p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,744 Commits 2 Branches 295 Tags
e2cc165aaf54a0e9b10ec00f59dc53bd8f4f32cc
Commit Graph

177 Commits

Author SHA1 Message Date
Michael Crosby
957f74b876 Add env var to toggle pivot root or ms_move 
Use the  DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 36dd124b16a76704a88142fa96bb4bb6260dd821
Component: engine
 2014-03-06 19:30:52 -08:00
Michael Crosby
6f0ad9195c Revert "Revert "libcontainer: Use pivot_root instead of chroot"" 
This reverts commit 82f797f14096430c3edbace1cd30e04a483ec41f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: c38635020accaffa6868f19f308042be051132a0
Component: engine
 2014-03-06 17:19:59 -08:00
Michael Crosby
3e4d7be838 Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"" 
This reverts commit bd263f5b15b51747e3429179fef7fcb425ccbe4a.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 557e4fef4418a251dd3a6817b97e5c1be055cbf3
Component: engine
 2014-03-06 17:19:47 -08:00
unclejack
9ba4572a15 Merge pull request #4512 from crosbymichael/no-pivot-root 
No pivot root because of ramdisk
Upstream-commit: 78dc1ede5202c8867e011582af8752810f817e9f
Component: engine
 2014-03-07 02:54:03 +02:00
Michael Crosby
d96ead6498 Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE" 
This reverts commit 757b5775725fb90262cee1fa6068fa9dcbbff59f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: bd263f5b15b51747e3429179fef7fcb425ccbe4a
Component: engine
 2014-03-06 16:41:03 -08:00
Michael Crosby
cf4ed6c883 Revert "libcontainer: Use pivot_root instead of chroot" 
This reverts commit 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 82f797f14096430c3edbace1cd30e04a483ec41f
Component: engine
 2014-03-06 16:32:06 -08:00
Michael Crosby
c896586b70 Ensure that native containers die with the parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ea9bce8724303656c87c05e9049272258c9827b3
Component: engine
 2014-03-06 16:30:56 -08:00
Michael Crosby
936f96cce5 Remove the ghosts and kill everything 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 772ef99d2816b629d084e11fe7fba5953687b620
Component: engine
 2014-03-06 15:30:26 -08:00
Guillaume J. Charmes
ecf60ced9e Merge pull request #4506 from creack/fix_apparmor 
Use CGO for apparmor profile switch
Upstream-commit: b722aa21b7ddfd558c2a36c8301d61b011221197
Component: engine
 2014-03-06 13:37:34 -08:00
Tianon Gravi
24c5efffe2 Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 0b23393ba1901df3d08916fa977707db58699eca
Component: engine
 2014-03-06 13:39:17 -07:00
Guillaume J. Charmes
2ebfedab6d Add buildflags to allow crosscompilation for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: c89fa6645ef87e1863ef5812bd42176f5bd987ca
Component: engine
 2014-03-06 12:05:03 -08:00
Guillaume J. Charmes
feec772c9b Merge pull request #4503 from unclejack/attempt_to_fix_apparmor_profile 
remove dbus from apparmor profile for Ubuntu 12.04
Upstream-commit: 31f62b934b7edc4942a6535d28954c0122748509
Component: engine
 2014-03-06 11:20:06 -08:00
Guillaume J. Charmes
9f58f80f28 Use CGO for apparmor profile switch 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: f0f833c6d795fc8b3fb4bb379f9916745f5c7ac9
Component: engine
 2014-03-06 11:10:58 -08:00
unclejack
22c0393b79 remove dbus from apparmor profile 
This removes the dbus entry from the apparmor profile Docker creates.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 46fdb6af8ecc804b204fc93ab6d8d4a5f7503860
Component: engine
 2014-03-06 19:47:03 +02:00
Alexander Larsson
098ea0f413 libcontainer: Don't use UsetCloseOnExec, it is racy 
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.

Instead we just use Cmd.ExtraFiles which handles all this for us.

