0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
48607 commits 14 branches 412 tags 338 MiB
Commit graph

3397 commits

Author SHA1 Message Date
Guillaume J. Charmes
029aac9639
Use BSD raw mode on darwin. Fixes nano, tmux and others 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-13 11:11:02 -07:00
Guillaume J. Charmes
6a325f1c7a
Fix issue when /etc/apparmor.d does not exists 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-12 11:13:24 -07:00
Victor Vieux
f0eb227548 improve deprecation message 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-12 00:51:46 +00:00
Guillaume J. Charmes
915d967f55
Update email + add self to pkg/signal 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-10 20:26:45 -07:00
Kato Kazuyoshi
b2cd89056f Like signal_linux.go, we don't have import os and os/signal 
Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
 2014-03-11 23:14:58 +09:00
Michael Crosby
b5a544b02e Merge pull request #4563 from creack/signal-improvment 
Signal improvments
 2014-03-10 17:59:17 -07:00
Michael Crosby
923962a4b5 Merge pull request #4515 from vieux/improve_sort_flags 
improve alpha sort in mflag
 2014-03-10 17:45:41 -07:00
Guillaume J. Charmes
157f24ca77 Make docker use the signal pkg with strings 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-10 17:36:47 -07:00
Guillaume J. Charmes
10dc16dcd3 Create portable signalMap 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-10 17:36:41 -07:00
Guillaume J. Charmes
c563262239 Move signal to pkg 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-10 17:36:32 -07:00
srid
03211ecce0 nsinit: prefix errors with their source 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
 2014-03-10 17:08:50 -07:00
unclejack
8bcb156694 Merge pull request #3985 from creack/add_freebsd_support 
Add freebsd client support
 2014-03-11 00:58:30 +02:00
Guillaume J. Charmes
6ccfb7fb9a
Update bsd specs 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-10 15:19:08 -07:00
Victor Vieux
fde5f573d3 move opts out of pkg because it's related to docker 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-10 21:10:23 +00:00
Victor Vieux
d648708d02 remove utils.go 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-10 21:06:27 +00:00
Guillaume J. Charmes
bb43761940
Merge branch 'master' into add_freebsd_support 
Conflicts:
	archive/archive.go
	archive/start_unsupported.go
 2014-03-10 13:20:49 -07:00
Victor Vieux
7da37fec13 handle capital 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-07 23:40:45 +00:00
Michael Crosby
36dd124b16 Add env var to toggle pivot root or ms_move 
Use the  DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 19:30:52 -08:00
Victor Vieux
3729ece2ea improve alpha sort in mflag 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-07 02:20:59 +00:00
Michael Crosby
c38635020a Revert "Revert "libcontainer: Use pivot_root instead of chroot"" 
This reverts commit 82f797f140.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 17:19:59 -08:00
Michael Crosby
557e4fef44 Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"" 
This reverts commit bd263f5b15.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 17:19:47 -08:00
unclejack
78dc1ede52 Merge pull request #4512 from crosbymichael/no-pivot-root 
No pivot root because of ramdisk
 2014-03-07 02:54:03 +02:00
Michael Crosby
bd263f5b15 Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE" 
This reverts commit 757b577572.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:41:03 -08:00
Michael Crosby
82f797f140 Revert "libcontainer: Use pivot_root instead of chroot" 
This reverts commit 5b5c884cc8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:32:06 -08:00
Michael Crosby
ea9bce8724 Ensure that native containers die with the parent 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 16:30:56 -08:00
Michael Crosby
772ef99d28 Remove the ghosts and kill everything 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-06 15:30:26 -08:00
Guillaume J. Charmes
b722aa21b7 Merge pull request #4506 from creack/fix_apparmor 
Use CGO for apparmor profile switch
 2014-03-06 13:37:34 -08:00
Tianon Gravi
0b23393ba1 Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-03-06 13:39:17 -07:00
Guillaume J. Charmes
c89fa6645e
Add buildflags to allow crosscompilation for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 12:05:03 -08:00
Guillaume J. Charmes
31f62b934b Merge pull request #4503 from unclejack/attempt_to_fix_apparmor_profile 
remove dbus from apparmor profile for Ubuntu 12.04
 2014-03-06 11:20:06 -08:00
Guillaume J. Charmes
f0f833c6d7
Use CGO for apparmor profile switch 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-06 11:10:58 -08:00
unclejack
46fdb6af8e remove dbus from apparmor profile 
This removes the dbus entry from the apparmor profile Docker creates.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-03-06 19:47:03 +02:00
Alexander Larsson
5c9b28db18 libcontainer: Don't use UsetCloseOnExec, it is racy 
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.

