p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
793088ed0aebfb99177bd2f1edf7cf872e321ee9
docker-cli/components/engine/daemon
History
Eric Windisch 793088ed0a Make /proc, /sys, /dev readonly for readonly containers 
If a container is read-only, also set /proc, /sys,
& /dev to read-only. This should apply to both privileged and
unprivileged containers.

Note that when /dev is read-only, device files may still be
written to. This change will simply prevent the device paths
from being modified, or performing mknod of new devices within
the /dev path.

Tests are included for all cases. Also adds a test to ensure
that /dev/pts is always mounted read/write, even in the case of a
read-write rootfs. The kernel restricts writes here naturally and
bad things will happen if we mount it ro.

Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 5400d8873f730e6099d29af49fe45931665c3b49
Component: engine
2015-07-02 19:08:00 +00:00
..
events
New package daemon/events
2015-04-07 08:43:14 -07:00
execdriver
Make /proc, /sys, /dev readonly for readonly containers
2015-07-02 19:08:00 +00:00
graphdriver
Closes #13323 and carries
2015-06-29 06:18:41 -07:00
logger
Add new logging driver: fluentd
2015-06-26 11:03:11 +09:00
network
Move /nat to /pkg/nat
2015-06-30 17:43:17 +01:00
attach.go
Fix regression in containers attach/wsattach api, return not found before hijacking
2015-07-01 18:16:17 +02:00
changes.go
Refactor server to use daemon as the service layer in controllers
2015-05-02 03:12:58 +02:00
commit.go
Add struct to configure Builder commit instead of using one defined in daemon
2015-06-20 12:53:47 +02:00
config_experimental.go
Vendoring in libnetwork for native multihost networking
2015-06-22 04:15:41 -07:00
config_linux.go
Vendoring in libnetwork for native multihost networking
2015-06-22 04:15:41 -07:00
config_stub.go
Vendoring in libnetwork for native multihost networking
2015-06-22 04:15:41 -07:00
config_windows.go
Windows: Set default exec driver to windows
2015-05-26 16:17:33 -07:00
config.go
fixed incorrect assumption on --bridge=none treated as disable network
2015-06-30 13:04:28 -07:00
container_linux.go
Fix regression in parsing capabilities list when a single string is given
2015-07-01 21:28:02 +02:00
container_unit_test.go
Move /nat to /pkg/nat
2015-06-30 17:43:17 +01:00
container_windows.go
Fix regression in parsing capabilities list when a single string is given
2015-07-01 21:28:02 +02:00
container.go
Move /nat to /pkg/nat
2015-06-30 17:43:17 +01:00
copy.go
Refactor server to use daemon as the service layer in controllers
2015-05-02 03:12:58 +02:00
create.go
Add verify config to verifyContainerSettings
2015-06-13 09:31:19 +08:00
daemon_aufs.go
Move graph.SetupInitLayer to daemon package where it is used
2015-06-16 16:50:56 -07:00
daemon_btrfs.go
Windows: Don't build Linux graph drivers
2015-06-08 15:09:33 -07:00
daemon_devicemapper.go
Windows: Don't build Linux graph drivers
2015-06-08 15:09:33 -07:00
daemon_no_aufs.go
Windows: Don't build Linux graph drivers
2015-06-08 15:09:33 -07:00
daemon_overlay.go
Windows: Don't build Linux graph drivers
2015-06-08 15:09:33 -07:00
daemon_test.go
Allow to downgrade local volumes from > 1.7 to 1.6.
2015-06-09 18:04:59 -07:00
daemon_unit_test.go
Move security opts to HostConfig
2014-11-25 01:02:30 +02:00
daemon_unix.go
Nat was moved to pkg/nat
2015-06-30 16:48:17 -04:00
daemon_windows.go
fixed incorrect assumption on --bridge=none treated as disable network
2015-06-30 13:04:28 -07:00
daemon_zfs.go
Windows: No ZFS graphdriver
2015-05-14 15:57:45 -07:00
daemon.go
fixed incorrect assumption on --bridge=none treated as disable network
2015-06-30 13:04:28 -07:00
debugtrap_unsupported.go
Fix package on debugtrap_unsupported.go
2015-05-13 16:38:59 -07:00
debugtrap.go
Add SIGUSR1 handler for dumping stack/goroutine traces
2015-05-12 10:09:23 +10:00
delete.go
Windows: Allow VFS
2015-06-12 09:21:17 -07:00
exec_linux.go
Windows: Split ContainerExecCreate
