This implements cgroup.Apply() using the systemd apis.
We create a transient unit called "docker-$id.scope" that contains
the container processes. We also have a way to set unit specific
properties, currently only defining the Slice to put the
scope in.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 6c7835050e53b733181ddfca6152c358fd625400
Component: engine
This is a conversion of sd_booted() from libsystemd to go and checks
if the system was booted with systemd.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 1296d5ce9ad43d8d833f6e5661da45aef6d4c26b
Component: engine
We need this to do systemd API calls.
We also add the static_build tag to make godbus not use
os/user which is problematic for static builds.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: d4725801b3401d04b3f35b5783bdc0fc362f7f00
Component: engine
cgroups.procs moves all the threads of the process, and "tasks" just
the one thread. I believe there is a risk that we move the main thread,
but then we accidentally fork off one of the other threads if the go
scheduler randomly switched to another thread. So, it seems safer (and
more correct) to use cgroups.procs.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 9294d7f2af6ecb7c18be11fb5043fad4a61d8f09
Component: engine
This leaves only the generic cgroup helper functions in cgroups.go and
will allow easy implementations of other cgroup managers.
This also wires up the call to Cleanup the cgroup which was missing
before.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 7f7d8419a71d49b25e4d38196b36e93b568bb61d
Component: engine
In order to handle special configuration for different drivers we
make the Config field a map to string array. This lets
us use it for lxc, by using the "lxc" key for those, and we can
later extend it easily for other backend-specific options.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 7a3070a6000963d12be9dcd2698d911b848a33b6
Component: engine
Use "exec" in the upstart script to let upstart manage the docker process instead of a shell
Upstream-commit: db20cb0e1ac877ca3b51c66d179185f55e5b899b
Component: engine
This fixes the following, which I've been seeing on all my machines for as long as I can remember:
--- FAIL: TestOnlyLoopbackExistsWhenUsingDisableNetworkOption (0.36 seconds)
container_test.go:1597: Wrong interface count in test container: expected [*: lo], got [1: lo 2: sit0]
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: ad3e71d5c7e01dca229d4077cf8b019d8085c33a
Component: engine
docker will run the process(es) within the container with an SELinux label and will label
all of the content within the container with mount label. Any temporary file systems
created within the container need to be mounted with the same mount label.
The user can override the process label by specifying
-Z With a string of space separated options.
-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"
Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"
By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.
The process mcs level is based of the PID of the docker process that is creating the container.
If you run the container in --priv mode, the labeling will be disabled.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 4c4356692580afb3971094e322aea64abe0e2500
Component: engine
devicemapper has landed, but the TODO hasn't been actioned presumably
because aufs is still preferred over devicemapper when available[1].
Comment updated accordingly.
Citation [1]: 267ca39921/runtime/graphdriver/driver.go (L40-L46)
Docker-DCO-1.1-Signed-off-by: Paul Annesley <paul@annesley.cc> (github: pda)
Upstream-commit: 576278102e0fa9166711f8cf23ec972fcccc085e
Component: engine
Useful for those who haven't made it to the examples page yet. dad4a998dc
Docker-DCO-1.1-Signed-off-by: No Ducks <onemannoducks@gmail.com> (github: noducks)
Upstream-commit: 69087f2d2397b18d6dd2d7b994e24ea9814e4bcd
Component: engine
