ba77c9041d
refactor(libcontainer): rename to CapabilitiesMask
...
The Capabilities field on libcontainer is actually used as a mask.
Rename the field so that this is more clear.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com > (github: philips)
Upstream-commit: 128381e0f0372f10f88a847087aa91a972770c4b
Component: engine
2014-03-17 11:07:12 -07:00
842270ca38
Send sigterm to child instead of sigkill
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 39037a91f85a4a072e5aa7e585d8c2f6b211df8a
Component: engine
2014-03-14 15:42:05 -07:00
0e6df3669c
Update libcontainer readme and todo list
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: cbd2a30cd6185d1469f82f8b6693d6158c93d54a
Component: engine
2014-03-13 15:18:08 -07:00
1080c0f16b
Merge pull request #4656 from crosbymichael/fix-ptmx-link
...
Always symlink /dev/ptmx for libcontainer
Upstream-commit: 28994f86eef11074f613433893ef345321afef91
Component: engine
2014-03-13 14:57:17 -07:00
596209d4bb
Merge pull request #4422 from alexlarsson/internal-mounts
...
Move all bind-mounts in the container inside the namespace
Upstream-commit: c7ea6e5da80af3d9ba7558f876efbf0801d988d8
Component: engine
2014-03-13 14:55:29 -07:00
75217fbf0a
Always symlink /dev/ptmx for libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 747275d30c4d4eb25ca798394cc04db00912adb2
Component: engine
2014-03-13 14:31:09 -07:00
0238b3e45c
Merge pull request #4624 from creack/fix_apparmor_init
...
Fix issue when /etc/apparmor.d does not exists
Upstream-commit: 192917a1cbfd325cd4d141d76703a3ccfd6e60e7
Component: engine
2014-03-13 14:04:13 -07:00
746b307c72
Move all bind-mounts in the container inside the namespace
...
This moves the bind mounts like /.dockerinit, /etc/hostname, volumes,
etc into the container namespace, by setting them up using lxc.
This is useful to avoid littering the global namespace with a lot of
mounts that are internal to each container and are not generally
needed on the outside. In particular, it seems that having a lot of
mounts is problematic wrt scaling to a lot of containers on systems
where the root filesystem is mounted --rshared.
Note that the "private" option is only supported by the native driver, as
lxc doesn't support setting this. This is not a huge problem, but it does
mean that some mounts are unnecessarily shared inside the container if you're
using the lxc driver.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com > (github: alexlarsson)
Upstream-commit: 6c266c4b42eeabe2d433a994753d86637fe52a0b
Component: engine
2014-03-13 20:01:29 +01:00
5a323c5f4c
Use BSD raw mode on darwin. Fixes nano, tmux and others
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net > (github: creack)
Upstream-commit: 029aac96396f5a9d76adf5e4675d27321273dfbd
Component: engine
2014-03-13 11:11:02 -07:00
69e0188d27
Fix issue when /etc/apparmor.d does not exists
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net > (github: creack)
Upstream-commit: 6a325f1c7a243689ecf01f257ac7afb95fea7ec2
Component: engine
2014-03-12 11:13:24 -07:00
8980d7490c
improve deprecation message
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com > (github: vieux)
Upstream-commit: f0eb227548427f6fc829f2b270ad83d22bd90c69
Component: engine
2014-03-12 00:51:46 +00:00
84def4f523
Update email + add self to pkg/signal
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net > (github: creack)
Upstream-commit: 915d967f556bc7bb3faea34db8a06ea64fd5de92
Component: engine
2014-03-10 20:26:45 -07:00
ed3716396b
Like signal_linux.go, we don't have import os and os/signal
...
Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com > (github: kzys)
Upstream-commit: b2cd89056f5c49746ee668946ce4e1771f3ce368
Component: engine
2014-03-11 23:14:58 +09:00
11f1b48016
Merge pull request #4563 from creack/signal-improvment
...
