0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
39893 commits 14 branches 412 tags 338 MiB
Commit graph

3005 commits

Author SHA1 Message Date
Guillaume J. Charmes
57a47f5bbf
Remove /dev tmpfs mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 13:21:22 -08:00
Guillaume J. Charmes
c74a8b28cd
remove /run mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:32:17 -08:00
Guillaume J. Charmes
39d58129c3
Remove loopback mount bind 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:30:52 -08:00
Michael Crosby
b63709c1f1 Merge pull request #4452 from crosbymichael/small-fixes-to-libcontainer 
Add find tests and remove panic in DEBUG
 2014-03-04 14:37:41 -05:00
Michael Crosby
7e52445f2f Add find tests and remove panic in DEBUG 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 08:55:12 -08:00
Alexander Larsson
5b5c884cc8 libcontainer: Use pivot_root instead of chroot 
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-04 12:44:08 +01:00
Darren Shepherd
b39d02b611 Support hairpin NAT without going through docker server 
Hairpin NAT is currently done by passing through the docker server.  If
two containers on the same box try to access each other through exposed
ports and using the host IP the current iptables rules will not match the
DNAT and thus the traffic goes to 'docker -d'

This change drops the restriction that DNAT traffic must not originate
from docker0.  It should be safe to drop this restriction because the
DOCKER chain is already gated by jumps that check for the destination
address to be a local address.

Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
 2014-03-03 21:53:57 -07:00
Guillaume J. Charmes
69c69059fc Merge pull request #4327 from crosbymichael/add-libcontainer 
Add native execution driver to docker and make it the default
 2014-03-03 16:34:20 -08:00
Sven Dowideit
2e71adac9f very minor spelling 
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
 2014-03-04 10:12:12 +10:00
Michael Crosby
5465fdf00f Factor out finalize namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 12:15:47 -08:00
Victor Vieux
bb5ed45224 add warning for deprecatd flags 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-03 19:57:05 +00:00
Michael Crosby
2f35f8e2a8 Update readme to remove .nspid 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-03 11:31:37 -08:00
Victor Vieux
cb3d27d01b prevent flag grouping with -- 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-03 19:17:28 +00:00
unclejack
7531f82c70 Merge pull request #4321 from vieux/docker_run_-it 
Add support for docker run -it or docker images -qa
 2014-03-03 20:52:10 +02:00
Alexander Larsson
e8af7fcf6d runtime: Fix unique constraint error checks 
The sqlite3 version in fedora (3.8) returns a different error string in the unique constraints
failure case than the one in hack/ (3.7). This updates the check to detect both, fixing
one integration check failure on Fedora.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-03 15:10:52 +01:00
Michael Crosby
fdeea90fc8 Allow child process to live if daemon dies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-27 09:33:36 -08:00
Michael Crosby
fb08b8b221 Code review updates 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 19:21:46 -08:00
Michael Crosby
7cd2245947 Ensure that loopback devices are mounted inside the conatiner 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 17:21:09 -08:00
Michael Crosby
70820b69ec Make network a slice to support multiple types 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 14:20:41 -08:00
Michael Crosby
ce08083f9c Merge branch 'master' into add-libcontainer 
Conflicts:
	execdriver/termconsole.go

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-26 12:55:24 -08:00
Michael Crosby
6016126c71 Fix cgroups swap issue when it is not supported 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 19:45:57 -08:00
Michael Crosby
93ed15075c Fix cross compile for make cross 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 15:19:13 -08:00
Victor Vieux
8dad771daa add version pkg 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-02-25 21:08:38 +00:00
Michael Crosby
96e33a7646 Move container.json and pid file into a root specific driver dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 12:41:31 -08:00
Guillaume J. Charmes
ca42758368
Merge branch 'add-libcontainer' of https://github.com/crosbymichael/docker into add-libcontainer 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-25 11:42:15 -08:00
Michael Crosby
de083400b8 Address initial feedback from pr 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-25 10:54:41 -08:00
Guillaume J. Charmes
91bf120c51
Better capability/namespace management 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-24 21:52:29 -08:00
Michael Crosby
f8453cd049 Refactor and improve libcontainer and driver 
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 21:11:52 -08:00
Michael Crosby
9cb4573d33 Improve logging for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 18:38:36 -08:00
Michael Crosby
a76407ac61 Cgroups allow devices for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 15:47:23 -08:00
Victor Vieux
3839e3a0f6 enable docker run -it 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-02-24 22:53:00 +00:00
Michael Crosby
1c79b747bb Honor user passed on container in nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:52:56 -08:00
Michael Crosby
01f9815b55 Fix tests with dockerinit lookup path 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:40:17 -08:00
Michael Crosby
a08e78a78c Look for cpu subsystem instead of memory 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 10:46:20 -08:00
Michael Crosby
fac41af25b Refactor driver to use Exec function from nsini 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-22 01:21:26 -08:00
Michael Crosby
ae423a036e Abstract out diff implementations for importing 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-22 00:29:21 -08:00
Michael Crosby
2412656ef5 Add syncpipe for passing context 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:58:30 -08:00
Michael Crosby
dd59f7fb28 Refactor exec method 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:37:09 -08:00
Michael Crosby
5a4069f3aa Refactor network creation and initialization into strategies 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 22:26:07 -08:00
Michael Crosby
9876e5b890 Export functions of nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 21:14:21 -08:00
Michael Crosby
2419e63d24 Initial commit of libcontainer running docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 17:23:49 -08:00
Michael Crosby
332755b99d Pass tty master to Exec 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:40:32 -08:00
Michael Crosby
c8fd81c278 Pass pipes into Exec function 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:28:43 -08:00
Michael Crosby
a352ecb01a Use lookup path for init 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 16:17:18 -08:00
Michael Crosby
ba025cb75c User os.Args[0] as name to reexec 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 15:32:50 -08:00
Michael Crosby
50c752fcb0 Add good logging support to both sides 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Michael Crosby
7f247e7006 Move tty into container.json 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Michael Crosby
6b2e963ce0 Refactor the flag management for main 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Michael Crosby
1316007e54 Make nsinit a proper go pkg and add the main in another dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 14:56:17 -08:00
Guillaume J. Charmes
66baa0653b Make sure to close the pipe upon ctrl-d 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-21 14:56:17 -08:00