0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
18578 commits 14 branches 412 tags 338 MiB
Commit graph

201 commits

Author SHA1 Message Date
Michael Crosby
a7a51306b1 Mask reads from timer_stats and latency_stats 
These files in /proc should not be able to be read as well
as written to.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-07 14:42:23 -07:00
Michael Crosby
27ae108b4e Mount RO for timer_stats and latency_stats in proc 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-07 14:42:23 -07:00
Michael Crosby
42c8c1b0b8 Mount /proc/fs as readonly 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-05-07 14:42:23 -07:00
Michael Crosby
d87da59c79 Prevent write access to /proc/asound 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	integration-cli/docker_cli_run_test.go
 2015-05-07 14:42:23 -07:00
Jessie Frazelle
74bfa36753 Merge pull request #12165 from icecrime/optional_userland_proxy 
Optional userland proxy
 2015-05-07 14:01:16 -07:00
John Howard
390f3c99d3 Fix os.MkdirAll in native driver 
Signed-off-by: John Howard <jhoward@microsoft.com>
 2015-05-07 12:09:30 -07:00
Arnaud Porterie
f42348e18f Add --userland-proxy daemon flag 
The `--userland-proxy` daemon flag makes it possible to rely on hairpin
NAT and additional iptables routes instead of userland proxy for port
publishing and inter-container communication.

Usage of the userland proxy remains the default as hairpin NAT is
unsupported by older kernels.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
 2015-05-04 16:07:45 -07:00
Tianon Gravi
80a895142e Update libcontainer and make it the source of truth on logrus version 
To help avoid version mismatches between libcontainer and Docker, this updates libcontainer to be the source of truth for which version of logrus the project is using.  This should help avoid potential incompatibilities in the future, too. 👍

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
 2015-05-04 11:02:44 -06:00
Antonio Murdaca
4aff563282 Remove unused error return 
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
 2015-05-02 15:57:57 +02:00
Jessica Frazelle
2afcd10202 option to configure cgroups 
Signed-off-by: Jessica Frazelle <jess@docker.com>
 2015-04-27 17:50:39 -07:00
Daniel, Dao Quang Minh
ade8146aa8 reuse same code for setting pipes in run/exec 
This also moves `exec -i` test to _unix_test.go because it seems to need a
pty to reliably reproduce the behavior.

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
 2015-04-23 21:54:21 +00:00
Daniel, Dao Quang Minh
71b5a754ce remove unused utils 
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
 2015-04-22 21:53:45 +00:00
Ma Shimiao
e607bb49c4 clenaup: delete unused function getEnv 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
 2015-04-20 16:32:42 +08:00
Michael Crosby
a5f7c4aa31 Ensure state is destroyed on daemont restart 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-15 17:44:03 -07:00
Michael Crosby
12f7db1830 Merge pull request #12025 from coolljt0725/add_exec_with_user 
Add docker exec run command as a different user and in privileged mode
 2015-04-13 13:50:51 -07:00
Lei Jitang
72a500e9e5 Add docker exec run a command in privileged mode 
Signed-off-by: Lei Jitang <leijitang@huawei.com>
 2015-04-11 11:26:37 +08:00
Lei Jitang
2cce4791b0 Add -u|--user flag to docker exec for running command as a different user 
Signed-off-by: Lei Jitang <leijitang@huawei.com>
 2015-04-11 11:04:24 +08:00
Alexander Morozov
ac8bd12b39 Get process list after PID 1 dead 
Fix #11087

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-04-10 16:23:57 -07:00
Yan Feng
ab11d60555 Fix a typo in docker/daemon/execdriver/native/exec.go 
Signed-off-by: Yan Feng <yanfeng2@huawei.com>
 2015-04-09 11:46:09 -04:00
Mrunal Patel
195bebd3a7 Removes unused function. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-04-07 18:15:28 -04:00
guoxiuyan
ffcc4a1e52 Fix a minor typo 
Signed-off-by: Guo Xiuyan <guoxiuyan@huawei.com>
 2015-04-04 15:36:35 +08:00
Michael Crosby
7061a993c5 Return closed channel if oom notification fails 
When working with Go channels you must not set it to nil or else the
channel will block forever.  It will not panic reading from a nil chan
but it blocks.  The correct way to do this is to create the channel then
close it as the correct results to the caller will be returned.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-04-01 15:30:48 -07:00
Alexander Morozov
f468bbb7e8 Do not mask *exec.ExitError 
Fix #11764