Signal improvments
Upstream-commit: b5a544b02e2d6f5e880064f327bcb1d5d866e30e
Component: engine
2014-03-10 17:59:17 -07:00
6afe06b48d
Merge pull request #4515 from vieux/improve_sort_flags
...
improve alpha sort in mflag
Upstream-commit: 923962a4b5e8787449ff247400f0b30b4b04835d
Component: engine
2014-03-10 17:45:41 -07:00
9db05a87c8
Make docker use the signal pkg with strings
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net > (github: creack)
Upstream-commit: 157f24ca77a38f7c5c2b22322a2a353d5098a21e
Component: engine
2014-03-10 17:36:47 -07:00
9d9d39b644
Create portable signalMap
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net > (github: creack)
Upstream-commit: 10dc16dcd3aa82be256e5072a25dcf18af8e3844
Component: engine
2014-03-10 17:36:41 -07:00
357d278b81
Move signal to pkg
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net > (github: creack)
Upstream-commit: c5632622391921160687f3e0155bdfe3d3cfc07d
Component: engine
2014-03-10 17:36:32 -07:00
8f3c1c1399
nsinit: prefix errors with their source
...
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name > (github: srid)
Upstream-commit: 03211ecce07ab64f5263232e1aa3c6248530c5b4
Component: engine
2014-03-10 17:08:50 -07:00
9ff573ff6e
Merge pull request #3985 from creack/add_freebsd_support
...
Add freebsd client support
Upstream-commit: 8bcb156694152d90698c3a0cb7b9cf539a838f8e
Component: engine
2014-03-11 00:58:30 +02:00
519289ece2
Update bsd specs
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com > (github: creack)
Upstream-commit: 6ccfb7fb9af207a9999c60e57d1c9486ca949a5e
Component: engine
2014-03-10 15:19:08 -07:00
5bd0f32f99
move opts out of pkg because it's related to docker
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com > (github: vieux)
Upstream-commit: fde5f573d39020476c08ed25fac0a6306f7b18cc
Component: engine
2014-03-10 21:10:23 +00:00
6a607918e7
remove utils.go
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com > (github: vieux)
Upstream-commit: d648708d02134c3dc6788ad21325224d849b3b8f
Component: engine
2014-03-10 21:06:27 +00:00
66069773bc
Merge branch 'master' into add_freebsd_support
...
Conflicts:
archive/archive.go
archive/start_unsupported.go
Upstream-commit: bb43761940848650c1eab3c097d826892bd5b140
Component: engine
2014-03-10 13:20:49 -07:00
ddfc798df3
handle capital
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com > (github: vieux)
Upstream-commit: 7da37fec13a0097284ffbbe05514de477cd98677
Component: engine
2014-03-07 23:40:45 +00:00
957f74b876
Add env var to toggle pivot root or ms_move
...
Use the DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 36dd124b16a76704a88142fa96bb4bb6260dd821
Component: engine
2014-03-06 19:30:52 -08:00
3398dcb261
improve alpha sort in mflag
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com > (github: vieux)
Upstream-commit: 3729ece2ea1c4aad286b7535a7c137045a9da107
Component: engine
2014-03-07 02:20:59 +00:00
6f0ad9195c
Revert "Revert "libcontainer: Use pivot_root instead of chroot""
...
This reverts commit 82f797f14096430c3edbace1cd30e04a483ec41f.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: c38635020accaffa6868f19f308042be051132a0
Component: engine
2014-03-06 17:19:59 -08:00
3e4d7be838
Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE""
...
This reverts commit bd263f5b15b51747e3429179fef7fcb425ccbe4a.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 557e4fef4418a251dd3a6817b97e5c1be055cbf3
Component: engine
2014-03-06 17:19:47 -08:00
9ba4572a15
Merge pull request #4512 from crosbymichael/no-pivot-root
...
No pivot root because of ramdisk
Upstream-commit: 78dc1ede5202c8867e011582af8752810f817e9f
Component: engine
2014-03-07 02:54:03 +02:00
d96ead6498
Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"
...
This reverts commit 757b5775725fb90262cee1fa6068fa9dcbbff59f.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: bd263f5b15b51747e3429179fef7fcb425ccbe4a
Component: engine
2014-03-06 16:41:03 -08:00
cf4ed6c883
Revert "libcontainer: Use pivot_root instead of chroot"
...
This reverts commit 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 82f797f14096430c3edbace1cd30e04a483ec41f
Component: engine
2014-03-06 16:32:06 -08:00
c896586b70
Ensure that native containers die with the parent
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: ea9bce8724303656c87c05e9049272258c9827b3
Component: engine
2014-03-06 16:30:56 -08:00
936f96cce5
Remove the ghosts and kill everything
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 772ef99d2816b629d084e11fe7fba5953687b620
Component: engine
2014-03-06 15:30:26 -08:00
ecf60ced9e
Merge pull request #4506 from creack/fix_apparmor
...
