p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
9,742 Commits 2 Branches 295 Tags
17543b1068175f2d454ad623bd3206b5d3021513
Commit Graph

70 Commits

Author SHA1 Message Date
Victor Vieux
2273fb0f55 gofmt -s -w 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 5a0ef08c940b9a17c400389bca8e7f54935ceba9
Component: engine
 2014-07-24 22:25:29 +00:00
Victor Vieux
6ae4c9014c update go import path and libcontainer 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: b3ee9ac74e171e00f14027e39278013629e681b8
Component: engine
 2014-07-24 22:19:50 +00:00
Alexandr Morozov
da9850e0f6 Add AUDIT_WRITE cap 
Fixes #6345

Thanks @larsks for outstanding investigation

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 29ecc95c31ecfe15e3b3d8db94cea1c555e526a3
Component: engine
 2014-07-23 09:57:41 +04:00
Michael Crosby
f48be61b0a Fix cross compile non cgo and linux systems 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 7a8ea91392e0cc97caf2a6edc3b262b33a5b446d
Component: engine
 2014-07-16 16:57:49 -07:00
Michael Crosby
d18a40b4ac Make tty term exec driver specific 
lxc is special in that we cannot create the master outside of the
container without opening the slave because we have nothing to provide to the
cmd.  We have to open both then do the crazy setup on command right now instead of
passing the console path to lxc and telling it to open up that console.  we save a couple of
openfiles in the native driver because we can do this.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 0d67b420b59c953cf331f735e49e7acad742a41f
Component: engine
 2014-07-16 16:57:49 -07:00
Michael Crosby
81d8d08389 Don't create pty slave in the daemon for native driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 1501c342d815e3a128dac393b69e23f6ec39c2d7
Component: engine
 2014-07-16 16:57:19 -07:00
Michael Crosby
ad74ef7753 Update native driver for libcontainer changes 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: f00e64357672ea3a130b2570ce34ea48ad51bbb5
Component: engine
 2014-07-14 12:49:50 -07:00
Michael Crosby
b2c113f9b8 Merge pull request #6968 from vieux/cap_add_drop 
Add support for --cap-add and --cap-drop
Upstream-commit: 7ebd49c49a9f70c87b6dbcff250035d3fd349a20
Component: engine
 2014-07-14 10:42:29 -07:00
Victor Vieux
e7f2c9317d add check for invalid caps 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: c04230c42b7a953ffe50bc37d351f86e80a442e6
Component: engine
 2014-07-11 23:43:21 +00:00
Victor Vieux
2032a7ad93 small refactoring 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: f3ff323fb364495617de3e43f2d09a145a4f2ee3
Component: engine
 2014-07-11 23:43:21 +00:00
Victor Vieux
ca489c2f49 Basic --cap-add and --cap-drop support for native 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 94e6dc978134b61a2b30aa9118f98f6fadd10535
Component: engine
 2014-07-11 23:43:21 +00:00
Victor Vieux
f98a366776 add FSETID back to the caps whitelist 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: e8762bfe39531309327138d93c0b586f8b9cea99
Component: engine
 2014-07-11 00:30:56 +00:00
Victor Vieux
ce98881516 fix compilation and panic 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: d403936818b8785b65ff55ebab0d266b4a871ef6
Component: engine
 2014-07-02 00:54:08 +00:00
Tibor Vass
356f6ecbf3 Add backwards READ compatibility for the old libcontainer API 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: cccb64e8633eee309e6ce33c3bb41614edd70d81
Component: engine
 2014-07-02 00:19:05 +00:00
Tibor Vass
ce22a9b1ec Use new libcontainer.State API 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 262d45e0fe483dbc6d27bc6af51590a8be42d55f
Component: engine
 2014-06-30 18:27:15 -04:00
Michael Crosby
68391774fe Update libcontainer Context changes 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: c9fdb08bdafb90b76cfa804b079d2e446a3503e4
Component: engine
 2014-06-26 16:56:39 -07:00
Michael Crosby
0daa61f085 Rename libcontainer.Container to libcontainer.Config 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 1dc8e2ffab795f4999a122b4a576d54e03c7c61a
Component: engine
 2014-06-24 11:31:03 -07:00
Michael Crosby
d4e9300e80 Update libcontainer references 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: cee6f4506c79c6fc21769d427ac4dd51c28450c3
Component: engine
 2014-06-24 11:31:03 -07:00
Michael Crosby
52b8a282c3 Update libcontainer imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 8194556337b65dda71a3d4d7f6ae9653ad5a19a0
Component: engine
 2014-06-10 19:58:15 -07:00
Michael Crosby
b00f7d0626 Gofmt imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: bae6a5a616cfc382f45a25af13633681875ddff0
Component: engine
 2014-06-09 16:01:57 -07:00
Michael Crosby
3c7670e68c Move libcontainer deps into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 6158ccad97db51e756aafefb096d1163aa4d6439
Component: engine
 2014-06-09 15:52:12 -07:00
Michael Crosby
4f6cc66699 Add CAP_KILL to unprivileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: fa72eb3a58ebfec8ef1b27d8e7aa8cbdb41733a2
Component: engine
 2014-06-07 15:18:18 -07:00
Victor Vieux
5bfe5a532a add wait4 after kill 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 30ba7546cb5a1ff7e4915c5a25dd8d72b3bf735b
Component: engine
 2014-06-06 00:32:14 +00:00
Michael Crosby
e9b3abdfc5 Rename nsinit package to namespaces in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 8aff01c0b447fa4d68f053c44e8baf7b24247164
Component: engine
 2014-06-04 15:47:57 -07:00
Chris Alfonso
0fc07e0aef Integrating systemd freeze functionality. 
This pulls together #6061 and #6125

