p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,784 Commits 2 Branches 295 Tags
d43500e59be063d4c8dc732815efe8cbaa413f45
Commit Graph

167 Commits

Author SHA1 Message Date
Victor Vieux
b3f05f4dd1 Merge pull request #5449 from tianon/remove-libcontainer-root-special-case 
Remove "root" and "" special cases in libcontainer
Upstream-commit: eb6a1c9f499b5e0abbc1f5e040d69f1802deeb2f
Component: engine
 2014-04-28 16:29:08 -07:00
Rohit Jnagal
7fb7f768a7 Merge branch 'master' into libcontainer-fixes 
Conflicts:
	pkg/libcontainer/README.md
	pkg/libcontainer/container.json

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
Upstream-commit: c44c51e3ce1680ec2a74fc62f246490f61d7590c
Component: engine
 2014-04-28 23:04:04 +00:00
Tianon Gravi
a196538cc3 Remove "root" and "" special cases in libcontainer 
These are unnecessary since the user package handles these cases properly already (as evidenced by the LXC backend not having these special cases).

I also updated the errors returned to match the other libcontainer error messages in this same file.

Also, switching from Setresuid to Setuid directly isn't a problem, because the "setuid" system call will automatically do that if our own effective UID is root currently: (from `man 2 setuid`)

