788ec364da
Persistent directory for container in execdriver
...
This is needed for persistent namespaces
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com >
Upstream-commit: 623ebf203bc4f4e6ddefdd494f201a1401ab72a6
Component: engine
2014-09-22 22:48:26 +04:00
d25c9ab27a
Merge pull request #8062 from vishh/run_in_phase2
...
Add support for 'docker exec' - phase 2
Upstream-commit: 00fd008170e463426001ec4c56fc4c39450fd8d0
Component: engine
2014-09-16 23:56:12 +04:00
40a1e3c634
Address review comments.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com > (github: vishh)
Upstream-commit: 669561c2aa8966f9327eca4304a06168bcf5bc49
Component: engine
2014-09-15 17:00:00 +00:00
b0ee16aad4
Import nsenter in docker.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com > (github: vishh)
Upstream-commit: e1cf95b593a57e0c8f15d50bb3e5e8ccfb55defa
Component: engine
2014-09-15 16:59:05 +00:00
a11625614e
Adding support for docker exec in daemon.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com > (github: vishh)
Upstream-commit: 5130fe5d38837302e72bdc5e4bd1f5fa1df72c7f
Component: engine
2014-09-15 16:57:52 +00:00
f867da582c
Adding Exec method to native execdriver.
...
Modified Attach() method to support docker exec.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com > (github: vishh)
Upstream-commit: f3c767d798f945192d32441cf624bdd54e746b74
Component: engine
2014-09-15 16:57:52 +00:00
d8cb453d89
Allow /etc/hosts and /etc/resolv.conf to be updated both outside and
...
inside the container.
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org > (github: erikh)
Upstream-commit: 09b700288e4804162ef86c99466e08b6b016e0c4
Component: engine
2014-09-13 11:27:34 -07:00
0886b9cbe5
Update mount struct with reference
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com >
Upstream-commit: 688741df31396ece5f72cbc5ecc0250b3d06a8bc
Component: engine
2014-09-01 15:18:30 -07:00
559392405c
Rename 'StdConfig' to 'StreamConfig'.
...
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com > (github: vishh)
Upstream-commit: 3a7e07355a1ad67f71ee4255e06526186fd48f7a
Component: engine
2014-09-01 14:31:01 -07:00
a7e2cb4124
Refactoring execdriver.Command and Container structs to support 'docker exec' and other
...
similar features in the future.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com > (github: vishh)
Upstream-commit: 4aa5da278f49c889d43191f82ff42d3a95266d62
Component: engine
2014-09-01 14:30:16 -07:00
00b87e1af9
Fix go vet warnings
...
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com >
Upstream-commit: 391c35c82252633eb415fdade08103a8a0818fde
Component: engine
2014-08-13 11:37:30 +04:00
01c8dcaf20
fix goroutines leak and exit code
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Signed-off-by: Victor Vieux <vieux@docker.com >
Upstream-commit: b06311a72e7979653f09ba8175e10733e7116985
Component: engine
2014-08-13 00:03:56 +00:00
2fbe59b1d9
Use argv0 as reexec implementation for dockerinit
...
This changes the way the exec drivers work by not specifing a -driver
flag on reexec. For each of the exec drivers they register their own
functions that will be matched aginst the argv 0 on exec and called if
they match.
This also allows any functionality to be added to docker so that the
binary can be reexec'd and any type of function can be called. I moved
the flag parsing on docker exec to the specific initializers so that the
implementations do not bleed into one another. This also allows for
more flexability within reexec initializers to specify their own flags
and options.
Signed-off-by: Michael Crosby <michael@docker.com >
Upstream-commit: 73210671764fc3de133a627205582e069e1ff43d
Component: engine
2014-08-11 11:47:21 -07:00
10183d52c2
Catch error on console creation
...
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com >
Upstream-commit: 93f6cf035156d3b17cbf61f1a61926c068bd8e92
Component: engine
2014-08-09 22:10:44 +04:00
5c55cb7669
Purge the bits of pkg/system that moved to libcontainer/system
...
Signed-off-by: Andrew Page <admwiggin@gmail.com >
Upstream-commit: 60341f80d7b7918d1c1eff7c38cbc55c9bdec4d9
Component: engine
2014-08-02 01:35:04 -06:00
2273fb0f55
gofmt -s -w
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: 5a0ef08c940b9a17c400389bca8e7f54935ceba9
Component: engine
2014-07-24 22:25:29 +00:00
6ae4c9014c
update go import path and libcontainer
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: b3ee9ac74e171e00f14027e39278013629e681b8
Component: engine
2014-07-24 22:19:50 +00:00
da9850e0f6
Add AUDIT_WRITE cap
...
