p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,471 Commits 2 Branches 295 Tags
5d504d032ae667cfbd96509f7fb79e545473887e
Commit Graph

561 Commits

Author SHA1 Message Date
Michael Crosby
4f4dc73aee Merge pull request #6018 from vishh/stats_strongtype 
Strong type all stats exported by libcontainer
Upstream-commit: 3b4b0a901de138d72ac4da5376055cdc14656307
Component: engine
 2014-05-23 14:35:14 -07:00
Michael Crosby
b33af77b2c Add check for iptables xlock support 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 034babf1753741184c1155a7346ecec86fc51e2c
Component: engine
 2014-05-23 14:18:50 -07:00
Vishnu Kannan
3391df1350 Added stats.go which provides strong types for all stats that will be exported by libcontainer. This commit only introduces the strong type. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: 321b457044f287435780274bef0b4a65231892bc
Component: engine
 2014-05-23 20:42:43 +00:00
Michael Crosby
d002ab21b5 Add wait flag to iptables 
Fixes #1573
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b315c380f4acd65cc0428009702f99a266f96c59
Component: engine
 2014-05-23 01:24:58 +00:00
Michael Crosby
258b16035a Merge pull request #5995 from vieux/recur_nodes 
Add device nodes recursively
Upstream-commit: 3d78c49aab0829e6c3bcf63b2d7b2d162d11a11e
Component: engine
 2014-05-22 16:35:27 -07:00
Victor Vieux
cb5e9c4323 update test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: b6c65df093111072bb44d42d650b591adb1bbbe0
Component: engine
 2014-05-22 22:50:41 +00:00
Victor Vieux
e0f1623f01 add recursive device nodes 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 0abb52c7a97940dc17c45ac45226af8156d0e712
Component: engine
 2014-05-22 22:29:13 +00:00
Victor Marmol
c13069d05f Make all cgroup stats output int64s instead of float64. 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 4a33a757d540acd059ac957542527d641548e2cf
Component: engine
 2014-05-22 20:53:36 +00:00
Victor Vieux
f41d7794be Merge pull request #5976 from crosbymichael/getpids 
Move get pid into cgroup implementation
Upstream-commit: 55d41c3e21e1593b944c06196ffb2ac57ab7f653
Component: engine
 2014-05-21 19:09:50 -07:00
Victor Vieux
69fad1b67f Merge pull request #5922 from crosbymichael/host-dev-priv 
Mount /dev in tmpfs for privileged containers
Upstream-commit: 5a0a03e3942651a07858c278c4b40a0ead50eccb
Component: engine
 2014-05-21 18:56:24 -07:00
Michael Crosby
189f43a3ba Move get pid into cgroup implementation 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 811d93326bc2d9451eb444e2343bb3063611de7a
Component: engine
 2014-05-21 21:14:07 +00:00
Tianon Gravi
d2e4e6b069 Revert "Always mount a /run tmpfs in the container" 
This reverts commit 905795ece624675abe2ec2622b0bbafdb9d7f44c.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 8e967fe8028d8362fe3dfb293a8e07a959a4dd7f
Component: engine
 2014-05-21 14:28:19 -06:00
Michael Crosby
37f08c7066 Update code post codereview 
Add specific types for Required and Optional DeviceNodes
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: f042c3c15759fce5cc139f2b3362b791ac7d4829
Component: engine
 2014-05-21 00:40:41 +00:00
Michael Crosby
34fdbfe296 Update documentation for container struct in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ed5892ed4efa995950e2fdeb5fd718b3bb1aa1c2
Component: engine
 2014-05-20 23:34:46 +00:00
Michael Crosby
ada6c057b6 Mount /dev in tmpfs for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 34c05c58c8d41ee2bb02cd8059e9928ee2f061ea
Component: engine
 2014-05-20 22:51:24 +00:00
Alexander Larsson
d043d726b2 cgroups: Allow mknod for any device in systemd cgroup backend 
Without this any container startup fails:
2014/05/20 09:20:36 setup mount namespace copy additional dev nodes mknod fuse operation not permitted

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 602950435056baa939f428223b6d3ff26ca5403d
Component: engine
 2014-05-20 09:29:32 +02:00
Michael Crosby
9b9e25f1db Make sure dev/fuse is created in container 
Fixes #5849

If the host system does not have fuse enabled in the kernel config we
will ignore the is not exist errors when trying to copy the device node
from the host system into the container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: a87bcefb8bf0cee47bf114a46fc33708ce843208
Component: engine
 2014-05-19 20:46:59 +00:00
Victor Marmol
4bebb62399 Merge pull request #5903 from alexlarsson/writable-proc 
Make /proc writable, but not /proc/sys and /proc/sysrq-trigger
Upstream-commit: 30bd2bbc83b746a1d4527a5c57363bcb9bab34d6
Component: engine
 2014-05-19 12:21:15 -07:00
Alexander Larsson
c117ccdc5a Make /proc writable, but not /proc/sys and /proc/sysrq-trigger 
Some applications want to write to /proc. For instance:

docker run -it centos groupadd foo

Gives: groupadd: failure while writing changes to /etc/group

And strace reveals why:

open("/proc/self/task/13/attr/fscreate", O_RDWR) = -1 EROFS (Read-only file system)

I've looked at what other systems do, and systemd-nspawn makes /proc read-write
and /proc/sys readonly, while lxc allows "proc:mixed" which does the same,
plus it makes /proc/sysrq-trigger also readonly.

