Add --security-opts options to allow user to customize container labels and apparmor profile
Upstream-commit: d40ab6f1238c78ea84645e516f1f24d7991798b0
Component: engine
security-opts will allow you to customise the security subsystem.
For example the labeling system like SELinux will run on a container.
--security-opt="label:user:USER" : Set the label user for the container
--security-opt="label:role:ROLE" : Set the label role for the container
--security-opt="label:type:TYPE" : Set the label type for the container
--security-opt="label:level:LEVEL" : Set the label level for the container
--security-opt="label:disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Depracated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 87e732a0f3503517d7a66804bb9a7f74977347e5
Component: engine
This also removes dead code in the native driver for a past feature that
was never fully implemented.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 32dca1a7b0e800d796e54fc8f253818ba64fa075
Component: engine
Plus some edits as suggested by @jamtur01
Closes#3636
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 83f0f46b7c0475ae1da329cd97a8c0a67bdc2a6a
Component: engine
Changes summary:
* Added available USE flags table(description included).
* Added some tips regarding the use of docker in the Gentoo environment.
* Sorted out docker installation ways.
* Added information about the newly created Gentoo Docker team.
* Misc improvements
Signed-off-by: Pavlos Ratis <dastergon@gentoo.org>
Upstream-commit: f90d201d887028e21290a413046eb1af7fc8e609
Component: engine
This new version makes sure that the same context is used for the two
builds run in the test. If you don't use the same build then about 1/2 the
time the file copied into the container will look like a different file,
probably due to timestamp differences. But reusing the same context we
re-use the same file on disk and therefore avoid the change in timestamps,
and we use the cache on the 2nd build.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 8b3fbac15c0579c1372f3e13f607c1001d149d16
Component: engine
Move the body of go_compile_test_dir into a file since GNU Parallel breaks on sourcing exported Bash functions thanks to the shellshock fixes
Upstream-commit: 27c5269b4ee1b77011974a1d1e1776f0b8e00648
Component: engine
Since RemoveLocalDns patch will remove all localhost entries
from resolv.conf we no longer need anything more then
!bytes.Contains(resolvConf, []byte("nameserver")
To check for no nameserver entry in dns config.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: a297d6ab8c08a13503fd004ec1ad7ee9e23bd22a
Component: engine
We have a bug report complaining about docker dumping the contents of the
hosts resolv.conf if it container 127.0.0.1. They asked that instead
of dropping the file altogether, that we just remove the line.
This patch removes the 127.0.0.1 lines, if they exist and then
checks if any nameserver lines exist.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 65640994fda8e1667de3642d8f4daf76dd3de302
Component: engine