Fixes #6345
Thanks @larsks for outstanding investigation
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com > (github: LK4D4)
Upstream-commit: 29ecc95c31ecfe15e3b3d8db94cea1c555e526a3
Component: engine
2014-07-23 09:57:41 +04:00
f48be61b0a
Fix cross compile non cgo and linux systems
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com > (github: crosbymichael)
Upstream-commit: 7a8ea91392e0cc97caf2a6edc3b262b33a5b446d
Component: engine
2014-07-16 16:57:49 -07:00
d18a40b4ac
Make tty term exec driver specific
...
lxc is special in that we cannot create the master outside of the
container without opening the slave because we have nothing to provide to the
cmd. We have to open both then do the crazy setup on command right now instead of
passing the console path to lxc and telling it to open up that console. we save a couple of
openfiles in the native driver because we can do this.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com > (github: crosbymichael)
Upstream-commit: 0d67b420b59c953cf331f735e49e7acad742a41f
Component: engine
2014-07-16 16:57:49 -07:00
81d8d08389
Don't create pty slave in the daemon for native driver
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com > (github: crosbymichael)
Upstream-commit: 1501c342d815e3a128dac393b69e23f6ec39c2d7
Component: engine
2014-07-16 16:57:19 -07:00
ad74ef7753
Update native driver for libcontainer changes
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com > (github: crosbymichael)
Upstream-commit: f00e64357672ea3a130b2570ce34ea48ad51bbb5
Component: engine
2014-07-14 12:49:50 -07:00
b2c113f9b8
Merge pull request #6968 from vieux/cap_add_drop
...
Add support for --cap-add and --cap-drop
Upstream-commit: 7ebd49c49a9f70c87b6dbcff250035d3fd349a20
Component: engine
2014-07-14 10:42:29 -07:00
e7f2c9317d
add check for invalid caps
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: c04230c42b7a953ffe50bc37d351f86e80a442e6
Component: engine
2014-07-11 23:43:21 +00:00
2032a7ad93
small refactoring
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: f3ff323fb364495617de3e43f2d09a145a4f2ee3
Component: engine
2014-07-11 23:43:21 +00:00
ca489c2f49
Basic --cap-add and --cap-drop support for native
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: 94e6dc978134b61a2b30aa9118f98f6fadd10535
Component: engine
2014-07-11 23:43:21 +00:00
f98a366776
add FSETID back to the caps whitelist
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: e8762bfe39531309327138d93c0b586f8b9cea99
Component: engine
2014-07-11 00:30:56 +00:00
ce98881516
fix compilation and panic
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: d403936818b8785b65ff55ebab0d266b4a871ef6
Component: engine
2014-07-02 00:54:08 +00:00
356f6ecbf3
Add backwards READ compatibility for the old libcontainer API
...
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com > (github: tiborvass)
Upstream-commit: cccb64e8633eee309e6ce33c3bb41614edd70d81
Component: engine
2014-07-02 00:19:05 +00:00
ce22a9b1ec
Use new libcontainer.State API
...
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com > (github: tiborvass)
Upstream-commit: 262d45e0fe483dbc6d27bc6af51590a8be42d55f
Component: engine
2014-06-30 18:27:15 -04:00
68391774fe
Update libcontainer Context changes
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com > (github: crosbymichael)
Upstream-commit: c9fdb08bdafb90b76cfa804b079d2e446a3503e4
Component: engine
2014-06-26 16:56:39 -07:00
0daa61f085
Rename libcontainer.Container to libcontainer.Config
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com > (github: crosbymichael)
Upstream-commit: 1dc8e2ffab795f4999a122b4a576d54e03c7c61a
Component: engine
2014-06-24 11:31:03 -07:00
d4e9300e80
Update libcontainer references
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com > (github: crosbymichael)
Upstream-commit: cee6f4506c79c6fc21769d427ac4dd51c28450c3
Component: engine
2014-06-24 11:31:03 -07:00
52b8a282c3
Update libcontainer imports
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 8194556337b65dda71a3d4d7f6ae9653ad5a19a0
Component: engine
2014-06-10 19:58:15 -07:00
b00f7d0626
Gofmt imports
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: bae6a5a616cfc382f45a25af13633681875ddff0
Component: engine
2014-06-09 16:01:57 -07:00
3c7670e68c
Move libcontainer deps into libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 6158ccad97db51e756aafefb096d1163aa4d6439
Component: engine
2014-06-09 15:52:12 -07:00
4f6cc66699
Add CAP_KILL to unprivileged containers
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: fa72eb3a58ebfec8ef1b27d8e7aa8cbdb41733a2
Component: engine
2014-06-07 15:18:18 -07:00
5bfe5a532a
add wait4 after kill
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: 30ba7546cb5a1ff7e4915c5a25dd8d72b3bf735b
Component: engine
2014-06-06 00:32:14 +00:00
e9b3abdfc5
Rename nsinit package to namespaces in libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 8aff01c0b447fa4d68f053c44e8baf7b24247164
Component: engine
2014-06-04 15:47:57 -07:00
0fc07e0aef
Integrating systemd freeze functionality.
