This lets you add storage specific options for the daemon.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 822ea97ffcf10645720bb93108a60f8b9ce9931d
Component: engine
This code was introduced with commented out sections. Just delete them.
Original commit: 18fc707fdf06aeb50fa5250f59f0ef4597d7cf73
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Upstream-commit: a42e451e10bc7383c82933eb4073e70aaf5aaa8f
Component: engine
All modern distros set up /run to be a tmpfs, see for instance:
https://wiki.debian.org/ReleaseGoals/RunDirectory
Its a very useful place to store pid-files, sockets and other things
that only live at runtime and that should not be stored in the image.
This is also useful when running systemd inside a container, as it
will try to mount /run if not already mounted, which will fail for
non-privileged container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 905795ece624675abe2ec2622b0bbafdb9d7f44c
Component: engine
This is a first step towards moving all code related to local
manipulation of images into a cleanly separated subsystem,
accessible via a stable set of commands in the engine API.
`graph.TagStore` now implements `engine.Installer`. For now, it
is installed by `Server.InitServer`, along with all other Server
commands. However this will change in future patches.
`graph.TagStore.Install` registers the following commands:
* `image_set` creates a new image and stores it locally.
* `image_get` returns information about an image stored locally.
* `image_tag` assigns a new name and tag to an existing image.
These commands are a pre-requisite for moving 'push' and 'pull'
out of `Server`.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: ff4ef504708bfaa51d4d361455689a21a031cc35
Component: engine
This has every container using the docker daemon's pid for the processes
label so it does not work correctly.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: f0e6e135a8d733af173bf0b8732c704c9ec716d7
Component: engine
Fixes#5166
Current graph.restore is essentially O(n^2 log n) due to how
suffixarray creation works.
Rather than create/append/create new this supports creation from a seed
array of ids.
Functional testing shows this eliminates the hang on Creating image
graph reported on list.
Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
Upstream-commit: 4f169c2db512d2ea9ed5729df375896a1ee90347
Component: engine
symlink /proc/mounts /var/lib/docker/btrfs/subvolumes/1763d6602b8b871f0a79754f1cb0a31b3928bb95de5232b1b8c15c60fa1017f6-init/etc/mtab: no such file or directory
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 3d9cd1e5f102d5e59011ec4baca2662f3dacbad4
Component: engine
docker will run the process(es) within the container with an SELinux label and will label
all of the content within the container with mount label. Any temporary file systems
created within the container need to be mounted with the same mount label.
The user can override the process label by specifying
-Z With a string of space separated options.
-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"
Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"
By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.
The process mcs level is based of the PID of the docker process that is creating the container.
If you run the container in --priv mode, the labeling will be disabled.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 4c4356692580afb3971094e322aea64abe0e2500
Component: engine
