docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,595 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

189 Commits

Author SHA1 Message Date
Michael Crosby d91b8bcf0b Merge pull request #6646 from tiborvass/fix-workdir 
Fix --workdir=/
 2014-06-25 15:19:51 -07:00
Erik Hollensbe 03c5c1930d fix whitespace that precedes the escape in a multiline string. 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
 2014-06-25 13:39:47 -07:00
Tibor Vass baacc7006b add integration test for --workdir=/ 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-06-25 11:02:59 -04:00
Tibor Vass 385c9b1a08 fix bug in FollowSymlinkInScope when link == root 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-06-25 11:02:59 -04:00
Victor Vieux dd258553b1 Fix search integration-cli test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-06-24 21:16:34 +00:00
Guilherme Salgado 1c291ccbbe Migrate TestGetEvents into a unit and a CLI test 
Docker-DCO-1.1-Signed-off-by: Guilherme Salgado <gsalgado@gmail.com> (github: gsalgado)
 2014-06-24 17:43:26 +02:00
Johan Euphrosine edcb41451a api/client/build: allow tar as context for docker build - 
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
 2014-06-23 13:34:09 -07:00
LK4D4 386d1ecc6e Move sorter_test from integration to integration-cli 
TestServerListOrderedImagesByCreationDateAndTag was redundant and broken
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-23 22:19:52 +04:00
unclejack a5f5d5e8d7 Merge pull request #6571 from vbatts/vbatts-raw_json 
raw json for `docker save`
 2014-06-20 23:55:10 +03:00
cyphar a57298791c integration-cli: add build test for NOCACHE 
This patch adds CLI integration tests to ensure that NOCACHE instructions
in Dockerfiles only apply to direct children of the original image.

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
 2014-06-19 20:33:17 +10:00
Victor Vieux 7a0e599142 Merge pull request #6066 from tiborvass/5693-volumes-from-symlink-path 
5693 volumes from symlink path
 2014-06-18 16:10:37 -07:00
Michael Crosby d803523cdc Merge pull request #5559 from bmurphy1976/bmurphy1976-history-bug 
Test and fix history command ordering
 2014-06-18 14:34:00 -07:00
Tibor Vass def86d0cf4 rename TestVolumeWithSymlink to TestCreateVolumeWithSymlink and remove run_tests folder 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-06-18 15:51:27 -04:00
Tibor Vass c4c92e66cd add integration test 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-06-18 15:50:39 -04:00
LK4D4 f08cd445b0 Fix go vet errors 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-06-18 17:39:57 +00:00
unclejack ec0fb311ed Merge pull request #6415 from LK4D4/increase_timeout_in_test_attach 
Increase time before exit in TestMultipleAttachRestart
 2014-06-18 00:36:18 +03:00
Alexandr Morozov cc42eeac21 Move TestBuildAddToSymlinkDest to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 23:44:30 +04:00
Alexandr Morozov 690711b584 Move TestBuildOnBuildForbiddenMaintainerTrigger to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 11:39:47 +04:00
Alexandr Morozov 1c8ec01c55 Move TestBuildOnBuildForbiddenFromTrigger to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 11:36:45 +04:00
Alexandr Morozov 1e0e86360f Move TestBuildOnBuildForbiddenChainedTrigger to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 11:24:47 +04:00
Alexandr Morozov 2629e2ec23 Move TestBuildOnBuildTrigger to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 11:14:45 +04:00
Alexandr Morozov 08a10f936b Move TestBuildFailsDockerfileEmpty to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 11:06:44 +04:00
Alexandr Morozov d3023f25f5 Move TestBuildFails to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 11:06:40 +04:00
Alexandr Morozov f1d7ed35bd Move TestBuildInheritance to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 11:05:45 +04:00
Alexandr Morozov 62d97afaf8 Move TestBuildADDFileNotFound to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 11:05:36 +04:00
Alexandr Morozov 686786f107 Move TestForbiddenContextPath to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 10:38:45 +04:00
Alexandr Morozov c5b82f5e8d Move TestBuildEntrypointRunCleanup to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-17 10:16:36 +04:00
Victor Vieux 6228761f67 add a test using the flags 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-06-17 01:05:13 +00:00
Victor Vieux 614c57c521 improve test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-06-17 00:59:51 +00:00
LK4D4 eb97163348 Increase time before exit in TestMultipleAttachRestart 
Sometimes third attacher attaching to already stopped container.
Also I've changed prefix to attach and fixed cleanup on Fatal.
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-13 21:40:30 +04:00
Victor Vieux 9494643bf1 add test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-06-12 19:11:51 +00:00
Bryan Murphy e827c8ff61 Add integration test for history command and fix bug where history 
would occasionally be returned in the incorrect order if sequential
layers had the same created time.