...
This pulls together #6061 and #6125
Docker-DCO-1.1-Signed-off-by: Chris Alfonso <calfonso@redhat.com > (github: calfonso)
Upstream-commit: 26246ebd5379a83b2ed656668bd985c652e98167
Component: engine
2014-06-04 13:33:44 -06:00
77114664a4
Add ability to pause/unpause containers via cgroups freeze
...
This patch adds pause/unpause to the command line, api, and drivers
for use on containers. This is implemented using the cgroups/freeze
utility in libcontainer and lxc freeze/unfreeze.
Co-Authored-By: Eric Windisch <ewindisch@docker.com >
Co-Authored-By: Chris Alfonso <calfonso@redhat.com >
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com > (github: imain)
Upstream-commit: b054569cde788b2111ddbc4080b215dcda89f06e
Component: engine
2014-06-04 13:33:44 -06:00
7d5cb46a54
apparmor: write & load the profile on every start
...
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com > (github: unclejack)
Upstream-commit: 1ef3ca83d8624aaaaed05cfce1f71282d70d84dd
Component: engine
2014-06-04 00:56:35 +03:00
382f8a23ad
Add SYS_CHROOT cap to unprivileged containers
...
Fixes #6103
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 41f7cef2bd186d321fc4489691ba53ab41eb48e5
Component: engine
2014-06-02 18:23:47 -07:00
3248c6e81c
Ensure all dev nodes are copied for privileged
...
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 69989b7c06b0ca6737e83ddf8fcfa2dfccc57a7c
Component: engine
2014-05-30 18:39:11 -07:00
bc9024a72e
Merge pull request #6097 from timthelion/consistentdevices
...
Refactor device handling code
Upstream-commit: 0ef637722f69cff931b25c75d421e231ab75af75
Component: engine
2014-05-31 03:34:52 +03:00
52c8a31f21
Refactor device handling code
...
We now have one place that keeps track of (most) devices that are allowed and created within the container. That place is pkg/libcontainer/devices/devices.go
This fixes several inconsistencies between which devices were created in the lxc backend and the native backend. It also fixes inconsistencies between wich devices were created and which were allowed. For example, /dev/full was being created but it was not allowed within the cgroup. It also declares the file modes and permissions of the default devices, rather than copying them from the host. This is in line with docker's philosphy of not being host dependent.
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz > (github: https://github.com/timthelion )
Upstream-commit: 608702b98064a4dfd70b5ff0bd6fb45d2429f45b
Component: engine
2014-05-30 19:21:29 +00:00
57a9b63e5e
Fix race in native driver on activeContainers usage
...
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com > (github: LK4D4)
Upstream-commit: 64bd6a6a5342c87db7096f60365d270d0d69e9d2
Component: engine
2014-05-30 14:16:00 +04:00
e0f1623f01
add recursive device nodes
...
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com > (github: vieux)
Upstream-commit: 0abb52c7a97940dc17c45ac45226af8156d0e712
Component: engine
2014-05-22 22:29:13 +00:00
f41d7794be
Merge pull request #5976 from crosbymichael/getpids
...
Move get pid into cgroup implementation
Upstream-commit: 55d41c3e21e1593b944c06196ffb2ac57ab7f653
Component: engine
2014-05-21 19:09:50 -07:00
189f43a3ba
Move get pid into cgroup implementation
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com > (github: crosbymichael)
Upstream-commit: 811d93326bc2d9451eb444e2343bb3063611de7a
Component: engine
2014-05-21 21:14:07 +00:00
