p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,550 Commits 2 Branches 295 Tags
13006a3fdcf5a964ea2c112b44ae0bb976b129a2
Commit Graph

580 Commits

Author SHA1 Message Date
Alexandr Morozov
95b0c9bbd6 Atomically increment sequence in pkg/netlink 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: adb639117b5c61479d65dbf8398c0fbeda1d6cad
Component: engine
 2014-05-30 16:08:29 +04:00
Vishnu Kannan
c82b5a7f36 Added a new method cgroups.GetStats() which will return a cgroups.Stats object which will contain all the available cgroup Stats. 
Remove old Stats interface in libcontainers cgroups package.
Changed Stats to use unit64 instead of int64 to prevent integer overflow issues.
Updated unit tests.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: 72e6e5ff7edc9c054e154897a4c547d89c082293
Component: engine
 2014-05-29 20:16:49 +00:00
Michael Crosby
35a8824c9b Merge pull request #6105 from gdm85/master 
Do not consider iptables' output an error in case of xtables lock
Upstream-commit: 189c600b3ba36934c074eb6769e23989ef22fda7
Component: engine
 2014-05-29 11:06:25 -07:00
Giuseppe Mazzotta
ee4e3699c5 * do not consider iptables' output an error in case of xtables lock 
Docker-DCO-1.1-Signed-off-by: Giuseppe Mazzotta <gdm85@users.noreply.github.com> (github: gdm85)
Upstream-commit: 5e3b643ce6f43d02fc7fe88eba41d583044a2efd
Component: engine
 2014-05-29 15:57:29 +02:00
Michael Crosby
a8abe1db1c Handle EBUSY on remount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5d04b9deafc5ce173364a24881f8e950c9430be0
Component: engine
 2014-05-28 18:10:50 -07:00
Victor Vieux
d45f77737e Merge pull request #6083 from bernerdschaefer/nsinit-drop-capabilities-after-changing-user 
SETUID/SETGID not required for changing user
Upstream-commit: b204b97c9adbaddd5b8cef3dc53cbee2a392b936
Component: engine
 2014-05-28 17:29:17 -07:00
Alexander Larsson
503e230354 libcontainer: Don't create a device node on /dev/console to bind mount on 
There is no need for this, the device node by itself doesn't work, since
its not on a devpts fs, and we can just a regular file to bind mount over.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 7f5cd76824b500418ed168dfcfeb73de8badcb51
Component: engine
 2014-05-28 21:07:40 +02:00
Alexander Larsson
3731289bf5 Revert "Remove the bind mount for dev/console which override the mknod/label" 
This reverts commit ae85dd54582e94d36b146ab1688844ed58cc8df3.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 35d08bdd01e3c63414d7998efc0813803e2ba5d9
Component: engine
 2014-05-28 21:07:27 +02:00
unclejack
003f6776a9 Merge pull request #6076 from LK4D4/remove_collections_package 
Remove collections package
Upstream-commit: 2330be2adc1efe35b0f09af69287a5bd58ee7456
Component: engine
 2014-05-28 21:32:27 +03:00
Victor Marmol
ea766a12d8 Merge pull request #5868 from jhspaybar/5749-libcontainerroutes 
libcontainer support for arbitrary route table entries
Upstream-commit: 5e2af0713735d6724179540d4d1b0827ab8c4570
Component: engine
 2014-05-28 10:50:56 -07:00
William Thurston
fc7b9b154d Fixes #5749 
libcontainer support for arbitrary route table entries

Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
Upstream-commit: bf7f360dcac38037d5c4f9e2e90d01adc240ed2b
Component: engine
 2014-05-28 17:42:02 +00:00
Bernerd Schaefer
9a698bd723 SETUID/SETGID not required for changing user 
It is no longer necessary to pass "SETUID" or "SETGID" capabilities to
the container when a "user" is specified in the config.

Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
Upstream-commit: 0563453b918b47c1f9d1e05b8650d2c8bf7ac3af
Component: engine
 2014-05-28 16:41:48 +02:00
Bernerd Schaefer
a9a33a3f25 Add system.SetKeepCaps and system.ClearKeepCaps 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
Upstream-commit: fd58524f81031eec112b5e9bd52bfaa186fc9c20
Component: engine
 2014-05-28 16:40:36 +02:00
Alexandr Morozov
9dd5fe97c9 Remove collections package 
It doesn't needed anymore аfter port and ip allocators refactoring
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4dmath@gmail.com> (github: LK4D4)
Upstream-commit: 31f0a61a3dfabe363d08d4ff55e8a1efb29d84eb
Component: engine
 2014-05-28 13:59:45 +04:00
Michael Crosby
562071c97e Update wait calls to call Wait on Command 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b9de22e82860a7e389f356d349ccb61b7d530c54
Component: engine
 2014-05-27 13:38:24 -07:00
unclejack
37b20aec53 Merge pull request #6025 from crosbymichael/concurrent-names 
Improve name generation on concurrent requests
Upstream-commit: 0d9a5ce6dd061089a3a485bf359a054d83b74059
Component: engine
 2014-05-27 23:18:19 +03:00
Erik Hollensbe
efa2549ad1 libcontainer/nsinit: remove Wait call from Exec and Kill from Attach in tty_term.go 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: b01c3283fafa01228a566e128dbf4b016c308d04
Component: engine
 2014-05-27 12:26:56 -07:00
Erik Hollensbe
05b57dfef1 Add Wait() calls in the appropriate spots 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 92e41a02ce40c7d3446b8ca7ec5c5671ac3d8917
Component: engine
 2014-05-27 12:26:56 -07:00
Michael Crosby
150de13c9e Improve name generation on concurrent requests 
Fixes #2586

