Remove double reference between containers and exec configurations by
keeping only the container id.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 9ca2e4e81cdb950f2b5958a7712153d1a6dd6e4c
Component: engine
This is a small configuration struct used in two scenarios:
1. To attach I/O pipes to a running containers.
2. To attach to execution processes inside running containers.
Although they are similar, keeping the struct in the same package
than exec and container can generate cycled dependencies if we
move any of them outside the daemon, like we want to do
with the container.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 3f5b8f712d693188b41b3d9b55e5e5213be48ef5
Component: engine
By removing deprecated volume structures, now that windows mount volumes we don't need a initializer per platform.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 060f4ae6179b10aeafa883670826159fdae8204a
Component: engine
This change will allow us to run SELinux in a container with
BTRFS back end. We continue to work on fixing the kernel/BTRFS
but this change will allow SELinux Security separation on BTRFS.
It basically relabels the content on container creation.
Just relabling -init directory in BTRFS use case. Everything looks like it
works. I don't believe tar/achive stores the SELinux labels, so we are good
as far as docker commit.
Tested Speed on startup with BTRFS on top of loopback directory. BTRFS
not on loopback should get even better perfomance on startup time. The
more inodes inside of the container image will increase the relabel time.
This patch will give people who care more about security the option of
runnin BTRFS with SELinux. Those who don't want to take the slow down
can disable SELinux either in individual containers or for all containers
by continuing to disable SELinux in the daemon.
Without relabel:
> time docker run --security-opt label:disable fedora echo test
test
real 0m0.918s
user 0m0.009s
sys 0m0.026s
With Relabel
test
real 0m1.942s
user 0m0.007s
sys 0m0.030s
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Upstream-commit: 1716d497a420f0cd4e53a99535704c6d215e38c7
Component: engine
Each platform has only a driver now.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 157b66ad390902ef6f5b51b3f76d5177eacac81b
Component: engine
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 3b5fac462d21ca164b3778647420016315289034
Component: engine
Side effects:
- Decouple daemon and container to start containers.
- Decouple daemon and container to copy files.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 3a497650464b40191bd2cde348e676acf4efe270
Component: engine
And do not try to unmount empty paths.
Because nobody should be woken up in the middle of the night for them.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: a54d5932e3a644317c77d59bc5aee562841d5c20
Component: engine
Instead of using `MNT_DETACH` to unmount the container's mqueue/shm
mounts, force it... but only on daemon init and shutdown.
This makes sure that these IPC mounts are cleaned up even when the
daemon is killed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 78bd17e805b7514505455b10f2fd90962505a3ff
Component: engine
Also make daemon.netController.Stop() regardless of container existance.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: ace5854f654d58e821bb3d47c4e3255ae49619e5
Component: engine
It's not true anymore, it used in builder for example.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 134772f91ec40616d974e61388638495c8a126fb
Component: engine
--cluster-advertise daemon option is enahanced to support <interface-name>
in addition to <ip-address> in order to amke it automation friendly using
docker-machine.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 3e7db73b99498d037b43eb59972a6360cfbc971b
Component: engine
It makes code more consistent.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 6d9bb99c97438edc996e51e13a0aca0feabc5d26
Component: engine
- Only user named containers will be published into
other containers' etc/hosts file.
- Also block linking to containers which are not
connected to the default network
Signed-off-by: Alessandro Boch <aboch@docker.com>
Upstream-commit: 4f6f00e1916a8c58e67c8118d015988d86718d19
Component: engine
While creating multiple containers the second
container could remove the first one from graph
and not produce an error.
Fixes#15995
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: aee54863741fc3f012c423d1a445d1a6b687966a
Component: engine
Delegate validation tasks to the volume drivers. It's up to them
to decide whether a name is valid or not.
Restrict volume names for the local driver to prevent creating
mount points outside docker's volumes directory.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: d6d60287ee3a8a064340582d65c131181ae77127
Component: engine
Lookup the graph parent reference to detect a builder cache miss before
looping the whole graph image index to build a parent-children tree.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: f9e81b40f4065e3d0851172759ef58fda6572cce
Component: engine
This is useful for cluster systems such as swarm to sync the image
state when new images are successfully built.
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
Upstream-commit: 2968fa44eb2a53c121ad2b27c519ae47ca7653c3
Component: engine
Adds support for the daemon to handle user namespace maps as a
per-daemon setting.
Support for handling uid/gid mapping is added to the builder,
archive/unarchive packages and functions, all graphdrivers (except
Windows), and the test suite is updated to handle user namespace daemon
rootgraph changes.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 442b45628ee12ebd8e8bd08497896d5fa8eec4bd
Component: engine
