p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
6,900 Commits 2 Branches 295 Tags
ba77c9041d513b53c3d70c166dcafe47e46b11c0
Commit Graph

71 Commits

Author SHA1 Message Date
Michael Crosby
842270ca38 Send sigterm to child instead of sigkill 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 39037a91f85a4a072e5aa7e585d8c2f6b211df8a
Component: engine
 2014-03-14 15:42:05 -07:00
Michael Crosby
1080c0f16b Merge pull request #4656 from crosbymichael/fix-ptmx-link 
Always symlink /dev/ptmx for libcontainer
Upstream-commit: 28994f86eef11074f613433893ef345321afef91
Component: engine
 2014-03-13 14:57:17 -07:00
Michael Crosby
75217fbf0a Always symlink /dev/ptmx for libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 747275d30c4d4eb25ca798394cc04db00912adb2
Component: engine
 2014-03-13 14:31:09 -07:00
Alexander Larsson
746b307c72 Move all bind-mounts in the container inside the namespace 
This moves the bind mounts like /.dockerinit, /etc/hostname, volumes,
etc into the container namespace, by setting them up using lxc.

This is useful to avoid littering the global namespace with a lot of
mounts that are internal to each container and are not generally
needed on the outside. In particular, it seems that having a lot of
mounts is problematic wrt scaling to a lot of containers on systems
where the root filesystem is mounted --rshared.

Note that the "private" option is only supported by the native driver, as
lxc doesn't support setting this. This is not a huge problem, but it does
mean that some mounts are unnecessarily shared inside the container if you're
using the lxc driver.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 6c266c4b42eeabe2d433a994753d86637fe52a0b
Component: engine
 2014-03-13 20:01:29 +01:00
srid
8f3c1c1399 nsinit: prefix errors with their source 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
Upstream-commit: 03211ecce07ab64f5263232e1aa3c6248530c5b4
Component: engine
 2014-03-10 17:08:50 -07:00
Michael Crosby
957f74b876 Add env var to toggle pivot root or ms_move 
Use the  DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 36dd124b16a76704a88142fa96bb4bb6260dd821
Component: engine
 2014-03-06 19:30:52 -08:00
Michael Crosby
6f0ad9195c Revert "Revert "libcontainer: Use pivot_root instead of chroot"" 
This reverts commit 82f797f14096430c3edbace1cd30e04a483ec41f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: c38635020accaffa6868f19f308042be051132a0
Component: engine
 2014-03-06 17:19:59 -08:00
Michael Crosby
3e4d7be838 Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"" 
This reverts commit bd263f5b15b51747e3429179fef7fcb425ccbe4a.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 557e4fef4418a251dd3a6817b97e5c1be055cbf3
Component: engine
 2014-03-06 17:19:47 -08:00
unclejack
9ba4572a15 Merge pull request #4512 from crosbymichael/no-pivot-root 
No pivot root because of ramdisk
Upstream-commit: 78dc1ede5202c8867e011582af8752810f817e9f
Component: engine
 2014-03-07 02:54:03 +02:00
Michael Crosby
d96ead6498 Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE" 
This reverts commit 757b5775725fb90262cee1fa6068fa9dcbbff59f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: bd263f5b15b51747e3429179fef7fcb425ccbe4a
Component: engine
 2014-03-06 16:41:03 -08:00
Michael Crosby
cf4ed6c883 Revert "libcontainer: Use pivot_root instead of chroot" 
This reverts commit 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 82f797f14096430c3edbace1cd30e04a483ec41f
Component: engine
 2014-03-06 16:32:06 -08:00
Michael Crosby
c896586b70 Ensure that native containers die with the parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ea9bce8724303656c87c05e9049272258c9827b3
Component: engine
 2014-03-06 16:30:56 -08:00
Michael Crosby
936f96cce5 Remove the ghosts and kill everything 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 772ef99d2816b629d084e11fe7fba5953687b620
Component: engine
 2014-03-06 15:30:26 -08:00
Guillaume J. Charmes
9f58f80f28 Use CGO for apparmor profile switch 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: f0f833c6d795fc8b3fb4bb379f9916745f5c7ac9
Component: engine
 2014-03-06 11:10:58 -08:00
Alexander Larsson
098ea0f413 libcontainer: Don't use UsetCloseOnExec, it is racy 
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.