This fixes a few races where the name generator asks if a name is free
but another container takes the name before it can be reserved.  This
solves this by generating the name and setting it.  If the set fails
with a non unique error then we try again.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 6ec86cb6e517bfb5ded818244b9db9510a2ed0b9
Component: engine
 2014-05-23 17:51:16 -07:00
Michael Crosby
4f4dc73aee Merge pull request #6018 from vishh/stats_strongtype 
Strong type all stats exported by libcontainer
Upstream-commit: 3b4b0a901de138d72ac4da5376055cdc14656307
Component: engine
 2014-05-23 14:35:14 -07:00
Michael Crosby
b33af77b2c Add check for iptables xlock support 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 034babf1753741184c1155a7346ecec86fc51e2c
Component: engine
 2014-05-23 14:18:50 -07:00
Vishnu Kannan
3391df1350 Added stats.go which provides strong types for all stats that will be exported by libcontainer. This commit only introduces the strong type. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: 321b457044f287435780274bef0b4a65231892bc
Component: engine
 2014-05-23 20:42:43 +00:00
Michael Crosby
d002ab21b5 Add wait flag to iptables 
Fixes #1573
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b315c380f4acd65cc0428009702f99a266f96c59
Component: engine
 2014-05-23 01:24:58 +00:00
Michael Crosby
258b16035a Merge pull request #5995 from vieux/recur_nodes 
Add device nodes recursively
Upstream-commit: 3d78c49aab0829e6c3bcf63b2d7b2d162d11a11e
Component: engine
 2014-05-22 16:35:27 -07:00
Victor Vieux
cb5e9c4323 update test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: b6c65df093111072bb44d42d650b591adb1bbbe0
Component: engine
 2014-05-22 22:50:41 +00:00
Victor Vieux
e0f1623f01 add recursive device nodes 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 0abb52c7a97940dc17c45ac45226af8156d0e712
Component: engine
 2014-05-22 22:29:13 +00:00
Victor Marmol
c13069d05f Make all cgroup stats output int64s instead of float64. 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 4a33a757d540acd059ac957542527d641548e2cf
Component: engine
 2014-05-22 20:53:36 +00:00
Victor Vieux
f41d7794be Merge pull request #5976 from crosbymichael/getpids 
Move get pid into cgroup implementation
Upstream-commit: 55d41c3e21e1593b944c06196ffb2ac57ab7f653
Component: engine
 2014-05-21 19:09:50 -07:00
Victor Vieux
69fad1b67f Merge pull request #5922 from crosbymichael/host-dev-priv 
Mount /dev in tmpfs for privileged containers
Upstream-commit: 5a0a03e3942651a07858c278c4b40a0ead50eccb
Component: engine
 2014-05-21 18:56:24 -07:00
Michael Crosby
189f43a3ba Move get pid into cgroup implementation 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 811d93326bc2d9451eb444e2343bb3063611de7a
Component: engine
 2014-05-21 21:14:07 +00:00
Tianon Gravi
d2e4e6b069 Revert "Always mount a /run tmpfs in the container" 
This reverts commit 905795ece624675abe2ec2622b0bbafdb9d7f44c.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 8e967fe8028d8362fe3dfb293a8e07a959a4dd7f
Component: engine
 2014-05-21 14:28:19 -06:00
Michael Crosby
37f08c7066 Update code post codereview 
Add specific types for Required and Optional DeviceNodes
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: f042c3c15759fce5cc139f2b3362b791ac7d4829
Component: engine
 2014-05-21 00:40:41 +00:00
Michael Crosby
34fdbfe296 Update documentation for container struct in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ed5892ed4efa995950e2fdeb5fd718b3bb1aa1c2
Component: engine
 2014-05-20 23:34:46 +00:00
Michael Crosby
ada6c057b6 Mount /dev in tmpfs for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 34c05c58c8d41ee2bb02cd8059e9928ee2f061ea
Component: engine
 2014-05-20 22:51:24 +00:00
Alexander Larsson
d043d726b2 cgroups: Allow mknod for any device in systemd cgroup backend 
Without this any container startup fails:
2014/05/20 09:20:36 setup mount namespace copy additional dev nodes mknod fuse operation not permitted

