f2b5fc4e3c
Merge pull request #5411 from crosbymichael/lockdown
...
Update default restrictions for exec drivers
Upstream-commit: 44140f7909ac65206d300fa9a39ae06cc27d1847
Component: engine
2014-04-26 03:27:56 +03:00
69a18c6508
Separating cgroup Memory and MemoryReservation.
...
This will allow for these to be set independently. Keep the current Docker behavior where Memory and MemoryReservation are set to the value of Memory.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com > (github: vmarmol)
Upstream-commit: f188b9f623e23ee624aca8654bf00f49ee3bae29
Component: engine
2014-04-24 11:09:38 -07:00
b3bc92caaf
Increment native driver version with these changes
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 2d6c3674349c09318e8d1fb3ce43dbabc15c97da
Component: engine
2014-04-24 10:35:20 -07:00
a750afc31e
Mount over dev and only copy allowed nodes in
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 5ba1242bdc309352c2b0b9a1ef9e07fe835e4857
Component: engine
2014-04-24 10:35:20 -07:00
20ba5d97da
No not mount sysfs by default for non privilged containers
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 81e5026a6afb282589704fd5f6bcac9ed50108ea
Component: engine
2014-04-24 10:35:20 -07:00
bdab73285c
Add lxc support for restricting proc
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 0779a8c3287fbf7ff1938df10897b551b839cbee
Component: engine
2014-04-24 10:35:20 -07:00
9da373d6b1
Add restrictions to proc in libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 60a90970bc4add3547064004f08c19ab5027141b
Component: engine
2014-04-24 10:35:19 -07:00
1ea14534fa
Merge branch 'master' into load-profile
...
Conflicts:
daemon/execdriver/native/create.go
daemon/execdriver/native/driver.go
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net > (github: creack)
Upstream-commit: 813cebc64fb4b628e2938405d86144060c330eb9
Component: engine
2014-04-21 10:32:13 -07:00
f7be50364d
Rename runtime/* to daemon/*
...
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com > (github: alexlarsson)
Upstream-commit: 359b7df5d2af5733b8a1ea6746d062053053b23e
Component: engine
2014-04-17 14:43:01 -07:00
