p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,900 Commits 2 Branches 295 Tags
ba77c9041d513b53c3d70c166dcafe47e46b11c0
Commit Graph

7 Commits

Author SHA1 Message Date
Alexander Larsson
1cf50c0291 Move .dockerenv parsing to lxc driver 
This is not needed for e.g. the native driver

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 636959e20ae368e470a5c2420aae4528245b2cf6
Component: engine
 2014-03-13 20:01:29 +01:00
Michael Crosby
a7d9996138 Cleanup some statements from exec driver work 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 9e3da87a3a6fea21194ceb9dbd30a39d043a48a4
Component: engine
 2014-02-14 17:28:50 -08:00
Michael Crosby
750f4cb5c2 Merge pull request #4059 from alexlarsson/no-netadmin-caps 
lxc: Drop NET_ADMIN capability in non-privileged containers
Upstream-commit: 3c215ba41005f225a07ebc8806216acdb746c671
Component: engine
 2014-02-11 14:20:34 -05:00
Alexander Larsson
96a42d5055 lxc: Drop NET_ADMIN capability in non-privileged containers 
With this capability set the container can e.g. change the ip address
of his devices to that of another container on the docker0 bridge. In
a quick test I was able to listen to a port on a different ip than the
one docker assigned me, but was not able to hijack an open port
redirection that another container had open. Maybe its possible with
some more knowledge of networking though.

Anyway, network setup is meant to be handled by docker, not the apps,
so I believe denying this is generally in the spirit of docker, and
it closes down potential security issues.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 02fddffd51da782f912e2709ea814c330269515b
Component: engine
 2014-02-11 11:17:34 +01:00
Tianon Gravi
1ed42315f3 Move UserLookup functionality into a separate pkg/user submodule that implements proper parsing of /etc/passwd and /etc/group, and use that to add support for "docker run -u user:group" and for getting supplementary groups (if ":group" is not specified) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: ee93f6185be3ae73c16cf41ae397bae3ce2f6c55
Component: engine
 2014-01-31 20:15:24 -07:00
Michael Crosby
d65bec8d4a Small fixes to type names 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ca8dd73fbfa7aca0768278ff1ff9671f80c48138
Component: engine
 2014-01-17 17:42:22 -08:00
Guillaume J. Charmes
ab79ba703f Move docker init into drivers functions 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: crosbymichael)
Upstream-commit: f7684ea7f61c0c69033c27605e9ad9a0a76e74cd
Component: engine
 2014-01-17 17:42:22 -08:00