This is a better fix for futimes() on kernels not supporting O_PATH.
The previous fix broke when copying a device, as it tried to open it
and got and error.
Upstream-commit: 75e958bf48a83de5f3f80859aee96f3356d16d4b
Component: engine
add AutoRemove to HostConfig
add -rm flag to docker run
add TestRunAutoRemove to test -rm
docs: add -rm to commandline/command/run
add hostConfig to container monitor
make monitor destroy the container via -rm
This adds support for automatically removing a container after it
exits. The removal of the container is handled on the server side.
Upstream-commit: 22e7e107addc4703ee6ef36981dfafe985be695d
Component: engine
This means you're able to set the bits for capabilities on files
inside the container. This is needed for e.g. many fedora packages
as they use finegrained capabilities rather than setuid binaries.
This is safe as we're not adding capabilities really, since the
container is already allowed to create setuid binaries. Setuid
binaries are strictly more powerful that any capabilities (as root implies
all capabilities).
This doesn't mean the container can *gain* capabilities that it
doesn't already have though. The actual set of caps are strictly
decreasing.
Upstream-commit: 80319add5542153146fdaecd46be5549b4397beb
Component: engine
Column 4 is the mount position, column 3 will not always be
"/" for the root. On one of my system its "/root".
Upstream-commit: d263aa6ca916ba9141f341447a2387e7a6316717
Component: engine
There is no need to keep the image device around if we were the
onces creating the device.
Upstream-commit: 6c7ae06435d6e288024691f1133d7a2a24fd8ef3
Component: engine
Older kernel can't handle O_PATH in open() so this will
fail on dirs and symlinks. For dirs wa can fallback to
the normal Utimes, but for symlinks there is not much to do
but ignore their timestamps.
Upstream-commit: ed658156133862b3f181c9d3061be24b91435095
Component: engine
Typo in the loop-control code made it always fall back to the
old method of opening loopback devices.
Upstream-commit: cc28829429f5f11da287ecb75ee5b3e5f05d31ad
Component: engine
This creates a container by copying the corresponding files
from the layers into the containers. This is not gonna be very useful
on a developer setup, as there is no copy-on-write or general diskspace
sharing. It also makes container instantiation slower.
However, it may be useful in deployment where we don't always have a lot
of containers running (long-running daemons) and where we don't
do a lot of docker commits.
Upstream-commit: adae6849871fad0d74945fa1731712ea784e9a88
Component: engine
This calculates the difference between a set of layers and a
directory tree.
Upstream-commit: ad0a6a03e3595aa04cf731cf17e90be87163389a
Component: engine
Change the comparison to better handle files that are copied during
container creation but not actually changed:
* Inode - this will change during a copy
* ctime - this will change during a copy (as we can't set it back)
* blocksize - this will change for sparse files during copy
* size for directories - this can change anytime but doesn't
necessarily reflect an actual contents change
* Compare mtimes at microsecond precision (as this is what utimes has)
Upstream-commit: 36603e68e33dd5ab5c317c181e023f7ef7356434
Component: engine
There are some changes here that make the file metadata better match
the layer files:
* Set the mode of the file after the chown, as otherwise the per-group/uid
specific flags and e.g. sticky bit is lost
* Use lchown instead of chown
* Delay mtime updates to after all other changes so that later file
creation doesn't change the mtime for the parent directory
* Use Futimes in combination with O_PATH|O_NOFOLLOW to set mtime on symlinks
Upstream-commit: 99c7d129f422b488f478bc7887f37003dacc83e6
Component: engine
Rather than scan the files in the old directory twice to detect the
deletions we now scan both directories twice and then do all the
diffing on the in-memory structure.
This is more efficient, but it also lets us diff more complex things
later that are not exact on-disk trees.
Upstream-commit: 02b5f1369ce09d597336e77df98e56d467b8d1ff
Component: engine
This happened for me on the last (empty) line, but better safe than sorry
so we make the check general.
Upstream-commit: d478a4bb5401d7d657a2a100f98ee892a96fef2a
Component: engine
The init layer needs to be topmost to make sure certain files
are always there (for instance, the ubuntu:12.10 image wrongly
has /dev/shm being a symlink to /run/shm, and we need to override
that). However, previously the devmapper code implemented the
init layer by putting it in the base devmapper device, which meant
layers above it could override these files (so that ubuntu:12.10
broke).
So, instead we put the base layer in *each* images devmapper device.
This is "safe" because we still have the pristine layer data
in the layer directory. Also, it means we diff the container
against the image with the init layer applied, so it won't show
up in diffs/commits.
Upstream-commit: c199ed228baf0e5d33b7739cc2442a32dece7020
Component: engine
lxc-start requires / to be mounted private, otherwise the changes
it does inside the container (both mounts and unmounts) will propagate
out to the host.
We work around this by starting up lxc-start in its own namespace where
we set / to rprivate.
Unfortunately go can't really execute any code between clone and exec,
so we can't do this in a nice way. Instead we have a horrible hack that
use the unshare command, the shell and the mount command...
Upstream-commit: e40f5c7cb90fbc719241ace45b05c2c61aced658
Component: engine
We can't look for the created file in the rwpath, because that
doesn't exist in the device-mapper world, instead look in the
RootfsPath.
Upstream-commit: 2566e2604c2e079f9597749a1da11f22bb39eb51
Component: engine
We unmount all mounts and deactivate all device mapper devices to
make sure we're left with no leftovers after the test.
Upstream-commit: c6e8813c979bbea8832f47dc6468e805a1a18c3e
Component: engine
Right now this does nothing but add a new layer, but it means
that all DeviceMounts are paired with DeviceUnmounts so that we
can track (and cleanup) active mounts.
Upstream-commit: 251a7ed437c17ecb66d33782f0b42633033198dd
Component: engine
This directory is copied to each test prefix which is really
slow with the large loopback mounts.
Upstream-commit: a7fd1fce5d6fb29a8c627022da7cbbf0f4b740c7
Component: engine
I currently need this to get the tests running, otherwise it will
mount the docker.test binary inside the containers, which doesn't
work due to the libdevmapper.so dependency.
Upstream-commit: 6938a36c6985336205f1db247baec5e56fdac466
Component: engine
This removes some Debugf() calls and chages some direct prints to
Debugf(). This means we don't get a bunch of spew when running the
tests.
Upstream-commit: bc7fa7b95773d638754eb72e7921ac328acb2ad6
Component: engine
We wrap the "real" DeviceSet for each test so that we get only
a single device-mapper pool and loopback mounts, but still
separate out the IDs in the tests. This makes the test run
much faster.
Upstream-commit: d47c18c5fbe50a2ad6ec011704f86a3c27360ff9
Component: engine
This wraps an existing DeviceSet and just adds a prefix to all ids in
it. This will be useful for reusing a single DeviceSet for all the tests
(but with separate ids)
Upstream-commit: 0e686fa2f4d38eb6253e92ad701dd4c9caebfdce
Component: engine
