With this capability set the container can e.g. change the ip address
of his devices to that of another container on the docker0 bridge. In
a quick test I was able to listen to a port on a different ip than the
one docker assigned me, but was not able to hijack an open port
redirection that another container had open. Maybe its possible with
some more knowledge of networking though.
Anyway, network setup is meant to be handled by docker, not the apps,
so I believe denying this is generally in the spirit of docker, and
it closes down potential security issues.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 02fddffd51da782f912e2709ea814c330269515b
Component: engine
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
1. All titles are listed by simple platform names apart from Windows' "Installing Docker On Windows". Changed this to "Windows" to match the rest.
2. Some articles' description (and title) information does not match the majority. Modified them to match the rest (i.e. Please note this project is currently under heavy development. It should not be used in production.)
3. Removed "Linux" from Gentoo & Ubuntu descriptions.
Upstream-commit: 10d57b648fe77fe34642d0af6c5c010ff1180c85
Component: engine
This also adds a new "AUTO_GOPATH" environment variable that will create an appropriate GOPATH as part of the build process.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: d3d85d38fb5bdd0327fdc9fe8b637cb0f4e1dcf2
Component: engine
This makes the device mapper not zero out blocks allocated on the
thinp device. This is safe in our use case, as we access the device
via a filesystem that doesn't leak any uninitialized data to userspace.
This partially helps with https://github.com/dotcloud/docker/issues/3280
and should generally improve preformance on the devicemapper backend.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 695719b29a6311a56faae0c6ed3c985b7a75add0
Component: engine
Properly error out if passed an id that doesn't exist.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 304e33a2fe2d006cc1063c8060c6e22c9ade3d59
Component: engine
I volunteered for pkg/systemd MAINTAINER and there were no objections
during the #docker-dev meeting. For context I wrote most of the stuff in
here and wrote the dependent calls in api.go. Plus, I actively test the
code via CoreOS.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Upstream-commit: 15711ed670e8ab59611030ea1191189ad495ea63
Component: engine
For some reason we seem to get transient EBUSY when removing
thinp devices, which prohibit removing containers. When
this happens we retry a few times which seems to fix the
issue for me.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 2c82fd93d8a01cc1f53fe861378e6d2dca0486c6
Component: engine
This makes sure the device is removed just like in deactivateDevice.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 7e25cd5891f84c2fab656c364002290e4b87f934
Component: engine
We already have some kind of refcounting in DeviceSet, this fleshes
it out to allow it to completely subsume the refcounting in
devmapper.Driver.
This allows us to drop the double refcounting, and the locking inside
devmapper.Driver. This, in particular the locking simplification will
make it easier in the future to parallelize the device mapper.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: b95c560fdda4813319a2377e240592a3261e30ef
Component: engine