Instead we just use Cmd.ExtraFiles which handles all this for us.

This fixes https://github.com/dotcloud/docker/issues/4493

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-06 14:10:32 +01:00
Guillaume J. Charmes
920a6ca54c
Generate and load custom docker profile for apparmor 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 15:02:11 -08:00
Michael Crosby
37f137c822 Some cleanup around logs 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-05 13:50:49 -08:00
Guillaume J. Charmes
cb4189a292
Add AppArmor support to native driver + change pipe/dup logic 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-05 13:08:24 -08:00
Victor Vieux
069dc7f8c7 fix panic with only long flags or only one deprecatd 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-05 19:45:57 +00:00
Victor Vieux
089bf5e11e fix usage for completly deprecated flag 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-05 19:27:39 +00:00
Michael Crosby
858d0356fd Merge pull request #4278 from alexlarsson/system 
Create pkg/system and move stuff there from archive
 2014-03-05 12:32:35 -05:00
Alexander Larsson
d6114c0da0 Create pkg/system and move stuff there from archive 
This is a package for generic system calls etc that for some reason
is not yet supported by "syscall", or where it is different enough
for the different ports to need portability wrappers.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-05 14:05:32 +01:00
Alexander Larsson
757b577572 libcontainer: Use MS_PRIVATE instead of MS_SLAVE 
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-05 09:40:54 +01:00
Michael Crosby
b07708c8de Add shm size cap to mount 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 14:18:40 -08:00
Guillaume J. Charmes
57a47f5bbf
Remove /dev tmpfs mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 13:21:22 -08:00
Guillaume J. Charmes
c74a8b28cd
remove /run mountpoint 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:32:17 -08:00
Guillaume J. Charmes
39d58129c3
Remove loopback mount bind 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-03-04 12:30:52 -08:00
Michael Crosby
b63709c1f1 Merge pull request #4452 from crosbymichael/small-fixes-to-libcontainer 
Add find tests and remove panic in DEBUG
 2014-03-04 14:37:41 -05:00
Michael Crosby
7e52445f2f Add find tests and remove panic in DEBUG 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-04 08:55:12 -08:00
Alexander Larsson
5b5c884cc8 libcontainer: Use pivot_root instead of chroot 
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.

This has multiple advantages:

* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
  filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
  we don't hog these. This is important if we later switch to MS_PRIVATE instead
  of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
  parent namespace.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-03-04 12:44:08 +01:00
Darren Shepherd
b39d02b611 Support hairpin NAT without going through docker server 
Hairpin NAT is currently done by passing through the docker server.  If
two containers on the same box try to access each other through exposed
ports and using the host IP the current iptables rules will not match the
DNAT and thus the traffic goes to 'docker -d'

This change drops the restriction that DNAT traffic must not originate
from docker0.  It should be safe to drop this restriction because the
DOCKER chain is already gated by jumps that check for the destination
address to be a local address.

Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
 2014-03-03 21:53:57 -07:00
Guillaume J. Charmes
69c69059fc Merge pull request #4327 from crosbymichael/add-libcontainer 
Add native execution driver to docker and make it the default
 2014-03-03 16:34:20 -08:00