* master: (64 commits)
Move the canonical run configuration objects to a sub-package
Remove useless code in client implementation of 'run'.
pkg/opts: a collection of custom value parsers implementing flag.Value
Move api-specific code to the api package
Fix the tests, too
Fix the one spot I missed dockerversion
fix underline/heading
New package `nat`: utilities for manipulating the text description of network ports.
rewrite the PostgreSQL example using a Dockerfile, and add details to it
Move even more stuff into dockerversion
fix underline/heading
Move docker version introspection to a sub-package.
add port forwarding notes for mac/boot2docker docs
Update remote_api_client_libraries.rst
Avoid extra mount/unmount during container registration
add a little more information about the docker run -P option
lxc: Drop NET_ADMIN capability in non-privileged containers
devmapper: Remove directory when removing devicemapper device
add a little info on upgrading
point out that ENV DEBIAN_FRONTEND will persist, so its not recommended
...
* Config is now runconfig.Config
* HostConfig is now runconfig.HostConfig
* MergeConfig is now runconfig.Merge
* CompareConfig is now runconfig.Compare
* ParseRun is now runconfig.Parse
* ContainerConfigFromJob is now runconfig.ContainerConfigFromJob
* ContainerHostConfigFromJob is now runconfig.ContainerHostConfigFromJob
This facilitates refactoring commands.go and shrinks the core.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Runtime.Register() called driver.Get()/Put() in order to read back the
basefs of the container. However, this is not needed, as the basefs
is read during container.Mount() anyway, and basefs is only valid
while mounted (and all current calls satisfy this).
This seems minor, but this is actually problematic, as the Get/Put
pair will create a spurious mount/unmount cycle that is not needed and
slows things down. Additionally it will create a supurious
devicemapper activate/deactivate cycle that causes races with udev as
seen in https://github.com/dotcloud/docker/issues/4036.
With this change devicemapper is now race-free, and container startup
is slightly faster.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
With this capability set the container can e.g. change the ip address
of his devices to that of another container on the docker0 bridge. In
a quick test I was able to listen to a port on a different ip than the
one docker assigned me, but was not able to hijack an open port
redirection that another container had open. Maybe its possible with
some more knowledge of networking though.
Anyway, network setup is meant to be handled by docker, not the apps,
so I believe denying this is generally in the spirit of docker, and
it closes down potential security issues.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
We're currently leaving around lots of empty directories in
/var/lib/docker/devicemapper/mnt/ for removed images and containers.
Fix this by removing the directory when the device is removed.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