Docker-DCO-1.1-Signed-off-by: Bryan Murphy <bmurphy1976@gmail.com> (github: bmurphy1976)
 2014-06-09 10:45:54 -05:00
unclejack 2f72fdf6ea Merge pull request #6145 from shykes/pr_out_pkg_testutils_utility_functions_to_facilitate_writing_go_tests 
pkg/testutils: utility functions to facilitate writing Go tests
 2014-06-06 01:26:53 +03:00
SvenDowideit 5febba93ba IANA allocated Docker port: 2375 
2375/2376 are assigned:
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker

For #1440

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
 2014-06-04 06:54:19 +10:00
Victor Marmol 5bf4068d60 Merge pull request #6171 from crosbymichael/add-chroot 
Add SYS_CHROOT cap to unprivileged containers
 2014-06-02 18:33:34 -07:00
Michael Crosby 41f7cef2bd Add SYS_CHROOT cap to unprivileged containers 
Fixes #6103
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-02 18:23:47 -07:00
Michael Crosby c024c9bd1e Add test for volume ownership and perms 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-02 18:10:52 -07:00
Michael Crosby f65fadbda0 Merge pull request #6143 from LK4D4/move_some_more_tests_to_cli 
Move some more tests to integration cli
 2014-06-02 18:06:11 -07:00
Victor Vieux b8932abcd3 pull only busybox:latest 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-06-02 19:54:17 +00:00
LK4D4 ae128437ce Move build cache tests to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-02 23:40:14 +04:00
LK4D4 bf4d907092 More verbose build tests 
I've decided that custom asserts only hide the meaning of tests
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-02 23:40:13 +04:00
LK4D4 2e85568816 Aux functions for build testing 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-06-02 23:40:13 +04:00
Michael Crosby 3e13aaec00 Merge pull request #6130 from vieux/standardize_api_keys 
Standardize api keys to CamelCase
 2014-06-02 12:03:11 -07:00
Solomon Hykes 0a06e9bd91 Fix format in maintainers files 
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
 2014-06-02 07:05:06 +00:00
unclejack 2024a0e517 Merge pull request #6089 from unclejack/docker_build_copy 
add support for COPY to docker build
 2014-06-01 01:26:31 +03:00
Victor Vieux 68fb7f4b74 Standardize API keys: CamelCase 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-31 01:22:07 +00:00
Timothy Hobbs 608702b980 Refactor device handling code 
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
 2014-05-30 19:21:29 +00:00
unclejack 180c2a6785 add support for COPY to docker build 
This adds a COPY command to docker build which works like ADD, but is
only for local files and it doesn't extract files.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-05-29 00:07:52 +03:00
Victor Vieux b904d0af56 Merge pull request #6051 from LK4D4/move_some_build_tests_to_integration_cli 
Move some build tests to integration cli
 2014-05-27 12:11:42 -07:00
Victor Vieux 754797bba7 Merge pull request #6000 from cyphar/5619-fix-unsafe-path-resolution 
Properly handle paths with symlink path components
 2014-05-27 12:06:19 -07:00
Alexandr Morozov b25a9b7138 Move entrypoint build test to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-27 08:36:38 +04:00
LK4D4 81d1641139 Move expose build test to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-27 08:00:35 +04:00
LK4D4 c58991f31a Move cmd build test to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-27 08:00:35 +04:00
LK4D4 b05be686ec Move env build test to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-27 08:00:35 +04:00
LK4D4 40630ce4b6 Move relative workdir build test to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-27 08:00:35 +04:00
LK4D4 360fb3d4ea Move user build test to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-27 08:00:34 +04:00
LK4D4 3dd4c5f499 Move maintainer build test to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-27 08:00:34 +04:00
LK4D4 11f7f0bf9b Move volume build test to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-27 08:00:34 +04:00
cyphar ff24a32876 integration-cli: cp: added symlink-related tests 
This patch adds cli integration tests for #5619, which are tests
to ensure that symlinks are kept relative to the container rootfs
(even when a path component).