The later seems like a prudent idea, so we follows lxc proc:mixed.
Additionally we make /proc/irq and /proc/bus, as these seem to let
you control various hardware things.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 68493e2f7f9cb8303302e1098e3293b521ace243
Component: engine
 2014-05-19 20:46:05 +02:00
Victor Marmol
adb5b13fc3 Merge pull request #5792 from bernerdschaefer/nsinit-supports-pdeathsig 
Add PDEATHSIG support to nsinit library
Upstream-commit: cb7680b9b919fdc845a857fafc52178c656cf5be
Component: engine
 2014-05-19 11:13:23 -07:00
Michael Crosby
1bd174defc Merge pull request #5865 from crosbymichael/add-all-caps 
Add the rest of the caps so that they are retained in privilged mode
Upstream-commit: 265de539ff4a6fc54c5bf72c8c67d00a533d7f55
Component: engine
 2014-05-19 09:56:55 -07:00
Michael Crosby
f3abdf9b7d Add the rest of the caps so that they are retained in privilged mode 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: e1c7abe8905d4cc034f1ed49e9d102846e412424
Component: engine
 2014-05-19 16:43:31 +00:00
Alexandr Morozov
823bf4bfec Check uid ranges 
Fixes #5647
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 72d1e40c4a3b190319cfa5cb44b5e6f1694100fc
Component: engine
 2014-05-18 20:49:08 +04:00
Victor Vieux
cc28bc2288 add support for CAP_FOWNER 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: a0070f0c17b4f65bdfc5368b93d0fa8636eda03d
Component: engine
 2014-05-17 01:16:07 +00:00
Victor Marmol
e3742d2641 Make libcontainer's CapabilitiesMask into a []string (Capabilities). 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 92614928cecd48b241011e614fa856c4fdbac1f6
Component: engine
 2014-05-17 00:44:10 +00:00
Michael Crosby
538811ef9a Merge pull request #5833 from ActiveState/fix_nsinit_env_panic 
fix panic when passing empty environment
Upstream-commit: 62c3183fc88779479905df8c2f7561c46a08d2ee
Component: engine
 2014-05-16 12:03:26 -07:00
Sridhar Ratnakumar
919aaa7d95 fix panic when passing empty environment 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
Upstream-commit: d787f2731e4242f244e88f047032ad9650f1f8d7
Component: engine
 2014-05-16 11:55:34 -07:00
Victor Marmol
25e8afd42a Merge pull request #5810 from vmarmol/drop-caps 
Change libcontainer to drop all capabilities by default.
Upstream-commit: 01d10d6f13d62d74f850fea2a685b24b7983244e
Component: engine
 2014-05-16 11:51:41 -07:00
Bernerd Schaefer
0b78fad0c6 nsinit.DefaultCreateCommand sets Pdeathsig to SIGKILL 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
Upstream-commit: 6a1d76bc7bc589b53530c03720022f0095b65d55
Component: engine
 2014-05-16 13:48:41 +02:00
Bernerd Schaefer
da3598172a nsinit.Init() restores parent death signal before exec 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
Upstream-commit: 00e1adfeada87100e5e88707309bcdcd674082d6
Component: engine
 2014-05-16 13:48:41 +02:00
Victor Marmol
48bd5989f0 Change libcontainer to drop all capabilities by default. Only keeps 
those that were specified in the config. This commit also explicitly
adds a set of capabilities that we were silently not dropping and were
assumed by the tests.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 9d6875d19d3926faf6287487234ad0b2f1310e9d
Component: engine
 2014-05-16 00:57:58 +00:00
lalyos
dba2ddd068 Fixes 5370 infinite/maxLoopCount loop for relative symlinks 
use path.IsAbs() instead of checking if first char is '/'

Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
Upstream-commit: ad35d522dbfac124225e27f58bf07c61a34d78b5
Component: engine
 2014-05-16 01:03:11 +02:00
lalyos
1092af80f9 Defend against infinite loop when following symlinks 
ideally it should never reach it, but there was already multiple issues with infinite loop
at following symlinks. this fixes hanging unit tests

Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
Upstream-commit: b51c366bfc963687b8cc14df614a2fc10bad6306
Component: engine
 2014-05-16 00:47:20 +02:00
lalyos
28ce705ffc Adding test case for symlink causes infinit loop, reproduces: dotcloud#5370 
normally symlinks are created as either
ln -s /path/existing /path/new-name
or
cd /path && ln -s ./existing new-name

but one can create it this way
cd /path && ln -s existing new-name

this drives FollowSymlinkInScope into infinite loop

Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
Upstream-commit: 8b77a5b7aedb1168707f486ed540edf3e5de8819
Component: engine
 2014-05-16 00:47:20 +02:00
Bernerd Schaefer
ebf36b41a1 Add GetParentDeathSignal() to pkg/system 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
Upstream-commit: 002aa8fc207d803349777cde61426603976ca8ee
Component: engine
 2014-05-15 10:17:44 +02:00
Michael Crosby
1aafe01162 Remove the cgroups maintainer file 
We don't need this because it is covered by the libcontainer MAINTAINERS
file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b22d10e3c541c46cebe7da44fd2f521c4bc653f4
Component: engine
 2014-05-14 16:01:45 -07:00
Michael Crosby
910f9d50e2 Move cgroups package into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 3b7a19def609c8fbadc6559e7f47f8a5a7769a5b
Component: engine
 2014-05-14 15:21:44 -07:00
Bernerd Schaefer
66a02eb50b Setup standard /dev symlinks 
After copying allowed device nodes, set up "/dev/fd", "/dev/stdin",
"/dev/stdout", and "/dev/stderr" symlinks.

Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
[rebased by @crosbymichael]
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 2bc34036b9106318f8564ee36b696ad070b02573
Component: engine
 2014-05-14 13:59:13 -07:00
Guillaume J. Charmes
1394048dd1 Merge pull request #5783 from LK4D4/fix_duplicate_ip_allocation_#5729 
Fix duplicate ip allocation
Upstream-commit: 17a1f470ae3e6f1d7a7c4545983e37bfcfe981ab
Component: engine
 2014-05-14 13:32:27 -07:00
Victor Vieux
94d0641f06 Merge pull request #5756 from crosbymichael/move-units-to-pkg 
Move duration and size to units pkg
Upstream-commit: bc22c9948c5380715338aef63fcc6cccd1a16bd7
Component: engine
 2014-05-14 11:36:14 -07:00
Michael Crosby
ffbe025292 Merge pull request #5791 from bernerdschaefer/nsinit-exec-forwards-signals 
"nsinit exec ..." forwards signals to container
Upstream-commit: 432e42e7154ddc97e57783778a02edb5a95bfaa0
Component: engine
 2014-05-14 11:05:27 -07:00
Victor Vieux
1bdce7b716 Merge pull request #5781 from creack/remove_bind_console 
Remove the bind mount for dev/console which override the mknod/label
Upstream-commit: 3bf1b562e39bed0a4ecdad9b23c6274b80bdc82d
Component: engine
 2014-05-14 10:57:21 -07:00
Bernerd Schaefer
64ee7b470d "nsinit exec ..." forwards signals to container 
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
Upstream-commit: 830c2d7fa3f19a2fba50464273ae19cd2113e689
Component: engine
 2014-05-14 11:01:02 +02:00
Alexandr Morozov
0291829e72 Refactoring collections/orderedintset and benchmarks for it 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 5128feb690e8fd0244d1fecef5f3f5f77598bbfa
Component: engine
 2014-05-14 06:04:12 +04:00
Michael Crosby
396c5aa745 Copy parents cpus and mems for cpuset 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 3de15bda7e1d3ab193094e6e07a5b2e42ea828bd
Component: engine
 2014-05-13 18:01:31 -07:00
Guillaume J. Charmes
435045ce97 Remove the bind mount for dev/console which override the mknod/label 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
Upstream-commit: ae85dd54582e94d36b146ab1688844ed58cc8df3
Component: engine
 2014-05-13 11:59:27 -07:00
Michael Crosby
057bbc9d6a Add MAINTAINERS file to symlink pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ea7647099fcabd73077a403d461e9a0778dda12f
Component: engine
 2014-05-13 11:27:24 -07:00
Michael Crosby
740073112a Update code to handle new path to Follow Symlink func 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ca040b1a377c467a9504ffa256ae77d9e3d29f0c
Component: engine
 2014-05-13 10:54:08 -07:00
Michael Crosby
7c5b416146 Move Follow symlink to pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: dcf81f95fdfe3ac8e97602d2ef2fef03288c15b1
Component: engine
 2014-05-13 10:35:57 -07:00
Alexander Larsson
23ad200555 libcontainer: Ensure bind mount target files are inside rootfs 
Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: b7c7b851dce28bb679e0289168da382d7cdad74b
Component: engine
 2014-05-13 10:24:52 -07:00