Kevin Wallace 42964a36b7 Allow non-privileged containers to create device nodes. ...

Such nodes could already be created by importing a tarball to a container; now
they can be created from within the container itself.

This gives non-privileged containers the mknod kernel capability, and modifies
their cgroup settings to allow creation of *any* node, not just whitelisted
ones.  Use of such nodes is still controlled by the existing cgroup whitelist.

Docker-DCO-1.1-Signed-off-by: Kevin Wallace <kevin@pentabarf.net> (github: kevinwallace)
Upstream-commit: c94111b61988ad32d87f99d4421cbcde018c3fb4
Component: engine

2014-04-03 18:44:13 +00:00

..

execdriver

Allow non-privileged containers to create device nodes.

2014-04-03 18:44:13 +00:00

graphdriver

devmapper: Avoid AB-BA deadlock

2014-04-02 09:05:00 +02:00

networkdriver

Merge pull request #4931 from crosbymichael/gen-mac-addr-for-bridge

2014-04-02 02:47:56 +03:00

container_unit_test.go

Move runtime and container into sub pkg

2014-03-09 23:03:40 -07:00

container.go

Merge pull request #4833 from crosbymichael/pluginflag

2014-04-01 13:34:08 -07:00

runtime_aufs.go

graphdriver: build tags

2014-03-17 21:54:05 -04:00

runtime_btrfs.go

btrfs: build tags

2014-03-18 13:44:23 -04:00

runtime_devicemapper.go

graphdriver: build tags

2014-03-17 21:54:05 -04:00

runtime_no_aufs.go

graphdriver: build tags

2014-03-17 21:54:05 -04:00

runtime.go

Send sigterm and wait forever

2014-04-01 07:12:50 +00:00

server.go

Add IsRunning to server interface

2014-03-09 23:16:15 -07:00

sorter.go

Move runtime and container into sub pkg

2014-03-09 23:03:40 -07:00

state.go

Fix since time exit display when s.FinishedAt is zero

2014-03-21 15:28:02 +09:00

utils_test.go

Update imports to be consistent

2014-04-01 07:07:42 +00:00

utils.go

Add --opt arguments for drivers

2014-03-27 21:47:47 +01:00

volumes.go

Fix --volumes-from mount failure

2014-04-03 19:33:20 +02:00