toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,296 Commits 3 Branches 295 Tags
04ff3d25e594ff8eaebfab3b94bd3c453ad1d235
Commit Graph

8 Commits

Author SHA1 Message Date
Michael Crosby
1316dc9e2d Use libcontainer cap drop method 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: d31ae5aed80eeb40a461930776ad2b507804bf4e
Component: engine
 2014-06-19 16:00:53 -04:00
Dinesh Subhraveti
84bd7e4c9e Maintain a whitelist of capabilities rather than droplist 
This fixes 6/18 vulnerability

Docker-DCO-1.1-Signed-off-by: Dinesh Subhraveti <dineshs@altiscale.com> (github: dineshs-altiscale)
Upstream-commit: cf331cdd6ad35c6e0d291df51b49aef5909671f5
Component: engine
 2014-06-19 03:34:04 -04:00
Michael Crosby
52b8a282c3 Update libcontainer imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 8194556337b65dda71a3d4d7f6ae9653ad5a19a0
Component: engine
 2014-06-10 19:58:15 -07:00
Michael Crosby
3c7670e68c Move libcontainer deps into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 6158ccad97db51e756aafefb096d1163aa4d6439
Component: engine
 2014-06-09 15:52:12 -07:00
William Thurston
fc7b9b154d Fixes #5749 
libcontainer support for arbitrary route table entries

Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
Upstream-commit: bf7f360dcac38037d5c4f9e2e90d01adc240ed2b
Component: engine
 2014-05-28 17:42:02 +00:00
Michael Crosby
0fcf738183 Setup host networking for lxc and native 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: a785882b29b9f0b24ace8249576c5d8d7f8c1d94
Component: engine
 2014-05-05 10:08:59 -07:00
Eiichi Tsukata
d33d261bde drop CAP_SYSLOG capability 
Kernel capabilities for privileged syslog operations are currently splitted into
CAP_SYS_ADMIN and CAP_SYSLOG since the following commit:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce6ada35bdf710d16582cc4869c26722547e6f11

This patch drops CAP_SYSLOG to prevent containers from messing with
host's syslog (e.g. `dmesg -c` clears up host's printk ring buffer).

Closes #5491

Docker-DCO-1.1-Signed-off-by: Eiichi Tsukata <devel@etsukata.com> (github: Etsukata)
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: cac0cea03f85191b3d92cdaeae827fdd93fb1b29
Component: engine
 2014-05-01 11:43:55 -07:00
Alexander Larsson
f7be50364d Rename runtime/* to daemon/* 
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 359b7df5d2af5733b8a1ea6746d062053053b23e
Component: engine
 2014-04-17 14:43:01 -07:00