This fixes https://github.com/dotcloud/docker/issues/4493

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 5c9b28db1853cccdf7a1037eeaad372d12cd68fa
Component: engine
 2014-03-06 14:10:32 +01:00
Guillaume J. Charmes
50624219ad Generate and load custom docker profile for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 920a6ca54ce98673d0c9a6a9502a469c1c225c75
Component: engine
 2014-03-05 15:02:11 -08:00
Michael Crosby
53277b63e3 Some cleanup around logs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 37f137c8221be07943babeb9b107e5aee9a736d5
Component: engine
 2014-03-05 13:50:49 -08:00
Guillaume J. Charmes
c1e434e543 Add AppArmor support to native driver + change pipe/dup logic 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: cb4189a292dc181e26e0506a3a0dc67936c5401b
Component: engine
 2014-03-05 13:08:24 -08:00
Victor Vieux
ceba53329c fix panic with only long flags or only one deprecatd 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: 069dc7f8c7bc3eaf61ddd926636aacce5f1ed1ee
Component: engine
 2014-03-05 19:45:57 +00:00
Victor Vieux
fdbd555f75 fix usage for completly deprecated flag 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: 089bf5e11e4284a6ed07dc165098bb269dfddf46
Component: engine
 2014-03-05 19:27:39 +00:00
Michael Crosby
b24c7af61f Merge pull request #4278 from alexlarsson/system 
Create pkg/system and move stuff there from archive
Upstream-commit: 858d0356fda68da36946dc5d7e1b2ad64153b6ae
Component: engine
 2014-03-05 12:32:35 -05:00
Alexander Larsson
42b0cd2529 Create pkg/system and move stuff there from archive 
This is a package for generic system calls etc that for some reason
is not yet supported by "syscall", or where it is different enough
for the different ports to need portability wrappers.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: d6114c0da0e844199e3d23c60a04434566fb5392
Component: engine
 2014-03-05 14:05:32 +01:00
Alexander Larsson
90b2106a7f libcontainer: Use MS_PRIVATE instead of MS_SLAVE 
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 757b5775725fb90262cee1fa6068fa9dcbbff59f
Component: engine
 2014-03-05 09:40:54 +01:00
Michael Crosby
876978baea Add shm size cap to mount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b07708c8de5561a43060653d4d532ee0bcd6fd96
Component: engine
 2014-03-04 14:18:40 -08:00
Guillaume J. Charmes
d5fd498efb Remove /dev tmpfs mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 57a47f5bbfe6c82f3cce32aba96fb641f7188eee
Component: engine
 2014-03-04 13:21:22 -08:00
Guillaume J. Charmes
26eb6d1e5d remove /run mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: c74a8b28cd723d6f12a54da16ff91a853958da5c
Component: engine
 2014-03-04 12:32:17 -08:00
Guillaume J. Charmes
37e0bed312 Remove loopback mount bind 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 39d58129c38e8bb868a6fd9a5620837484f6d742
Component: engine
 2014-03-04 12:30:52 -08:00
Michael Crosby
96a447ef42 Merge pull request #4452 from crosbymichael/small-fixes-to-libcontainer 
Add find tests and remove panic in DEBUG
Upstream-commit: b63709c1f1292c362dbc3d482520fb7e117605f9
Component: engine
 2014-03-04 14:37:41 -05:00
Michael Crosby
98c6278357 Add find tests and remove panic in DEBUG 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 7e52445f2f749ac66ee7734820d3558012833912
Component: engine
 2014-03-04 08:55:12 -08:00
Alexander Larsson
a4a84bcafe libcontainer: Use pivot_root instead of chroot 
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8
Component: engine
 2014-03-04 12:44:08 +01:00
Guillaume J. Charmes
dc4d93c655 Merge pull request #4327 from crosbymichael/add-libcontainer 
Add native execution driver to docker and make it the default
Upstream-commit: 69c69059fc3933531e19c05a9d2e831fb713881c
Component: engine
 2014-03-03 16:34:20 -08:00
Sven Dowideit
71633326e7 very minor spelling 
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 2e71adac9f2935abaf17741a440497e7e31388e2
Component: engine
 2014-03-04 10:12:12 +10:00
Michael Crosby
e09257e20a Factor out finalize namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5465fdf00f3ece165cbd3bb680dcc571e81510dd
Component: engine
 2014-03-03 12:15:47 -08:00
Victor Vieux
b49fc1301e add warning for deprecatd flags 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: bb5ed452241c37ee9f2f3ebd02a2a5e1764334ad
Component: engine
 2014-03-03 19:57:05 +00:00
Michael Crosby
11719ff90c Update readme to remove .nspid 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 2f35f8e2a88a378d7ff8eacf5346f9711a59489a
Component: engine
 2014-03-03 11:31:37 -08:00
Victor Vieux
5f84dbf6b9 prevent flag grouping with -- 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: cb3d27d01bbf696929b4d77d10e47eca2693e3fa
Component: engine
 2014-03-03 19:17:28 +00:00
unclejack
5d5ad8f867 Merge pull request #4321 from vieux/docker_run_-it 
Add support for docker run -it or docker images -qa
Upstream-commit: 7531f82c70e44ac93d540c380ecfd2a52980f86f
Component: engine
 2014-03-03 20:52:10 +02:00
Alexander Larsson
c8d0d20361 runtime: Fix unique constraint error checks 
The sqlite3 version in fedora (3.8) returns a different error string in the unique constraints
failure case than the one in hack/ (3.7). This updates the check to detect both, fixing
one integration check failure on Fedora.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: e8af7fcf6da03da65a379c12c90e6626c31846ae
Component: engine
 2014-03-03 15:10:52 +01:00
Michael Crosby
49fbe66f4f Allow child process to live if daemon dies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: fdeea90fc806d8d2cccdc76a6ecb214dd03093ec
Component: engine
 2014-02-27 09:33:36 -08:00
Michael Crosby
02cbc6e6b4 Code review updates 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: fb08b8b221a9a722910d63db678ffb5a8f91b517
Component: engine
 2014-02-26 19:21:46 -08:00
Michael Crosby
21edb8542e Ensure that loopback devices are mounted inside the conatiner 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 7cd224594733e5fa0560cb912e3cf2dcef168370
Component: engine
 2014-02-26 17:21:09 -08:00
Michael Crosby
3258d9a2a3 Make network a slice to support multiple types 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 70820b69ec2b82ab150af9b8829e37843f67f75a
Component: engine
 2014-02-26 14:20:41 -08:00
Michael Crosby
bec84fb562 Merge branch 'master' into add-libcontainer 
Conflicts:
	execdriver/termconsole.go

