0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/daemon
History
Dan Walsh 1e64264697 Make mqueue container specific 
mqueue can not be mounted on the host os and then shared into the container.
There is only one mqueue per mount namespace, so current code ends up leaking
the /dev/mqueue from the host into ALL containers.  Since SELinux changes the
label of the mqueue, only the last container is able to use the mqueue, all
other containers will get a permission denied.  If you don't have SELinux protections
sharing of the /dev/mqueue allows one container to interact in potentially hostile
ways with other containers.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
(cherry picked from commit ba38d58659)

From PR #19876
2016-02-10 11:29:58 -05:00
..
daemonbuilder Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
events Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
exec Fix race condition in execCommandGC 2016-01-26 12:58:49 -08:00
execdriver Make mqueue container specific 2016-02-10 11:29:58 -05:00
graphdriver Fix ZFS permissions bug with user namespaces 2016-02-10 11:29:01 -05:00
links Replace usage of pkg/nat with go-connections/nat. 2015-12-22 13:31:46 -05:00
logger only close LogDriver after LogCopier is done 2016-01-26 12:58:46 -08:00
network Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
archive.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
archive_unix.go Move Container to its own package. 2015-12-03 17:39:49 +01:00
archive_windows.go Move Container to its own package. 2015-12-03 17:39:49 +01:00
attach.go Implement configurable detach key 2016-01-03 23:03:39 +01:00
changes.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00
commit.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
config.go Make sure flat options are not parsed as config structures. 2016-02-02 15:37:14 -05:00
config_experimental.go Move userns support out of experimental into master 2016-01-08 15:06:22 -05:00
config_stub.go Add user namespace enable flag --userns-remap in experimental build 2015-10-09 20:50:05 -04:00
config_test.go Verify that the configuration keys in the file are valid. 2016-01-26 12:58:53 -08:00
config_unix.go Allow network configuration via daemon config file. 2016-01-26 12:59:00 -08:00
config_windows.go Allow network configuration via daemon config file. 2016-01-26 12:59:00 -08:00
container_operations.go Move Container to its own package. 2015-12-03 17:39:49 +01:00
container_operations_unix.go Make mqueue container specific 2016-02-10 11:29:58 -05:00
container_operations_windows.go Allow network configuration via daemon config file. 2016-01-26 12:59:00 -08:00
create.go Reject multiple networks on container creation 2016-01-26 12:58:58 -08:00
create_unix.go Allow external volume drivers to host anonymous volumes and copy existing data from image. 2016-01-26 12:58:53 -08:00
create_windows.go Allow external volume drivers to host anonymous volumes and copy existing data from image. 2016-01-26 12:58:53 -08:00
daemon.go Don’t stop daemon on migration hard failure 2016-02-09 13:09:07 -08:00
daemon_experimental.go Move userns support out of experimental into master 2016-01-08 15:06:22 -05:00
daemon_linux.go Force IPC mount to unmount on daemon shutdown/init 2015-10-30 15:41:48 -04:00
daemon_linux_test.go Do not try to cleanupMounts if daemon.repository is empty 2015-09-29 11:30:18 +08:00
daemon_stub.go Move userns support out of experimental into master 2016-01-08 15:06:22 -05:00
daemon_test.go Remove cluster storage advertise from reload. 2016-01-27 10:29:55 -08:00
daemon_unix.go Verify cgroup-parent name for systemd cgroup 2016-01-26 12:59:00 -08:00
daemon_unix_test.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
daemon_unsupported.go Add platformSupported flag to enable daemon mode by platform. 2015-08-07 09:45:24 -07:00
daemon_windows.go Verify cgroup-parent name for systemd cgroup 2016-01-26 12:59:00 -08:00
debugtrap_unix.go Windows: Win32 event for sigusr1 linux equivalence 2015-07-06 18:58:53 -07:00
debugtrap_unsupported.go Windows: Win32 event for sigusr1 linux equivalence 2015-07-06 18:58:53 -07:00
debugtrap_windows.go Fix typos found across repository 2015-12-13 18:04:12 +02:00
delete.go Fix removing mountpoints on container rm fail 2016-01-26 12:58:59 -08:00
delete_test.go Extract container store from the daemon. 2016-01-26 12:58:54 -08:00
discovery.go Allow to set daemon and server configurations in a file. 2016-01-14 16:44:37 -05:00
discovery_test.go Allow to set daemon and server configurations in a file. 2016-01-14 16:44:37 -05:00
errors.go Add own reference package wrapper 2015-12-16 11:58:52 -08:00
events.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
events_test.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
exec.go Forbid exec a restarting container 2016-01-27 10:29:56 -08:00
exec_unix.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
exec_windows.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
export.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00
image_delete.go Extract container store from the daemon. 2016-01-26 12:58:54 -08:00
images.go Fix image filter 2016-01-14 08:17:40 +00:00
import.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
info.go Extract container store from the daemon. 2016-01-26 12:58:54 -08:00
inspect.go Build names and links at runtime 2016-01-07 14:10:42 -05:00
inspect_unix.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
inspect_windows.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
kill.go Fix typos found across repository 2015-12-13 18:04:12 +02:00
links.go Add migration from sqlite links back to hostConfig 2016-01-11 11:31:29 -05:00
links_test.go Extract container store from the daemon. 2016-01-26 12:58:54 -08:00
list.go Make volume dangling filter return only used volumes with dangling=false. 2016-01-27 10:29:56 -08:00
list_unix.go Move Container to its own package. 2015-12-03 17:39:49 +01:00
list_windows.go Move Container to its own package. 2015-12-03 17:39:49 +01:00
logdrivers_linux.go Add Splunk logging driver #16207 2015-10-23 13:37:53 -07:00
logdrivers_windows.go Enable Splunk logdriver for windows 2015-11-12 10:57:21 -08:00
logs.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00
mounts.go On container rm, don't remove named mountpoints 2016-01-26 12:58:59 -08:00
network.go Add IPAM Config Options to match libnetwork 2016-01-14 14:32:25 -05:00
pause.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00
README.md Docs: remove networkdriver from README.md in daemon 2015-08-22 10:09:07 +08:00
rename.go Build names and links at runtime 2016-01-07 14:10:42 -05:00
resize.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00
restart.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00
selinux_linux.go Rename daemon/utils_*.go to selinux 2015-11-12 15:48:41 -08:00
selinux_unsupported.go Rename daemon/utils_*.go to selinux 2015-11-12 15:48:41 -08:00
start.go Revert "Break big lock into some tiny locks" 2016-01-14 13:38:09 -05:00
stats.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
stats_collector_unix.go Move Container to its own package. 2015-12-03 17:39:49 +01:00
stats_collector_windows.go Move Container to its own package. 2015-12-03 17:39:49 +01:00
stats_freebsd.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
stats_linux.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
stats_windows.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
stop.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00
top_unix.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
top_windows.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
unpause.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00
update.go Modify import paths to point to the new engine-api package. 2016-01-06 19:48:59 -05:00
volumes.go On container rm, don't remove named mountpoints 2016-01-26 12:58:59 -08:00
volumes_unit_test.go reorder imports with goimports 2015-12-16 16:50:25 +01:00
volumes_unix.go Remove duplicated lazy volume initialization. 2016-01-13 11:22:31 -05:00
volumes_windows.go Remove duplicated lazy volume initialization. 2016-01-13 11:22:31 -05:00
wait.go Rename Daemon.Get to Daemon.GetContainer. 2015-12-11 12:39:28 -05:00

README.md

This directory contains code pertaining to running containers and storing images

Code pertaining to running containers:

  • execdriver

Code pertaining to storing images:

  • graphdriver