +00:00
Alexandr Morozov c19e0fe7e2
Move TestRunExit to integration-cli 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-08-12 13:40:14 +04:00
Alexandr Morozov a44f065f17
Move TestRunWorkdirExistsAndIsFile to integration-cli 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
 2014-08-12 12:22:25 +04:00
Michael Crosby 01022a305d Merge pull request #7405 from LK4D4/indicate_run_volume_test_pass 
Print about "copy volume content" test passing
 2014-08-07 15:09:41 -07:00
LK4D4 825ca10dfd Print about "copy volume content" test passing 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-08-04 21:27:28 +04:00
Alexandr Morozov aa2d6dbc0c Inherit Cmd only if no --entrypoint specified on run 
Fixes #5147
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-08-04 21:17:37 +04:00
Michael Crosby 5d2a62d8de Merge pull request #7295 from vishh/rbind 
Make lxc driver rbind all user specified mounts.
 2014-08-01 10:25:45 -07:00
Tianon Gravi 8ea7242250 Update TestEnvironment to explicitly set "HOME" to be empty so it gets autofilled 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-07-31 12:46:41 -06:00
Tianon Gravi 57b9467f45 Add support for autodetected HOME from USER (if HOME is unset) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-07-31 12:46:36 -06:00
Vishnu Kannan 3e1c1567ea Add a cli integration test for recursive bind mounting. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
 2014-07-30 02:23:24 +00:00
Victor Vieux b3ee9ac74e update go import path and libcontainer 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-07-24 22:19:50 +00:00
LK4D4 e88487b321 Move TestCopyVolumeContent to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-07-19 12:42:27 +04:00
LK4D4 9a7c5be7d1 Move TestCopyVolumeUidGid to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-07-19 12:42:27 +04:00
Alexandr Morozov 4162309d11 Tests on container state changing 
It could catch error that was fixed in #6954
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-07-18 21:51:55 +04:00
Victor Vieux 5948b105e7 Merge pull request #7083 from mheon/6983_bugfix 
Fix Panic with -t and -a stderr
 2014-07-17 18:41:24 -07:00
Matthew Heon 1476f295ac Bugfix: only use io.Copy in hijack if attaching both stdout and stderr 
Add regression tests to ensure issue is fixed.

Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
 2014-07-17 13:47:33 -04:00
unclejack be8cea9856 don't allow links to be used with --net=host 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-07-17 00:32:24 +03:00
Michael Crosby 7c19499c63 Allow case insensitive caps for add and drop 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-07-16 11:47:55 -07:00
Victor Vieux c04230c42b add check for invalid caps 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-07-11 23:43:21 +00:00
Victor Vieux 064b5f870d support add and drop in both order 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-07-11 23:43:21 +00:00
Victor Vieux 222a6f4401 add basic support for 'all' 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-07-11 23:43:21 +00:00
Victor Vieux 8344b6d736 fix job and add tests 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-07-11 23:43:21 +00:00
Timothy e855c4b921 Add --device flag to allow additional host devices in container 
We add a --device flag which can be used like:

 docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash

To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.

Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.

Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
 2014-07-10 10:35:53 -07:00
Fabio Falci 804b00cd7d Relax dns search to accept empty domain 
In that case /etc/resolv.conf will be generated with no search
option. Usage: --dns-search=.

Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
 2014-07-04 09:33:53 +01:00
unclejack 38b005ec69 integcli: add test to ensure -v /:/ isn't allowed 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-06-27 19:51:24 +03:00
Michael Crosby e39b8eade1 Allow / as source of -v 
We discussed this at the docker plumbers meetup and for tools and
working on the system for things like boot2docker and coreos this is
needed.  You can already bypass this check so we felt it is ok to start
allowing this feature.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-26 10:50:18 -07:00
Tibor Vass baacc7006b add integration test for --workdir=/ 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-06-25 11:02:59 -04:00
Tibor Vass 385c9b1a08 fix bug in FollowSymlinkInScope when link == root 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-06-25 11:02:59 -04:00
Tibor Vass def86d0cf4 rename TestVolumeWithSymlink to TestCreateVolumeWithSymlink and remove run_tests folder 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-06-18 15:51:27 -04:00
Tibor Vass c4c92e66cd add integration test 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-06-18 15:50:39 -04:00
LK4D4 f08cd445b0 Fix go vet errors 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-06-18 17:39:57 +00:00
Victor Vieux 9494643bf1 add test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-06-12 19:11:51 +00:00
Michael Crosby 41f7cef2bd Add SYS_CHROOT cap to unprivileged containers 
Fixes #6103
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-02 18:23:47 -07:00
Timothy Hobbs 608702b980 Refactor device handling code 
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
 2014-05-30 19:21:29 +00:00
Michael Crosby 2487237937 Update ip test to parse new output 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 13:22:01 -07:00
Michael Crosby 581e8e8918 Update integration tests with --net flag 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 11:31:01 -07:00
Brandon Philips 61ac745d7a integration-cli: fix spelling error in test 
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
 2014-05-21 15:20:29 -07:00
Alexandr Morozov 72d1e40c4a Check uid ranges 
Fixes #5647
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-18 20:49:08 +04:00
Michael Crosby adbe3096e8 Add cpuset cpus support for docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-13 18:17:12 -07:00
Jérôme Petazzoni 1c4202a614 Mount /proc and /sys read-only, except in privileged containers. 
It has been pointed out that some files in /proc and /sys can be used
to break out of containers. However, if those filesystems are mounted
read-only, most of the known exploits are mitigated, since they rely
on writing some file in those filesystems.

This does not replace security modules (like SELinux or AppArmor), it
is just another layer of security. Likewise, it doesn't mean that the
other mitigations (shadowing parts of /proc or /sys with bind mounts)
are useless. Those measures are still useful. As such, the shadowing
of /proc/kcore is still enabled with both LXC and native drivers.

Special care has to be taken with /proc/1/attr, which still needs to
be mounted read-write in order to enable the AppArmor profile. It is
bind-mounted from a private read-write mount of procfs.

All that enforcement is done in dockerinit. The code doing the real
work is in libcontainer. The init function for the LXC driver calls
the function from libcontainer to avoid code duplication.

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
 2014-05-01 15:26:58 -07:00
Michael Crosby e88ef454b7 Merge pull request #5464 from tianon/close-leftover-fds 2014-04-30 12:27:52 -07:00
Tianon Gravi d5d62ff955 Close extraneous file descriptors in containers 
Without this patch, containers inherit the open file descriptors of the daemon, so my "exec 42>&2" allows us to "echo >&42 some nasty error with some bad advice" directly into the daemon log. :)

Also, "hack/dind" was already doing this due to issues caused by the inheritance, so I'm removing that hack too since this patch obsoletes it by generalizing it for all containers.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-04-29 16:45:28 -06:00
Tibor Vass e9a42a45bf Fixes #5152 : symlink in volume path 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-04-28 13:18:12 -07:00
Michael Crosby 90678b3133 Update create with apparmor import 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby 81e5026a6a No not mount sysfs by default for non privilged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby 296fcf331f Port privileged tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 03:20:17 +00:00
Michael Crosby caad45d0ed Port networking tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 03:12:27 +00:00
Michael Crosby 47510bd6eb Port environment test 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 02:53:08 +00:00
Michael Crosby e2ed4b9077 Port user tests and concurrent tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 02:47:39 +00:00
Michael Crosby 03993eb534 Port volumes and exit code tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 02:34:10 +00:00
Michael Crosby 76a19bb3a9 Add test verify container ID 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 01:58:20 +00:00
Michael Crosby af9746412b Move volumesfrom to hostconfig 
This also migrates the volumes from integration tests into the new cli
integration test framework.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-08 21:45:06 +00:00
Michael Crosby b6042f252d Ensure that ro mounts are remounted 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-07 18:23:22 -07:00
Alexander Larsson bd94f84ded Fix --volumes-from mount failure 
As explained in https://github.com/dotcloud/docker/issues/4979
--volumes-from fails with ENOFILE errors.

This is because the code tries to look at the "from" volume without
ensuring that it is mounted yet. We fix this by mounting the containers
before stating in it.

Also includes a regression test.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-04-03 19:33:20 +02:00
Michael Crosby 904bf049c1 Force abs paths for host volumes 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-31 19:10:19 +00:00
Michael Crosby 28015f8e57 Add integration test for volumes-from as file 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-31 17:42:34 +00:00
unclejack 6db32fdefd initial version of cli integration tests 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-03-29 23:09:40 +02:00