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: ce08083f9cd23e8f5e44228b0b73884bcf2f3562
Component: engine
 2014-02-26 12:55:24 -08:00
Michael Crosby
f364b90f27 Fix cgroups swap issue when it is not supported 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 6016126c71272f7943458bbb8392dfd1f5877269
Component: engine
 2014-02-25 19:45:57 -08:00
Michael Crosby
9248431c6a Fix cross compile for make cross 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 93ed15075c43d521f05f4b8f96264efb7fe174e4
Component: engine
 2014-02-25 15:19:13 -08:00
Victor Vieux
af968e2231 add version pkg 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: 8dad771daa6572ca15949d3e53e825f4837c0af9
Component: engine
 2014-02-25 21:08:38 +00:00
Michael Crosby
0cd1a2f6a4 Move container.json and pid file into a root specific driver dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 96e33a7646b3669632f48ed1071aeb61b8016be1
Component: engine
 2014-02-25 12:41:31 -08:00
Guillaume J. Charmes
28bf2a10c1 Merge branch 'add-libcontainer' of https://github.com/crosbymichael/docker into add-libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: ca42758368b7bd8e6b102411531c2c89356407ad
Component: engine
 2014-02-25 11:42:15 -08:00
Michael Crosby
1bd3fbfadf Address initial feedback from pr 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: de083400b8d7c2074d71a30a92e4f3c8bcd8bad8
Component: engine
 2014-02-25 10:54:41 -08:00
Guillaume J. Charmes
a70a6bdd53 Better capability/namespace management 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 91bf120c51dec3bae98a1974929e2ae8107340c0
Component: engine
 2014-02-24 21:52:29 -08:00