Next steps, in another PR, would be:
- make all logging go through the logrus stuff
- I'd like to see if we can remove the env var stuff (like DEBUG) but we'll see
Closes#5198
Signed-off-by: Doug Davis <dug@us.ibm.com>
Signal proxy does work only in non-TTY mode (--tty=false). Man pages and
commands should not lie about it.
Signed-off-by: Michal Minar <miminar@redhat.com>
So far, it looks like the declarations are not used, and so its safer not to
confuse people into thinking they do something.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
zsh completion is updated with the content of
felixr/docker-zsh-completion.
The major change since the last merge is the addition of
exec/create (but they were already present in the docker repository) as
well as pause/unpause/logout/events and the use of short/long options
when they are available. Some missing options were also added.
12f00abd7178 Add completion for `exec'
4e2faa075f9a Merge `run' and `create' commands.
34134de077de Add missing long/short options for most commands.
d09f62339ab5 Add completion for `pause' and `unpause'
e4754c3b3b9d Add completion for `logout'
e0935eb3d5d2 Add completion for `events'
dae353cb9afb Add completion for `create`
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
Two problems how they are today:
In the current systemd unit files it is impossible to have the
docker.service started at system boot. Instead enableing docker.service
will actually enable docker.socket. This is a problem, as that means
any container with --restart=always will not launch on reboot. And of
course as soon as you log in and type docker ps, docker.service will be
launched and now your images are running. Talk about a PITA to debug!
The fix is to just install docker.service when people ask docker.service
to be enabled. If an admin wants to enable docker.socket instead, that
is fine and will work just as it does today.
The second problem is a common docker devel workflow, although not
something normal admins would hit. In this case consider a dev doing
the following:
systemctl stop docker.service
docker -d
[run commands]
[^C]
systemctl start docker.service
Running docker -d (without -F fd://) will clean up the
/var/run/docker.sock when it exits. Remember, you just ran the docker
daemon not telling it about socket actviation, so cleaning up its socket
makes sense! The new docker, started by systemd will expect socket
activation, but the last one cleaned up the docker.sock. So things are
just broken. You can, today, work around this by restarting
docker.socket. This fixes it by telling docker.socket that it is
PartOf=docker.service. So when docker.service is
started/stopped/restarted docker.socket will also be
started/stopped/restarted. So the above semi-common devel workflow will
be fine. When docker.service is stopped, so is docker.socket, docker
-d (without -F fd://) will create and delete /var/run/docker.sock.
Starting docker.service again will restart docker.socket, which will
create the file an all is happy in the word.
Signed-off-by: Eric Paris <eparis@redhat.com>
Failure to do this means that file capabilites are not preserved in the image.
Ping fails to work as a non-root user if cap_net_raw is capability is not set
Signed-off-by: Dan Griffin <dgriffin@peer1.com>
The biggest/bestest change here is cutting down on the number of calls to Docker in the filtering helpers (`__docker_containers_running`, etc), especially calls to the really heavy `docker images`.
Signed-off-by: Andrew Page <admwiggin@gmail.com>
debootstrap needs the suite as the second argument, for this the script
reorders arguments beginning with a minus but components separated by
space, as stated by the help message, is not handled and will lead to
the rootfs being passed as suite to debootstrap.
The poor mans solution is to fix the help message to pass the long
option as one argument.
Signed-off-by: Julian Taylor <jtaylor.debian@googlemail.com>
security-opts will allow you to customise the security subsystem.
For example the labeling system like SELinux will run on a container.
--security-opt="label:user:USER" : Set the label user for the container
--security-opt="label:role:ROLE" : Set the label role for the container
--security-opt="label:type:TYPE" : Set the label type for the container
--security-opt="label:level:LEVEL" : Set the label level for the container
--security-opt="label:disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Depracated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This change will allow the Docker daemon's init script to wait up to 5
minutes before being forcibly terminated by the initscript. Many
non-trivial containers will take more than the default 3 seconds to
stop, which can result in containers whose rootfs is still mounted and
will not restart when the daemon starts up again, or worse, orphan
processes that are still running.
Signed-off-by: Steven Merrill <steven.merrill@gmail.com>
zsh completion is updated with the content of
felixr/docker-zsh-completion.
The major change since the last merge is the removal of use of
sed/awk. This should help a lot OSX users who previously had to install
gawk and gsed.
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
Later versions of `apt` are smart enough to just create this directory if it's missing, but Lucid balks (just like `gnupg` and `gpgv` aren't in the Required set so don't come in a minbase -- good ol' Lucid).
Signed-off-by: Andrew Page <admwiggin@gmail.com>
- add `set -e` to make failing commands bail the script
- remove trailing `exit 0` which is just extraneous anyhow
- adjust `status_of_proc` options to pass in `$DOCKER_DESC` so we get consistently styled messages like `Docker is running` or `Docker is not running` or `could not access PID file for Docker`
Signed-off-by: Andrew Page <admwiggin@gmail.com>
This allows signing off commits with `git commit -s`
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Cleaned up DCO regex
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
This should not be done by default but used by adminsys with a drop-in.d file,
for buggy daemons which crash without known fixes.
Docker-DCO-1.1-Signed-off-by: Sébastien Luttringer <seblu@seblu.net> (github: seblu)
If AppArmor is enabled on the current system, but "apparmor_parser" isn't installed, it causes all kinds of issues.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
As requested after #7021 add me as a maintainer alongside the sword
toting @lsm5.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
zsh completion is updated with the content of
felixr/docker-zsh-completion.
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
This results in a dramatic improvement in the size of individual "apt-get update" layers (on a clean wheezy base, from "29.88 MB" down to "8.273 MB").
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