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-03-30 15:31:49 -07:00
Alexander Morozov
5a1e5cf8c9 Get child processes before main process die 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-03-30 13:28:34 -07:00
Alexander Morozov
489ab77f4a Use proper wait function for --pid=host 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-03-30 13:27:38 -07:00
Antonio Murdaca
6f4d847046 Replace aliased imports of logrus, fixes #11762 
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
 2015-03-26 23:22:04 +01:00
Michael Crosby
f3fc857e01 Merge pull request #11716 from LK4D4/root_in_run 
Use /var/run/docker as root for execdriver
 2015-03-24 14:58:30 -07:00
Alexander Morozov
1e788ec985 Use /var/run/docker as root for execdriver 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-03-24 10:47:30 -07:00
Dan Walsh
fe9fe1473c We want to allow the sharing of /dev from the host into the 
container.

docker run -v /dev:/dev should stop mounting other default mounts in i
libcontainer otherwise directories and devices like /dev/ptx get mishandled.

We want to be able to run libvirtd for launching vms and it needs
access to the hosts /dev.  This is a key componant of OpenStack.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
 2015-03-20 08:56:21 -04:00
Michael Crosby
2b12b099b8 Mount libcontainer state dir in tmpfs 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-03-19 14:27:17 -07:00
Michael Crosby
06c939e527 Ensure the container state is removed on daemon boot 
This ensures that the libcontainer state is fully removed for a
container after it is terminated.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-03-19 14:21:19 -07:00
Mrunal Patel
60ef4ae6fc Update libcontainer to 4a72e540feb67091156b907c4700e580a99f5a9d 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-03-19 14:42:23 -04:00
Michael Crosby
f4a458e67f Do not mask /proc/kcore in privileged 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-03-18 14:17:21 -07:00
Michael Crosby
f5a154f2d2 Don't hardcode default rlimit 
The default for rlimit handling should be to inherit the rlimit of the
daemon unless explicitly set.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-03-17 16:04:15 -07:00
Jessie Frazelle
87a8658eb6 Merge pull request #11353 from mrunalp/override_default_mounts 
Filter out default mounts that are being overriden by the user.
 2015-03-16 16:40:32 -07:00
Mrunal Patel
7804cd36ee Filter out default mounts that are override by user. 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
 2015-03-16 18:39:50 -04:00
Michael Crosby
a2fcae41ef Merge pull request #11343 from hqhq/hq_fix_panic_error 
fix panic error when docker stats a stopped container
 2015-03-16 15:16:03 -07:00
Qiang Huang
8dc5791f73 fix panic error when docker stats a stopped container 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-03-16 19:55:34 +08:00
Qiang Huang
bffe04b582 fix warning messages 
Use log.Warnf instead of log.Infof, and remove redundant `WARNING` prefix.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
 2015-03-11 08:47:45 +08:00
Alexander Morozov
68ba5f0b69 Execdriver implementation on new libcontainer API 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-03-06 14:46:58 -08:00
Brian Goff
3f39050637 Allow setting ulimits for containers 
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2015-02-25 19:37:43 -05:00
Abin Shahab
1a26ed09ee Implements stats for lxc driver 
Implements stats and fixes stats test.

Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
 2015-02-23 10:16:52 +00:00
Alexander Morozov
e995670935 Fix possible panic on killing container 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-02-18 11:27:38 -08:00
Michael Crosby
2d4fc1de05 Refactor usage calc for CPU and system usage 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-20 20:21:46 -08:00
Michael Crosby
4f174aa792 Evict stopped containers 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-20 20:21:46 -08:00
Michael Crosby
2640a10bca Implement client side display for stats 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-20 20:21:46 -08:00
Michael Crosby
65f58e2a74 Implement container stats collection in daemon 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-20 20:21:46 -08:00
Alexander Morozov
95c0f07966 Merge pull request #10093 from crosbymichael/readonly-containers 
Add --read-only for read only container rootfs
 2015-01-14 15:56:51 -08:00
Michael Crosby
409407091a Add --readonly for read only container rootfs 
Add a --readonly flag to allow the container's root filesystem to be
mounted as readonly.  This can be used in combination with volumes to
force a container's process to only write to locations that will be
persisted.  This is useful in many cases where the admin controls where
they would like developers to write files and error on any other
locations.

Closes #7923
Closes #8752

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2015-01-14 15:41:31 -08:00
Alexander Morozov
5ce60217f1 Calming vet about type aliases from other package 
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
 2015-01-14 14:01:36 -08:00