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
 2014-05-24 11:01:20 +10:00
Victor Vieux 0be44d1a0a now busybox as nc 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-23 21:03:52 +00:00
Michael Crosby 2487237937 Update ip test to parse new output 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 13:22:01 -07:00
Michael Crosby 581e8e8918 Update integration tests with --net flag 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-23 11:31:01 -07:00
Tibor Vass 1ce5457d57 adding test for hanging ADD src . 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-05-22 17:28:04 -07:00
Michael Crosby db1a3551a3 Merge pull request #5839 from unclejack/improve_build_rm 
add --force-rm to clean up after a failed build
 2014-05-22 10:54:05 -07:00
Michael Crosby 4bb4bf634a Merge pull request #5859 from philips/append-etc-hosts-not-bind 
fix(daemon): prepend host /etc/hosts instead of bind mounting
 2014-05-21 15:57:59 -07:00
Brandon Philips 61ac745d7a integration-cli: fix spelling error in test 
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
 2014-05-21 15:20:29 -07:00
Brandon Philips 5579bec47b integration-cli: tests for /etc/hosts and net=host 
Some basic tests to make sure this is acting correctly on machines.

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
 2014-05-21 15:20:29 -07:00
Tibor Vass bb431a7190 for perms checking tests, create files from Go and remove them from git 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-05-21 11:35:12 -07:00
Tibor Vass 56a53c72d2 remove chmod 755: fixes #5941 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-05-21 11:35:08 -07:00
Victor Vieux 5eef0a28cb add test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-21 00:10:07 +00:00
Victor Vieux 240fad4974 Merge pull request #5951 from vieux/pr5919 
Fix remote add cache
 2014-05-20 14:33:05 -07:00
Victor Vieux 03a109e446 add test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-05-20 21:31:28 +00:00
Michael Crosby d31c37fceb Add test for commiting container with bind mount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-19 22:57:29 +00:00
unclejack 599cb12bb8 add unprivilegeduser via the Dockerfile 
This changes the test TestBuildWithInaccessibleFilesInContext to not
add the user 'unprivilegeduser' and add it via the Dockerfile instead.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-05-19 23:55:28 +03:00
unclejack a691fcb277 integcli: add tests for build --rm 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-05-19 23:10:54 +03:00
unclejack 69dcf767fd integcli: test container removal for failed builds 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-05-19 23:10:54 +03:00
unclejack 77f5425260 integcli: add getContainerCount utility function 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-05-19 23:10:54 +03:00
Alexandr Morozov 620c8c7253 Make chmod on ADDed files 
Fixes #3979
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-20 00:09:39 +04:00
Victor Vieux 8674ec7f75 Merge pull request #5871 from unclejack/speed_up_buildsixtysteps 
integcli: speed up TestBuildSixtySteps
 2014-05-19 11:02:36 -07:00
Victor Vieux 8eef1be29e Merge pull request #5782 from unclejack/fix_5270 2014-05-19 10:36:10 -07:00
Michael Crosby b50c9a185c Merge pull request #5670 from jmccrohan/master 
client: Remove docker new version check
 2014-05-19 10:26:58 -07:00
Michael Crosby 15a94fdcbb Merge pull request #5864 from shykes/pr_out_make_cristian_maintainer_of_integration_cli_he_wrote_it 
Make Cristian maintainer of integration-cli (he wrote it)
 2014-05-19 10:26:18 -07:00
Alexandr Morozov 72d1e40c4a Check uid ranges 
Fixes #5647
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-18 20:49:08 +04:00
Jonathan McCrohan 3cec63d56f client: Rip out HTTP check from docker version 
For background to this change please see:
https://github.com/dotcloud/docker/issues/4802
https://github.com/dotcloud/docker/pull/5670

