Use this Listeners() API that was exposed to save a few more lines of
boiler plate code.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
tests now work in the Docker tree with
`go test github.com/coreos/go-systemd/activation`
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
I noticed that travis was failing, go fmt to make it happy.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
as suggested by SvenDowideit expand the docs to have more information on
socket activation.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
This adds the ability to socket activate docker by passing in
`-H fd://*` along with examples systemd configuration files.
The fastest way to test this is to run:
```
/usr/lib/systemd/systemd-activate -l 127.0.0.1:2001 /usr/bin/docker -d -H 'fd://*'
docker -H tcp://127.0.0.1:2001 ps
```
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
In addition, we've now hard-coded LXC version 0.8 compiled from source so that we can have the most stable dev environment possible.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Rather than creating a new directory and moving it there before
deleting that new directory, just move the directory we intend to
delete.
In the old way, the Mkdirall could fail, which meant that you
couldn't delete containers when the disk was full.
Tested.
Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
This is a fix for the case that one mount is inside another mount and
docker can't then delete the resulting container.
Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Currently there are two iptables rules per port for each link: one to
allow the parent to connect to the child's port, and another one to
allow return traffic from the child back to the parent. The second rule
shouldn't be needed because the "ctstate RELATED,ESTABLISHED" rule can
already allow all established traffic.
So this patch does the following:
1. Move the RELATED,ESTABLISHED rule to be _before_ the potential
inter-container communication DROP rule so it will work for
inter-container traffic as well. Since we're inserting, everything
is reversed chronologically so it should be inserted _after_ we
insert the DROP. This also has a small performance benefit because
it will be processed earlier and it's generally one of the most
commonly used rules.
2. Get rid of the unnecessary return traffic rule per link.
3. Also move the other "Accept all non-intercontainer outgoing packets"
rule to earlier. This gives a small performance benefit since it's
also a commonly used rule, and it makes sense to logically group it
next to the ctstate rule.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Brandon Philips
Michael Crosby
Tianon Gravi
Guillaume J. Charmes
Victor Vieux
Peter Waller
Andy Rothfusz
Abel Muiño
mattymo
Fabio Falci
Guillaume J. Charmes
Mike Naberezny
James Turnbull
Aaron Feng
Simon Taranto
Josh Poimboeuf