Instead we just use Cmd.ExtraFiles which handles all this for us.

This fixes https://github.com/dotcloud/docker/issues/4493

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 5c9b28db1853cccdf7a1037eeaad372d12cd68fa
Component: engine
 2014-03-06 14:10:32 +01:00
Michael Crosby
53277b63e3 Some cleanup around logs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 37f137c8221be07943babeb9b107e5aee9a736d5
Component: engine
 2014-03-05 13:50:49 -08:00
Guillaume J. Charmes
c1e434e543 Add AppArmor support to native driver + change pipe/dup logic 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: cb4189a292dc181e26e0506a3a0dc67936c5401b
Component: engine
 2014-03-05 13:08:24 -08:00
Alexander Larsson
90b2106a7f libcontainer: Use MS_PRIVATE instead of MS_SLAVE 
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 757b5775725fb90262cee1fa6068fa9dcbbff59f
Component: engine
 2014-03-05 09:40:54 +01:00
Michael Crosby
876978baea Add shm size cap to mount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b07708c8de5561a43060653d4d532ee0bcd6fd96
Component: engine
 2014-03-04 14:18:40 -08:00
Guillaume J. Charmes
d5fd498efb Remove /dev tmpfs mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 57a47f5bbfe6c82f3cce32aba96fb641f7188eee
Component: engine
 2014-03-04 13:21:22 -08:00
Guillaume J. Charmes
26eb6d1e5d remove /run mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: c74a8b28cd723d6f12a54da16ff91a853958da5c
Component: engine
 2014-03-04 12:32:17 -08:00
Guillaume J. Charmes
37e0bed312 Remove loopback mount bind 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 39d58129c38e8bb868a6fd9a5620837484f6d742
Component: engine
 2014-03-04 12:30:52 -08:00
Alexander Larsson
a4a84bcafe libcontainer: Use pivot_root instead of chroot 
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8
Component: engine
 2014-03-04 12:44:08 +01:00
Michael Crosby
e09257e20a Factor out finalize namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5465fdf00f3ece165cbd3bb680dcc571e81510dd
Component: engine
 2014-03-03 12:15:47 -08:00
Michael Crosby
49fbe66f4f Allow child process to live if daemon dies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: fdeea90fc806d8d2cccdc76a6ecb214dd03093ec
Component: engine
 2014-02-27 09:33:36 -08:00
Michael Crosby
02cbc6e6b4 Code review updates 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: fb08b8b221a9a722910d63db678ffb5a8f91b517
Component: engine
 2014-02-26 19:21:46 -08:00
Michael Crosby
21edb8542e Ensure that loopback devices are mounted inside the conatiner 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 7cd224594733e5fa0560cb912e3cf2dcef168370
Component: engine
 2014-02-26 17:21:09 -08:00
Michael Crosby
3258d9a2a3 Make network a slice to support multiple types 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 70820b69ec2b82ab150af9b8829e37843f67f75a
Component: engine
 2014-02-26 14:20:41 -08:00
Michael Crosby
9248431c6a Fix cross compile for make cross 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 93ed15075c43d521f05f4b8f96264efb7fe174e4
Component: engine
 2014-02-25 15:19:13 -08:00
Michael Crosby
0cd1a2f6a4 Move container.json and pid file into a root specific driver dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 96e33a7646b3669632f48ed1071aeb61b8016be1
Component: engine
 2014-02-25 12:41:31 -08:00
Guillaume J. Charmes
a70a6bdd53 Better capability/namespace management 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 91bf120c51dec3bae98a1974929e2ae8107340c0
Component: engine
 2014-02-24 21:52:29 -08:00
Michael Crosby
0460b2181f Refactor and improve libcontainer and driver 
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: f8453cd0499a51f5d3ffd2c2a6012972aef7f69f