    setuid() sets the effective user ID of the calling process.  If the
    effective UID of the caller is root, the real UID and saved set-user-
    ID are also set.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: d98069030dc842741fdff16e1818f2a34ec0167f
Component: engine
 2014-04-28 16:46:03 -06:00
Rohit Jnagal
c0a79693ae Updated sample config to be usable. We should change the namespace 
config to not need "value" later.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
Upstream-commit: 8cdb720d26197e448587a21894069ee8a20e8aa0
Component: engine
 2014-04-25 21:10:23 +00:00
Rohit Jnagal
ecc3df07ca Updated sample config and README to match the default template for 
native execdriver.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
Upstream-commit: 24f978094dc5c9eae0ca60001b65256b2b30f2c8
Component: engine
 2014-04-25 06:02:30 +00:00
Rohit Jnagal
4c71977a35 Improved README formatting. 
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
Upstream-commit: 580c2620e7b92d9aee7c1cd033ca987dda161cf1
Component: engine
 2014-04-25 01:23:48 +00:00
Rohit Jnagal
d8ab1ab869 Add enabled option to namespaces and capabilities spec in 
container.json. Although we don't yet check for enabled everywhere.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
Upstream-commit: 569b23413502713342b605abaf917f664d206a4b
Component: engine
 2014-04-25 01:10:11 +00:00
Rohit Jnagal
04161acf75 Fix typos in nsinit logs. 
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
Upstream-commit: 0aacca3ae6fa7d46a3e2c4e60e71f67c9a4c64e5
Component: engine
 2014-04-25 00:20:14 +00:00
Rohit Jnagal
df00ac1430 Fix container.json sample to be loadable by nsinit. 
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
Upstream-commit: 14b2a9de874ab80aaaa942b7b8a226bb56dfcd7f
Component: engine
 2014-04-25 00:17:45 +00:00
Michael Crosby
4269c4b6a6 Ignore isnot exists errors for proc paths 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: d5c9f61ecc1c8167322a8cc3b41f29a35c80b9b8
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
72d2138bac Update init for new apparmor import path 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: fa5cabf9fe9e257d64638043ca2fd08a7bf96cb3
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
bccf8f7f86 Update container.json and readme 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 2d31aeb911fc94baa88f975110c5ccd45d041acb
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
8ab9384720 Move capabilities into security pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 7a0b3610664c2269fd5932f294adae72e6e54020
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
28044eef7b Move mounts into types.go 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 156987c118f6f4067794e09e90aabeee0002d05c
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
c05360ff3b Move rest of console functions to pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: a949d39f195e7b87288b10b0ef31843e6a3d8eb0
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
0099e7d236 Refactor mounts into pkg to make changes easier 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 05b611574f85c7ff7d479e04e01ac2b57b233591
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
0cfbbc14e7 Move console into its own package 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: de3d51b0a824e31d7e245aed958d53f436456699
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
a750afc31e Mount over dev and only copy allowed nodes in 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5ba1242bdc309352c2b0b9a1ef9e07fe835e4857
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
20ba5d97da No not mount sysfs by default for non privilged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 81e5026a6afb282589704fd5f6bcac9ed50108ea
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
9da373d6b1 Add restrictions to proc in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 60a90970bc4add3547064004f08c19ab5027141b
Component: engine
 2014-04-24 10:35:19 -07:00
Michael Crosby
4b4b1b7313 Move apparmor into security sub dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: d26ea78e42ebf18219b88e01c6252f30aa764aa2
Component: engine
 2014-04-24 10:35:19 -07:00
Guillaume J. Charmes
e178abd17a Merge pull request #5328 from crosbymichael/refactor-cgroups 
Refactor cgroups into subsystems and support metrics
Upstream-commit: 781671245778c8cfdde1892204bb10899020b0d8
Component: engine
 2014-04-21 14:06:17 -07:00
Michael Crosby
fec63c3950 Move raw cgroups into fs package (filesystem) 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 06db0604e5e5438dc14e13a069ebddcab7bb4bc6
Component: engine
 2014-04-18 21:34:26 -07:00
Michael Crosby
91235494a6 Move systemd code into pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ec43ec50b44cff3f043c78cad97466c68e2ba8cd
Component: engine
 2014-04-18 21:30:08 -07:00
Michael Crosby
0b62a2c5be Refactor cgroups file locations 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 42fb2973c690fe4e4f65da235ce4dfa4c388e8a3
Component: engine
 2014-04-18 21:14:58 -07:00
Michael Crosby
ebb2ad0565 Move apparmor to top level pkg 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 052cc5a6378ee4bbe1ef79e5632e2439d68ddbde
Component: engine
 2014-04-13 23:33:25 +00:00
Michael Crosby
b85f5791ad Use apparmor_parser directly 
The current load script does alot of things.  If it does not find the
parser loaded on the system it will just exit 0 and not load the
profile.  We think it should fail loudly if it cannot load the profile
and apparmor is enabled on the system.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5f4bc4f916f433a4ba258980a6c2fbdbd76d64f3
Component: engine
 2014-04-13 23:31:10 +00:00
Victor Vieux
4ea377c1c7 Merge pull request #5143 from kzys/ns-nil 
Avoid "invalid memory address or nil pointer dereference" panic
Upstream-commit: b8c10d8af254a6200de642e246b5a0d9de0dfca8
Component: engine
 2014-04-10 11:07:35 -07:00
Guillaume J. Charmes
39bbc0e47b Merge pull request #5131 from crosbymichael/shm-mode 
Change shm mode to 1777
Upstream-commit: 042a50a8fe1e54ce602d1c517091381c209eabf3
Component: engine
 2014-04-10 07:50:32 -07:00
Guillaume J. Charmes
b4f2aeb444 Merge pull request #5115 from alexlarsson/fix-libcontainer-network-rhel6 
Fix libcontainer network support on rhel6
Upstream-commit: 5b242c95da303ee26d3119678340050670fed45a
Component: engine
 2014-04-10 07:45:12 -07:00
Kato Kazuyoshi
9a57be369c Avoid "invalid memory address or nil pointer dereference" panic 
libcontainer.GetNamespace returns nil on FreeBSD because
libcontainer.namespaceList is empty. In this case, Namespaces#Get should
return nil instead of being panic.

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
Upstream-commit: c5226d94fab4e261fe2407262d9b5177326d4062
Component: engine
 2014-04-10 22:07:29 +09:00
Alexander Larsson
7b99942ebd Fix libcontainer network support on rhel6 
It seems that netlink in older kernels, including RHEL6, does not
support RTM_SETLINK with IFLA_MASTER. It just silently ignores it, reporting
no error, causing netlink.NetworkSetMaster() to not do anything yet
return no error.

We fix this by introducing and using AddToBridge() in a very similar manner
to CreateBridge(), which use the old ioctls directly.

