p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23,038 Commits 2 Branches 295 Tags
ba90d2ea1663fc748c8b0f54b51a3c73468c041d
Commit Graph

7 Commits

Author SHA1 Message Date
Dan Walsh
1a4e7d1b20 Make mqueue container specific 
mqueue can not be mounted on the host os and then shared into the container.
There is only one mqueue per mount namespace, so current code ends up leaking
the /dev/mqueue from the host into ALL containers.  Since SELinux changes the
label of the mqueue, only the last container is able to use the mqueue, all
other containers will get a permission denied.  If you don't have SELinux protections
sharing of the /dev/mqueue allows one container to interact in potentially hostile
ways with other containers.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Upstream-commit: ba38d58659cc155aebf89a2ea4cfc3cd7ba04a64
Component: engine
 2016-02-05 16:50:35 +01:00
Alexander Morozov
d9a92e1dc3 Choose default-cgroup parent by cgroup driver 
It's "/docker" for cgroupfs and "system.slice" for systemd.

Fix #19140

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: c1cd45d547ef26cf988dc72d456430361dafcf08
Component: engine
 2016-01-07 08:56:26 -08:00
Srini Brahmaroutu
4da63ae80d update runc to the latest code base to fix gccgo build 
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
Upstream-commit: 998263170750ee5504bc4fe23f9a3d1f797e2a41
Component: engine
 2016-01-06 00:02:56 +00:00
Jess Frazelle
5eac08b5e9 Merge pull request #18395 from LK4D4/default_cgroup_is_not_daemon 
Use /docker as cgroup parent instead of docker
Upstream-commit: ff69b23dc09e544fb8ae9dccbd1f7992d2005b70
Component: engine
 2015-12-17 13:59:00 -08:00
Mrunal Patel
fbb93e6251 Update runc/libcontainer to v0.0.6 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Upstream-commit: e8f7d5885dad5364b25a8f1efa8bb6b29afa89b1
Component: engine
 2015-12-11 15:24:32 -05:00
Alexander Morozov
329ce171d3 Use /docker as cgroup parent instead of docker 
It means that containers will be created under root cgroup and not under
daemon cgroup.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 4b55765c11b3ae3bc02385ad17fe2a3c419e71bc
Component: engine
 2015-12-03 08:42:45 -08:00
John Howard
63f9fb3569 Windows: Fix native exec template 
Signed-off-by: John Howard <jhoward@microsoft.com>
Upstream-commit: be2f53ece8a57907ec9a1855f4d0c06a086c206b
Component: engine
 2015-10-31 11:39:19 -07:00