Docker-DCO-1.1-Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com> (github: jmccrohan)
 2014-05-18 02:22:22 +01:00
Jonathan McCrohan 82712ed67e client: rearrange docker version output 
Rearrange docker version output so that server output matches client
output

Docker-DCO-1.1-Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com> (github: jmccrohan)
 2014-05-18 01:49:58 +01:00
unclejack 58c11ee0a8 integcli: speed up TestBuildSixtySteps 
This improves the TestBuildSixtySteps test by switching from busybox to
scratch and simply adding a file.

This lowers the execution time of that test from 20 seconds to 5
seconds.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-05-17 17:25:56 +03:00
Solomon Hykes ab6027324d Make Cristian maintainer of integration-cli (he wrote it) 
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
 2014-05-16 19:03:08 -07:00
unclejack f5b1afae74 add test for issue #5270 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-05-17 02:38:29 +03:00
unclejack 46578a2359 integcli: resolve full path to docker binary 
Setting dockerBinary to the full path of the Docker binary is a good
idea and this is now done in the test code.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-05-17 02:38:28 +03:00
Victor Vieux 2c8b63cb75 do not merge -i or -t options 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-05-16 22:31:16 +00:00
Michael Crosby 4af465fccf Merge pull request #5720 from cyphar/5656-cp-absolute-paths 
Ensure `docker cp` cannot traverse outside container rootfs
 2014-05-14 11:46:11 -07:00
Michael Crosby adbe3096e8 Add cpuset cpus support for docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-13 18:17:12 -07:00
cyphar 79ca77f3e8 integration-cli: cp: added tests for cp 
This patch adds integration tests for the copying of resources
from a container, to ensure that regressions in the security of
resource copying can be easily discovered.

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
 2014-05-14 11:14:59 +10:00
Fabio Falci 7cc27b2075 Integration test for link and unlink containers 
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
 2014-05-11 21:33:01 +01:00
LK4D4 91b7d8ebd3 Change owner only on copied content 
Fixes #5110
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-07 20:40:22 +04:00
cyphar 924979259e integration-cli: docker_cli_links: fixed broken tests 
The tests weren't ... tested when last edited, this patch fixes
them so that they run and pass correctly.

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
 2014-05-07 01:05:15 +10:00
Solomon Hykes dc605c8be7 Simplify integration test for link + hostname. 
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
 2014-05-05 19:51:47 -07:00
Bryan Murphy 53f38a14cd add linked containers to hosts file 
Docker-DCO-1.1-Signed-off-by: Bryan Murphy <bmurphy1976@gmail.com> (github: bmurphy1976)

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Tested-by: Solomon Hykes <solomon@docker.com> (github: shykes)
 2014-05-05 19:40:27 -07:00
Jérôme Petazzoni 1c4202a614 Mount /proc and /sys read-only, except in privileged containers. 
It has been pointed out that some files in /proc and /sys can be used
to break out of containers. However, if those filesystems are mounted
read-only, most of the known exploits are mitigated, since they rely
on writing some file in those filesystems.

This does not replace security modules (like SELinux or AppArmor), it
is just another layer of security. Likewise, it doesn't mean that the
other mitigations (shadowing parts of /proc or /sys with bind mounts)
are useless. Those measures are still useful. As such, the shadowing
of /proc/kcore is still enabled with both LXC and native drivers.

Special care has to be taken with /proc/1/attr, which still needs to
be mounted read-write in order to enable the AppArmor profile. It is
bind-mounted from a private read-write mount of procfs.

All that enforcement is done in dockerinit. The code doing the real
work is in libcontainer. The init function for the LXC driver calls
the function from libcontainer to avoid code duplication.

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
 2014-05-01 15:26:58 -07:00
Alexandr Morozov d1297feef8 Timestamps for docker logs. 
Fixes #1165
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-01 20:40:36 +04:00