Docker-DCO-1.1-Signed-off-by: Chris Alfonso <calfonso@redhat.com> (github: calfonso)
Upstream-commit: 26246ebd5379a83b2ed656668bd985c652e98167
Component: engine
 2014-06-04 13:33:44 -06:00
Ian Main
77114664a4 Add ability to pause/unpause containers via cgroups freeze 
This patch adds pause/unpause to the command line, api, and drivers
for use on containers.  This is implemented using the cgroups/freeze
utility in libcontainer and lxc freeze/unfreeze.

Co-Authored-By: Eric Windisch <ewindisch@docker.com>
Co-Authored-By: Chris Alfonso <calfonso@redhat.com>
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
Upstream-commit: b054569cde788b2111ddbc4080b215dcda89f06e
Component: engine
 2014-06-04 13:33:44 -06:00
unclejack
7d5cb46a54 apparmor: write & load the profile on every start 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 1ef3ca83d8624aaaaed05cfce1f71282d70d84dd
Component: engine
 2014-06-04 00:56:35 +03:00
Michael Crosby
382f8a23ad Add SYS_CHROOT cap to unprivileged containers 
Fixes #6103
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 41f7cef2bd186d321fc4489691ba53ab41eb48e5
Component: engine
 2014-06-02 18:23:47 -07:00
Michael Crosby
3248c6e81c Ensure all dev nodes are copied for privileged 
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 69989b7c06b0ca6737e83ddf8fcfa2dfccc57a7c
Component: engine
 2014-05-30 18:39:11 -07:00
unclejack
bc9024a72e Merge pull request #6097 from timthelion/consistentdevices 
Refactor device handling code
Upstream-commit: 0ef637722f69cff931b25c75d421e231ab75af75
Component: engine
 2014-05-31 03:34:52 +03:00
Timothy Hobbs
52c8a31f21 Refactor device handling code 
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
Upstream-commit: 608702b98064a4dfd70b5ff0bd6fb45d2429f45b
Component: engine
 2014-05-30 19:21:29 +00:00
Alexandr Morozov
57a9b63e5e Fix race in native driver on activeContainers usage 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 64bd6a6a5342c87db7096f60365d270d0d69e9d2
Component: engine
 2014-05-30 14:16:00 +04:00
Victor Vieux
e0f1623f01 add recursive device nodes 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 0abb52c7a97940dc17c45ac45226af8156d0e712
Component: engine
 2014-05-22 22:29:13 +00:00
Victor Vieux
f41d7794be Merge pull request #5976 from crosbymichael/getpids 
Move get pid into cgroup implementation
Upstream-commit: 55d41c3e21e1593b944c06196ffb2ac57ab7f653
Component: engine
 2014-05-21 19:09:50 -07:00
Michael Crosby
189f43a3ba Move get pid into cgroup implementation 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 811d93326bc2d9451eb444e2343bb3063611de7a
Component: engine
 2014-05-21 21:14:07 +00:00
Michael Crosby
37f08c7066 Update code post codereview 
Add specific types for Required and Optional DeviceNodes
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: f042c3c15759fce5cc139f2b3362b791ac7d4829
Component: engine
 2014-05-21 00:40:41 +00:00
Michael Crosby
ada6c057b6 Mount /dev in tmpfs for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 34c05c58c8d41ee2bb02cd8059e9928ee2f061ea
Component: engine
 2014-05-20 22:51:24 +00:00
Alexander Larsson
da7177cbfd native driver: Add required capabilities 
We need SETFCAP to be able to mark files as having caps, which is
heavily used by fedora.
See https://github.com/dotcloud/docker/issues/5928