Component: engine
 2014-02-24 21:11:52 -08:00
Michael Crosby
3dcdf3e0d6 Improve logging for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 9cb4573d33607bc32e7db19981b3e9d5eaf449a0
Component: engine
 2014-02-24 18:38:36 -08:00
Michael Crosby
aef5af9f3c Cgroups allow devices for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: a76407ac61dd57429a1350f840c323f45a97b27f
Component: engine
 2014-02-24 15:47:23 -08:00
Michael Crosby
3e4914e9af Honor user passed on container in nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 1c79b747bb10a389249aba90ad217ca0128afb74
Component: engine
 2014-02-24 13:52:56 -08:00
Michael Crosby
07cc777e62 Fix tests with dockerinit lookup path 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 01f9815b55742654b2f35d13c3aba6a9e48634c7
Component: engine
 2014-02-24 13:40:17 -08:00
Michael Crosby
0c8ed4441e Refactor driver to use Exec function from nsini 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: fac41af25bd5f42269424a788783a4280dd7fc9c
Component: engine
 2014-02-22 01:21:26 -08:00
Michael Crosby
db3809fb13 Abstract out diff implementations for importing 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ae423a036e6f884572491b1ff5ef8a626b1592aa
Component: engine
 2014-02-22 00:29:21 -08:00
Michael Crosby
5daf4091ff Add syncpipe for passing context 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 2412656ef54cb4df36df2f8122e1fda24ec8e8a4
Component: engine
 2014-02-21 22:58:30 -08:00
Michael Crosby
3e12f802f5 Refactor exec method 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: dd59f7fb286f2abff6cee2699e62fff564425149
Component: engine
 2014-02-21 22:37:09 -08:00
Michael Crosby
5eca2c008a Refactor network creation and initialization into strategies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5a4069f3aacd0dc30ee7c5dd97f0dc9a6e416f35
Component: engine
 2014-02-21 22:26:07 -08:00
Michael Crosby
7b25c9e59d Export functions of nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 9876e5b8901199bad2ab424593131d574b582bf9
Component: engine
 2014-02-21 21:14:21 -08:00
Michael Crosby
4fbf234237 Initial commit of libcontainer running docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 2419e63d243255ef38f16799ffdc64084aa18fe4
Component: engine
 2014-02-21 17:23:49 -08:00
Michael Crosby
dd4492ebc4 Pass tty master to Exec 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 332755b99d345a8ffbf4fb636ca8fed604a233c0
Component: engine
 2014-02-21 16:40:32 -08:00
Michael Crosby
e38028e81a Pass pipes into Exec function 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: c8fd81c27821576f339ccf4fd85c47375ba34042
Component: engine
 2014-02-21 16:28:43 -08:00
Michael Crosby
e210f44a11 Use lookup path for init 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: a352ecb01a788eff3446fe12191ca0434fce1eed
Component: engine
 2014-02-21 16:17:18 -08:00
Michael Crosby
eb2bb513c8 User os.Args[0] as name to reexec 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ba025cb75cceaa8536d0d512889ea86f13349950
Component: engine
 2014-02-21 15:32:50 -08:00
Michael Crosby
2c3593d92d Add good logging support to both sides 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 50c752fcb06497e9e597049a1007c53d77032d17
Component: engine
 2014-02-21 14:56:17 -08:00
Michael Crosby
8be796c4b1 Move tty into container.json 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 7f247e7006761ac8922a58651a76b194a4655ffa
Component: engine
 2014-02-21 14:56:17 -08:00
Michael Crosby
71f9b20db7 Refactor the flag management for main 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 6b2e963ce0aef802e60eafe0e895f24abb294a07
Component: engine
 2014-02-21 14:56:17 -08:00