This fixes https://github.com/dotcloud/docker/issues/4668

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 59c1b2880be8fb9d9a632fa42a10097c1580591a
Component: engine
 2014-04-09 15:44:18 +02:00
Michael Crosby
855754fa1c Change shm mode to 1777 
Fixes #5126
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 986cf931c38b8cdc51da44af0313502ca1156cfc
Component: engine
 2014-04-09 10:53:32 +00:00
Michael Crosby
7d69f5cd99 Check for apparmor enabled on host to populate profile 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 87f0d63fb2ede63d263d8e8285b83a7f7d12bbf3
Component: engine
 2014-04-09 10:22:17 +00:00
Guillaume J. Charmes
c2ee8e861a Backup current docker apparmor profile and replace it with the new one 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
Upstream-commit: 4f828d67f00449182eaada50dfba37e00f8f01ef
Component: engine
 2014-04-08 11:09:31 -07:00
Guillaume J. Charmes
06d3bd0a02 Merge pull request #5049 from Supermathie/aa-fix 
apparmor: docker-default: Include base abstraction
Upstream-commit: 8cfbc4466151666417a1245422ce0cb773d6d260
Component: engine
 2014-04-07 21:34:01 -07:00
Guillaume J. Charmes
a8f5408909 Merge pull request #5025 from dstine/readme-fix 
fixed two readme typos
Upstream-commit: 1d2126be6cf9937ee5ec2174aa2e2d02c07eb40c
Component: engine
 2014-04-07 19:31:16 -07:00
Dan Stine
9045165305 fixed three more typos 
Upstream-commit: 9c4d10b9a91b9f11794ceb094331496c733410bb
Component: engine
 2014-04-07 22:09:15 -04:00
Michael Crosby
ba83763b84 Ensure that ro mounts are remounted 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b6042f252dd8a0c7a75da481b667f89c2e4ab071
Component: engine
 2014-04-07 18:23:22 -07:00
Michael Brown
22496306d5 apparmor: pull in variables from tunables/global 
The variables that were defined at the top of the apparmor profile are best
pulled in via the <tunables/global> include.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
Upstream-commit: 726206f2aa45b8a537ae6d6c819f21befc2e0aca
Component: engine
 2014-04-07 03:04:27 -04:00
Michael Brown
ee2b8b0673 apparmor: abstractions/base expects pid variable 
Add 'pid' variable pointing to 'self' to allow parsing of profile to succeed

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
Upstream-commit: 320b3e0d211d389addda02998a0f47839827b2af
Component: engine
 2014-04-07 02:47:43 -04:00
Michael Brown
70e9ec0c23 apparmor: docker-default: Include base abstraction 
Encountered problems on 14.04 relating to signals between container
processes being blocked by apparmor. The base abstraction contains
appropriate rules to allow this communication.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
Upstream-commit: e35c23311fce853fab318527789f11cc8c150ea2
Component: engine
 2014-04-07 02:19:38 -04:00
Dan Stine
435555c277 fixed two readme typos 
Upstream-commit: bea71245c8165e0dfdc6b2485c548c04f4d3edd3
Component: engine
 2014-04-04 08:12:17 -04:00
Michael Crosby
f11e4187aa Remove loopback setup for native driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 18ef3cc24a933cbf403c2aaf8b374cfc84a722a4
Component: engine
 2014-04-02 13:12:52 +00:00
Victor Vieux
c93b9fc839 Merge pull request #4953 from rhatdan/selinux 
These two patches should fix problems we see with running docker in the wild.
Upstream-commit: 9687c087ab09feb106b040628423e70b320a51e2
Component: engine
 2014-04-02 16:36:41 -07:00
unclejack
4675670b52 Merge pull request #4867 from crosbymichael/clean-shutdown 
Cleanly shutdown docker
Upstream-commit: 30ff3fa954676bfc8f48b73093f3afa1473d146e
Component: engine
 2014-04-02 01:48:03 +03:00
Michael Crosby
55905d7fbc Merge pull request #4942 from vieux/cleanup_dev_libcontainer 
remove setupDev from libcontainer
Upstream-commit: 9cf89f854256eace2b8f446b16c4fbe22ffa61b1
Component: engine
 2014-04-01 14:28:17 -07:00
Dan Walsh
94c4d19652 In certain cases, setting the process label will not happen. 
When the code attempts to set the ProcessLabel, it checks if SELinux Is
enabled.  We have seen a case with some of our patches where the code
is fooled by the container to think that SELinux is not enabled.  Calling
label.Init before setting up the rest of the container, tells the library that
SELinux is enabled and everything works fine.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 2224e0d65adfbd08e53430a1d7c750491f788257
Component: engine
 2014-04-01 13:30:10 -04:00
Michael Crosby
d0b2920666 Don't send prctl to be consistent with other drivers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 283daced0c919be760947d44d7e46c80e1054d64
Component: engine
 2014-04-01 07:12:50 +00:00
Michael Crosby
5f13c09028 Ensure a reliable way to kill ghost containers on reboot 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5bb82f6313d7f789783ffac854be85a44a56617e
Component: engine
 2014-04-01 07:11:41 +00:00