0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/hack
History
Dan Walsh 4c43566925 This patch adds SELinux labeling support. 
docker will run the process(es) within the container with an SELinux label and will label
all of  the content within the container with mount label.  Any temporary file systems
created within the container need to be mounted with the same mount label.

The user can override the process label by specifying

-Z With a string of space separated options.

-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"

Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"

By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.

The process mcs level is based of the PID of the docker process that is creating the container.

If you run the container in --priv mode, the labeling will be disabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-03-26 15:30:40 -04:00
..
bootcamp Typo in 3rd-party 2013-07-22 18:39:58 -07:00
infrastructure As far as I know this code is not used or maintained 2014-03-24 12:39:56 +00:00
make Fix a lot of the sha256 and md5 stuff to be more DRY and extendible, and on more things (specifically, the tgz files too) 2014-03-19 22:25:09 -06:00
travis Fix fun Travis DCO check YAML parsing issues (especially with commit messages that start with any kind of whitespace, like this one intentionally does) 2014-01-30 12:27:45 -07:00
allmaintainers.sh allmaintainers.sh: print a flat list of all maintainers of a directory (including sub-directories) 2013-05-28 20:55:07 -07:00
CONTRIBUTORS.md hack/MAINTAINERS.md: a maintainer's manual. 2013-09-23 11:26:04 -07:00
dind Update to double-dash everywhere 2014-03-13 11:46:02 -06:00
getmaintainer.sh getmaintainer.sh: parse MAINTAINERS file to determine who should review changes to a particular file or directory 2013-05-28 20:44:41 -07:00
install.sh install.sh (get.docker.io) aufs comment updated. 2014-03-25 11:33:16 -07:00
MAINTAINERS Make Tianon the hack maintainer 2013-12-12 11:25:30 -07:00
MAINTAINERS.md Added documentation (and some cleanup) around small patch exemptions 2014-03-02 11:43:18 -05:00
make.sh Fix a lot of the sha256 and md5 stuff to be more DRY and extendible, and on more things (specifically, the tgz files too) 2014-03-19 22:25:09 -06:00
PACKAGERS.md This patch adds SELinux labeling support. 2014-03-26 15:30:40 -04:00
PRINCIPLES.md More principles. Raw and unstructured to spawn discussion. 2013-06-11 09:27:36 -07:00
README.md Hack: update README 2013-09-23 11:26:05 -07:00
RELEASE-CHECKLIST.md Merge pull request #4646 from tianon/double-dash 2014-03-13 15:31:14 -07:00
release.sh Fix a lot of the sha256 and md5 stuff to be more DRY and extendible, and on more things (specifically, the tgz files too) 2014-03-19 22:25:09 -06:00
ROADMAP.md Typo in ROADMAP.md 2013-11-13 12:32:49 +00:00
stats.sh This should make all bash-scripts run on pretty much any posix-system (with bash installed ofc...) 2014-01-22 02:21:56 +01:00
vendor.sh Update vendor.sh with new kr/pty revision 2014-03-10 15:34:38 -07:00

README.md

Hacking on Docker

The hack/ directory holds information and tools for everyone involved in the process of creating and distributing Docker, specifically:

Guides

If you're a contributor or aspiring contributor, you should read CONTRIBUTORS.md.

If you're a maintainer or aspiring maintainer, you should read MAINTAINERS.md.

If you're a packager or aspiring packager, you should read PACKAGERS.md.

If you're a maintainer in charge of a release, you should read RELEASE-CHECKLIST.md.

Roadmap

A high-level roadmap is available at ROADMAP.md.

Build tools

make.sh is the primary build tool for docker. It is used for compiling the official binary, running the test suite, and pushing releases.