Use CGO for apparmor profile switch
Upstream-commit: b722aa21b7ddfd558c2a36c8301d61b011221197
Component: engine
2014-03-06 13:37:34 -08:00
24c5efffe2
Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu)
...
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com > (github: tianon)
Upstream-commit: 0b23393ba1901df3d08916fa977707db58699eca
Component: engine
2014-03-06 13:39:17 -07:00
2ebfedab6d
Add buildflags to allow crosscompilation for apparmor
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com > (github: creack)
Upstream-commit: c89fa6645ef87e1863ef5812bd42176f5bd987ca
Component: engine
2014-03-06 12:05:03 -08:00
feec772c9b
Merge pull request #4503 from unclejack/attempt_to_fix_apparmor_profile
...
remove dbus from apparmor profile for Ubuntu 12.04
Upstream-commit: 31f62b934b7edc4942a6535d28954c0122748509
Component: engine
2014-03-06 11:20:06 -08:00
9f58f80f28
Use CGO for apparmor profile switch
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com > (github: creack)
Upstream-commit: f0f833c6d795fc8b3fb4bb379f9916745f5c7ac9
Component: engine
2014-03-06 11:10:58 -08:00
22c0393b79
remove dbus from apparmor profile
...
This removes the dbus entry from the apparmor profile Docker creates.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com > (github: unclejack)
Upstream-commit: 46fdb6af8ecc804b204fc93ab6d8d4a5f7503860
Component: engine
2014-03-06 19:47:03 +02:00
098ea0f413
libcontainer: Don't use UsetCloseOnExec, it is racy
...
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.
Instead we just use Cmd.ExtraFiles which handles all this for us.
This fixes https://github.com/dotcloud/docker/issues/4493
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com > (github: alexlarsson)
Upstream-commit: 5c9b28db1853cccdf7a1037eeaad372d12cd68fa
Component: engine
2014-03-06 14:10:32 +01:00
50624219ad
Generate and load custom docker profile for apparmor
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com > (github: creack)
Upstream-commit: 920a6ca54ce98673d0c9a6a9502a469c1c225c75
Component: engine
2014-03-05 15:02:11 -08:00
53277b63e3
Some cleanup around logs
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 37f137c8221be07943babeb9b107e5aee9a736d5
Component: engine
2014-03-05 13:50:49 -08:00
c1e434e543
Add AppArmor support to native driver + change pipe/dup logic
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com > (github: creack)
Upstream-commit: cb4189a292dc181e26e0506a3a0dc67936c5401b
Component: engine
2014-03-05 13:08:24 -08:00
ceba53329c
fix panic with only long flags or only one deprecatd
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com > (github: vieux)
Upstream-commit: 069dc7f8c7bc3eaf61ddd926636aacce5f1ed1ee
Component: engine
2014-03-05 19:45:57 +00:00
fdbd555f75
fix usage for completly deprecated flag
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com > (github: vieux)
Upstream-commit: 089bf5e11e4284a6ed07dc165098bb269dfddf46
Component: engine
2014-03-05 19:27:39 +00:00
b24c7af61f
Merge pull request #4278 from alexlarsson/system
...
Create pkg/system and move stuff there from archive
Upstream-commit: 858d0356fda68da36946dc5d7e1b2ad64153b6ae
Component: engine
2014-03-05 12:32:35 -05:00
42b0cd2529
Create pkg/system and move stuff there from archive
...
This is a package for generic system calls etc that for some reason
is not yet supported by "syscall", or where it is different enough
for the different ports to need portability wrappers.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com > (github: alexlarsson)
Upstream-commit: d6114c0da0e844199e3d23c60a04434566fb5392
Component: engine
2014-03-05 14:05:32 +01:00
90b2106a7f
libcontainer: Use MS_PRIVATE instead of MS_SLAVE
...
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com > (github: alexlarsson)
Upstream-commit: 757b5775725fb90262cee1fa6068fa9dcbbff59f
Component: engine
2014-03-05 09:40:54 +01:00
876978baea
Add shm size cap to mount
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: b07708c8de5561a43060653d4d532ee0bcd6fd96
Component: engine
2014-03-04 14:18:40 -08:00