We also need SETPCAP, for instance systemd needs this to set caps
on its childen.

Both of these are safe in the sense that they can never ever
result in a process with a capability not in the bounding set of the
container.

We also add NET_BIND_SERVICE caps, to be able to bind to ports lower
than 1024.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: fcf2e9a9107c6c9aebaf63ce044f636333e7eed8
Component: engine
 2014-05-20 11:31:39 +02:00
Victor Marmol
4feffb64a0 Don't drop CAP_FOWNER in the container. Also sorts the list of allowed 
capabilities.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 0abad3ae2290a2b051b8fdaceab17a1ee41ecfb9
Component: engine
 2014-05-19 16:52:39 +00:00
Victor Marmol
e3742d2641 Make libcontainer's CapabilitiesMask into a []string (Capabilities). 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 92614928cecd48b241011e614fa856c4fdbac1f6
Component: engine
 2014-05-17 00:44:10 +00:00
Victor Marmol
25e8afd42a Merge pull request #5810 from vmarmol/drop-caps 
Change libcontainer to drop all capabilities by default.
Upstream-commit: 01d10d6f13d62d74f850fea2a685b24b7983244e
Component: engine
 2014-05-16 11:51:41 -07:00
Victor Marmol
48bd5989f0 Change libcontainer to drop all capabilities by default. Only keeps 
those that were specified in the config. This commit also explicitly
adds a set of capabilities that we were silently not dropping and were
assumed by the tests.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 9d6875d19d3926faf6287487234ad0b2f1310e9d
Component: engine
 2014-05-16 00:57:58 +00:00
Michael Crosby
910f9d50e2 Move cgroups package into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 3b7a19def609c8fbadc6559e7f47f8a5a7769a5b
Component: engine
 2014-05-14 15:21:44 -07:00
Victor Vieux
94d0641f06 Merge pull request #5756 from crosbymichael/move-units-to-pkg 
Move duration and size to units pkg
Upstream-commit: bc22c9948c5380715338aef63fcc6cccd1a16bd7
Component: engine
 2014-05-14 11:36:14 -07:00
Michael Crosby
4926e35bb1 Add cpuset cpus support for docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: adbe3096e8c8572925dbae5f19ac2ce2dc84fb1c
Component: engine
 2014-05-13 18:17:12 -07:00
Michael Crosby
d39f282a2b Move duration and size to units pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: d33b4655c4339dcbbf9f78948598e216ac3c06b4
Component: engine
 2014-05-12 17:05:07 -07:00
Michael Crosby
1e327c2bc7 Set container pid for process in native driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 62e8ddb5791b9ee62c3f4361084dda4a5d7760e1
Component: engine
 2014-05-06 17:04:04 -07:00
Guillaume J. Charmes
dfb1a0bff0 Merge pull request #5354 from alexlarsson/cgroups-systemd-fixes 
cgroups: Update systemd to match fs backend
Upstream-commit: 0b15944cb047e6467f399ebf5c3f93262fe4c06f
Component: engine
 2014-05-05 16:00:56 -07:00
Michael Crosby
df4270e3f2 Update after namespace refactor 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 01fec73ba4cff45ac08c0330ea0d67aff70ebf8e
Component: engine
 2014-05-05 13:56:18 -07:00
Guillaume J. Charmes
d5f89ec02b Merge pull request #4441 from crosbymichael/add-net-flag 
Add --net flag to docker run and allow host network stack
Upstream-commit: 70fef1460a9d253bdf164d70d7057ec4ee497e08
Component: engine
 2014-05-05 13:54:55 -07:00