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 602950435056baa939f428223b6d3ff26ca5403d
Component: engine
 2014-05-20 09:29:32 +02:00
Michael Crosby
9b9e25f1db Make sure dev/fuse is created in container 
Fixes #5849

If the host system does not have fuse enabled in the kernel config we
will ignore the is not exist errors when trying to copy the device node
from the host system into the container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: a87bcefb8bf0cee47bf114a46fc33708ce843208
Component: engine
 2014-05-19 20:46:59 +00:00
Victor Marmol
4bebb62399 Merge pull request #5903 from alexlarsson/writable-proc 
Make /proc writable, but not /proc/sys and /proc/sysrq-trigger
Upstream-commit: 30bd2bbc83b746a1d4527a5c57363bcb9bab34d6
Component: engine
 2014-05-19 12:21:15 -07:00
Alexander Larsson
c117ccdc5a Make /proc writable, but not /proc/sys and /proc/sysrq-trigger 
Some applications want to write to /proc. For instance:

docker run -it centos groupadd foo

Gives: groupadd: failure while writing changes to /etc/group

And strace reveals why:

open("/proc/self/task/13/attr/fscreate", O_RDWR) = -1 EROFS (Read-only file system)

I've looked at what other systems do, and systemd-nspawn makes /proc read-write
and /proc/sys readonly, while lxc allows "proc:mixed" which does the same,
plus it makes /proc/sysrq-trigger also readonly.

The later seems like a prudent idea, so we follows lxc proc:mixed.
Additionally we make /proc/irq and /proc/bus, as these seem to let
you control various hardware things.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 68493e2f7f9cb8303302e1098e3293b521ace243
Component: engine
 2014-05-19 20:46:05 +02:00
Victor Marmol
adb5b13fc3 Merge pull request #5792 from bernerdschaefer/nsinit-supports-pdeathsig 
Add PDEATHSIG support to nsinit library
Upstream-commit: cb7680b9b919fdc845a857fafc52178c656cf5be
Component: engine
 2014-05-19 11:13:23 -07:00
Michael Crosby
1bd174defc Merge pull request #5865 from crosbymichael/add-all-caps 
Add the rest of the caps so that they are retained in privilged mode
Upstream-commit: 265de539ff4a6fc54c5bf72c8c67d00a533d7f55
Component: engine
 2014-05-19 09:56:55 -07:00
Michael Crosby
f3abdf9b7d Add the rest of the caps so that they are retained in privilged mode 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: e1c7abe8905d4cc034f1ed49e9d102846e412424
Component: engine
 2014-05-19 16:43:31 +00:00
Alexandr Morozov
823bf4bfec Check uid ranges 
Fixes #5647
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 72d1e40c4a3b190319cfa5cb44b5e6f1694100fc
Component: engine
 2014-05-18 20:49:08 +04:00
Victor Vieux
cc28bc2288 add support for CAP_FOWNER 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: a0070f0c17b4f65bdfc5368b93d0fa8636eda03d
Component: engine
 2014-05-17 01:16:07 +00:00
Victor Marmol
e3742d2641 Make libcontainer's CapabilitiesMask into a []string (Capabilities). 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 92614928cecd48b241011e614fa856c4fdbac1f6
Component: engine
 2014-05-17 00:44:10 +00:00
Michael Crosby
538811ef9a Merge pull request #5833 from ActiveState/fix_nsinit_env_panic 
fix panic when passing empty environment
Upstream-commit: 62c3183fc88779479905df8c2f7561c46a08d2ee
Component: engine
 2014-05-16 12:03:26 -07:00
Sridhar Ratnakumar
919aaa7d95 fix panic when passing empty environment 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
Upstream-commit: d787f2731e4242f244e88f047032ad9650f1f8d7
Component: engine
 2014-05-16 11:55:34 -07:00
Victor Marmol
25e8afd42a Merge pull request #5810 from vmarmol/drop-caps 
Change libcontainer to drop all capabilities by default.
Upstream-commit: 01d10d6f13d62d74f850fea2a685b24b7983244e
Component: engine
 2014-05-16 11:51:41 -07:00
Bernerd Schaefer
0b78fad0c6 nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
Upstream-commit: 6a1d76bc7bc589b53530c03720022f0095b65d55
Component: engine
 2014-05-16 13:48:41 +02:00
Bernerd Schaefer
da3598172a nsinit.Init() restores parent death signal before exec 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
Upstream-commit: 00e1adfeada87100e5e88707309bcdcd674082d6
Component: engine
 2014-05-16 13:48:41 +02:00
Victor Marmol
48bd5989f0 Change libcontainer to drop all capabilities by default. Only keeps 
those that were specified in the config. This commit also explicitly
adds a set of capabilities that we were silently not dropping and were
assumed by the tests.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 9d6875d19d3926faf6287487234ad0b2f1310e9d
Component: engine
 2014-05-16 00:57:58 +00:00