Memory swappiness option takes 0-100, and helps to tune swappiness
behavior per container.
For example, When a lower value of swappiness is chosen
the container will see minimum major faults. When no value is
specified for memory-swappiness in docker UI, it is inherited from
parent cgroup. (generally 60 unless it is changed).
Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
Upstream-commit: 921da495d24695dda66d3f58e78887dd0bc2402e
Component: engine
Carry #11675
Aside from what #11675 says, to me a key usecase for this is to support
more than one Docker cli running at the same time but each may have its
own set of config files.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: daced1d30345aca06857f874dfb48b7e90cb409b
Component: engine
This is a follow-on to PR #14520.
PR #14520 is the quick fix to get the testing working again.
This PR makes sure that the list of execs associated with a container goes
from zero to one (as a new exec is run), then back to zero when the exec is
finished. However, we should be able to query the exec while the container
is still around, and even though the exec isn't listed in the container's
inspect data.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 72b75cd4e764e25cecd3f0c100597b8868c68120
Component: engine
Libcontainer already supported mount container's own cgroup into
container, with this patch, we can see container's own cgroup info
in container.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: f18fb5b3efd59d54c00d4e1b1d4b88c4b21e96be
Component: engine
Dots prepended to key in inspectField function
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 67058e388b596392f7aceb7ecd6b38f6f2ff2de1
Component: engine
It seems http://hub.docker.com is not accessible anymore, so switching
to https://hub.docker.com for testRequires(c, Network).
Adds a Timeout check on the TestRequirement to *panic* if there is a
timeout (fail fast).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 6e4c6da81916e25081c32d3e5f8880ef4d03ad36
Component: engine
If a container is read-only, also set /proc, /sys,
& /dev to read-only. This should apply to both privileged and
unprivileged containers.
Note that when /dev is read-only, device files may still be
written to. This change will simply prevent the device paths
from being modified, or performing mknod of new devices within
the /dev path.
Tests are included for all cases. Also adds a test to ensure
that /dev/pts is always mounted read/write, even in the case of a
read-write rootfs. The kernel restricts writes here naturally and
bad things will happen if we mount it ro.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 5400d8873f730e6099d29af49fe45931665c3b49
Component: engine
- Container networking statistics are no longer
retrievable from libcontainer after the introduction
of libnetwork. This change adds the missing code
for docker daemon to retireve the nw stats from
Endpoint.
Signed-off-by: Alessandro Boch <aboch@docker.com>
Upstream-commit: 8b40e44c395fb307cceb6f179ffe02030b316535
Component: engine
libnetwork host, none and bridge driver initialization is incorrectly
disabled if the daemon flag --bridge=none. The expected behavior of
setting --bridge as none is to disable the bridge driver alone and let
all other modes to be operational.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: c9328c6ccf120abda297d11fcfc7e60c7c31ec21
Component: engine
