These PR does a few things. It ensures that the freezer cgroup is
joined in the systemd driver. It also provides a public api for setting
the freezer state via the cgroups package.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 613f74c1fbbdc5e476d28974d1dbe3727033d083
Component: engine
The systemd support for the devices cgroup lacks two required features:
* Support for wildcards to allow mknod on any device
* Support for wildcards to allow /dev/pts support
The second is available in more recent systemd as "char-pts", but not in e.g. v208 which is in wide use.
Additionally, the current approach of letting systemd set up the devices cgroup and then adding
some devices to it doesn't work, because some times systemd (at least v208) re-initializes
the devices cgroup, overwriting our custom devices. See https://github.com/dotcloud/docker/issues/6009
for the details.
When wildcarded mknod support is available in systemd we should implement a pure systemd version,
but we need to keep the old one around for backwards compat.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 6b8f0e394b3960bba1db982c62c002221419f3f5
Component: engine
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 69989b7c06b0ca6737e83ddf8fcfa2dfccc57a7c
Component: engine
We now have one place that keeps track of (most) devices that are allowed and created within the container. That place is pkg/libcontainer/devices/devices.go
This fixes several inconsistencies between which devices were created in the lxc backend and the native backend. It also fixes inconsistencies between wich devices were created and which were allowed. For example, /dev/full was being created but it was not allowed within the cgroup. It also declares the file modes and permissions of the default devices, rather than copying them from the host. This is in line with docker's philosphy of not being host dependent.
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
Upstream-commit: 608702b98064a4dfd70b5ff0bd6fb45d2429f45b
Component: engine
Remove old Stats interface in libcontainers cgroups package.
Changed Stats to use unit64 instead of int64 to prevent integer overflow issues.
Updated unit tests.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: 72e6e5ff7edc9c054e154897a4c547d89c082293
Component: engine
Without this any container startup fails:
2014/05/20 09:20:36 setup mount namespace copy additional dev nodes mknod fuse operation not permitted
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 602950435056baa939f428223b6d3ff26ca5403d
Component: engine
We don't need this because it is covered by the libcontainer MAINTAINERS
file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b22d10e3c541c46cebe7da44fd2f521c4bc653f4
Component: engine
