For the cases where --bip option is used it is sometimes best to disable
IP masquerading as the provided bridge IP range may be routable.
Signed-off-by: Eugene Yakubovich <eugene.yakubovich@coreos.com>
Upstream-commit: 4dc4d56db9797159e2e329845e0b94e3e0f780a0
Component: engine
This adds a --add-host host:ip flag which appends lines to /etc/hosts. This is needed in places where you want the container to get a different name resolution than it would through DNS. This was submitted before as #5525, closed, and now I am re-opening. It has come up 2 or 3 times in the last couple days.
Signed-off-by: Tim Hockin <thockin@google.com>
Upstream-commit: 68e48b65a64df10fc797cbaa89d6caa2188eadc9
Component: engine
This exposes the already existing "create container" operation. It is
very similar to "docker run -d" except it doesn't actually start the
container, but just prepares it. It can then be manually started using
"docker start" at any point.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Conflicts:
api/client/commands.go
runconfig/parse.go
server/container.go
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 3a90004f3c2d86ec849f4674c8046693ea061ed1
Component: engine
Some graphdrivers are Differs and type assertions are made
in various places throughout the project. Differ offers some
convenience in generating/applying diffs of filesystem layers
but for most graphdrivers another code path is taken.
This patch brings all of the logic related to filesystem
diffs in one place, and simplifies the implementation of some
common types like Image, Daemon, and Container.
Signed-off-by: Josh Hawn <josh.hawn@docker.com>
Upstream-commit: dee6b481fe0da1d845261ffff2e610fb05898d3c
Component: engine
Fixed a bug in daemon that resulted in accessing of a closed pipe.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: c786a8ee5e9db8f5f609cf8721bd1e1513fb0043
Component: engine
Use utils.RFC3339NanoFixed ("2006-01-02T15:04:05.000000000Z07:00")
instead of time.RFC3339Nano to format our log timestamps - this way
things are aligned, in particular the nano seconds are padded with zeros
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: cd7a5f5c0998f288f71d307076e661ed54f1a5f1
Component: engine
1. /container/<name>/exec - Creates a new exec command instance in the daemon and container '<name>'. Returns an unique ID for each exec command.
2. /exec/<name>/start - Starts an existing exec command instance. Removes the exec command from the daemon once it completes.
Adding /exec/<name>/resize to resize tty session of an exec command.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: bfebdfde78753f85d53d62634654de0b80f6872d
Component: engine
Fixes#7845 and #7801, and a real pain point I had :)
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
Upstream-commit: b2efdc538de47d37718b8972cd6703be32fc23c2
Component: engine
This method indicates that container using private network stack
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 080ca8619172b020c7da29b46f2fe4c939bb47ca
Component: engine
Adds support for a --registry-mirror=scheme://<host>[:port]
daemon flag. The flag may be present multiple times. If
provided, mirrors are prepended to the list of endpoints used
for image pull. Note that only mirrors of the public
index.docker.io registry are supported, and image/tag resolution
is still performed via the official index.
Docker-DCO-1.1-Signed-off-by: Tim Smith <timbot@google.com> (github: timbot)
Upstream-commit: 69a75c673ccf0aebf19c7b350243f1b0cefad8be
Component: engine
commit 4aa5da278f49c889d43191f82ff42d3a95266d62 moves `Console` from Command to
ProcessConfig, but missed the change in lxc_template. Therefore creating a
container with tty using lxc driver with fail with error
template: lxc:60:20: executing "lxc" at <.Console>: Console is not a field of
struct type struct { *execdriver.Command; AppArmor bool; ProcessLabel string; MountLabel string }
This changes lxc_console template to refers to `.ProcessConfig.Console`
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Upstream-commit: 4b3b54ca388cd49cd790def66fbce9af2be2f20f
Component: engine
Since these will be shared between containers we want to label
them as svirt_sandbox_file_t:s0. That will allow multiple containers
to write to them.
Currently we are allowing container domains to read/write all content in
/var/lib/docker because of container volumes. This is a big security hole
in our SELinux story.
This patch will allow us to tighten up the security of docker containers.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 73617e5e18159e5f791d2860c7857cd5dea31be4
Component: engine