2015-05-06 16:19:27 -07:00
exec_windows.go
Windows: Split ContainerExecCreate
2015-05-06 16:19:27 -07:00
exec.go
Merge pull request #14268 from unclejack/lower_allocations_execdriver
2015-06-30 12:12:06 -07:00
export.go
Cleanup container LogEvent calls
2015-06-01 12:39:28 -07:00
history.go
History.Swap Use parallel assignment to swap elements, as it's
2015-03-25 00:13:13 +03:00
image_delete.go
Update graph walkhistory to pass by value
2015-06-05 18:06:09 -07:00
info.go
Add bridge-nf-call-iptables/bridge-nf-call-ipv6tables to docker info
2015-06-17 09:19:11 +08:00
inspect.go
docker-inspect: Extend docker inspect to export image/container metadata related to graph driver
2015-06-15 14:05:10 -04:00
kill.go
Cleanup container LogEvent calls
2015-06-01 12:39:28 -07:00
list.go
Move /nat to /pkg/nat
2015-06-30 17:43:17 +01:00
logdrivers_linux.go
Add new logging driver: fluentd
2015-06-26 11:03:11 +09:00
logdrivers_windows.go
Windows: Factor out syslog and journald
2015-05-14 10:34:09 -07:00
logs.go
Fix goroutine leak on logs -f with no output
2015-06-04 13:56:40 -07:00
monitor.go
Add RestartPolicy methods instead of using strings checking
2015-05-16 14:15:28 +02:00
pause.go
Cleanup container LogEvent calls
2015-06-01 12:39:28 -07:00
README.md
rename.go
Cleanup container LogEvent calls
2015-06-01 12:39:28 -07:00
resize.go
Refactor server to use daemon as the service layer in controllers
2015-05-02 03:12:58 +02:00
restart.go
Cleanup container LogEvent calls
2015-06-01 12:39:28 -07:00
start.go
Add verify config to verifyContainerSettings
2015-06-13 09:31:19 +08:00
state_test.go
Fix vet errors about unkeyed fields
2014-12-12 10:44:59 -08:00
state.go
Add a "Created" state for new containers that haven't been run yet
2015-05-30 07:48:46 -07:00
stats_collector_unix.go
Windows: Factor out stat collector
2015-06-01 09:11:03 -07:00
stats_collector_windows.go
Windows: Factor out stat collector
2015-06-01 09:11:03 -07:00
stats_linux.go
Updates libcontainer to v2.2.1
2015-06-15 18:18:38 -04:00
stats_windows.go
Fixes content-type/length for stats stream=false
2015-06-12 13:06:06 -04:00
stats.go
Stats API to retrieve nw stats from libnetwork
2015-07-01 11:15:16 -07:00
stop.go
Cleanup container LogEvent calls
2015-06-01 12:39:28 -07:00
top.go
Cleanup container LogEvent calls
2015-06-01 12:39:28 -07:00
unpause.go
Cleanup container LogEvent calls
2015-06-01 12:39:28 -07:00
utils_linux.go
--selinux-enabled flag should be ignored on Disabled SELinux systems
2014-09-23 13:21:25 -04:00
utils_nolinux.go
--selinux-enabled flag should be ignored on Disabled SELinux systems
2014-09-23 13:21:25 -04:00
utils_test.go
Decode container configurations into typed structures.
2015-04-15 10:22:07 -07:00
utils.go
Remove PortSpecs from Config
2015-05-29 22:38:09 +02:00
volumes_experimental_unit_test.go
apply selinux labels volume patch on volumes refactor
2015-05-27 12:50:16 -07:00
volumes_experimental.go
Mount bind volumes coming from the old volumes configuration.
2015-05-28 14:06:17 -07:00
volumes_linux.go
Allow to downgrade local volumes from > 1.7 to 1.6.
2015-06-09 18:04:59 -07:00
volumes_stubs_unit_test.go
apply selinux labels volume patch on volumes refactor
2015-05-27 12:50:16 -07:00
volumes_stubs.go
Mount bind volumes coming from the old volumes configuration.
2015-05-28 14:06:17 -07:00
volumes_unit_test.go
Allow named volumes for external drivers.
2015-05-21 20:34:17 -07:00
volumes_windows.go
Allow to downgrade local volumes from > 1.7 to 1.6.
2015-06-09 18:04:59 -07:00
volumes.go
Windows: Docker build starting to work
2015-06-17 10:41:28 -07:00
wait.go
Move container.WaitStop, AttachWithLogs and WsAttachWithLogs to daemon service in api server
2015-05-11 19:56:41 +02:00

README.md

This directory contains code pertaining to running containers and storing images

Code pertaining to running containers:

  • execdriver
  • networkdriver

Code pertaining to storing images:

  • graphdriver