dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 4357ed4a7363a1032edf93cf03232953c805184f
Component: engine
Without section/priority, reprepro will reject the packages. Add
sections following the Debian docker.io packages
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Upstream-commit: 8d2a423d8716aafc4bd5d05eeceec87dae27202b
Component: engine
Add a flag to allow keeping bundles around (helps with CI)
Fix several problems in repo make targets
* quote DOCKER_EXPERIMENTAL variable
* pass-through arguments for gpg provided to dpkg-sig are now quoted
properly, so passphrases with shell-interpolated symbols can be used
* when determining deb suites, don't rely on 'origin' to be
github.com/docker/docker
Fix some issues with deb repository creation from scratch
* Don't add empty components to the repository configuration as they
will cause failure when generating.
Add old docker-engine-cs name to package conflicts
Signed-off-by: Mike Dougherty <mike.dougherty@docker.com>
Upstream-commit: a15b67b1affb2eac5365614e55703f43b6f73e9b
Component: engine
This adds the Fish completions to the .deb package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 6b1a643ac8bf599d04510b26d6d5befefc30ccde
Component: engine
Wraps the engine itself with an AppArmor policy.
This restricts what may be done by applications
we call out to, such as 'xz'.
Significantly, this policy also restricts the policies
to which a container may be spawned into. By default,
users will be able to transition to an unconfined
policy or any policy prefaced with 'docker-'.
Local operators may add new local policies prefaced
with 'docker-' without needing to modify this policy.
Operators choosing to disable privileged containers
will need to modify this policy to remove access
to change_policy to unconfined.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 39dae54a3f40035b1b7e5ca86c53d05dec832ed2
Component: engine
The automatic installation of AppArmor policies prevents the
management of custom, site-specific apparmor policies for the
default container profile. Furthermore, this change will allow
a future policy for the engine itself to be written without demanding
the engine be able to arbitrarily create and manage AppArmor policies.
- Add deb package suggests for apparmor.
- Ubuntu postinst use aa-status & fix policy path
- Add the policies to the debian packages.
- Add apparmor tests for writing proc files
Additional restrictions against modifying files in proc
are enforced by AppArmor. Ensure that AppArmor is preventing
access to these files, not simply Docker's configuration of proc.
- Remove /proc/k?mem from AA policy
The path to mem and kmem are in /dev, not /proc
and cannot be restricted successfully through AppArmor.
The device cgroup will need to be sufficient here.
- Load contrib/apparmor during integration tests
Note that this is somewhat dirty because we
cannot restore the host to its original configuration.
However, it should be noted that prior to this patch
series, the Docker daemon itself was loading apparmor
policy from within the tests, so this is no dirtier or
uglier than the status-quo.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 80d99236c1ef9d389dbaca73c1a949da16b56b42
Component: engine
Adding in other areas per comments
Updating with comments; equalizing generating man page info
Updating with duglin's comments
Doug is right here again;fixing.
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: eacae64bd89ccc95a6db7bda76d36014e71e70ac
Component: engine
I added 301 redirects from dockerproject.com to dockerproject.org but may as
well make sure everything is updated anyways.
Signed-off-by: Jessica Frazelle <princess@docker.com>
Upstream-commit: 7943bce8942ee8c262180652951216d963fa6202
Component: engine
Ubuntu Precise has a number of warts that made it non-trivial to add initially, but I've managed to work through some of them and come up with a working build. Two important parts to note are that it has neither the `btrfs` nor the `devicemapper` graphdriver backends since `btrfs-tools` and `libdevmapper-dev` in the precise repositories are too ancient for them to even compile.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 98180b89543396c07c1f1ea420554fbcce31c513
Component: engine
This fixes the part of #12996 that I forgot. 👼
This also fixes a minor path issue (there's no `libexec` in Debian), and fixes a minor bug with the `debVersion` parsing.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 867eed8f3586c81b32dc9f85208692e9e1c9909a
Component: engine
